Zpomalené PC

Zpráva

cros · #1 Příspěvek od **cros** » 03 úno 2015 16:19

Problémy mám ze zpomaleným PC a při zpuštění Mozila naskakuje ruská stranka.
Všem díky.

Logfile of random's system information tool 1.10 (written by random/random)
Run by 11 at 2015-02-03 16:16:02
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 529 GB (87%) free of 610 GB
Total RAM: 4095 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:16:05, on 3.2.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Norton 360\Engine\20.6.0.27\ccSvcHst.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\11.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: VK Downloader - {3C6CF3C0-D800-4B4D-A3D8-8ADE406523B6} - C:\Program Files (x86)\VK Downloader\Toolbar32.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.6.0.27\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.6.0.27\IPS\IPSBHO.DLL
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.6.0.27\coIEPlg.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Arc Service (ArcService) - Perfect World Entertainment Inc - C:\Program Files (x86)\Arc\ArcService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\20.6.0.27\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update Service for advPlugin - Unknown owner - C:\Program Files (x86)\advPlugin\Basement\ExtensionUpdaterService.exe
O23 - Service: Update Service for VK Downloader - Unknown owner - C:\Program Files (x86)\VK Downloader\Basement\ExtensionUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8071 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE 0x2a0
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
"C:\Program Files (x86)\Norton 360\Engine\20.6.0.27\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\20.6.0.27\diMaster.dll" /prefetch:1
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" nss 140b6614-a3d1-4883-b8f6-4ddbdb6eba00 1
\??\C:\Windows\system32\conhost.exe "1070999138-8616537675026031311335399690-19060555151818958142-14496407861759551932
"taskhost.exe"
"C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\advPlugin\Basement\ExtensionUpdaterService.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "192364538852071524794264496-633049292-5924510491494715816-410279266-1459864816
"C:\Program Files (x86)\VK Downloader\Basement\ExtensionUpdaterService.exe"
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r
"C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
"C:\Program Files (x86)\Norton 360\Engine\20.6.0.27\ccSvcHst.exe" /c /a /s UserSession
C:\Windows\system32\sppsvc.exe
taskeng.exe {D5FA14C6-C2A0-48F0-A359-B19DF44ED959}
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
"C:\Users\11\Downloads\RSITx64(1).exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\11\AppData\Roaming\Mozilla\Firefox\Profiles\rf2mz14n.default-1422213530672

prefs.js - "browser.startup.homepage" - "seznam.cz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.296 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.71.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@perfectworld.com/npArcPlayNowPlugin]
"Description"=Arc PlayNow plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.296 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Users\11\AppData\Roaming\Mozilla\Firefox\Profiles\rf2mz14n.default-1422213530672\extensions\
{3C6CF3C0-D800-4B4D-A3D8-8ADE406523B6}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C6CF3C0-D800-4B4D-A3D8-8ADE406523B6}]
VK Downloader - C:\Program Files (x86)\VK Downloader\Toolbar64.dll [2015-01-16 338280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C6CF3C0-D800-4B4D-A3D8-8ADE406523B6}]
VK Downloader - C:\Program Files (x86)\VK Downloader\Toolbar32.dll [2015-01-16 251752]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton 360\Engine\20.6.0.27\coIEPlg.dll [2014-11-28 510776]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Norton Vulnerability Protection - C:\Program Files (x86)\Norton 360\Engine\20.6.0.27\IPS\IPSBHO.DLL [2013-04-09 387040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton 360\Engine\20.6.0.27\coIEPlg.dll [2014-11-28 510776]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-12-13 2531472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Arc]
C:\Program Files (x86)\Arc\ArcLauncher.exe [2015-01-22 416080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-10-28 3675352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-12-11 30877280]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2009-05-18 2157056]
"KiesTrayAgent"=C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [2014-12-17 311616]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SynchronousMachineGroupPolicy"=1
"SynchronousUserGroupPolicy"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NofolderOptions"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-01-30 18:17:00 ----A---- C:\Windows\system32\drivers\TrueSight.sys
2015-01-30 18:16:57 ----D---- C:\ProgramData\RogueKiller
2015-01-29 22:37:16 ----D---- C:\Program Files\trend micro
2015-01-29 22:37:15 ----D---- C:\rsit
2015-01-27 20:06:14 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-01-24 20:03:46 ----D---- C:\Program Files (x86)\VK Downloader
2015-01-24 19:57:33 ----D---- C:\Program Files (x86)\advPlugin
2015-01-24 19:55:36 ----D---- C:\Users\11\AppData\Roaming\eTranslator
2015-01-24 19:53:38 ----D---- C:\WarPack
2015-01-24 17:31:12 ----A---- C:\Windows\SYSWOW64\nvStreaming.exe
2015-01-24 17:29:06 ----D---- C:\Windows\LastGood
2015-01-24 17:27:23 ----A---- C:\Windows\SYSWOW64\nvumdshim.dll
2015-01-24 17:27:23 ----A---- C:\Windows\SYSWOW64\nvopencl.dll
2015-01-24 17:27:23 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2015-01-24 17:27:23 ----A---- C:\Windows\SYSWOW64\nvoglshim32.dll
2015-01-24 17:27:23 ----A---- C:\Windows\SYSWOW64\nvinit.dll
2015-01-24 17:27:23 ----A---- C:\Windows\SYSWOW64\NvIFR.dll
2015-01-24 17:27:23 ----A---- C:\Windows\SYSWOW64\NvFBC.dll
2015-01-24 17:27:23 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2015-01-24 17:27:23 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2015-01-24 17:27:23 ----A---- C:\Windows\system32\nvumdshimx.dll
2015-01-24 17:27:23 ----A---- C:\Windows\system32\nvopencl.dll
2015-01-24 17:27:23 ----A---- C:\Windows\system32\nvoglv64.dll
2015-01-24 17:27:23 ----A---- C:\Windows\system32\nvoglshim64.dll
2015-01-24 17:27:23 ----A---- C:\Windows\system32\nvinitx.dll
2015-01-24 17:27:23 ----A---- C:\Windows\system32\NvIFR64.dll
2015-01-24 17:27:23 ----A---- C:\Windows\system32\nvhdagenco6420103.dll
2015-01-24 17:27:23 ----A---- C:\Windows\system32\NvFBC64.dll
2015-01-24 17:27:23 ----A---- C:\Windows\system32\nvdispgenco6434725.dll
2015-01-24 17:27:23 ----A---- C:\Windows\system32\nvdispco6434725.dll
2015-01-24 17:27:23 ----A---- C:\Windows\system32\nvd3dumx.dll
2015-01-24 17:27:23 ----A---- C:\Windows\system32\nvcuvid.dll
2015-01-24 17:27:23 ----A---- C:\Windows\system32\nvcuda.dll
2015-01-24 17:27:23 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2015-01-24 17:27:18 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2015-01-24 17:27:18 ----A---- C:\Windows\system32\nvcompiler.dll
2015-01-20 17:06:51 ----D---- C:\Windows\LastGood.Tmp
2015-01-20 17:04:39 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2015-01-20 17:04:39 ----A---- C:\Windows\system32\nvwgf2umx.dll
2015-01-14 15:39:58 ----A---- C:\Windows\system32\profsvc.dll
2015-01-14 15:39:56 ----A---- C:\Windows\SYSWOW64\nlaapi.dll
2015-01-14 15:39:56 ----A---- C:\Windows\SYSWOW64\ncsi.dll
2015-01-14 15:39:56 ----A---- C:\Windows\system32\nlasvc.dll
2015-01-14 15:39:55 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2015-01-14 15:39:54 ----A---- C:\Windows\system32\TSWbPrxy.exe
2015-01-14 15:39:52 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-01-14 15:39:51 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-01-14 15:39:51 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-01-14 15:39:51 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-01-14 15:39:51 ----A---- C:\Windows\system32\srcore.dll
2015-01-14 15:39:51 ----A---- C:\Windows\system32\srclient.dll
2015-01-14 15:39:51 ----A---- C:\Windows\system32\rstrui.exe
2015-01-08 15:56:07 ----D---- C:\Users\11\AppData\Roaming\IsolatedStorage
2015-01-08 15:56:07 ----D---- C:\ProgramData\IsolatedStorage
2015-01-08 15:53:34 ----D---- C:\Spacekace

