Prosim o kontrolu

Zpráva

easton · #1 Příspěvek od **easton** » 15 pro 2014 18:20

Logfile of random's system information tool 1.10 (written by random/random)
Run by at 2014-12-15 18:18:22
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 32 GB (26%) free of 123 GB
Total RAM: 4087 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:18:26, on 15. 12. 2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)
Boot mode: Normal

Running processes:
C:\Users\gonda\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Samsung\Samsung SCX-4500 Series\SPanel\PSU\Scan2pc.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\gonda\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
C:\Program Files\trend micro\gonda.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts= ... 4698946989
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?type ... earchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?type ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts= ... 4698946989
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts= ... 4698946989
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com/web/?type=ds&ts=13 ... earchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com/web/?type=ds&ts=13 ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts= ... 4698946989
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: WsSVRIEHelper - {54F73992-6549-4369-9A0D-84FD310A464A} - C:\Program Files (x86)\Aimersoft\Video Converter\SVRIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Pomocník pri prihlasovaní v konte Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Logan_S2P] C:\Program Files (x86)\Samsung\Samsung SCX-4500 Series\SPanel\PSU\Scan2pc.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
O4 - HKLM\..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
O4 - HKLM\..\Run: [BrowserPlugInHelper] C:\Program Files (x86)\Aimersoft\Video Converter\BrowserPlugInHelper.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [icq] C:\Users\xxxx\AppData\Roaming\ICQM\icq.exe -CU
O4 - HKCU\..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\gonda\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Browser Tab Search by Askx64] "C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\BrowserTabSearch\msbloader64.exe"
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
O4 - HKCU\..\RunOnce: [Adobe Speed Launcher] 1418642908
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: ICQ - {086C8477-4F71-4550-87FB-AF0AE8DF3E98} - C:\Users\gonda\AppData\Roaming\ICQM\icq.exe (HKCU)
O9 - Extra 'Tools' menuitem: ICQ - {086C8477-4F71-4550-87FB-AF0AE8DF3E98} - C:\Users\gonda\AppData\Roaming\ICQM\icq.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13855 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe" -service
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
"C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe"
"c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Users\gonda\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"C:\Program Files (x86)\Samsung\Kies\Kies.exe" /preload
"c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe"
"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\Samsung\Samsung SCX-4500 Series\SPanel\PSU\Scan2pc.exe"
"C:\Windows\Samsung\PanelMgr\SSMMgr.exe" /autorun
C:\Windows\Samsung\PanelMgr\caller64.exe Samsung PanelMgr
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
"C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
WLIDSvcM.exe 3000
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-4716a7e2-7f15-4b97-a008-fbb1d4325adf -SystemEventPortName:HostProcess-3ceb8725-1b52-4773-a08d-a691c6592923 -IoCancelEventPortName:HostProcess-1f975438-a312-49a8-b84f-0cdc2d21cbfd -NonStateChangingEventPortName:HostProcess-302e9292-728c-4e56-8e61-47d424afc653 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:769283be-564f-4565-b156-97734b458485 -DeviceGroupId:WpdFsGroup
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\Windows\System32\svchost.exe -k secsvcs
taskeng.exe {363352BC-EC26-471C-9E3E-5D1301B47A28}
"C:\Users\gonda\AppData\Roaming\uTorrent\uTorrent.exe" "D:\Dokumenty\DETI\Mato\torrenty\[kickass.filesoup.com]the.100.s02e02.hdtv.x264.lol.torrent"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://www.delta-homes.com/?type=sc&ts= ... 4698946989
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=1816.2a55d0c0.2050606116 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 1816 "\\.\pipe\gecko-crash-server-pipe.1816" plugin
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe" --proxy-stub-channel=Flash4632.63576188.26077 --host-broker-channel=Flash4632.63576188.10721 --host-pid=4632 --host-npapi-version=27 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll"
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe" --channel=4440.0020F664.1723856065 --proxy-stub-channel=Flash4632.63576188.26077 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll" --host-npapi-version=27 --type=renderer

"D:\01_Dokumenty\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore1cfb4acfe26a5d0.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf6a42910d43e4.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskMachineUA1cfeecf511fc119.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\gonda\AppData\Roaming\Mozilla\Firefox\Profiles\j2dnvl06.default-1409555875515

prefs.js - "browser.search.useDBForOrder" - "false"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.246 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.71.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.7]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.246 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.13.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-02-15 551840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-02-15 209824]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54F73992-6549-4369-9A0D-84FD310A464A}]
Aimersoft Video Converter Ultimate - C:\Program Files (x86)\Aimersoft\Video Converter\SVRIEPlugin.dll [2013-12-10 282000]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-10-21 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v konte Microsoft - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-10-21 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2012-10-23 6325424]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
"Autodesk Sync"=C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [2012-02-05 415680]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2012-11-05 108144]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
""=C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2014-07-25 845120]
"icq"=C:\Users\gonda\AppData\Roaming\ICQM\icq.exe [2013-09-09 28698984]
"Xvid"=C:\Program Files (x86)\Xvid\CheckUpdate.exe [2011-01-17 8192]
"Spotify Web Helper"=C:\Users\gonda\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [2014-12-02 1245752]
"Browser Tab Search by Askx64"=C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\BrowserTabSearch\msbloader64.exe []
"KiesPreload"=C:\Program Files (x86)\Samsung\Kies\Kies.exe [2014-07-25 1562264]
"KiesAirMessage"=C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup []
"Spybot-S&D Cleaning"=C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [2013-09-20 3666224]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Adobe Speed Launcher"=1418642908 []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Logan_S2P"=C:\Program Files (x86)\Samsung\Samsung SCX-4500 Series\SPanel\PSU\Scan2pc.exe [2007-06-11 253952]
"Samsung PanelMgr"=C:\Windows\Samsung\PanelMgr\SSMMgr.exe [2009-03-09 552960]
"NPSStartup"= []
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-07-22 402432]
"KeePass 2 PreLoad"=C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2013-11-03 2065408]
"Aimersoft Helper Compact.exe"=C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe []
"BrowserPlugInHelper"=C:\Program Files (x86)\Aimersoft\Video Converter\BrowserPlugInHelper.exe [2013-12-10 1956352]
"SDTray"=C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [2013-07-25 5624784]
"KiesTrayAgent"=C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [2014-07-25 311616]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-09-26 271744]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-11-20 1021128]
"LogMeIn Hamachi Ui"=C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2014-12-01 3835728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"vidc.XVID"=xvidvfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2014-12-10 23:27:55 ----D---- C:\Windows\system32\appraiser
2014-12-10 22:25:12 ----A---- C:\Windows\SYSWOW64\rrinstaller.exe
2014-12-10 22:25:12 ----A---- C:\Windows\SYSWOW64\mfps.dll
2014-12-10 22:25:12 ----A---- C:\Windows\SYSWOW64\mfpmp.exe
2014-12-10 22:25:12 ----A---- C:\Windows\SYSWOW64\mferror.dll
2014-12-10 22:25:12 ----A---- C:\Windows\system32\rrinstaller.exe
2014-12-10 22:25:12 ----A---- C:\Windows\system32\mfps.dll
2014-12-10 22:25:12 ----A---- C:\Windows\system32\mfpmp.exe
2014-12-10 22:25:12 ----A---- C:\Windows\system32\mferror.dll
2014-12-10 22:25:11 ----A---- C:\Windows\SYSWOW64\mf.dll
2014-12-10 22:25:11 ----A---- C:\Windows\system32\mf.dll
2014-12-10 09:44:54 ----A---- C:\Windows\system32\invagent.dll
2014-12-10 09:44:54 ----A---- C:\Windows\system32\generaltel.dll
2014-12-10 09:44:54 ----A---- C:\Windows\system32\devinv.dll
2014-12-10 09:44:54 ----A---- C:\Windows\system32\appraiser.dll
2014-12-10 09:44:54 ----A---- C:\Windows\system32\aitstatic.exe
2014-12-10 09:44:54 ----A---- C:\Windows\system32\aepic.dll
2014-12-10 09:44:54 ----A---- C:\Windows\system32\aeinv.dll
2014-12-10 09:44:53 ----A---- C:\Windows\system32\aepdu.dll
2014-12-10 09:44:46 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2014-12-10 09:44:46 ----A---- C:\Windows\system32\WindowsCodecs.dll
2014-12-10 09:44:45 ----A---- C:\Windows\system32\drivers\tdx.sys
2014-12-10 09:44:41 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-12-10 09:44:41 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-12-10 09:44:41 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-12-10 09:44:41 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-12-10 09:44:41 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-12-10 09:44:40 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-12-10 09:44:40 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-12-10 09:44:40 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-12-10 09:44:40 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-12-10 09:44:40 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2014-12-10 09:44:40 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-12-10 09:44:40 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 09:44:40 ----A---- C:\Windows\system32\iernonce.dll
2014-12-10 09:44:40 ----A---- C:\Windows\system32\ie4uinit.exe
2014-12-10 09:44:39 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-12-10 09:44:38 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-12-10 09:44:38 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-12-10 09:44:38 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-12-10 09:44:38 ----A---- C:\Windows\system32\urlmon.dll
2014-12-10 09:44:38 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 09:44:38 ----A---- C:\Windows\system32\iedkcs32.dll
2014-12-10 09:44:37 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-12-10 09:44:37 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-12-10 09:44:37 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-12-10 09:44:37 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 09:44:37 ----A---- C:\Windows\system32\dxtrans.dll
2014-12-10 09:44:36 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-12-10 09:44:36 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-12-10 09:44:36 ----A---- C:\Windows\system32\msfeeds.dll
2014-12-10 09:44:36 ----A---- C:\Windows\system32\iesetup.dll
2014-12-10 09:44:36 ----A---- C:\Windows\system32\ieapfltr.dll
2014-12-10 09:44:35 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-12-10 09:44:35 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-12-10 09:44:35 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2014-12-10 09:44:35 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-12-10 09:44:35 ----A---- C:\Windows\system32\jsproxy.dll
2014-12-10 09:44:35 ----A---- C:\Windows\system32\ieUnatt.exe
2014-12-10 09:44:35 ----A---- C:\Windows\system32\iertutil.dll
2014-12-10 09:44:34 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-12-10 09:44:34 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2014-12-10 09:44:34 ----A---- C:\Windows\system32\ieui.dll
2014-12-10 09:44:34 ----A---- C:\Windows\system32\ieframe.dll
2014-12-10 09:44:34 ----A---- C:\Windows\system32\dxtmsft.dll
2014-12-10 09:44:33 ----A---- C:\Windows\system32\wininet.dll
2014-12-10 09:44:33 ----A---- C:\Windows\system32\vbscript.dll
2014-12-10 09:44:33 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-12-10 09:44:33 ----A---- C:\Windows\system32\mshtmled.dll
2014-12-10 09:44:33 ----A---- C:\Windows\system32\jscript9diag.dll
2014-12-10 09:44:33 ----A---- C:\Windows\system32\jscript9.dll
2014-12-10 09:44:32 ----A---- C:\Windows\system32\msrating.dll
2014-12-10 09:44:32 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-12-10 09:44:32 ----A---- C:\Windows\system32\mshtml.dll
2014-12-10 09:43:47 ----A---- C:\Windows\SYSWOW64\charmap.exe
2014-12-10 09:43:47 ----A---- C:\Windows\system32\charmap.exe
2014-12-10 09:43:44 ----A---- C:\Windows\system32\WsmSvc.dll
2014-12-10 09:43:43 ----A---- C:\Windows\SYSWOW64\WsmWmiPl.dll
2014-12-10 09:43:43 ----A---- C:\Windows\SYSWOW64\WsmSvc.dll
2014-12-10 09:43:43 ----A---- C:\Windows\SYSWOW64\WsmAuto.dll
2014-12-10 09:43:43 ----A---- C:\Windows\SYSWOW64\WSManMigrationPlugin.dll
2014-12-10 09:43:43 ----A---- C:\Windows\SYSWOW64\WSManHTTPConfig.exe
2014-12-10 09:43:43 ----A---- C:\Windows\system32\WsmWmiPl.dll
2014-12-10 09:43:43 ----A---- C:\Windows\system32\WsmAuto.dll
2014-12-10 09:43:43 ----A---- C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 09:43:43 ----A---- C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 09:43:40 ----A---- C:\Windows\SYSWOW64\tzres.dll
2014-12-10 09:43:40 ----A---- C:\Windows\system32\tzres.dll
2014-12-09 20:35:00 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-12-03 16:46:06 ----D---- C:\Program Files (x86)\LogMeIn Hamachi
2014-12-02 17:38:34 ----D---- C:\Users\gonda\AppData\Roaming\Ashampoo
2014-12-02 17:38:06 ----D---- C:\ProgramData\Ashampoo
2014-12-02 17:38:04 ----D---- C:\Program Files (x86)\Ashampoo
2014-12-01 14:22:01 ----D---- C:\Users\gonda\AppData\Roaming\Publish Providers
2014-11-29 15:48:49 ----D---- C:\Program Files\Sony
2014-11-29 15:48:06 ----D---- C:\ProgramData\Sony
2014-11-29 15:47:55 ----D---- C:\Users\gonda\AppData\Roaming\Sony
2014-11-19 08:25:45 ----A---- C:\Windows\SYSWOW64\pku2u.dll
2014-11-19 08:25:45 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2014-11-19 08:25:45 ----A---- C:\Windows\system32\pku2u.dll
2014-11-19 08:25:45 ----A---- C:\Windows\system32\kerberos.dll
2014-11-19 04:26:34 ----A---- C:\Windows\system32\FM20.DLL

======List of files/folders modified in the last 1 month======

2014-12-15 18:18:26 ----D---- C:\Windows\Prefetch
2014-12-15 18:18:24 ----D---- C:\Program Files\trend micro
2014-12-15 18:18:20 ----D---- C:\Windows\Temp
2014-12-15 18:15:24 ----D---- C:\Users\gonda\AppData\Roaming\uTorrent
2014-12-15 13:11:31 ----D---- C:\Windows\system32\config
2014-12-15 12:27:11 ----D---- C:\ProgramData\NVIDIA
2014-12-14 22:14:07 ----D---- C:\Windows\system32\NDF
2014-12-14 14:36:16 ----HD---- C:\ProgramData
2014-12-13 14:11:28 ----D---- C:\Windows\winsxs
2014-12-13 14:11:22 ----D---- C:\Windows\system32\catroot
2014-12-13 13:07:14 ----D---- C:\Windows\system32\catroot2
2014-12-13 03:03:12 ----D---- C:\Windows\SYSWOW64\sk-SK
2014-12-13 03:03:12 ----D---- C:\Windows\SysWOW64
2014-12-13 03:03:12 ----D---- C:\Windows\system32\sk-SK
2014-12-13 03:03:12 ----D---- C:\Windows\System32
2014-12-12 22:52:03 ----D---- C:\Windows\rescache
2014-12-12 15:50:19 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-10 23:56:20 ----D---- C:\Windows\inf
2014-12-10 23:56:20 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-12-10 23:27:55 ----SD---- C:\Windows\system32\CompatTel
2014-12-10 23:27:55 ----SD---- C:\ProgramData\Microsoft
2014-12-10 23:27:55 ----D---- C:\Windows\system32\drivers
2014-12-10 23:27:55 ----D---- C:\Windows\AppCompat
2014-12-10 23:27:55 ----D---- C:\Program Files\Internet Explorer
2014-12-10 23:27:53 ----D---- C:\Windows\SYSWOW64\en-US
2014-12-10 23:27:53 ----D---- C:\Windows\system32\en-US
2014-12-10 23:27:53 ----D---- C:\Windows\PolicyDefinitions
2014-12-10 23:27:49 ----D---- C:\Program Files (x86)\Internet Explorer
2014-12-10 22:34:15 ----D---- C:\Windows\system32\MRT
2014-12-10 22:27:36 ----A---- C:\Windows\system32\MRT.exe
2014-12-10 22:27:31 ----SHD---- C:\Windows\Installer
2014-12-10 22:27:30 ----SHD---- C:\Config.Msi
2014-12-10 22:27:28 ----D---- C:\ProgramData\Microsoft Help
2014-12-09 22:18:14 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-12-09 22:05:51 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-09 22:05:50 ----RD---- C:\Program Files (x86)
2014-12-06 22:14:38 ----D---- C:\Users\gonda\AppData\Roaming\vlc
2014-12-02 22:42:15 ----D---- C:\Users\gonda\AppData\Roaming\Spotify
2014-12-02 12:18:59 ----RD---- C:\Program Files
2014-11-22 17:11:48 ----D---- C:\Windows\system32\wdi
2014-11-16 19:52:02 ----RSD---- C:\Windows\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2012-10-08 64072]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2012-10-08 211344]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2012-10-08 149592]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2012-10-08 59440]
R2 DgiVecp;DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [2009-03-09 53816]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2012-10-08 189208]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys [2012-08-24 72216]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2007-01-10 11576]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
R3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys [2012-08-24 11552]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2012-12-19 194488]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver; C:\Windows\system32\DRIVERS\Rtnic64.sys [2009-06-10 51712]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-09-29 646248]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys []
S2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys []
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2014-06-16 110336]
S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys []
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2012-01-09 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2012-01-09 27136]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2014-06-16 206080]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2012-01-09 9216]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2012-01-09 9216]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;SAMSUNG Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\Windows\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service; C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-03 81088]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2012-10-23 1329304]
R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-11-14 417552]
R2 MSSQLSERVER;SQL Server (MSSQLSERVER); c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-02-10 877856]
R2 SDScannerService;Spybot-S&D 2 Scanner Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-10-15 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-09-20 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-09-13 171416]
R2 SQLBrowser;SQL Server Browser; c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2010-12-10 238944]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-12-10 153440]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-02-09 383264]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-10 116648]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2014-12-01 2530128]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-02-10 1266464]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09 267440]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-02-26 1432400]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-10 116648]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-11-22 114688]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 50942144]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-12-09 114800]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2012-06-11 724376]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-11-15 1255736]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2010-12-10 44384]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

#2 Příspěvek od **Márty84** » 15 pro 2014 21:06

Zdravim

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

easton · #3 Příspěvek od **easton** » 16 pro 2014 18:23

Extras:
OTL Extras logfile created on: 16. 12. 2014 16:20:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\01_Dokumenty\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

3,99 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 60,45% Memory free
7,98 Gb Paging File | 6,23 Gb Available in Paging File | 78,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,92 Gb Total Space | 30,76 Gb Free Space | 25,65% Space Free | Partition Type: NTFS
Drive D: | 345,74 Gb Total Space | 37,56 Gb Free Space | 10,86% Space Free | Partition Type: NTFS

Computer Name: lama | User Name: lama | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3686344160-4038705577-2975476405-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07813CFD-A7E6-4E9A-AEBC-27694E5E7A26}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{326DA2BF-92F9-4B28-9C14-B12FE7ED0800}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{70B35325-CC04-4F30-B383-344A4E36B467}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{C066F1A8-DA75-4ED2-B7B6-9599743A23E2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E11851-4273-4552-9993-9DCF6D2DD55E}" = protocol=17 | dir=in | app=c:\users\gonda\appdata\roaming\utorrent\utorrent.exe |
"{163E0173-73E7-43DD-8A63-78AAA2BCFC41}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{2057C89A-782C-4B43-8FB6-A7E1F4096020}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{22CC1CDA-9CCC-42E3-9520-CA622489166D}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{31754C01-A355-4BCB-A5B8-971BF4772B6B}" = protocol=6 | dir=in | app=c:\users\gonda\appdata\roaming\icqm\icq.exe |
"{43CA99B8-0B84-442C-83BE-903D5215E937}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{45DA87AA-8DBE-4896-A272-1BF7995C4B87}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{46368A17-4370-41FC-9879-980A0E139D19}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{4AABD7F2-4524-4B7B-94C6-A90FF21693B0}" = protocol=58 | dir=in | app=system |
"{61DF619A-1F86-4869-ACC6-6E907EAEB981}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{694E4A93-D053-4BC0-A75E-9796AAD9A17E}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{71C7A8E9-90F4-4AFC-9211-7A6DA10A5A95}" = protocol=6 | dir=in | app=c:\users\gonda\appdata\roaming\utorrent\utorrent.exe |
"{7C46B378-3190-467F-8074-B7520BBE54E8}" = protocol=17 | dir=in | app=c:\users\gonda\appdata\roaming\utorrent\utorrent.exe |
"{85B3E8A0-FE96-4E24-816A-F26ABB633CF2}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{8D827EF3-3028-4023-A72D-41AD0AA1AF3C}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{8EC922BF-2270-4BFD-AB2A-B5E6CCAFCF5F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{9E83D7E1-83B4-40F0-9B10-BAA42EA98D8C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{A3846390-C798-43D5-BF9A-4D81FF088FB5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{A3DC909A-E194-4382-B132-B1F4711B5FF4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BB23FE1F-5CEA-4779-B655-B0B4CD1C71C1}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{BB4B1555-79AE-4AFE-AFB8-3F1421A00730}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{CE444E56-3BA7-4CB9-BE6C-ACDCDF9E1EE7}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{CEE7B367-59DE-4809-8C0F-5B62CEFFC973}" = protocol=6 | dir=in | app=c:\users\gonda\appdata\roaming\utorrent\utorrent.exe |
"{E94F54D4-A13C-4F86-A2BB-74CDF2487820}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{F3A3AD77-292F-4BEA-8CEA-80D563A6B5E0}" = protocol=17 | dir=in | app=c:\users\gonda\appdata\roaming\icqm\icq.exe |
"{F6D3EB6A-A246-4FE8-A17A-38323F280F88}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"TCP Query User{09410D34-AF8B-4B65-A0D9-FD67393F1C29}C:\program files (x86)\ea games\need for speed most wanted\nfs13.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\need for speed most wanted\nfs13.exe |
"TCP Query User{E2FE50C4-29A3-4576-B372-4DAD400BBED5}C:\program files (x86)\totalcmd\totalcmd64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\totalcmd\totalcmd64.exe |
"UDP Query User{4A554F1F-8B8C-4D69-8079-A58574923FFE}C:\program files (x86)\totalcmd\totalcmd64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\totalcmd\totalcmd64.exe |
"UDP Query User{532C9028-2A02-475D-897B-AFD0513241A1}C:\program files (x86)\ea games\need for speed most wanted\nfs13.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\need for speed most wanted\nfs13.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}" = Autodesk Material Library 2013
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F03217071FF}" = Java 7 Update 71
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56232E3D-7EA9-45E0-A371-26CD80510AF7}" = Windows Live UX Platform Language Pack
"{606E12B9-641F-4644-A22A-FF38AE980AFD}" = Autodesk Material Library Base Resolution Image Library 2013
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{644F4910-E812-49AD-93EC-86828CB81A0D}" = PC Connectivity Solution
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{77D28FF5-242F-488A-8215-937D6A4D69E0}" = Adobe AIR
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8B4E75B8-6788-481D-B8D5-143EF17DC06A}" = LogMeIn Hamachi
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9093B0D5-EA59-4C9E-A2E3-CC130138DFCD}" = Fotogaléria
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{91B33C97-91F8-FFB3-581B-BC952C901685}_is1" = Ashampoo Burning Studio FREE v.1.14.5
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EDF46F0-2D4E-4C00-B2B6-0660666E9F60}" = Movie Maker
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1051-7B44-AB0000000001}" = Adobe Reader XI (11.0.10) - Slovak
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C4D82144-B2D5-4A0E-A470-16F13EBC5BCB}" = Windows Live Essentials
"{C67BC332-A59A-4D40-977F-664F60AB21D8}" = Photo Common
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E031338C-839D-4EDD-9537-99B653C39D81}" = Autodesk MapGuide(R) Viewer ActiveX Control Release 6.5
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E68EADA6-63A4-F6D3-FE12-968B879F7AD6}" = Adobe Download Assistant
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1D85517-6EAC-496A-965A-FA349036E74E}" = RehanFX Shader Transitions and Effects (ShaderTFX)
"{F2B5A2A7-2DF9-4361-8BD5-362714528B51}" = NHL® 09
"{F3FCB08B-E752-444D-86A0-0634A4F3B23D}" = System Requirements Lab CYRI
"{F9000000-0001-0000-0000-074957833700}" = ABBYY FineReader 9.0 Professional Edition
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"Aimersoft Video Converter_is1" = Aimersoft Video Converter(Build 5.7.0.1)
"AVI Splitter_is1" = AVI Splitter
"BSPlayerf" = BS.Player FREE
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Counter-Strike 1.6" = Counter-Strike 1.6
"Foxit PDF Editor" = Foxit PDF Editor
"Google Chrome" = Google Chrome
"ImageToAVI_is1" = ImageToAVI 1.0.0.5
"Img2CAD_is1" = Img2CAD 7.2
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"IrfanView" = IrfanView (remove only)
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.24
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.6.0 (Full)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 34.0.5 (x86 sk)" = Mozilla Firefox 34.0.5 (x86 sk)
"Mozilla Thunderbird 24.6.0 (x86 sk)" = Mozilla Thunderbird 24.6.0 (x86 sk)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Samsung SCX-4500 Series" = Samsung SCX-4500 Series
"Some PDF to Word Converter_is1" = Some PDF to Word Converter 2.0
"Trillian" = Trillian
"WinLiveSuite" = Windows Live Essentials
"Winmail Opener" = Winmail Opener 1.5
"Xilisoft Video Converter Ultimate 6" = Xilisoft Video Converter Ultimate 6
"Xvid Video Codec 1.3.2" = Xvid Video Codec

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3686344160-4038705577-2975476405-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Bitcoin" = Bitcoin
"ICQ" = ICQ 8.1 (verze 6337)
"Litecoin" = Litecoin
"MyFreeCodec" = MyFreeCodec
"Spotify" = Spotify
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 13. 12. 2014 13:16:18 | Computer Name = gonda-PC | Source = Application Hang | ID = 1002
Description = The program bsplayer.exe version 2.6.3.1071 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1314 Start
Time: 01d016f498175b6f Termination Time: 139 Application Path: C:\Program Files (x86)\Webteh\BSPlayer\bsplayer.exe

Report
Id:

Error - 14. 12. 2014 7:34:00 | Computer Name = gonda-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 15. 12. 2014 7:29:29 | Computer Name = gonda-PC | Source = Windows Search Service | ID = 7040
Description =

Error - 15. 12. 2014 7:29:29 | Computer Name = gonda-PC | Source = Windows Search Service | ID = 7042
Description =

Error - 15. 12. 2014 7:29:29 | Computer Name = gonda-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 15. 12. 2014 7:29:29 | Computer Name = gonda-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 15. 12. 2014 7:29:29 | Computer Name = gonda-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 15. 12. 2014 7:29:29 | Computer Name = gonda-PC | Source = Windows Search Service | ID = 7010
Description =

Error - 15. 12. 2014 7:29:29 | Computer Name = gonda-PC | Source = Windows Search Service | ID = 7040
Description =

Error - 15. 12. 2014 7:29:29 | Computer Name = gonda-PC | Source = Windows Search Service | ID = 7042
Description =

[ System Events ]
Error - 16. 12. 2014 4:53:16 | Computer Name = gonda-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume DISK_C.