======List of files/folders modified in the last 1 month======

2015-02-03 16:13:32 ----D---- C:\Windows\system32\config
2015-02-03 16:13:01 ----D---- C:\Windows\Prefetch
2015-02-03 16:09:39 ----D---- C:\Windows\Temp
2015-02-03 16:09:08 ----D---- C:\ProgramData\NVIDIA
2015-02-03 16:08:52 ----SHD---- C:\System Volume Information
2015-02-03 16:06:32 ----D---- C:\Users\11\AppData\Roaming\Skype
2015-02-03 14:32:30 ----D---- C:\Program Files (x86)\Neverwinter_en
2015-02-02 21:13:59 ----D---- C:\Users\11\AppData\Roaming\TS3Client
2015-02-02 19:19:27 ----D---- C:\Program Files (x86)\Arc
2015-02-02 16:32:47 ----D---- C:\Users\11\AppData\Roaming\.minecraft
2015-02-02 11:01:09 ----D---- C:\Windows\system32\catroot2
2015-01-31 14:51:11 ----D---- C:\Windows\system32\drivers
2015-01-31 14:46:29 ----D---- C:\Users\11\AppData\Roaming\vlc
2015-01-30 18:34:02 ----D---- C:\Windows\system32\Tasks
2015-01-30 18:16:57 ----HD---- C:\ProgramData
2015-01-29 22:37:16 ----RD---- C:\Program Files
2015-01-29 20:00:47 ----D---- C:\Users\11\AppData\Roaming\XBMC
2015-01-28 11:01:04 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 20:06:50 ----RD---- C:\Program Files (x86)
2015-01-25 22:02:16 ----D---- C:\Windows\SysWOW64
2015-01-25 22:02:13 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-01-25 20:26:23 ----D---- C:\Windows\Setup
2015-01-25 15:19:09 ----D---- C:\Windows\system32\NDF
2015-01-25 10:40:25 ----D---- C:\Windows\System32
2015-01-24 20:27:25 ----RSD---- C:\Windows\Fonts
2015-01-24 19:57:40 ----D---- C:\Windows\SYSWOW64\GroupPolicy
2015-01-24 17:32:00 ----D---- C:\Windows\inf
2015-01-24 17:31:09 ----D---- C:\Windows\system32\DriverStore
2015-01-24 17:31:09 ----D---- C:\Windows\system32\catroot
2015-01-24 17:29:06 ----D---- C:\Windows
2015-01-18 21:10:37 ----D---- C:\Windows\Microsoft.NET
2015-01-18 10:44:32 ----D---- C:\Windows\Minidump
2015-01-17 20:43:29 ----SHD---- C:\Windows\Installer
2015-01-17 20:37:51 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2015-01-17 20:37:28 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-01-17 14:46:55 ----D---- C:\Windows\system32\wdi
2015-01-15 08:59:50 ----D---- C:\Windows\winsxs
2015-01-14 22:00:32 ----D---- C:\Windows\system32\MRT
2015-01-14 21:57:21 ----D---- C:\Windows\debug
2015-01-14 21:57:17 ----A---- C:\Windows\system32\MRT.exe
2015-01-14 18:08:55 ----D---- C:\ProgramData\Skype
2015-01-14 18:08:49 ----RD---- C:\Program Files (x86)\Skype
2015-01-10 09:07:47 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2015-01-10 09:07:47 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2015-01-10 09:07:47 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2015-01-10 09:07:47 ----A---- C:\Windows\system32\OpenCL.dll
2015-01-10 09:07:47 ----A---- C:\Windows\system32\nvapi64.dll
2015-01-10 00:30:01 ----A---- C:\Windows\system32\nvsvc64.dll
2015-01-10 00:30:01 ----A---- C:\Windows\system32\nvcpl.dll
2015-01-10 00:29:53 ----A---- C:\Windows\system32\nvvsvc.exe
2015-01-10 00:29:53 ----A---- C:\Windows\system32\nvsvcr.dll
2015-01-10 00:29:52 ----A---- C:\Windows\system32\nvshext.dll
2015-01-10 00:29:52 ----A---- C:\Windows\system32\nvmctray.dll
2015-01-06 20:13:42 ----SD---- C:\Users\11\AppData\Roaming\Microsoft
2015-01-06 17:51:58 ----D---- C:\Windows\system32\LogFiles