Error - 16. 12. 2014 4:53:37 | Computer Name = gonda-PC | Source = Service Control Manager | ID = 7038
Description = Službe nvUpdatusService sa nepodarilo s aktuálne nakonfigurovaným
heslom prihlásiť ako .\UpdatusUser kvôli nasledujúcej chybe: %%1330 Ak chcete zabezpečiť
správne nakonfigurovanie služby, použite modul Služby konzoly MMC (Microsoft Management
Console).

Error - 16. 12. 2014 4:53:37 | Computer Name = gonda-PC | Source = Service Control Manager | ID = 7000
Description = Spustenie služby NVIDIA Update Service Daemon zlyhalo kvôli nasledujúcej
chybe: %%1069

Error - 16. 12. 2014 10:58:09 | Computer Name = gonda-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 15:52:03 on ?16. ?12. ?2014 was unexpected.

Error - 16. 12. 2014 10:58:01 | Computer Name = gonda-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\StarOpen.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 16. 12. 2014 10:58:47 | Computer Name = gonda-PC | Source = Service Control Manager | ID = 7000
Description = Spustenie služby LogMeIn Kernel Information Provider zlyhalo kvôli
nasledujúcej chybe: %%3

Error - 16. 12. 2014 10:59:23 | Computer Name = gonda-PC | Source = Service Control Manager | ID = 7026
Description = Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému
zlyhali pri načítaní: StarOpen

Error - 16. 12. 2014 11:00:00 | Computer Name = gonda-PC | Source = Service Control Manager | ID = 7030
Description = Služba LogMeIn Hamachi Tunneling Engine je označená ako interaktívna
služba. Systém je však nakonfigurovaný tak, aby nepovolil interaktívne služby.
Služba pravdepodobne nebude pracovať správne.

Error - 16. 12. 2014 11:01:25 | Computer Name = gonda-PC | Source = Service Control Manager | ID = 7038
Description = Službe nvUpdatusService sa nepodarilo s aktuálne nakonfigurovaným
heslom prihlásiť ako .\UpdatusUser kvôli nasledujúcej chybe: %%1330 Ak chcete zabezpečiť
správne nakonfigurovanie služby, použite modul Služby konzoly MMC (Microsoft Management
Console).

Error - 16. 12. 2014 11:01:25 | Computer Name = gonda-PC | Source = Service Control Manager | ID = 7000
Description = Spustenie služby NVIDIA Update Service Daemon zlyhalo kvôli nasledujúcej
chybe: %%1069

< End of report >

easton · #4 Příspěvek od **easton** » 16 pro 2014 18:25

OTL PART 1:
OTL logfile created on: 16. 12. 2014 16:20:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\01_Dokumenty\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

3,99 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 60,45% Memory free
7,98 Gb Paging File | 6,23 Gb Available in Paging File | 78,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,92 Gb Total Space | 30,76 Gb Free Space | 25,65% Space Free | Partition Type: NTFS
Drive D: | 345,74 Gb Total Space | 37,56 Gb Free Space | 10,86% Space Free | Partition Type: NTFS

Computer Name: lama | User Name: lama | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/12/16 16:18:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\01_Dokumenty\Desktop\OTL.exe
PRC - [2014/12/13 17:01:28 | 003,838,800 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2014/12/09 20:35:11 | 000,337,520 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/12/03 07:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/12/02 14:36:28 | 001,245,752 | ---- | M] (Spotify Ltd) -- C:\Users\gonda\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014/07/25 09:42:26 | 000,311,616 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2014/07/25 09:42:20 | 001,562,264 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2013/10/15 12:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/09/20 10:57:26 | 001,042,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/09/13 10:38:30 | 000,171,416 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/07/25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/02/09 18:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/10/23 17:38:32 | 001,329,304 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2009/03/09 13:50:14 | 000,552,960 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2007/12/06 21:03:41 | 000,660,768 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
PRC - [2007/06/11 00:58:45 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung SCX-4500 Series\SPanel\PSU\Scan2pc.exe

========== Modules (No Company Name) ==========

MOD - [2014/12/09 20:35:10 | 003,758,192 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/11/13 03:10:01 | 000,805,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\11650ce4aad4575fc146aa66a575bcb7\System.Runtime.Remoting.ni.dll
MOD - [2014/10/17 21:47:30 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\3646375313dd2b8e3afecbf945960336\PresentationFramework.ni.dll
MOD - [2014/10/17 21:47:20 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\006d28e7c86f3e70db90ce06ea2f33fb\PresentationCore.ni.dll
MOD - [2014/10/17 21:47:12 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\8b133e0d94535a7534719f70873ca7fe\System.Xaml.ni.dll
MOD - [2014/10/17 21:47:11 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\94bbd298ec8575f3c6151a59538a109c\WindowsBase.ni.dll
MOD - [2014/10/17 21:47:06 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\db563d596d76daed04e9b5d25b2f4cb9\System.Windows.Forms.ni.dll
MOD - [2014/10/17 21:47:04 | 007,668,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll
MOD - [2014/10/17 21:47:03 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll
MOD - [2014/10/17 21:46:58 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll
MOD - [2014/10/17 21:46:58 | 000,223,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\902843918d037f5f3511d679bf1e2216\System.ServiceProcess.ni.dll
MOD - [2014/10/17 21:46:57 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll
MOD - [2014/10/17 21:46:56 | 010,100,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll
MOD - [2014/02/27 23:31:40 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2009/03/09 13:50:14 | 000,552,960 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
MOD - [2007/06/11 00:58:45 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung SCX-4500 Series\SPanel\PSU\Scan2pc.exe
MOD - [2007/01/09 11:30:32 | 001,384,520 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung SCX-4500 Series\SPanel\PSU\SSOle.dll
MOD - [2007/01/09 11:29:49 | 000,184,320 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung SCX-4500 Series\SPanel\PSU\IMFilter.dll

========== Services (SafeList) ==========

SRV - [2014/12/13 17:01:28 | 002,530,640 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2014/12/09 22:18:16 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/12/09 20:35:10 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/12/03 07:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/12/02 20:13:02 | 000,417,552 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2014/03/20 23:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/02/10 04:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/02/09 18:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/06/11 11:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2007/12/06 21:03:41 | 000,660,768 | ---- | M] (ABBYY (BIT Software)) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.9.0)

========== Driver Services (SafeList) ==========

DRV - [2010/06/14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/01/10 17:46:34 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2006/07/24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts= ... 4698946989
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com/web/?type=ds&ts=13 ... earchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com/web/?type=ds&ts=13 ... earchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts= ... 4698946989
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}: "URL" = http://dts.search.ask.com/sr?src=ieb&gc ... earchTerms}

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE11SR
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE11SR
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3686344160-4038705577-2975476405-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts= ... 4698946989
IE - HKU\S-1-5-21-3686344160-4038705577-2975476405-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?type ... earchTerms}
IE - HKU\S-1-5-21-3686344160-4038705577-2975476405-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?type ... earchTerms}
IE - HKU\S-1-5-21-3686344160-4038705577-2975476405-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts= ... 4698946989
IE - HKU\S-1-5-21-3686344160-4038705577-2975476405-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 7B 19 F4 49 5D CF 01 [binary data]
IE - HKU\S-1-5-21-3686344160-4038705577-2975476405-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://searchfunmoods.com/?f=1&a=downlo ... =557344538
IE - HKU\S-1-5-21-3686344160-4038705577-2975476405-1000\..\SearchScopes,DefaultScope = {0388404D-6072-4CEB-B521-8F090FEAEE57}
IE - HKU\S-1-5-21-3686344160-4038705577-2975476405-1000\..\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}: "URL" = http://www.bing.com/search?FORM=UP21DF& ... -SearchBox
IE - HKU\S-1-5-21-3686344160-4038705577-2975476405-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IESR02
IE - HKU\S-1-5-21-3686344160-4038705577-2975476405-1000\..\SearchScopes\{446EC70A-2AC8-4980-AE12-2992C537EAE2}: "URL" = http://klit.startnow.com/s/?q={searchTe ... rer:source}
IE - HKU\S-1-5-21-3686344160-4038705577-2975476405-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}: "URL" = http://dts.search.ask.com/sr?src=ieb&gc ... earchTerms}
IE - HKU\S-1-5-21-3686344160-4038705577-2975476405-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0.5
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{CF13FA66-1F4F-426d-BB1B-E07A13BFF2C8}: C:\Program Files (x86)\Aimersoft\Video Converter\SVRFirefoxExt\ [2014/01/20 18:00:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\shortcutff@gmail.com: C:\Users\gonda\AppData\Roaming\Mozilla\Firefox\Profiles\d0i0pswc.default\extensions\shortcutff@gmail.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/11/19 10:28:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{CF13FA66-1F4F-426d-BB1B-E07A13BFF2C8}: C:\Program Files (x86)\Aimersoft\Video Converter\SVRFirefoxExt\ [2014/01/20 18:00:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2012/11/15 17:50:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gonda\AppData\Roaming\mozilla\Extensions
[2014/12/04 18:16:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gonda\AppData\Roaming\mozilla\Firefox\Profiles\j2dnvl06.default-1409555875515\extensions
[2014/11/12 18:48:07 | 000,979,699 | ---- | M] () (No name found) -- C:\Users\gonda\AppData\Roaming\mozilla\firefox\profiles\j2dnvl06.default-1409555875515\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/12/09 20:35:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/12/09 20:35:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
CHR - Extension: No name found = C:\Users\gonda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\
CHR - Extension: No name found = C:\Users\gonda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\gonda\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\3.0.0.20_0\
CHR - Extension: No name found = C:\Users\gonda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blimnpnlhdopahkppdjejncojopnenng\1.0.5_0\
CHR - Extension: No name found = C:\Users\gonda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\gonda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\gonda\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllepdkfbbinindpblacdckjaflfjdmj\1.7_0\
CHR - Extension: No name found = C:\Users\gonda\AppData\Local\Google\Chrome\User Data\Default\Extensions\fedokkaolmkkoeedicihicdeppjjeamj\5_0\
CHR - Extension: No name found = C:\Users\gonda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfmoccfikmonbkafhepkgiecllojljca\1.0_1\
CHR - Extension: No name found = C:\Users\gonda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.14.4_0\
CHR - Extension: No name found = C:\Users\gonda\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb\1.9.38_0\
CHR - Extension: No name found = C:\Users\gonda\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbalnpbcmecdckpghgacibglihkgamkl\1.6.0_0\
CHR - Extension: No name found = C:\Users\gonda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\gonda\AppData\Local\Google\Chrome\User Data\Default\Extensions\okboeogmnhjpgbeaokfogelclpblaemo\2.0.2_0\
CHR - Extension: No name found = C:\Users\gonda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp\5.0.94.1_0\
CHR - Extension: No name found = C:\Users\gonda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2014/09/01 21:37:08 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Aimersoft Video Converter Ultimate) - {54F73992-6549-4369-9A0D-84FD310A464A} - C:\Program Files (x86)\Aimersoft\Video Converter\SVRIEPlugin.dll (Aimersoft Software Co., Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe File not found
O4 - HKLM..\Run: [BrowserPlugInHelper] C:\Program Files (x86)\Aimersoft\Video Converter\BrowserPlugInHelper.exe ()
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Logan_S2P] C:\Program Files (x86)\Samsung\Samsung SCX-4500 Series\SPanel\PSU\Scan2pc.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3686344160-4038705577-2975476405-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-3686344160-4038705577-2975476405-1000..\Run: [Browser Tab Search by Askx64] "C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\BrowserTabSearch\msbloader64.exe" File not found
O4 - HKU\S-1-5-21-3686344160-4038705577-2975476405-1000..\Run: [icq] C:\Users\gonda\AppData\Roaming\ICQM\icq.exe (ICQ)
O4 - HKU\S-1-5-21-3686344160-4038705577-2975476405-1000..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKU\S-1-5-21-3686344160-4038705577-2975476405-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-3686344160-4038705577-2975476405-1000..\Run: [Spotify Web Helper] C:\Users\gonda\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-3686344160-4038705577-2975476405-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3686344160-4038705577-2975476405-1000..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3686344160-4038705577-2975476405-1000..\RunOnce: [Adobe Speed Launcher] 1418742006 File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-3686344160-4038705577-2975476405-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.252
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D30EE352-619A-4C3B-9459-4F4B1346AB86}: DhcpNameServer = 192.168.100.252
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/02/26 22:51:15 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2014/09/01 08:23:49 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0d9063c0-d66a-11e2-bb67-00241dde4531}\Shell - "" = AutoRun
O33 - MountPoints2\{0d9063c0-d66a-11e2-bb67-00241dde4531}\Shell\AutoRun\command - "" = F:\HTC_Sync_Manager_PC.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2014/12/16 16:18:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\01_Dokumenty\Desktop\OTL.exe
[2014/12/16 15:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2014/12/16 15:59:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2014/12/16 15:56:34 | 000,000,000 | -HSD | C] -- C:\found.000
[2014/12/10 22:25:12 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll
[2014/12/10 22:25:12 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rrinstaller.exe
[2014/12/10 22:25:12 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfpmp.exe
[2014/12/10 22:25:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mferror.dll
[2014/12/10 22:25:11 | 003,209,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2014/12/10 09:44:41 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/12/10 09:44:41 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/12/10 09:44:41 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/12/10 09:44:40 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/12/10 09:44:39 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/12/10 09:44:38 | 002,052,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/12/10 09:44:38 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/12/10 09:44:38 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/12/10 09:44:37 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/12/10 09:44:36 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/12/10 09:44:35 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/12/10 09:44:34 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/12/10 09:44:34 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/12/10 09:43:47 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\charmap.exe
[2014/12/10 09:43:43 | 000,248,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManMigrationPlugin.dll
[2014/12/10 09:43:43 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmWmiPl.dll
[2014/12/10 09:43:43 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManHTTPConfig.exe
[2014/12/10 09:43:43 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAuto.dll
[2014/12/09 20:35:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/12/02 17:38:34 | 000,000,000 | ---D | C] -- C:\Users\gonda\AppData\Roaming\Ashampoo
[2014/12/02 17:38:22 | 000,000,000 | ---D | C] -- C:\Users\gonda\AppData\Local\ashampoo
[2014/12/02 17:38:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2014/12/02 17:38:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Ashampoo
[2014/12/02 17:38:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo
[2014/12/02 12:21:25 | 000,000,000 | ---D | C] -- D:\01_Dokumenty\Desktop\Hudba
[2014/12/01 14:22:01 | 000,000,000 | ---D | C] -- C:\Users\gonda\AppData\Roaming\Publish Providers
[2014/11/29 15:48:50 | 000,000,000 | ---D | C] -- C:\Users\gonda\AppData\Local\Sony
[2014/11/29 15:48:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2014/11/29 15:47:55 | 000,000,000 | ---D | C] -- C:\Users\gonda\AppData\Roaming\Sony
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/12/16 16:22:25 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014/12/16 16:18:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\01_Dokumenty\Desktop\OTL.exe
[2014/12/16 16:18:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/12/16 16:07:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cfeecf511fc119.job
[2014/12/16 15:58:59 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cfb4acfe26a5d0.job
[2014/12/16 15:58:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/12/16 15:58:05 | 3214,532,608 | -HS- | M] () -- C:\hiberfil.sys
[2014/12/16 15:57:28 | 000,003,304 | ---- | M] () -- C:\bootsqm.dat
[2014/12/16 15:45:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf6a42910d43e4.job
[2014/12/16 09:42:07 | 280,237,626 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/12/09 22:18:14 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/12/09 22:18:13 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/12/01 16:32:10 | 000,018,904 | ---- | M] () -- D:\01_Dokumenty\Desktop\video1.veg
[2014/12/01 16:30:59 | 129,463,296 | ---- | M] () -- D:\01_Dokumenty\Desktop\video.avi
[2014/12/01 16:12:13 | 141,996,882 | ---- | M] () -- D:\01_Dokumenty\Desktop\video.wav
[2014/11/22 03:07:17 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/11/22 03:06:32 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/11/22 03:05:02 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/11/22 02:58:54 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/11/22 02:56:40 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/11/22 02:55:16 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/11/22 02:54:30 | 000,620,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/11/22 02:40:04 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/11/22 02:36:14 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/11/22 02:35:24 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/11/22 02:22:49 | 002,052,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/11/22 02:21:57 | 001,155,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/11/22 01:54:44 | 000,710,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/12/16 16:22:25 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014/12/16 15:57:28 | 000,003,304 | ---- | C] () -- C:\bootsqm.dat
[2014/12/16 09:42:07 | 280,237,626 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/12/01 16:32:10 | 000,018,904 | ---- | C] () -- D:\01_Dokumenty\Desktop\video1.veg
[2014/12/01 16:30:53 | 129,463,296 | ---- | C] () -- D:\01_Dokumenty\Desktop\video.avi
[2014/12/01 16:11:47 | 141,996,882 | ---- | C] () -- D:\01_Dokumenty\Desktop\video.wav
[2014/11/14 20:00:39 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2014/06/20 18:14:48 | 000,000,344 | ---- | C] () -- C:\Windows\wininit.ini
[2014/05/25 19:03:53 | 000,000,334 | ---- | C] () -- C:\Users\gonda\AppData\Roaming\WinInstallFlashLog.ini
[2014/01/23 17:31:12 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2014/01/20 18:00:37 | 000,721,263 | ---- | C] () -- C:\Windows\SysWow64\AiCM64.dll
[2014/01/20 18:00:37 | 000,214,528 | ---- | C] () -- C:\Windows\SysWow64\AiCM32.dll
[2014/01/13 21:56:47 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2014/01/13 21:56:47 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013/11/18 18:30:12 | 000,002,676 | ---- | C] () -- C:\Users\gonda\AppData\Local\recently-used.xbel
[2013/04/05 12:06:48 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0433.old
[2013/03/12 19:11:37 | 000,012,886 | ---- | C] () -- C:\Users\gonda\.TransferManager.db
[2013/03/02 16:09:22 | 000,000,132 | ---- | C] () -- C:\Users\gonda\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2013/02/26 17:40:34 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2013/02/05 17:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/02/05 17:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/02/05 17:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/02/05 17:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/12/17 21:10:18 | 000,835,822 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/11/23 20:24:44 | 000,022,528 | ---- | C] () -- C:\Users\gonda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/15 19:30:05 | 000,010,348 | ---- | C] () -- C:\Users\gonda\AppData\Roaming\SmarThruOptions.xml

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/25 03:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/11/15 13:12:49 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\40334F41-0DD9-43E0-BEF3-7DE452AC2CFE
[2012/11/15 12:53:04 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\Acronis
[2014/01/20 18:01:00 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\Aimersoft Video Converter
[2014/01/20 17:38:17 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\AnvSoft
[2014/12/02 17:38:34 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\Ashampoo
[2013/02/26 22:52:42 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\Autodesk
[2014/09/07 18:01:30 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\Bitcoin
[2012/11/23 19:53:27 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\BSplayer
[2012/11/19 20:12:09 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\BSplayer Pro
[2014/08/26 15:05:22 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/11/19 10:30:12 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\ESET
[2013/09/15 11:25:52 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\GetWare
[2013/01/31 15:54:35 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\GHISLER
[2013/09/09 20:28:56 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\ICQ-Profile
[2013/09/09 20:25:51 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\ICQM
[2012/11/18 19:18:48 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\IrfanView
[2013/12/27 11:38:27 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\KeePass
[2013/03/14 09:41:42 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\Leadertech
[2014/01/24 01:25:06 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\Litecoin
[2013/02/23 20:30:38 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\ML
[2012/12/26 15:00:11 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\Nokia
[2013/06/03 19:30:40 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\Opera
[2012/11/21 16:51:12 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\Origin
[2012/12/26 14:59:45 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\PC Suite
[2013/11/29 16:24:52 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\poclbm
[2014/12/01 14:22:01 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\Publish Providers
[2014/11/14 20:36:55 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\Samsung
[2012/11/15 19:30:05 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\SmarThru4
[2014/10/31 17:44:17 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\SomePDF
[2014/12/01 16:12:00 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\Sony
[2014/12/02 22:42:15 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\Spotify
[2013/11/19 20:54:23 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013/04/05 12:05:23 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\TestApp
[2012/11/15 17:50:55 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\Thunderbird
[2014/10/19 12:37:34 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\Trillian
[2014/12/15 20:15:44 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\uTorrent
[2014/11/14 20:26:50 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\WebExtend
[2012/11/23 22:25:25 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\Xilisoft
[2014/01/20 18:00:57 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}

========== Purity Check ==========

========== Custom Scans ==========

< >
[2009/07/14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 06:08:49 | 000,032,584 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013/06/29 10:23:49 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2014/05/07 23:20:35 | 000,000,936 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6a42910d43e4.job
[2014/08/10 16:08:50 | 000,000,932 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfb4acfe26a5d0.job
[2014/10/23 15:40:40 | 000,000,936 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfeecf511fc119.job

< >

< MD5 for: AGP440.SYS >
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010/11/20 14:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010/11/20 14:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2009/07/14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009/07/14 02:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
[2010/11/20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010/11/20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2009/07/14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
[2010/11/20 10:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010/11/20 10:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010/11/20 10:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2012/06/02 05:52:32 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=063DD65889D21035311463337BD268E7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_788c7cc71232cc19\cryptsvc.dll
[2010/11/20 14:25:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[2013/05/10 05:49:59 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=33ADF6E0853AB39EA1723BE82842C1D3 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_77d7a417f9359661\cryptsvc.dll
[2013/05/13 05:45:55 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=3897DFF247D9ED0006190349DE264E14 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_77d8a461f934afb8\cryptsvc.dll
[2013/07/09 15:47:30 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=434CCE8E7150CD1324C5FAA088D1D061 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_d45f6e88cac8f85b\cryptsvc.dll
[2012/06/02 06:32:25 | 000,183,808 | ---- | M] (Microsoft Corporation) MD5=456107D69D4EE850A559434F19EFEE65 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21225_none_d2beeccacd6d6c07\cryptsvc.dll
[2013/10/05 03:25:30 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=509D31797A4B8A3D6ED78A330B19A919 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_d46d4138cabe2596\cryptsvc.dll
[2013/07/09 06:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=6B400F211BEE880A37A1ED0368776BF4 -- C:\Windows\SysNative\cryptsvc.dll
[2013/07/09 06:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=6B400F211BEE880A37A1ED0368776BF4 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_d431528fb165f7bc\cryptsvc.dll
[2013/07/09 14:57:37 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=6DB499DEFCC827317C5371164A7CDB27 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_7840d305126b8725\cryptsvc.dll
[2013/07/09 05:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=7CA1BECEA5DE2643ADDAD32670E7A4C9 -- C:\Windows\SysWOW64\cryptsvc.dll
[2013/07/09 05:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=7CA1BECEA5DE2643ADDAD32670E7A4C9 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_7812b70bf9088686\cryptsvc.dll
[2012/06/04 08:52:35 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=7E7D2DACF65D750D466F36BD3D09AE20 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_d4ab184aca903d4f\cryptsvc.dll
[2013/05/10 06:49:28 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=7FDC4626B01106A8EF328C88C7C0DEE3 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_d3f63f9bb1930797\cryptsvc.dll
[2013/05/11 06:18:23 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=8122252F0A4ACFA92FA0C1D50D18493B -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_d4a24ea4ca968363\cryptsvc.dll
[2009/07/14 02:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2012/06/02 05:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=96C0E38905CFD788313BE8E11DAE3F2F -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_77ddc9e5f93000db\cryptsvc.dll
[2012/06/02 06:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=9C01375BE382E834CC26D1B7EAF2C4FE -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_d3fc6569b18d7211\cryptsvc.dll
[2009/07/14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2010/11/20 13:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2013/05/11 05:59:05 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=AC04D05309BB2C418D0D80B9FB014642 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_7883b3211239122d\cryptsvc.dll
[2012/06/02 06:25:12 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=BAF19B633933A9FB4883D27D66C39E9A -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17035_none_d22a7e2db457eb07\cryptsvc.dll
[2013/05/10 06:18:53 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=CA13C4F92BEE66DB48E58AB3223DDF6E -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_d4a14e5aca976a0c\cryptsvc.dll
[2013/05/13 06:51:01 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=D8129C49798CBBFB2E4351D4B7B8EF9C -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_d3f73fe5b19220ee\cryptsvc.dll
[2013/05/10 06:06:21 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=E122AA1C9A3CC46FF9DDDE46E5EB0C58 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_7882b2d71239f8d6\cryptsvc.dll
[2012/06/02 05:41:59 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=EA8C26ECF1656D9647EF044F115EC6DA -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21225_none_76a05147150ffad1\cryptsvc.dll
[2013/10/05 02:52:03 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=F2D9242C3BBD1C36467FCAE1AE01733F -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_784ea5b51260b460\cryptsvc.dll
[2012/06/02 05:45:21 | 000,139,264 | ---- | M] (Microsoft Corporation) MD5=F2FDE6C8DBAAD44CC58D1E07E4AF4EED -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17035_none_760be2a9fbfa79d1\cryptsvc.dll

easton · #5 Příspěvek od **easton** » 16 pro 2014 18:25

OTL part2:
< MD5 for: EXPLORER.EXE >
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2013/09/20 10:51:08 | 003,885,120 | ---- | M] (Safer-Networking Ltd.) MD5=CDEB46FE688F062D3033209B29755203 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe
[2011/02/26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: HAL.DLL >
[2009/07/14 02:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
[2010/11/20 14:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\SysNative\hal.dll
[2010/11/20 14:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll