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\N360x64\1406000.01B\SYMDS64.SYS [2013-05-21 493656]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\N360x64\1406000.01B\SYMEFA64.SYS [2013-05-23 1139800]
R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [2015-01-06 1622744]
R1 ccSet_N360;Norton 360 Settings Manager; C:\Windows\system32\drivers\N360x64\1406000.01B\ccSetx64.sys [2013-04-16 169048]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2014-01-20 283064]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2014-12-11 487216]
R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20150130.001\IDSvia64.sys [2015-01-14 668888]
R1 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\N360x64\1406000.01B\SRTSP64.SYS [2013-05-16 796760]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\N360x64\1406000.01B\SRTSPX64.SYS [2013-03-05 36952]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\N360x64\1406000.01B\Ironx64.SYS [2013-03-05 224416]
R1 SymNetS;Symantec Network Security WFP Driver; C:\Windows\System32\Drivers\N360x64\1406000.01B\SYMNETS.SYS [2013-04-25 433752]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-12-11 142640]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20); C:\Windows\system32\DRIVERS\L1E62x64.sys [2009-06-20 54272]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2005-03-29 8192]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20150202.019\ENG64.SYS [2015-01-20 129752]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20150202.019\EX64.SYS [2015-01-20 2137304]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2014-10-09 195728]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-12-13 19600]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2014-11-22 38032]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2014-01-18 177312]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\Windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2009-05-08 1196032]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2010-04-27 26440]
R3 WmXlCore;Logitech Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2010-04-27 77512]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS []
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-13 5020672]
S3 atillk64;atillk64; \??\C:\Users\11\Downloads\ati_winflash_2.6.7\atillk64.sys []
S3 cpuz130;cpuz130; \??\C:\Users\11\AppData\Local\Temp\cpuz130\cpuz_x64.sys []
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2014-10-13 110336]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 Ser2pl;Prolific Serial port WDF driver; C:\Windows\system32\DRIVERS\ser2pl64.sys [2014-09-03 169984]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2014-10-13 206080]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2012-08-23 29696]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;SAMSUNG Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2010-04-27 43976]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\Windows\system32\drivers\WmHidLo.sys [2010-04-27 36936]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2010-04-27 16200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-12-13 1148560]
R2 N360;Norton 360; C:\Program Files (x86)\Norton 360\Engine\20.6.0.27\ccSvcHst.exe [2013-05-21 144368]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-12-13 1701520]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-12-13 19823248]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-01-10 935056]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2014-01-20 76888]
R2 ss_conn_service;SAMSUNG Mobile Connectivity Service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [2014-10-13 743688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-01-09 410768]
R2 Update Service for advPlugin;Update Service for advPlugin; C:\Program Files (x86)\advPlugin\Basement\ExtensionUpdaterService.exe [2014-12-30 137592]
R2 Update Service for VK Downloader;Update Service for VK Downloader; C:\Program Files (x86)\VK Downloader\Basement\ExtensionUpdaterService.exe [2015-01-16 137592]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25 267440]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 ArcService;Arc Service; C:\Program Files (x86)\Arc\ArcService.exe [2015-01-22 88400]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-11-22 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-01-27 114800]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-11-12 833728]
S3 TunngleService;TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2013-11-06 758224]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-01-18 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 03 úno 2015 17:51

Zdravím!
Jak je na tom váš oper. systém s legalitou?

cros · #3 Příspěvek od **cros** » 03 úno 2015 18:35

Legalni s posledními aktualizacemi

#4 Příspěvek od **Rudy** » 03 úno 2015 19:26

OK. Zkusíme tento postup:

Stáhněte a spusťte OTL: http://oldtimer.geekstogo.com/OTL.exe . Spusťte, zaškrněte "Pro všechny uživatele", Kontrola na havěť LOP" a Kontrola na hvěť PURITY" a do dolního bílého okna zkopírujte:

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*loader* /s

a klikněte na >Prohledat<. Dejte oby logy.

cros · #5 Příspěvek od **cros** » 03 úno 2015 21:38

OTL logfile created on: 3.2.2015 20:44:54 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\11\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 2,68 Gb Available Physical Memory | 67,05% Memory free
8,00 Gb Paging File | 6,05 Gb Available in Paging File | 75,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,07 Gb Total Space | 516,58 Gb Free Space | 86,66% Space Free | Partition Type: NTFS
Drive D: | 120,15 Gb Total Space | 87,53 Gb Free Space | 72,85% Space Free | Partition Type: NTFS
Drive E: | 30,04 Gb Total Space | 11,70 Gb Free Space | 38,93% Space Free | Partition Type: NTFS
Drive F: | 781,31 Gb Total Space | 97,13 Gb Free Space | 12,43% Space Free | Partition Type: NTFS
Drive G: | 1863,01 Gb Total Space | 1542,84 Gb Free Space | 82,81% Space Free | Partition Type: NTFS

Computer Name: 11-PC | User Name: 11 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015.02.03 20:38:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\11\Downloads\OTL.exe
PRC - [2015.01.27 20:06:20 | 000,338,032 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2015.01.25 22:02:13 | 001,880,752 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
PRC - [2015.01.16 23:46:12 | 000,137,592 | ---- | M] () -- C:\Program Files (x86)\VK Downloader\Basement\ExtensionUpdaterService.exe
PRC - [2015.01.09 23:27:57 | 000,410,768 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2014.12.30 11:41:52 | 000,137,592 | ---- | M] () -- C:\Program Files (x86)\advPlugin\Basement\ExtensionUpdaterService.exe
PRC - [2014.12.17 05:41:28 | 000,311,616 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2014.12.13 01:12:55 | 002,531,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014.12.13 01:12:52 | 001,701,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014.10.13 06:57:46 | 000,743,688 | ---- | M] (DEVGURU Co., LTD.) -- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
PRC - [2014.01.20 20:34:12 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013.05.21 05:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.6.0.27\ccsvchst.exe