< MD5 for: IASTORV.SYS >
[2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009/07/14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\drivers\isapnp.sys
[2009/07/14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\isapnp.sys
[2009/07/14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\isapnp.sys
[2009/07/14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\isapnp.sys

< MD5 for: LSASS.EXE >
[2014/05/30 09:00:12 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=04F6C08B30C599D301CE8530A6F6A703 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22705_none_0505e8508c7f766f\lsass.exe
[2009/07/14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009/07/14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009/07/14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe
[2009/07/14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
[2011/11/17 07:20:34 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0A10B74FBB437FF9A23F1D5DE4446A83 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe
[2011/11/17 08:05:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=156F6159457D0AA7E59B62681B56EB90 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_028b374176436a30\lsass.exe
[2011/11/17 08:05:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=156F6159457D0AA7E59B62681B56EB90 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.17035_none_02756f8b7653d554\lsass.exe
[2014/04/12 03:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=204F3F58212B3E422C90BD9691A2DF28 -- C:\Windows\SysNative\lsass.exe
[2014/04/12 03:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=204F3F58212B3E422C90BD9691A2DF28 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18443_none_044f07757384196d\lsass.exe
[2014/04/12 03:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=204F3F58212B3E422C90BD9691A2DF28 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18496_none_041bf8b773a9f127\lsass.exe
[2014/04/12 03:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=204F3F58212B3E422C90BD9691A2DF28 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18526_none_0467aa1173712ab7\lsass.exe
[2014/04/12 03:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=204F3F58212B3E422C90BD9691A2DF28 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18637_none_045ddc5573785d26\lsass.exe
[2014/09/19 10:42:18 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=341655B216721D89CADE9DEA2F33872F -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18606_none_047d4bcf7360effc\lsass.exe
[2013/09/25 02:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=4D71227301DD8D09097B9E4CC6527E5A -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18270_none_042b9307739f26ed\lsass.exe
[2014/04/12 03:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22653_none_04cdd63a8ca9d24f\lsass.exe
[2014/04/12 03:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22712_none_04f817868c8a465b\lsass.exe
[2014/04/12 03:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22736_none_04e678d68c96e399\lsass.exe
[2014/04/12 03:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22807_none_0507eaca8c7da644\lsass.exe
[2014/04/12 03:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22843_none_04d8a9f28ca1b0ac\lsass.exe
[2012/06/04 08:51:10 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=79C908CAA6F43021EB05F4C733A927D1 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_04f609a88c8c279c\lsass.exe
[2014/09/19 10:47:37 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=B84317193B6A29F5F5DCF538C34FDCED -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22814_none_04fa1a008c887630\lsass.exe
[2012/06/02 06:30:31 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=BF63CE11A25F3509129888710D5111FC -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21225_none_0309de288f695654\lsass.exe
[2011/11/17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe
[2011/11/17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_044756c773895c5e\lsass.exe
[2011/11/17 07:42:52 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=D21BD47E528CD62E79311FB5DF0150E6 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_02bb2a0a8fa4d398\lsass.exe
[2013/09/25 02:08:17 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=F021DAFB1F87616FCEBA159C2ED7042F -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22465_none_04c503168cb026a0\lsass.exe
[2014/05/30 09:07:57 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=F23812F9F7B130854E4BC0389F7C688C -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18489_none_0429c981739f213b\lsass.exe

< MD5 for: NDIS.SYS >
[2012/08/22 19:06:07 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=5E74508FCB5820B29EEAFE24E6035BCF -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.22097_none_06232d534c0a8d67\ndis.sys
[2012/08/22 19:12:40 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=760E38053BF56E501D562B70AD796B88 -- C:\Windows\SysNative\drivers\ndis.sys
[2012/08/22 19:12:40 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=760E38053BF56E501D562B70AD796B88 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_05dc9a6832ba428a\ndis.sys
[2010/11/20 14:33:45 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys
[2009/07/14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVRAID.SYS >
[2011/03/11 07:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\Windows\SysNative\drivers\nvraid.sys
[2011/03/11 07:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvraid.sys
[2011/03/11 07:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvraid.sys
[2009/07/14 02:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys
[2010/11/20 14:33:48 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=5D9FD91F3D38DC9DA01E3CB5FA89CD48 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvraid.sys
[2010/11/20 14:33:48 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=5D9FD91F3D38DC9DA01E3CB5FA89CD48 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvraid.sys
[2011/03/11 07:19:21 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=666CA16F17914C1CD3616CF16DE0A6EA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvraid.sys
[2011/03/11 07:23:06 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=A4D9C9A608A97F59307C2F2600EDC6A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvraid.sys
[2011/03/11 07:25:53 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=A5C82EB2F72AA004887F90B84A771F73 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SMSS.EXE >
[2009/07/14 02:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe
[2014/04/12 03:31:44 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=3442A918386D4716D74C661543151746 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22653_none_0abdf375491039d3\smss.exe
[2013/03/19 03:57:17 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=498E2A20E145199709CD100CDBA8603D -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22280_none_0a9a7b3b492b4d05\smss.exe
[2013/03/19 04:20:12 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=7180204786A9DED8723B2D8CF3CDD388 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.21490_none_08a94e494c0cfd0a\smss.exe
[2013/08/29 02:04:30 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=B2B31D4C79EFD883097FA24D02E79C12 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22436_none_0ad6905f48fd53a8\smss.exe
[2013/08/02 06:06:34 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=CB5DA3E44456D1084BCD87F5B1B3152B -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22411_none_0ae72ec548f19d13\smss.exe
[2013/07/08 03:50:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=E65601CF4BC0CF3718AFBE56A9AD846F -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22379_none_0aae4fa7491b124a\smss.exe
[2013/03/19 04:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=F0371DE302FFFF8F086661611BE60848 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18113_none_0a5f8ec22fd235a9\smss.exe
[2013/08/02 01:59:09 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=F0970A4BC8395659C22BF53D0FADF16F -- C:\Windows\SysNative\smss.exe
[2013/08/02 01:59:09 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=F0970A4BC8395659C22BF53D0FADF16F -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18229_none_0a5ac2782fd4e6cb\smss.exe
[2013/03/19 04:19:03 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=FA64733BD65F52712F0545F56FDB4BE6 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.17273_none_0838504e32dc743c\smss.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2014/04/05 03:47:20 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=04ADD18EE5CC9FBEDAEC1DD1CD0CB45E -- C:\Windows\SysNative\drivers\tcpip.sys
[2014/04/05 03:47:20 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=04ADD18EE5CC9FBEDAEC1DD1CD0CB45E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18438_none_113260637d1284ef\tcpip.sys
[2012/10/03 18:56:54 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[2013/05/08 07:14:42 | 001,900,392 | ---- | M] (Microsoft Corporation) MD5=3E94650745D4DAB67E161F5F32CEA597 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22319_none_11d29984961f0be0\tcpip.sys
[2013/09/08 03:30:37 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_1118bb977d265d27\tcpip.sys
[2014/04/05 03:37:43 | 001,897,408 | ---- | M] (Microsoft Corporation) MD5=4F80944B03112F486212DC20BE166079 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22648_none_11b12f2896383dd1\tcpip.sys
[2010/11/20 14:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2013/01/04 06:41:01 | 001,893,224 | ---- | M] (Microsoft Corporation) MD5=5CFB7AB8F9524D1A1E14369DE63B83CC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.17206_none_0f6a6af57fd59de6\tcpip.sys
[2012/03/30 11:19:17 | 001,877,872 | ---- | M] (Microsoft Corporation) MD5=5EFD096DEF47F8B88EF591DA92143440 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_0faa5514992a39a7\tcpip.sys
[2012/03/30 12:09:53 | 001,895,280 | ---- | M] (Microsoft Corporation) MD5=624C5B3AA4C99B3184BB922D9ECE3FF0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_0f140fa780164fde\tcpip.sys
[2013/01/03 06:57:12 | 001,876,824 | ---- | M] (Microsoft Corporation) MD5=692969AB90BDA19F56E27BF89A9260E2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21415_none_0fe8397098fc3d71\tcpip.sys
[2013/09/07 03:27:48 | 001,896,896 | ---- | M] (Microsoft Corporation) MD5=75F9106B74585D38C8FF6BB5CAD262D7 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_11ad2a34963bde27\tcpip.sys
[2012/03/30 11:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2009/07/14 02:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2013/05/08 07:39:01 | 001,910,632 | ---- | M] (Microsoft Corporation) MD5=9849EA3843A2ADBDD1497E97A85D8CAE -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18148_none_11278ac57d1aa96b\tcpip.sys
[2012/03/30 12:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2013/07/06 06:20:38 | 001,900,992 | ---- | M] (Microsoft Corporation) MD5=B27F13153343BC37A27EAE01634D94E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_1190b9b296509a2f\tcpip.sys
[2013/01/03 07:00:54 | 001,913,192 | ---- | M] (Microsoft Corporation) MD5=B62A953F2BF3922C8764A29C34A22899 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_112187237d20143a\tcpip.sys
[2013/01/04 06:47:43 | 001,901,416 | ---- | M] (Microsoft Corporation) MD5=B8C1AAC0523E1C33AEB0EF7572144BA2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_11dd678a9616f2c8\tcpip.sys
[2012/10/03 18:44:29 | 001,902,472 | ---- | M] (Microsoft Corporation) MD5=D5707FC2300AA5B04B7BFE86D40C0133 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys
[2013/07/06 07:03:53 | 001,910,208 | ---- | M] (Microsoft Corporation) MD5=DB74544B75566C974815E79A62433F29 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_114dcae97cfeb81b\tcpip.sys
[2013/11/26 12:34:34 | 001,897,408 | ---- | M] (Microsoft Corporation) MD5=F55B41AA6114568AC558ADBABDA85620 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22525_none_11c3cc3c962abcc3\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2014/03/04 12:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014/03/04 10:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[2014/07/17 03:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\SysNative\winlogon.exe
[2014/07/17 03:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_cdc47ed1ebad0e4e\winlogon.exe
[2014/07/16 04:23:23 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=98AA0BFEE089C7E5DADB94190D93456C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_ce434d9704d2c730\winlogon.exe
[2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WS2_32.DLL >
[2010/11/20 14:27:29 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- C:\Windows\SysNative\ws2_32.dll
[2010/11/20 14:27:29 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_50ddb631e4f59005\ws2_32.dll
[2009/07/14 02:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[2010/11/20 13:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\SysWOW64\ws2_32.dll
[2010/11/20 13:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll
[2009/07/14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[4 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[12 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[6 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[61 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2012/11/15 13:12:49 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\40334F41-0DD9-43E0-BEF3-7DE452AC2CFE
[2012/11/28 20:12:56 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\ABBYY
[2012/11/15 12:53:04 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\Acronis
[2014/11/08 23:38:57 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\Adobe
[2013/11/19 20:54:24 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\Adobe Mini Bridge CS5
[2014/01/20 18:01:00 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\Aimersoft Video Converter
[2014/01/20 17:38:17 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\AnvSoft
[2014/12/02 17:38:34 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\Ashampoo
[2013/02/26 22:52:42 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\Autodesk
[2014/09/07 18:01:30 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\Bitcoin
[2012/11/23 19:53:27 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\BSplayer
[2012/11/19 20:12:09 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\BSplayer Pro
[2014/08/26 15:05:22 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2014/02/26 21:40:41 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\dvdcss
[2012/11/19 10:30:12 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\ESET
[2013/09/15 11:25:52 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\GetWare
[2013/01/31 15:54:35 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\GHISLER
[2013/09/09 20:28:56 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\ICQ-Profile
[2013/09/09 20:25:51 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\ICQM
[2012/11/15 09:20:48 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\Identities
[2012/11/18 19:18:48 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\IrfanView
[2013/12/27 11:38:27 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\KeePass
[2013/03/14 09:41:42 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\Leadertech
[2014/01/24 01:25:06 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\Litecoin
[2013/01/11 16:22:35 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\Macromedia
[2009/07/14 08:54:31 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\Media Center Programs
[2013/08/26 19:23:51 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\Media Player Classic
[2014/09/01 21:38:35 | 000,000,000 | --SD | M] -- C:\Users\gonda\AppData\Roaming\Microsoft
[2013/02/23 20:30:38 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\ML
[2013/02/14 17:16:09 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\Mozilla
[2012/12/26 15:00:11 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\Nokia
[2012/11/23 22:28:47 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\NVIDIA
[2013/06/03 19:30:40 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\Opera
[2012/11/21 16:51:12 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\Origin
[2012/12/26 14:59:45 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\PC Suite
[2013/04/05 12:04:19 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\PC Tools
[2013/11/29 16:24:52 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\poclbm
[2014/12/01 14:22:01 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\Publish Providers
[2014/11/14 20:36:55 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\Samsung
[2014/07/24 22:59:00 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\Skype
[2012/11/15 19:30:05 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\SmarThru4
[2014/10/31 17:44:17 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\SomePDF
[2014/12/01 16:12:00 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\Sony
[2014/12/02 22:42:15 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\Spotify
[2013/11/19 20:54:23 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013/04/05 12:05:23 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\TestApp
[2012/11/15 17:50:55 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\Thunderbird
[2014/10/19 12:37:34 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\Trillian
[2014/12/15 20:15:44 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\uTorrent
[2014/12/06 22:14:38 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\vlc
[2014/11/14 20:26:50 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\WebExtend
[2012/11/15 18:42:00 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\WinRAR
[2012/11/23 22:25:25 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\Xilisoft
[2014/01/20 18:00:57 | 000,000,000 | ---D | M] -- C:\Users\gonda\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}

< %APPDATA%\*.exe /s >
[2009/08/11 21:21:26 | 000,087,552 | ---- | M] () -- C:\Users\gonda\AppData\Roaming\BSplayer\AC3 Filter\ac3config.exe
[2009/08/11 21:21:30 | 000,090,112 | ---- | M] () -- C:\Users\gonda\AppData\Roaming\BSplayer\AC3 Filter\spdif_test.exe
[2010/03/22 14:52:04 | 000,697,690 | ---- | M] () -- C:\Users\gonda\AppData\Roaming\BSplayer\AC3 Filter\unins000.exe
[2012/10/11 09:01:20 | 001,175,371 | ---- | M] () -- C:\Users\gonda\AppData\Roaming\BSplayer\FFDShow\unins000.exe
[2010/08/14 10:42:54 | 000,113,152 | ---- | M] () -- C:\Users\gonda\AppData\Roaming\BSplayer\Haali media splitter\dsmux.exe
[2010/08/14 10:45:10 | 000,358,400 | ---- | M] () -- C:\Users\gonda\AppData\Roaming\BSplayer\Haali media splitter\gdsmux.exe
[2010/08/14 10:42:06 | 000,137,728 | ---- | M] () -- C:\Users\gonda\AppData\Roaming\BSplayer\Haali media splitter\mkv2vfr.exe
[2010/09/30 15:30:22 | 000,042,305 | ---- | M] () -- C:\Users\gonda\AppData\Roaming\BSplayer\Haali media splitter\uninstall.exe
[2013/09/09 20:25:50 | 028,698,984 | ---- | M] (ICQ) -- C:\Users\gonda\AppData\Roaming\ICQM\icq.exe
[2013/09/09 20:25:52 | 035,636,560 | ---- | M] (ICQ) -- C:\Users\gonda\AppData\Roaming\ICQM\icqsetup.exe
[2013/09/09 20:25:51 | 004,739,616 | ---- | M] () -- C:\Users\gonda\AppData\Roaming\ICQM\ICQ\dll\mailrusputnik.exe
[2014/08/26 15:04:57 | 000,054,432 | ---- | M] (Adobe Systems Inc.) -- C:\Users\gonda\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2014/12/15 18:18:24 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\gonda\AppData\Roaming\Microsoft\Windows\Temporary Internet Files\Content.IE5\E0UZIPHK\HiJackThis[1].exe
[2014/02/14 20:55:18 | 001,564,992 | ---- | M] (Samsung) -- C:\Users\gonda\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\Kies.exe
[2014/02/14 20:55:20 | 000,559,936 | ---- | M] () -- C:\Users\gonda\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesAgent.exe
[2014/02/14 20:55:26 | 000,277,824 | ---- | M] () -- C:\Users\gonda\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesDriverInstaller.exe
[2014/02/14 20:55:24 | 000,311,616 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\gonda\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesTrayAgent.exe
[2014/02/14 20:49:52 | 000,173,568 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\gonda\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\ConnectionManager.exe
[2014/02/14 20:51:26 | 000,352,768 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\gonda\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\DeviceDataService.exe
[2014/02/14 20:50:24 | 000,697,856 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\gonda\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\DeviceManager.exe
[2014/02/14 20:55:28 | 000,067,904 | ---- | M] (Samsung) -- C:\Users\gonda\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\Kies_Tutorial.exe
[2014/02/14 20:55:40 | 000,065,856 | ---- | M] () -- C:\Users\gonda\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\RegisterCOM.exe
[2014/01/23 17:22:36 | 000,055,296 | ---- | M] (Samsung) -- C:\Users\gonda\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\AdminDelegator.exe
[2014/01/23 17:22:36 | 000,082,944 | ---- | M] (Samsung) -- C:\Users\gonda\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\AgentInstaller.exe
[2014/01/23 17:22:36 | 000,071,680 | ---- | M] (Samsung) -- C:\Users\gonda\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\AgentUpdate.exe
[2014/02/14 20:55:32 | 000,845,120 | ---- | M] (Samsung) -- C:\Users\gonda\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\KiesPDLR.exe
[2014/02/14 20:55:36 | 000,624,448 | ---- | M] (ml) -- C:\Users\gonda\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\Updater\Kies.Update.exe
[2014/04/14 08:31:16 | 016,005,152 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\gonda\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
[2014/07/25 09:42:20 | 001,562,264 | ---- | M] (Samsung) -- C:\Users\gonda\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Kies.exe
[2014/07/25 09:42:24 | 000,559,936 | ---- | M] () -- C:\Users\gonda\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesAgent.exe
[2013/12/30 02:55:30 | 000,578,560 | ---- | M] (Samsung Electronics) -- C:\Users\gonda\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesAirMessage.exe
[2014/07/25 09:42:28 | 000,277,824 | ---- | M] () -- C:\Users\gonda\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesDriverInstaller.exe
[2014/07/25 09:42:26 | 000,311,616 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\gonda\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesTrayAgent.exe
[2014/07/25 09:34:42 | 000,173,568 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\gonda\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\ConnectionManager.exe
[2014/07/25 09:36:34 | 000,353,280 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\gonda\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\DeviceDataService.exe
[2014/07/25 09:35:32 | 000,698,368 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\gonda\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\DeviceManager.exe
[2014/07/25 09:42:32 | 000,067,904 | ---- | M] (Samsung) -- C:\Users\gonda\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\Kies_Tutorial.exe
[2014/07/25 09:42:42 | 000,065,856 | ---- | M] () -- C:\Users\gonda\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\RegisterCOM.exe
[2014/07/17 02:24:34 | 000,061,016 | ---- | M] (Samsung) -- C:\Users\gonda\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\AdminDelegator.exe
[2014/07/17 02:24:34 | 000,088,664 | ---- | M] (Samsung) -- C:\Users\gonda\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\AgentInstaller.exe
[2014/07/17 02:24:34 | 000,077,392 | ---- | M] (Samsung) -- C:\Users\gonda\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\AgentUpdate.exe
[2014/07/25 09:42:34 | 000,845,120 | ---- | M] (Samsung) -- C:\Users\gonda\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\KiesPDLR.exe
[2014/07/25 09:42:38 | 003,835,040 | ---- | M] (Freeware) -- C:\Users\gonda\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\MediaModules\MyFreeCodecPack.exe
[2013/12/30 02:52:42 | 000,061,440 | ---- | M] ((주)마크애니) -- C:\Users\gonda\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Program Files\MarkAny\ContentSafer\MaAgent.exe
[2013/12/30 02:52:42 | 000,032,768 | ---- | M] (MarkAny Co, Ltd) -- C:\Users\gonda\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Program Files\MarkAny\ContentSafer\MaCSMgr.exe
[2013/12/30 02:52:42 | 000,065,536 | ---- | M] () -- C:\Users\gonda\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Program Files\MarkAny\ContentSafer\MAWebControl.exe
[2013/12/30 02:52:42 | 000,401,056 | ---- | M] (Marktek Inc.) -- C:\Users\gonda\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Program Files\MarkAny\ContentSafer\MPXBox.exe
[2013/12/30 02:52:42 | 000,020,480 | ---- | M] ( ) -- C:\Users\gonda\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Program Files\MarkAny\ContentSafer\UpdateClient\MAUpdate.exe
[2013/12/30 02:52:42 | 000,057,344 | ---- | M] ((주)마크애니) -- C:\Users\gonda\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Program Files\MarkAny\ContentSafer\UpdateClient\MAUpdateBoot.exe
[2013/12/30 02:52:42 | 000,126,976 | ---- | M] ((주)마크애니) -- C:\Users\gonda\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Program Files\MarkAny\ContentSafer\UpdateClient\MaUpdateClient.exe
[2014/07/25 09:42:40 | 000,624,448 | ---- | M] (ml) -- C:\Users\gonda\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Updater\Kies.Update.exe
[2014/06/23 22:15:20 | 016,007,072 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\gonda\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
[2014/02/14 20:55:36 | 000,624,448 | ---- | M] (ml) -- C:\Users\gonda\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
[2014/07/25 09:42:40 | 000,624,448 | ---- | M] (ml) -- C:\Users\gonda\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
[2014/12/02 14:36:31 | 006,621,752 | ---- | M] (Spotify Ltd) -- C:\Users\gonda\AppData\Roaming\Spotify\spotify.exe
[2014/12/02 14:36:31 | 000,061,496 | ---- | M] (Spotify Ltd) -- C:\Users\gonda\AppData\Roaming\Spotify\SpotifyLauncher.exe
[2014/12/02 18:58:17 | 036,118,176 | ---- | M] (Spotify Ltd) -- C:\Users\gonda\AppData\Roaming\Spotify\Spotify_new.exe
[2014/12/02 14:36:28 | 000,610,872 | ---- | M] () -- C:\Users\gonda\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
[2014/12/02 14:36:28 | 001,245,752 | ---- | M] (Spotify Ltd) -- C:\Users\gonda\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
[2014/11/29 15:45:07 | 001,385,808 | ---- | M] (BitTorrent Inc.) -- C:\Users\gonda\AppData\Roaming\uTorrent\uTorrent.exe
[2014/01/25 15:25:54 | 000,905,296 | ---- | M] (BitTorrent Inc.) -- C:\Users\gonda\AppData\Roaming\uTorrent\updates\3.3.2_30488.exe
[2014/05/02 19:06:20 | 001,270,352 | ---- | M] (BitTorrent Inc.) -- C:\Users\gonda\AppData\Roaming\uTorrent\updates\3.4.1_30888.exe
[2014/05/15 16:33:51 | 001,272,400 | ---- | M] (BitTorrent Inc.) -- C:\Users\gonda\AppData\Roaming\uTorrent\updates\3.4.1_31139.exe
[2014/06/16 18:24:15 | 001,267,536 | ---- | M] (BitTorrent Inc.) -- C:\Users\gonda\AppData\Roaming\uTorrent\updates\3.4.1_31395.exe
[2014/08/01 17:02:17 | 001,322,832 | ---- | M] (BitTorrent Inc.) -- C:\Users\gonda\AppData\Roaming\uTorrent\updates\3.4.2_32126.exe
[2014/09/26 06:14:37 | 001,416,016 | ---- | M] (BitTorrent Inc.) -- C:\Users\gonda\AppData\Roaming\uTorrent\updates\3.4.2_34024.exe
[2014/10/13 09:59:53 | 001,385,808 | ---- | M] (BitTorrent Inc.) -- C:\Users\gonda\AppData\Roaming\uTorrent\updates\3.4.2_34309.exe
[2014/10/28 22:01:44 | 001,385,808 | ---- | M] (BitTorrent Inc.) -- C:\Users\gonda\AppData\Roaming\uTorrent\updates\3.4.2_34944.exe
[2014/11/29 15:45:07 | 001,385,808 | ---- | M] (BitTorrent Inc.) -- C:\Users\gonda\AppData\Roaming\uTorrent\updates\3.4.2_35702.exe
[2012/12/16 19:33:34 | 033,897,545 | ---- | M] () -- C:\Users\gonda\AppData\Roaming\Xilisoft\Video Converter Ultimate 6\x-video-converter-ultimate6.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"" = C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe -- [2014/07/25 09:42:34 | 000,845,120 | ---- | M] (Samsung)
"icq" = C:\Users\gonda\AppData\Roaming\ICQM\icq.exe -CU -- [2013/09/09 20:25:50 | 028,698,984 | ---- | M] (ICQ)
"Xvid" = C:\Program Files (x86)\Xvid\CheckUpdate.exe -- [2011/01/17 20:41:43 | 000,008,192 | ---- | M] ()
"Spotify Web Helper" = "C:\Users\gonda\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" -- [2014/12/02 14:36:28 | 001,245,752 | ---- | M] (Spotify Ltd)
"Browser Tab Search by Askx64" = "C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\BrowserTabSearch\msbloader64.exe"
"KiesPreload" = C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload -- [2014/07/25 09:42:20 | 001,562,264 | ---- | M] (Samsung)
"KiesAirMessage" = C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
"Spybot-S&D Cleaning" = "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean -- [2013/09/20 10:45:30 | 003,666,224 | ---- | M] (Safer-Networking Ltd.)
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2010/11/20 14:25:17 | 001,475,584 | ---- | M] (Microsoft Corporation)