========== Modules (No Company Name) ==========

MOD - [2015.01.27 20:06:19 | 003,925,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2015.01.25 22:02:13 | 016,844,976 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll
MOD - [2012.05.30 07:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton 360\Engine\20.6.0.27\wincfi39.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014.12.13 01:12:52 | 001,148,560 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV:64bit: - [2014.12.13 01:12:51 | 019,823,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2014.11.22 03:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013.05.27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2015.01.27 20:06:19 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015.01.25 22:02:14 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015.01.22 18:10:00 | 000,088,400 | ---- | M] (Perfect World Entertainment Inc) [On_Demand | Stopped] -- C:\Program Files (x86)\Arc\ArcService.exe -- (ArcService)
SRV - [2015.01.16 23:46:12 | 000,137,592 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\VK Downloader\Basement\ExtensionUpdaterService.exe -- (Update Service for VK Downloader)
SRV - [2015.01.09 23:27:57 | 000,410,768 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014.12.30 11:41:52 | 000,137,592 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\advPlugin\Basement\ExtensionUpdaterService.exe -- (Update Service for advPlugin)
SRV - [2014.12.13 01:12:52 | 001,701,520 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014.12.11 10:30:48 | 000,315,496 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014.11.12 02:04:34 | 000,833,728 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014.10.13 06:57:46 | 000,743,688 | ---- | M] (DEVGURU Co., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe -- (ss_conn_service)
SRV - [2014.04.11 23:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014.03.20 23:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014.01.20 20:34:12 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013.11.06 18:30:44 | 000,758,224 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2013.05.21 05:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\20.6.0.27\ccSvcHst.exe -- (N360)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014.12.13 01:12:51 | 000,019,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2014.11.22 11:46:30 | 000,038,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2014.10.13 06:57:48 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2014.10.13 06:57:48 | 000,110,336 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2014.10.09 18:02:39 | 000,195,728 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2014.09.03 05:49:36 | 000,169,984 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2014.01.20 14:51:18 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2014.01.18 17:56:13 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013.10.02 03:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013.05.23 06:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1406000.01B\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013.05.21 06:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1406000.01B\symds64.sys -- (SymDS)
DRV:64bit: - [2013.05.16 06:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1406000.01B\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013.04.25 01:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1406000.01B\symnets.sys -- (SymNetS)
DRV:64bit: - [2013.04.16 03:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1406000.01B\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013.03.05 02:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1406000.01B\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013.03.05 02:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1406000.01B\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012.08.23 15:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.04.27 15:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010.04.27 15:57:14 | 000,036,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo)
DRV:64bit: - [2010.04.27 15:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010.04.27 13:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010.04.27 13:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009.09.16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.13 22:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.06.20 03:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.08 11:24:58 | 001,196,032 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2015.01.20 16:33:50 | 002,137,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20150202.034\ex64.sys -- (NAVEX15)
DRV - [2015.01.20 16:33:49 | 000,129,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20150202.034\eng64.sys -- (NAVENG)
DRV - [2015.01.14 15:55:56 | 000,668,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20150130.001\IDSviA64.sys -- (IDSVia64)
DRV - [2015.01.06 20:15:26 | 001,622,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20150106.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2014.12.11 21:44:16 | 000,142,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014.12.11 21:44:15 | 000,487,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2625917205-3976902407-1191094420-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE - HKU\S-1-5-21-2625917205-3976902407-1191094420-1000\..\SearchScopes,DefaultScope = {FFEBBF0A-C22C-4172-89FF-45215A135AC7}
IE - HKU\S-1-5-21-2625917205-3976902407-1191094420-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-2625917205-3976902407-1191094420-1000\..\SearchScopes\{DE42A1FF-CA6C-4D7E-9981-E746AC69D33A}: "URL" = http://tv.seznam.cz/hledej?w={searchTer ... arch_13415
IE - HKU\S-1-5-21-2625917205-3976902407-1191094420-1000\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}: "URL" = http://go.mail.ru/search?q={SearchTerms ... blackbear6
IE - HKU\S-1-5-21-2625917205-3976902407-1191094420-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.hiddenOneOffs: "DuckDuckGo"
FF - prefs.js..browser.search.highlightCount: 0
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.startup.homepage: "seznam.cz"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:35.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@perfectworld.com/npArcPlayNowPlugin: C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\11\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2015.02.03 16:09:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2014.01.18 14:19:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\11\AppData\Roaming\Mozilla\Extensions
[2015.02.03 16:05:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\11\AppData\Roaming\Mozilla\Firefox\Profiles\rf2mz14n.default-1422213530672\extensions
[2015.02.03 16:05:35 | 000,000,000 | ---D | M] (VK Downloader) -- C:\Users\11\AppData\Roaming\Mozilla\Firefox\Profiles\rf2mz14n.default-1422213530672\extensions\{3C6CF3C0-D800-4B4D-A3D8-8ADE406523B6}
[2015.01.27 20:06:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015.01.27 20:06:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (VK Downloader) - {3C6CF3C0-D800-4B4D-A3D8-8ADE406523B6} - C:\Program Files (x86)\VK Downloader\Toolbar64.dll ()
O2 - BHO: (VK Downloader) - {3C6CF3C0-D800-4B4D-A3D8-8ADE406523B6} - C:\Program Files (x86)\VK Downloader\Toolbar32.dll ()
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.6.0.27\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.6.0.27\ips\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.6.0.27\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 1
O7 - HKU\S-1-5-21-2625917205-3976902407-1191094420-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2625917205-3976902407-1191094420-1000\..Trusted Domains: localhost ([]http in Internet)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9EBA0B4-FAEB-44F7-B3F3-ACF938FC624C}: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2015.01.01 13:23:01 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.02.26 15:22:15 | 000,000,000 | -H-D | M] - E:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012.02.26 15:22:15 | 000,000,000 | -H-D | M] - F:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{1d786ae1-81d9-11e3-9cde-90e6ba848b8d}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2015.01.30 18:16:57 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2015.01.29 22:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2015.01.29 22:37:15 | 000,000,000 | ---D | C] -- C:\rsit
[2015.01.27 20:06:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2015.01.24 20:03:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VK Downloader
[2015.01.24 19:57:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\advPlugin
[2015.01.24 19:55:36 | 000,000,000 | ---D | C] -- C:\Users\11\AppData\Roaming\eTranslator
[2015.01.24 19:54:38 | 000,000,000 | ---D | C] -- C:\Users\11\AppData\Local\Mail.Ru
[2015.01.24 19:54:33 | 000,000,000 | ---D | C] -- C:\Users\11\AppData\Local\MailRu
[2015.01.24 19:54:16 | 000,000,000 | ---D | C] -- C:\Users\11\AppData\Local\SystemDir
[2015.01.24 19:53:38 | 000,000,000 | ---D | C] -- C:\WarPack
[2015.01.24 17:31:12 | 000,621,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2015.01.24 17:29:06 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2015.01.24 17:27:23 | 032,102,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2015.01.24 17:27:23 | 024,765,584 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2015.01.24 17:27:23 | 017,250,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2015.01.24 17:27:23 | 013,295,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2015.01.24 17:27:23 | 013,210,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2015.01.24 17:27:23 | 010,774,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2015.01.24 17:27:23 | 010,714,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2015.01.24 17:27:23 | 003,607,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2015.01.24 17:27:23 | 003,245,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2015.01.24 17:27:23 | 001,895,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6434725.dll
[2015.01.24 17:27:23 | 001,556,808 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6434725.dll
[2015.01.24 17:27:23 | 001,540,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2015.01.24 17:27:23 | 000,994,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2015.01.24 17:27:23 | 000,969,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2015.01.24 17:27:23 | 000,942,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2015.01.24 17:27:23 | 000,929,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2015.01.24 17:27:23 | 000,906,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2015.01.24 17:27:23 | 000,877,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2015.01.24 17:27:23 | 000,353,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2015.01.24 17:27:23 | 000,305,320 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2015.01.24 17:27:23 | 000,177,624 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2015.01.24 17:27:23 | 000,164,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2015.01.24 17:27:18 | 025,459,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2015.01.24 17:27:18 | 020,465,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2015.01.20 17:04:39 | 018,566,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2015.01.20 17:04:39 | 016,009,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2015.01.15 17:29:38 | 000,000,000 | ---D | C] -- C:\Users\11\Desktop\hl2
[2015.01.14 15:39:56 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2015.01.14 15:39:54 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2015.01.14 15:39:52 | 005,553,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2015.01.14 15:39:51 | 003,971,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2015.01.14 15:39:51 | 003,916,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2015.01.14 15:39:51 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2015.01.14 15:39:51 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2015.01.14 15:39:51 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2015.01.08 15:56:14 | 000,000,000 | ---D | C] -- C:\Users\11\AppData\Local\FileViewPro
[2015.01.08 15:56:07 | 000,000,000 | ---D | C] -- C:\Users\11\AppData\Roaming\IsolatedStorage
[2015.01.08 15:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage
[2015.01.08 15:53:34 | 000,000,000 | ---D | C] -- C:\Spacekace
[2015.01.06 20:13:42 | 000,000,000 | ---D | C] -- C:\Users\11\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
[2015.01.06 20:13:42 | 000,000,000 | ---D | C] -- C:\Users\11\AppData\Local\Apps
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2015.02.03 20:46:41 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2015.02.03 20:02:02 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015.02.03 17:20:08 | 000,003,760 | ---- | M] () -- C:\{227F7AAE-19FA-49EC-BEB4-6D2E52505422}
[2015.02.03 16:17:33 | 000,026,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015.02.03 16:17:33 | 000,026,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015.02.03 16:09:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015.02.03 16:09:01 | 3220,480,000 | -HS- | M] () -- C:\hiberfil.sys
[2015.01.31 17:04:23 | 000,003,864 | ---- | M] () -- C:\{E026F6A8-3EC7-46B9-8BA2-5C97F0BE8C7C}
[2015.01.31 17:03:23 | 000,003,808 | ---- | M] () -- C:\{0B0A9EA6-3DD5-49BF-8D85-92A1CF4F4633}
[2015.01.31 17:02:22 | 000,003,752 | ---- | M] () -- C:\{0343848B-F09C-451C-920D-8344484C4FD5}
[2015.01.31 14:51:11 | 000,037,624 | ---- | M] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2015.01.29 20:11:00 | 000,003,744 | ---- | M] () -- C:\{A8340E37-EEB1-48FD-B0F0-3312C891E884}
[2015.01.28 20:34:52 | 000,004,888 | ---- | M] () -- C:\{ACDF7B12-5FE5-4CE0-8F38-F16616532969}
[2015.01.28 13:18:04 | 000,003,744 | ---- | M] () -- C:\{87529DE6-5184-4B46-B953-9C0AAC03C1CB}
[2015.01.28 12:06:44 | 000,003,744 | ---- | M] () -- C:\{227E3FCF-2498-4227-92E1-738290810306}
[2015.01.27 20:44:03 | 000,003,736 | ---- | M] () -- C:\{C6D38350-88AC-4F11-9271-3AB1AAA484A3}
[2015.01.25 22:02:13 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2015.01.25 22:02:13 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2015.01.25 10:40:55 | 000,275,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015.01.24 20:02:06 | 000,033,272 | ---- | M] () -- C:\{3CE475F4-8FE6-48EB-A3AF-DE0091AE63FA}
[2015.01.24 19:54:39 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2015.01.18 10:44:10 | 478,347,082 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2015.01.17 20:37:51 | 001,584,790 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2015.01.17 20:37:51 | 000,681,226 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2015.01.17 20:37:51 | 000,658,506 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015.01.17 20:37:51 | 000,145,704 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2015.01.17 20:37:51 | 000,126,186 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015.01.17 20:37:28 | 001,584,790 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015.01.13 05:15:56 | 001,540,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2015.01.11 19:25:37 | 000,187,824 | ---- | M] () -- C:\Users\11\Desktop\1.jpg
[2015.01.10 09:07:47 | 032,102,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2015.01.10 09:07:47 | 025,459,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2015.01.10 09:07:47 | 024,765,584 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2015.01.10 09:07:47 | 020,465,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2015.01.10 09:07:47 | 018,566,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2015.01.10 09:07:47 | 017,250,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2015.01.10 09:07:47 | 016,009,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2015.01.10 09:07:47 | 014,115,944 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2015.01.10 09:07:47 | 013,295,552 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2015.01.10 09:07:47 | 013,210,248 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2015.01.10 09:07:47 | 010,774,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2015.01.10 09:07:47 | 010,714,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2015.01.10 09:07:47 | 003,607,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2015.01.10 09:07:47 | 003,298,816 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2015.01.10 09:07:47 | 003,245,712 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2015.01.10 09:07:47 | 002,902,456 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2015.01.10 09:07:47 | 001,895,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6434725.dll
[2015.01.10 09:07:47 | 001,556,808 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6434725.dll
[2015.01.10 09:07:47 | 000,994,712 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2015.01.10 09:07:47 | 000,969,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2015.01.10 09:07:47 | 000,942,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2015.01.10 09:07:47 | 000,929,424 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2015.01.10 09:07:47 | 000,906,384 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2015.01.10 09:07:47 | 000,877,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2015.01.10 09:07:47 | 000,353,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2015.01.10 09:07:47 | 000,305,320 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2015.01.10 09:07:47 | 000,177,624 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2015.01.10 09:07:47 | 000,164,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2015.01.10 09:07:47 | 000,073,872 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2015.01.10 09:07:47 | 000,060,744 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2015.01.10 09:07:47 | 000,027,441 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2015.01.10 00:30:01 | 006,860,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2015.01.10 00:30:01 | 003,517,256 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2015.01.10 00:29:53 | 002,558,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2015.01.10 00:29:52 | 000,385,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2015.01.10 00:29:52 | 000,062,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2015.01.09 23:27:57 | 000,621,200 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2015.01.09 20:47:35 | 004,173,527 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2015.01.07 15:21:07 | 000,001,115 | ---- | M] () -- C:\Users\11\Desktop\char.png
[2015.01.06 20:13:43 | 000,002,469 | ---- | M] () -- C:\Users\11\Desktop\Windows 7 USB DVD Download Tool.lnk
[2015.01.06 18:19:36 | 000,193,220 | ---- | M] () -- C:\Users\11\Desktop\20141229_112528.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2015.02.03 20:46:40 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2015.02.03 17:20:08 | 000,003,760 | ---- | C] () -- C:\{227F7AAE-19FA-49EC-BEB4-6D2E52505422}
[2015.01.31 17:04:23 | 000,003,864 | ---- | C] () -- C:\{E026F6A8-3EC7-46B9-8BA2-5C97F0BE8C7C}
[2015.01.31 17:03:23 | 000,003,808 | ---- | C] () -- C:\{0B0A9EA6-3DD5-49BF-8D85-92A1CF4F4633}
[2015.01.31 17:02:22 | 000,003,752 | ---- | C] () -- C:\{0343848B-F09C-451C-920D-8344484C4FD5}
[2015.01.30 18:17:00 | 000,037,624 | ---- | C] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2015.01.29 20:11:00 | 000,003,744 | ---- | C] () -- C:\{A8340E37-EEB1-48FD-B0F0-3312C891E884}
[2015.01.28 20:34:52 | 000,004,888 | ---- | C] () -- C:\{ACDF7B12-5FE5-4CE0-8F38-F16616532969}
[2015.01.28 13:18:04 | 000,003,744 | ---- | C] () -- C:\{87529DE6-5184-4B46-B953-9C0AAC03C1CB}
[2015.01.28 12:06:44 | 000,003,744 | ---- | C] () -- C:\{227E3FCF-2498-4227-92E1-738290810306}
[2015.01.27 20:44:03 | 000,003,736 | ---- | C] () -- C:\{C6D38350-88AC-4F11-9271-3AB1AAA484A3}
[2015.01.24 20:02:06 | 000,033,272 | ---- | C] () -- C:\{3CE475F4-8FE6-48EB-A3AF-DE0091AE63FA}
[2015.01.18 10:44:10 | 478,347,082 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2015.01.11 19:25:37 | 000,187,824 | ---- | C] () -- C:\Users\11\Desktop\1.jpg
[2015.01.07 15:21:46 | 000,001,115 | ---- | C] () -- C:\Users\11\Desktop\char.png
[2015.01.06 20:13:43 | 000,002,469 | ---- | C] () -- C:\Users\11\Desktop\Windows 7 USB DVD Download Tool.lnk
[2015.01.06 18:19:11 | 000,193,220 | ---- | C] () -- C:\Users\11\Desktop\20141229_112528.jpg
[2015.01.06 18:18:57 | 001,676,395 | ---- | C] () -- C:\Users\11\Desktop\20141229_112701.jpg
[2014.12.30 12:15:18 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2014.06.05 19:31:02 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2014.01.20 20:34:31 | 000,281,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014.01.20 20:34:12 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2014.01.20 20:06:40 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2014.01.18 15:28:35 | 001,584,790 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.12.30 10:52:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013.12.30 10:52:42 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2013.12.30 10:52:40 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013.12.30 10:52:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013.12.30 10:52:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014.06.25 03:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.06.25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2015.02.02 16:32:47 | 000,000,000 | ---D | M] -- C:\Users\11\AppData\Roaming\.minecraft
[2014.12.27 10:58:43 | 000,000,000 | ---D | M] -- C:\Users\11\AppData\Roaming\Arc
[2014.12.29 23:12:20 | 000,000,000 | ---D | M] -- C:\Users\11\AppData\Roaming\DAEMON Tools Lite
[2014.09.20 18:41:53 | 000,000,000 | ---D | M] -- C:\Users\11\AppData\Roaming\DisneyInteractiveStudios
[2015.01.24 20:04:35 | 000,000,000 | ---D | M] -- C:\Users\11\AppData\Roaming\eTranslator
[2015.01.08 15:56:07 | 000,000,000 | ---D | M] -- C:\Users\11\AppData\Roaming\IsolatedStorage
[2014.06.05 15:27:25 | 000,000,000 | ---D | M] -- C:\Users\11\AppData\Roaming\Origin
[2015.01.01 14:48:36 | 000,000,000 | ---D | M] -- C:\Users\11\AppData\Roaming\rmi
[2014.12.31 15:00:46 | 000,000,000 | ---D | M] -- C:\Users\11\AppData\Roaming\Samsung
[2015.01.01 13:23:27 | 000,000,000 | ---D | M] -- C:\Users\11\AppData\Roaming\Seznam.cz
[2014.12.24 17:40:36 | 000,000,000 | ---D | M] -- C:\Users\11\AppData\Roaming\Steam
[2015.02.03 20:36:54 | 000,000,000 | ---D | M] -- C:\Users\11\AppData\Roaming\TS3Client
[2014.01.20 14:55:57 | 000,000,000 | ---D | M] -- C:\Users\11\AppData\Roaming\Tunngle
[2014.01.19 11:04:14 | 000,000,000 | ---D | M] -- C:\Users\11\AppData\Roaming\Unity
[2014.08.28 18:19:49 | 000,000,000 | ---D | M] -- C:\Users\11\AppData\Roaming\Wargaming.net
[2015.01.29 20:00:47 | 000,000,000 | ---D | M] -- C:\Users\11\AppData\Roaming\XBMC