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< >

< type c:\boot.ini >> test.txt /c >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014/12/16 16:22:25 | 000,000,512 | ---- | M] () MD5=CB35D875EB6A3C3D3ADEA7AC2C9421F4 -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2008/11/20 21:26:28 | 007,437,622 | ---- | M] () -- \01_Dokumenty\Desktop\MATKO\karta\mobil\My Documents\phonex.v2.2.cracked.tsrh.cab
[2013/03/03 15:49:42 | 010,666,192 | ---- | M] () -- \01_Dokumenty\Downloads\Sugis_12.1.3+Cracked.zip
[2011/11/11 03:16:52 | 000,193,764 | ---- | M] () -- \Dokumenty\DETI\Mato\foto\zedge\wallpapers\Cracked Screen_70.jpg
[2006/04/06 23:33:04 | 000,019,968 | ---- | M] () -- \Dokumenty\DETI\Misko\files\programy\antivirus\NOD32 Crack.doc
[2006/03/31 14:13:28 | 000,024,064 | ---- | M] () -- \Dokumenty\DETI\Misko\files\programy\cracks\Quicktime crack.doc
[2006/03/30 17:45:59 | 000,016,881 | ---- | M] () -- \Dokumenty\DETI\Misko\files\programy\pdf creator\crack\cad-kas.pdf-creator.2.0.crack-tsrh.zip
[1997/09/30 23:37:00 | 000,013,350 | ---- | M] () -- \Dokumenty\DETI\Misko\obrazky\xxx\CRACKBDR.WMF

< *keygen* /s >
[2014/11/20 22:23:59 | 003,747,840 | ---- | M] () -- \Dokumenty\DETI\Mato\torrenty\Sony Vegas Pro 12 Build 770 (64 bit) (patch-keygen DI) [ChingLiu]\patch - keygen DI\Keygen.exe
[2006/01/15 01:04:33 | 000,064,302 | ---- | M] () -- \Dokumenty\DETI\Misko\files\programy\FlashGet_v1.71_keygen_by_FFF.zip

< *AntiWPA* /s >

< *loader* /s >
[2014/02/23 22:03:19 | 000,007,364 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\DMVv13\form.215\Images\ajax-loader.gif
[2014/02/23 22:03:19 | 000,003,080 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\DMVv13\form.215\Images\ajax-loader.png
[2014/02/23 22:03:19 | 000,010,453 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\DMVv13\form.215\Images\loader.gif
[2014/02/23 22:03:19 | 000,010,294 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\DMVv13\form.215\Images\loaderWhite.gif
[2014/02/23 22:03:15 | 000,007,364 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\DPFOAv13\form.237\Images\ajax-loader.gif
[2014/02/23 22:03:15 | 000,003,080 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\DPFOAv13\form.237\Images\ajax-loader.png
[2014/02/23 22:03:16 | 000,010,453 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\DPFOAv13\form.237\Images\loader.gif
[2014/02/23 22:03:16 | 000,010,294 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\DPFOAv13\form.237\Images\loaderWhite.gif
[2014/02/23 22:03:17 | 000,007,364 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\DPFOBv13\form.240\Images\ajax-loader.gif
[2014/02/23 22:03:17 | 000,003,080 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\DPFOBv13\form.240\Images\ajax-loader.png
[2014/02/23 22:03:17 | 000,010,453 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\DPFOBv13\form.240\Images\loader.gif
[2014/02/23 22:03:17 | 000,010,294 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\DPFOBv13\form.240\Images\loaderWhite.gif
[2014/02/23 22:03:09 | 000,007,364 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\DPHv12\form.197\Images\ajax-loader.gif
[2014/02/23 22:03:09 | 000,003,080 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\DPHv12\form.197\Images\ajax-loader.png
[2014/02/23 22:03:09 | 000,010,453 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\DPHv12\form.197\Images\loader.gif
[2014/02/23 22:03:09 | 000,010,294 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\DPHv12\form.197\Images\loaderWhite.gif
[2014/02/23 22:03:18 | 000,007,680 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\DPPOv13\form.244\Images\ajax-loader.gif
[2014/02/23 22:03:18 | 000,003,080 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\DPPOv13\form.244\Images\ajax-loader.png
[2014/02/23 22:03:18 | 000,010,453 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\DPPOv13\form.244\Images\loader.gif
[2014/02/23 22:03:18 | 000,010,294 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\DPPOv13\form.244\Images\loaderWhite.gif
[2014/02/23 22:03:11 | 000,007,364 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\KVDPHv14\form.247\Images\ajax-loader.gif
[2014/02/23 22:03:11 | 000,003,080 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\KVDPHv14\form.247\Images\ajax-loader.png
[2014/02/23 22:03:11 | 000,010,453 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\KVDPHv14\form.247\Images\loader.gif
[2014/02/23 22:03:11 | 000,010,294 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\KVDPHv14\form.247\Images\loaderWhite.gif
[2014/02/23 22:03:28 | 000,007,364 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\PHMBIO\form.129\Images\ajax-loader.gif
[2014/02/23 22:03:28 | 000,003,080 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\PHMBIO\form.129\Images\ajax-loader.png
[2014/02/23 22:03:28 | 000,010,453 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\PHMBIO\form.129\Images\loader.gif
[2014/02/23 22:03:28 | 000,010,294 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\PHMBIO\form.129\Images\loaderWhite.gif
[2014/02/23 22:03:26 | 000,007,364 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\PREHLADv13\form.152\Images\ajax-loader.gif
[2014/02/23 22:03:26 | 000,003,080 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\PREHLADv13\form.152\Images\ajax-loader.png
[2014/02/23 22:03:26 | 000,010,453 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\PREHLADv13\form.152\Images\loader.gif
[2014/02/23 22:03:26 | 000,010,294 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\PREHLADv13\form.152\Images\loaderWhite.gif
[2014/02/23 22:03:08 | 000,007,364 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\REGDPv14\form.238\Images\ajax-loader.gif
[2014/02/23 22:03:08 | 000,003,080 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\REGDPv14\form.238\Images\ajax-loader.png
[2014/02/23 22:03:08 | 000,010,453 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\REGDPv14\form.238\Images\loader.gif
[2014/02/23 22:03:08 | 000,010,294 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\REGDPv14\form.238\Images\loaderWhite.gif
[2014/02/23 22:03:08 | 000,007,364 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\REGSPDv14\form.239\Images\ajax-loader.gif
[2014/02/23 22:03:08 | 000,003,080 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\REGSPDv14\form.239\Images\ajax-loader.png
[2014/02/23 22:03:08 | 000,010,453 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\REGSPDv14\form.239\Images\loader.gif
[2014/02/23 22:03:08 | 000,010,294 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\REGSPDv14\form.239\Images\loaderWhite.gif
[2014/02/23 22:03:36 | 001,418,764 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\SL_KVDPHv14\form.274\Images\ajax-loader.gif
[2014/02/23 22:03:36 | 000,003,080 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\SL_KVDPHv14\form.274\Images\ajax-loader.png
[2014/02/23 22:03:36 | 000,010,453 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\SL_KVDPHv14\form.274\Images\loader.gif
[2014/02/23 22:03:36 | 000,010,294 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\SL_KVDPHv14\form.274\Images\loaderWhite.gif
[2014/02/23 22:03:31 | 000,007,364 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\SPDELv12\form.89\Images\ajax-loader.gif
[2014/02/23 22:03:31 | 000,003,080 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\SPDELv12\form.89\Images\ajax-loader.png
[2014/02/23 22:03:31 | 000,010,453 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\SPDELv12\form.89\Images\loader.gif
[2014/02/23 22:03:31 | 000,010,294 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\SPDELv12\form.89\Images\loaderWhite.gif
[2014/02/23 22:03:29 | 000,007,364 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\SPDLHv12b\form.187\Images\ajax-loader.gif
[2014/02/23 22:03:29 | 000,003,080 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\SPDLHv12b\form.187\Images\ajax-loader.png
[2014/02/23 22:03:29 | 000,010,453 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\SPDLHv12b\form.187\Images\loader.gif
[2014/02/23 22:03:29 | 000,010,294 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\SPDLHv12b\form.187\Images\loaderWhite.gif
[2014/02/23 22:03:27 | 000,007,364 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\SPDMOv12\form.168\Images\ajax-loader.gif
[2014/02/23 22:03:27 | 000,003,080 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\SPDMOv12\form.168\Images\ajax-loader.png
[2014/02/23 22:03:27 | 000,010,453 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\SPDMOv12\form.168\Images\loader.gif
[2014/02/23 22:03:27 | 000,010,294 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\SPDMOv12\form.168\Images\loaderWhite.gif
[2014/02/23 22:03:35 | 000,007,364 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\SPDMOv14\form.252\Images\ajax-loader.gif
[2014/02/23 22:03:35 | 000,003,080 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\SPDMOv14\form.252\Images\ajax-loader.png
[2014/02/23 22:03:35 | 000,010,453 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\SPDMOv14\form.252\Images\loader.gif
[2014/02/23 22:03:35 | 000,010,294 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\SPDMOv14\form.252\Images\loaderWhite.gif
[2014/02/23 22:03:30 | 000,007,364 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\SPDPVv12b\form.203\Images\ajax-loader.gif
[2014/02/23 22:03:30 | 000,003,080 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\SPDPVv12b\form.203\Images\ajax-loader.png
[2014/02/23 22:03:30 | 000,010,453 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\SPDPVv12b\form.203\Images\loader.gif
[2014/02/23 22:03:30 | 000,010,294 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\SPDPVv12b\form.203\Images\loaderWhite.gif
[2014/02/23 22:03:31 | 000,007,364 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\SPDTVv12\form.158\Images\ajax-loader.gif
[2014/02/23 22:03:31 | 000,003,080 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\SPDTVv12\form.158\Images\ajax-loader.png
[2014/02/23 22:03:31 | 000,010,453 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\SPDTVv12\form.158\Images\loader.gif
[2014/02/23 22:03:31 | 000,010,294 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\SPDTVv12\form.158\Images\loaderWhite.gif
[2014/02/23 22:03:32 | 000,007,364 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\SPDUHv12\form.99\Images\ajax-loader.gif
[2014/02/23 22:03:32 | 000,003,080 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\SPDUHv12\form.99\Images\ajax-loader.png
[2014/02/23 22:03:32 | 000,010,453 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\SPDUHv12\form.99\Images\loader.gif
[2014/02/23 22:03:32 | 000,010,294 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\SPDUHv12\form.99\Images\loaderWhite.gif
[2014/02/23 22:03:30 | 000,007,364 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\SPDVNv12b\form.185\Images\ajax-loader.gif
[2014/02/23 22:03:30 | 000,003,080 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\SPDVNv12b\form.185\Images\ajax-loader.png
[2014/02/23 22:03:30 | 000,010,453 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\SPDVNv12b\form.185\Images\loader.gif
[2014/02/23 22:03:30 | 000,010,294 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\SPDVNv12b\form.185\Images\loaderWhite.gif
[2014/02/23 22:03:32 | 000,007,364 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\SPDZPv12\form.103\Images\ajax-loader.gif
[2014/02/23 22:03:32 | 000,003,080 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\SPDZPv12\form.103\Images\ajax-loader.png
[2014/02/23 22:03:33 | 000,010,453 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\SPDZPv12\form.103\Images\loader.gif
[2014/02/23 22:03:33 | 000,010,294 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\SPDZPv12\form.103\Images\loaderWhite.gif
[2014/02/23 22:03:10 | 000,007,364 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\SVDPHv10\form.155\Images\ajax-loader.gif
[2014/02/23 22:03:10 | 000,003,080 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\SVDPHv10\form.155\Images\ajax-loader.png
[2014/02/23 22:03:10 | 000,010,453 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\SVDPHv10\form.155\Images\loader.gif
[2014/02/23 22:03:10 | 000,010,294 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\SVDPHv10\form.155\Images\loaderWhite.gif
[2014/02/23 22:03:19 | 000,007,364 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\UVFO1v13\form.139\Images\ajax-loader.gif
[2014/02/23 22:03:19 | 000,003,080 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\UVFO1v13\form.139\Images\ajax-loader.png
[2014/02/23 22:03:19 | 000,010,453 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\UVFO1v13\form.139\Images\loader.gif
[2014/02/23 22:03:19 | 000,010,294 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\UVFO1v13\form.139\Images\loaderWhite.gif
[2014/02/23 22:03:20 | 000,007,364 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\UVFO2v13\form.144\Images\ajax-loader.gif
[2014/02/23 22:03:20 | 000,003,080 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\UVFO2v13\form.144\Images\ajax-loader.png
[2014/02/23 22:03:20 | 000,010,453 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\UVFO2v13\form.144\Images\loader.gif
[2014/02/23 22:03:20 | 000,010,294 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\UVFO2v13\form.144\Images\loaderWhite.gif
[2014/02/23 22:03:21 | 000,007,364 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\UVPOD1v11\form.201\Images\ajax-loader.gif
[2014/02/23 22:03:21 | 000,003,080 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\UVPOD1v11\form.201\Images\ajax-loader.png
[2014/02/23 22:03:21 | 000,010,453 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\UVPOD1v11\form.201\Images\loader.gif
[2014/02/23 22:03:21 | 000,010,294 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\UVPOD1v11\form.201\Images\loaderWhite.gif
[2014/02/23 22:03:34 | 000,007,364 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\UVPOD2v11\form.199\Images\ajax-loader.gif
[2014/02/23 22:03:34 | 000,003,080 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\UVPOD2v11\form.199\Images\ajax-loader.png
[2014/02/23 22:03:34 | 000,010,453 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\UVPOD2v11\form.199\Images\loader.gif
[2014/02/23 22:03:34 | 000,010,294 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\UVPOD2v11\form.199\Images\loaderWhite.gif
[2014/02/23 22:03:26 | 000,007,364 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\UVPOD3\form.118\Images\ajax-loader.gif
[2014/02/23 22:03:26 | 000,003,080 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\UVPOD3\form.118\Images\ajax-loader.png
[2014/02/23 22:03:26 | 000,010,453 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\UVPOD3\form.118\Images\loader.gif
[2014/02/23 22:03:26 | 000,010,294 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\UVPOD3\form.118\Images\loaderWhite.gif
[2014/02/23 22:03:21 | 000,007,364 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\UZNO\form.68\Images\ajax-loader.gif
[2014/02/23 22:03:21 | 000,003,080 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\UZNO\form.68\Images\ajax-loader.png
[2014/02/23 22:03:21 | 000,010,453 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\UZNO\form.68\Images\loader.gif
[2014/02/23 22:03:21 | 000,010,294 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\UZNO\form.68\Images\loaderWhite.gif
[2014/02/23 22:03:22 | 000,007,364 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\UZNUJ\form.104\Images\ajax-loader.gif
[2014/02/23 22:03:22 | 000,003,080 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\UZNUJ\form.104\Images\ajax-loader.png
[2014/02/23 22:03:24 | 000,010,453 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\UZNUJ\form.104\Images\loader.gif
[2014/02/23 22:03:24 | 000,010,294 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\UZNUJ\form.104\Images\loaderWhite.gif
[2014/02/23 22:03:33 | 000,007,364 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\VSEOBv14\form.254\Images\ajax-loader.gif
[2014/02/23 22:03:33 | 000,003,080 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\VSEOBv14\form.254\Images\ajax-loader.png
[2014/02/23 22:03:33 | 000,010,453 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\VSEOBv14\form.254\Images\loader.gif
[2014/02/23 22:03:33 | 000,010,294 | ---- | M] () -- \01_Dokumenty\.ditec\eDane\formulare\VSEOBv14\form.254\Images\loaderWhite.gif
[2014/09/02 19:48:21 | 001,539,512 | ---- | M] () -- \01_Dokumenty\Downloads\-Windows-7-Loader-v2.2.2-By-DAZ.rar
[2012/10/27 15:21:08 | 000,008,192 | ---- | M] () -- \01_Dokumenty\Downloads\guiminer\_win32sysloader.pyd
[1 \03_Backup_nemazat!!!\plocha\Desktop\com.konami.pes2012\files\*.tmp files -> \03_Backup_nemazat!!!\plocha\Desktop\com.konami.pes2012\files\*.tmp -> ]
[2014/05/24 16:18:02 | 000,000,391 | ---- | M] () -- \Dočasné internetové súbory\Low\Content.IE5\CJ26RHWT\jquery.loader[1].js
[2014/05/24 16:27:18 | 000,004,233 | ---- | M] () -- \Dočasné internetové súbory\Low\Content.IE5\GECOFA1G\cj-video-preloader[1].css
[2013/06/21 10:54:46 | 000,000,847 | ---- | M] () -- \Dokumenty\DETI\Mato\web\web\wp-content\plugins\contact-form-7\images\ajax-loader.gif
[2013/06/21 10:54:56 | 000,000,723 | ---- | M] () -- \Dokumenty\DETI\Mato\web\web\wp-content\plugins\digg-digg\image\ajax-loader.gif
[2013/06/21 10:57:42 | 000,041,330 | ---- | M] () -- \Dokumenty\DETI\Mato\web\web\wp-includes\script-loader.php
[2013/06/21 10:57:42 | 000,002,060 | ---- | M] () -- \Dokumenty\DETI\Mato\web\web\wp-includes\template-loader.php
[2013/06/21 10:57:46 | 000,003,915 | ---- | M] () -- \Dokumenty\DETI\Mato\web\web\wp-includes\images\uploader-icons-2x.png
[2013/06/21 10:57:47 | 000,001,593 | ---- | M] () -- \Dokumenty\DETI\Mato\web\web\wp-includes\images\uploader-icons.png
[2013/06/21 10:57:52 | 000,004,244 | ---- | M] () -- \Dokumenty\DETI\Mato\web\web\wp-includes\js\customize-loader.js
[2013/06/21 10:57:52 | 000,002,642 | ---- | M] () -- \Dokumenty\DETI\Mato\web\web\wp-includes\js\customize-loader.min.js
[2013/01/23 21:04:46 | 000,041,330 | ---- | M] () -- \Dokumenty\DETI\Mato\wordpress\wordpress\wp-includes\script-loader.php
[2012/10/31 23:01:14 | 000,002,060 | ---- | M] () -- \Dokumenty\DETI\Mato\wordpress\wordpress\wp-includes\template-loader.php
[2012/11/30 02:18:08 | 000,003,915 | ---- | M] () -- \Dokumenty\DETI\Mato\wordpress\wordpress\wp-includes\images\uploader-icons-2x.png
[2012/11/30 02:18:08 | 000,001,593 | ---- | M] () -- \Dokumenty\DETI\Mato\wordpress\wordpress\wp-includes\images\uploader-icons.png
[2012/11/21 22:31:56 | 000,004,244 | ---- | M] () -- \Dokumenty\DETI\Mato\wordpress\wordpress\wp-includes\js\customize-loader.js
[2012/11/21 22:31:56 | 000,002,642 | ---- | M] () -- \Dokumenty\DETI\Mato\wordpress\wordpress\wp-includes\js\customize-loader.min.js
[2011/02/02 16:50:08 | 003,270,180 | ---- | M] () -- \Dokumenty\DETI\Mato\záloha - usb\pc\Windows.7.Loader.v1.9.6-DAZ.by.-ded-.of.PowerUploaders\Windows Loader.exe
[2005/07/06 16:16:34 | 000,002,331 | ---- | M] () -- \Dokumenty\DETI\Misko\texty\EF UMB Poprad\anglicko\Severne Írsko\dane\Low Incomes Tax Reform Group - Tax help - Students_files\hm_loader.js
[2006/03/11 14:15:50 | 000,004,865 | ---- | M] () -- \Dokumenty\DETI\Misko\texty\EF UMB Poprad\diplomovka súbory\doc+ČR\priemyslový park CZ\D1 - PRŮMYSLOVÝ PARK JIHLAVA.files\loader.js