========== Purity Check ==========

========== Custom Scans ==========

< >
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,612 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2014.01.18 13:40:09 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< >

< MD5 for: ATAPI.SYS >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010.11.21 04:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010.11.21 04:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2010.11.21 04:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010.11.21 04:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2010.11.21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010.11.21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010.11.21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: HAL.DLL >
[2010.11.21 04:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\SysNative\hal.dll
[2010.11.21 04:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll

< MD5 for: SCECLI.DLL >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SERVICES.EXE >
[2009.07.14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009.07.14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2014.04.05 03:47:20 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=04ADD18EE5CC9FBEDAEC1DD1CD0CB45E -- C:\Windows\SysNative\drivers\tcpip.sys
[2014.04.05 03:47:20 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=04ADD18EE5CC9FBEDAEC1DD1CD0CB45E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18438_none_113260637d1284ef\tcpip.sys
[2012.10.03 18:56:54 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[2014.01.18 15:12:41 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_1118bb977d265d27\tcpip.sys
[2014.04.05 03:37:43 | 001,897,408 | ---- | M] (Microsoft Corporation) MD5=4F80944B03112F486212DC20BE166079 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22648_none_11b12f2896383dd1\tcpip.sys
[2010.11.21 04:24:08 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2014.01.18 15:12:41 | 001,896,896 | ---- | M] (Microsoft Corporation) MD5=75F9106B74585D38C8FF6BB5CAD262D7 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_11ad2a34963bde27\tcpip.sys
[2013.07.06 06:20:38 | 001,900,992 | ---- | M] (Microsoft Corporation) MD5=B27F13153343BC37A27EAE01634D94E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_1190b9b296509a2f\tcpip.sys
[2012.10.03 18:44:29 | 001,902,472 | ---- | M] (Microsoft Corporation) MD5=D5707FC2300AA5B04B7BFE86D40C0133 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys
[2013.07.06 07:03:53 | 001,910,208 | ---- | M] (Microsoft Corporation) MD5=DB74544B75566C974815E79A62433F29 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_114dcae97cfeb81b\tcpip.sys
[2013.11.26 12:34:34 | 001,897,408 | ---- | M] (Microsoft Corporation) MD5=F55B41AA6114568AC558ADBABDA85620 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22525_none_11c3cc3c962abcc3\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2014.03.04 12:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014.03.04 10:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[2014.07.17 03:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\SysNative\winlogon.exe
[2014.07.17 03:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_cdc47ed1ebad0e4e\winlogon.exe
[2014.07.16 04:23:23 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=98AA0BFEE089C7E5DADB94190D93456C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_ce434d9704d2c730\winlogon.exe

< >

< %systemroot%*.* /U /s >
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[3 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[4 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[2 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2015.02.02 16:32:47 | 000,000,000 | ---D | M] -- C:\Users\11\AppData\Roaming\.minecraft
[2014.01.18 13:42:22 | 000,000,000 | ---D | M] -- C:\Users\11\AppData\Roaming\Adobe
[2014.12.27 10:58:43 | 000,000,000 | ---D | M] -- C:\Users\11\AppData\Roaming\Arc
[2014.12.29 23:12:20 | 000,000,000 | ---D | M] -- C:\Users\11\AppData\Roaming\DAEMON Tools Lite
[2014.09.20 18:41:53 | 000,000,000 | ---D | M] -- C:\Users\11\AppData\Roaming\DisneyInteractiveStudios
[2014.06.22 10:41:21 | 000,000,000 | ---D | M] -- C:\Users\11\AppData\Roaming\dvdcss
[2015.01.24 20:04:35 | 000,000,000 | ---D | M] -- C:\Users\11\AppData\Roaming\eTranslator
[2014.01.18 13:30:54 | 000,000,000 | ---D | M] -- C:\Users\11\AppData\Roaming\Identities
[2015.01.08 15:56:07 | 000,000,000 | ---D | M] -- C:\Users\11\AppData\Roaming\IsolatedStorage
[2014.01.18 13:42:22 | 000,000,000 | ---D | M] -- C:\Users\11\AppData\Roaming\Macromedia
[2010.11.21 10:38:07 | 000,000,000 | ---D | M] -- C:\Users\11\AppData\Roaming\Media Center Programs
[2015.01.06 20:13:42 | 000,000,000 | --SD | M] -- C:\Users\11\AppData\Roaming\Microsoft
[2014.01.18 14:19:07 | 000,000,000 | ---D | M] -- C:\Users\11\AppData\Roaming\Mozilla
[2014.06.22 11:54:20 | 000,000,000 | ---D | M] -- C:\Users\11\AppData\Roaming\NVIDIA
[2014.06.05 15:27:25 | 000,000,000 | ---D | M] -- C:\Users\11\AppData\Roaming\Origin
[2015.01.01 14:48:36 | 000,000,000 | ---D | M] -- C:\Users\11\AppData\Roaming\rmi
[2014.12.31 15:00:46 | 000,000,000 | ---D | M] -- C:\Users\11\AppData\Roaming\Samsung
[2015.01.01 13:23:27 | 000,000,000 | ---D | M] -- C:\Users\11\AppData\Roaming\Seznam.cz
[2015.02.03 16:06:32 | 000,000,000 | ---D | M] -- C:\Users\11\AppData\Roaming\Skype
[2014.12.24 17:40:36 | 000,000,000 | ---D | M] -- C:\Users\11\AppData\Roaming\Steam
[2015.02.03 20:36:54 | 000,000,000 | ---D | M] -- C:\Users\11\AppData\Roaming\TS3Client
[2014.01.20 14:55:57 | 000,000,000 | ---D | M] -- C:\Users\11\AppData\Roaming\Tunngle
[2014.01.19 11:04:14 | 000,000,000 | ---D | M] -- C:\Users\11\AppData\Roaming\Unity
[2015.01.31 14:46:29 | 000,000,000 | ---D | M] -- C:\Users\11\AppData\Roaming\vlc
[2014.08.28 18:19:49 | 000,000,000 | ---D | M] -- C:\Users\11\AppData\Roaming\Wargaming.net
[2014.01.20 19:31:10 | 000,000,000 | ---D | M] -- C:\Users\11\AppData\Roaming\WinRAR
[2015.01.29 20:00:47 | 000,000,000 | ---D | M] -- C:\Users\11\AppData\Roaming\XBMC

< %APPDATA%\*.exe /s >
[2013.03.15 17:21:06 | 000,462,551 | ---- | M] (TeamExtreme) -- C:\Users\11\AppData\Roaming\.minecraft\minecraft launcher\Minecraft Launcher.exe
[2014.09.11 15:04:46 | 000,069,251 | ---- | M] () -- C:\Users\11\AppData\Roaming\.minecraft\minecraft launcher\Uninstall.exe
[2015.01.06 20:13:42 | 000,119,808 | R--- | M] () -- C:\Users\11\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2015.02.03 21:02:14 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2015.01.27 20:06:20 | 000,338,032 | ---- | M] (Mozilla Corporation) MD5=265B49EF94A5AA713192EE97A7D248B5 -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2014.11.27 02:10:46 | 000,815,280 | ---- | M] (Microsoft Corporation) MD5=A24BFBAE8B50A6780B68FF3673FAB52F -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2015.02.03 20:46:41 | 000,000,512 | ---- | M] () MD5=E4A69ADB5B97580A014A48E304E654DD -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2015.01.01 14:30:22 | 003,065,433 | ---- | M] () -- \Users\11\AppData\Local\CrashDumps\{SpyHunter_4_Crack_Keygen_Setup}.exe.3848.dmp

< *keygen* /s >
[2015.01.01 14:30:22 | 003,065,433 | ---- | M] () -- \Users\11\AppData\Local\CrashDumps\{SpyHunter_4_Crack_Keygen_Setup}.exe.3848.dmp
[2015.01.01 16:07:29 | 000,000,827 | ---- | M] () -- \Users\11\AppData\Roaming\Microsoft\Windows\Recent\Serials a Keygen 3DMark06AdvEdit(2010)120 1901.lnk

< *loader* /s >
[2014.09.28 15:59:30 | 000,139,264 | ---- | M] () -- \$Recycle.Bin\S-1-5-21-2625917205-3976902407-1191094420-1000\$R9HXBX9.6\Gamers Mod Pack v0.6\DIYModLoader.exe
[2013.12.10 15:13:56 | 000,008,921 | ---- | M] () -- \$Recycle.Bin\S-1-5-21-2625917205-3976902407-1191094420-1000\$R9HXBX9.6\Gamers Mod Pack v0.6\Gamers Mod Pack\res_mods\0.9.3\gui\maps\icons\tankmen\skills\big\loader_desperado.png
[2013.12.10 15:14:16 | 000,009,727 | ---- | M] () -- \$Recycle.Bin\S-1-5-21-2625917205-3976902407-1191094420-1000\$R9HXBX9.6\Gamers Mod Pack v0.6\Gamers Mod Pack\res_mods\0.9.3\gui\maps\icons\tankmen\skills\big\loader_intuition.png
[2013.12.10 15:14:38 | 000,006,536 | ---- | M] () -- \$Recycle.Bin\S-1-5-21-2625917205-3976902407-1191094420-1000\$R9HXBX9.6\Gamers Mod Pack v0.6\Gamers Mod Pack\res_mods\0.9.3\gui\maps\icons\tankmen\skills\big\loader_pedant.png
[2014.08.12 08:05:04 | 000,000,554 | ---- | M] () -- \$Recycle.Bin\S-1-5-21-2625917205-3976902407-1191094420-1000\$RQZEMPT\0.9.3\scripts\client\mods\PMOD\skins\skinLoader.json
[2014.04.24 03:29:36 | 000,005,330 | ---- | M] () -- \$Recycle.Bin\S-1-5-21-2625917205-3976902407-1191094420-1000\$RQZEMPT\0.9.3\scripts\client\mods\PMOD\skins\XXX_MUTANT\icons\image\loader_intuition.png
[2014.12.18 20:40:50 | 000,195,920 | ---- | M] () -- \Program Files (x86)\Arc\HttpDownloader.dll
[2006.01.02 10:10:42 | 000,049,152 | ---- | M] () -- \Program Files (x86)\Futuremark\3DMark06\PhysXLoader.dll
[2009.12.23 21:21:28 | 000,069,632 | ---- | M] () -- \Program Files (x86)\Neverwinter_en\Neverwinter\Live\PhysXLoader.dll
[2014.12.13 01:12:42 | 001,173,136 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\ExtensionLoader.dll
[2014.06.10 16:42:34 | 000,065,344 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2014.06.10 16:42:34 | 000,067,904 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader64.dll
[2014.06.10 16:42:30 | 000,070,464 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader.dll
[2014.06.10 16:42:30 | 000,085,312 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader64.dll
[2014.12.17 05:38:48 | 000,069,120 | ---- | M] () -- \Program Files (x86)\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.dll
[2015.01.16 23:46:12 | 000,160,104 | ---- | M] () -- \Program Files (x86)\VK Downloader\Loader.exe
[2013.10.26 21:21:06 | 000,004,782 | ---- | M] () -- \Program Files (x86)\XBMC\addons\webinterface.default\images\ajax-loader.gif
[2011.03.08 09:43:28 | 000,013,734 | ---- | M] () -- \Program Files (x86)\XBMC\system\python\Lib\unittest\loader.py
[2011.03.08 09:43:28 | 000,050,487 | ---- | M] () -- \Program Files (x86)\XBMC\system\python\Lib\unittest\test\test_loader.py
[2013.12.10 03:15:46 | 001,168,672 | ---- | M] () -- \Program Files\NVIDIA Corporation\Installer2\Display.GFExperience.{F2E5E165-8C03-4F5B-A478-BB8C6E0840D3}\ExtensionLoader.dll
[2013.12.01 14:09:05 | 000,061,528 | ---- | M] () -- \Program Files\WinRAR\Formats\ace32loader.exe
[2014.01.18 14:38:19 | 000,012,811 | ---- | M] () -- \Users\11\AppData\Local\Overwolf\InstallerCache\preloader_3337.gif
[2014.10.24 08:42:10 | 000,072,638 | ---- | M] () -- \Users\11\AppData\Local\Skype\Apps\login\images\loader.gif
[2014.10.24 08:42:10 | 000,003,032 | ---- | M] () -- \Users\11\AppData\Local\Skype\Apps\login\images\loader.png
[2014.10.24 08:42:10 | 000,006,012 | ---- | M] () -- \Users\11\AppData\Local\Skype\Apps\login\images\normal\loader_15fps.gif
[2014.10.24 08:42:10 | 000,021,956 | ---- | M] () -- \Users\11\AppData\Local\Skype\Apps\login\images\normal\loader_30fps.gif
[2014.10.24 08:42:10 | 000,009,772 | ---- | M] () -- \Users\11\AppData\Local\Skype\Apps\login\images\retina\loader@2x.png
[2014.02.03 21:15:21 | 000,008,999 | ---- | M] () -- \Users\11\AppData\Roaming\XBMC\addons\script.xbmc.subtitles\resources\lib\services\Torec\TorecSubtitlesDownloader.py
[2012.10.04 18:38:48 | 000,003,584 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eeeafda1c58ef6e778ff768f9a94a6f\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_68a2edab92971725\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:35:00 | 000,003,584 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eeeafda1c58ef6e778ff768f9a94a6f\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_6957a248ab947a6d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 17:40:37 | 000,003,584 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eeeafda1c58ef6e778ff768f9a94a6f\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_0c845227da39a5ef\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 17:29:45 | 000,003,584 | ---- | M] () -- \Windows\SoftwareDistribution\Download\1eeeafda1c58ef6e778ff768f9a94a6f\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_0d3906c4f3370937\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 02:48:15 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2013.08.02 02:48:15 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2 \Windows\Temp\*.tmp files -> \Windows\Temp\*.tmp -> ]
[2009.07.14 02:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009.07.14 02:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.01.18 14:48:15 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17617_none_68daf829926cc6a9\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.01.18 14:50:30 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17932_none_68c05c919281774d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:38:44 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 03:12:19 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.01.18 14:48:15 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21728_none_695ac552ab919bbb\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.01.18 14:50:30 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22091_none_6907efc6abd0db81\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:39:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_69239340abbb38d0\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 07:20:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_695e76beab8ff095\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.29 03:18:31 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22436_none_694dd858ab9ba72a\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.03.04 12:03:17 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22616_none_69637bfcab8b6996\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.04.12 03:28:21 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_69353b6eabae8d55\api-ms-win-core-libraryloader-l1-1-0.dll
[2010.11.21 10:27:28 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2010.11.21 10:27:28 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.efi.mui_35ee487d
[2010.11.21 10:27:28 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.exe.mui_3bc5b827
[2010.11.21 10:27:28 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.efi.mui_f412814e
[2010.11.21 10:27:28 | 000,030,288 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.exe.mui_ff8b5358
[2014.01.18 13:58:46 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2014.01.18 13:58:46 | 000,642,944 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.efi_75834aa0
[2014.01.18 13:58:46 | 000,605,552 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.exe_75835076
[2014.01.18 13:58:46 | 000,566,208 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.efi_85cd069f
[2014.01.18 13:58:46 | 000,518,672 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.exe_85cd1215
[2009.07.14 03:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 03:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2010.11.21 10:26:16 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2014.12.13 02:57:48 | 000,004,141 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22908_cs-cz_9200d0e22cbafea1.manifest
[2010.11.21 04:16:35 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89.manifest
[2011.02.05 18:34:23 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2011.02.05 14:09:57 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e.manifest
[2014.12.12 07:29:00 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22908_none_b9e51c6a9c5864d4.manifest
[2009.07.14 03:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.01.18 14:48:15 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17617_none_0cbc5ca5da0f5573\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.01.18 14:50:30 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17932_none_0ca1c10dda240617\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 05:45:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 02:48:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.01.18 14:48:15 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21728_none_0d3c29cef3342a85\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.01.18 14:50:30 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22091_none_0ce95442f3736a4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 05:46:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_0d04f7bcf35dc79a\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 06:53:29 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_0d3fdb3af3327f5f\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.29 02:54:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22436_none_0d2f3cd4f33e35f4\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.03.04 11:35:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22616_none_0d44e078f32df860\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.04.12 03:03:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_0d169feaf3511c1f\api-ms-win-core-libraryloader-l1-1-0.dll

< End of report >

cros · #6 Příspěvek od **cros** » 03 úno 2015 21:38

OTL Extras logfile created on: 3.2.2015 20:44:54 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\11\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 2,68 Gb Available Physical Memory | 67,05% Memory free
8,00 Gb Paging File | 6,05 Gb Available in Paging File | 75,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,07 Gb Total Space | 516,58 Gb Free Space | 86,66% Space Free | Partition Type: NTFS
Drive D: | 120,15 Gb Total Space | 87,53 Gb Free Space | 72,85% Space Free | Partition Type: NTFS
Drive E: | 30,04 Gb Total Space | 11,70 Gb Free Space | 38,93% Space Free | Partition Type: NTFS
Drive F: | 781,31 Gb Total Space | 97,13 Gb Free Space | 12,43% Space Free | Partition Type: NTFS
Drive G: | 1863,01 Gb Total Space | 1542,84 Gb Free Space | 82,81% Space Free | Partition Type: NTFS

Computer Name: 11-PC | User Name: 11 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2625917205-3976902407-1191094420-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03BE04C4-9FCF-44D2-AAA7-EB34857506AA}" = lport=6881 | protocol=6 | dir=in | name=war thunder |
"{19E23A9E-4992-4552-A822-03701A3C8752}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{1EB6FE44-F421-4BA7-9B7A-3BA2A8E0E930}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{3165D0CA-