< *minodlogin* /s >

< *tnod* /s >

< *AutoKMS* /s >

< *activator* /s >
[2013/06/03 20:16:03 | 000,000,419 | ---- | M] () -- \01_Dokumenty\Downloads\MICROSOFT.OFFICE.2010.ACTIVATOR.torrent

< *serial* /s >
[2013/06/21 10:57:58 | 000,000,783 | ---- | M] () -- \Dokumenty\DETI\Mato\web\web\wp-includes\js\jquery\jquery.serialize-object.js
[2011/01/20 23:09:38 | 000,000,783 | ---- | M] () -- \Dokumenty\DETI\Mato\wordpress\wordpress\wp-includes\js\jquery\jquery.serialize-object.js
[2006/03/30 17:48:46 | 000,000,641 | ---- | M] () -- \Dokumenty\DETI\Misko\files\programy\pdf creator\crack\Jaws_PDF_Creator_v2[1].0_Serial.zip
[2006/03/30 17:47:04 | 000,019,968 | ---- | M] () -- \Dokumenty\DETI\Misko\files\programy\pdf creator\crack\pdf creator serial.doc
[2004/03/09 16:21:26 | 000,000,044 | ---- | M] () -- \Dokumenty\DETI\Misko\texty\EF UMB Poprad\štatistika\serial number.txt
[1999/09/20 06:47:40 | 000,151,040 | ---- | M] () -- \Dokumenty\DETI\Misko\texty\EF UMB Poprad\štatistika\STATGRAPHICS\UTILITY\SERIAL.EXE
[2007/06/26 18:01:16 | 000,004,807 | ---- | M] () -- \Dokumenty\DETI\Misko\WWW\__ Český Web o Smallville __ Epizody.files\o_serialu.jpg
[2007/06/26 18:01:19 | 000,002,025 | ---- | M] () -- \Dokumenty\DETI\Misko\WWW\__ Český Web o Smallville __ Epizody.files\pratele_serialy_mirekholy.jpg
[2007/06/26 18:01:19 | 000,001,660 | ---- | M] () -- \Dokumenty\DETI\Misko\WWW\__ Český Web o Smallville __ Epizody.files\pratele_titulkykserialum.gif
[2011/08/21 12:10:47 | 000,001,909 | ---- | M] () -- \Dokumenty\Tatiko\IC\plac\stolové píly - Tead - internetový obchod_files\Woodster c6 06 - Drevoobrábacie stroje_files\jquery.serialScroll.js

< *w7lxe* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 170 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A1EDB939
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

#6 Příspěvek od **Márty84** » 16 pro 2014 18:58

Odinstalujte Spybota.

Nez zacneme cistit, tak dam takovou zaludnou otazku. Jak je to s legalitou systemu? Ultimate neni zrovna bezna domaci verze

easton · #7 Příspěvek od **easton** » 17 pro 2014 16:31

Zdravím

spybot je odinštalovaný
Win je plne legálny

#8 Příspěvek od **Márty84** » 17 pro 2014 17:10

Takze ty cracky na Windows (pro jistotu rovnou dva) tam jsou jen tak na odzobu?

easton · #9 Příspěvek od **easton** » 18 pro 2014 00:26

Neviem

, mne pc robi známy, tak snad mi tam zrobil všetko v poriadku

#10 Příspěvek od **Márty84** » 18 pro 2014 10:20

Je mi lito, ale pravidla fora mi nedovoluji pokracovat.

Hovori jasne http://forum.viry.cz/viewtopic.php?f=12&t=115512

Pomáhat NELZE:
2) Pokud stroj uživatele prokazatelně obsahuje nelegální hostitelský čí ochranný software
(operační systém, antivir, firewall, atd.), je nutné navést uživatele k nápravě, např. skrze neplacený software,
a začít řešit, až v době kdy je PC "v pořádku". V případě že uživatel nechce na pravidla přistoupit,
je nutné jej vyzvat ať fórum opustí, a vrátí se až je splní.

A ty cracky tam proste bohuzel jsou, takze si to vyridte s tim znamym

easton · #11 Příspěvek od **easton** » 18 pro 2014 15:24

Dakujem, aj tak, rešpektujem

#12 Příspěvek od **Márty84** » 18 pro 2014 20:29

Pouzijte ADWCleaner, JRT a MBAM. Treba se pc ulevi.

Neni bohuzel zac. Tak snad priste s lepsim vysledkem...

VIRY.CZ

Prosim o kontrolu

Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu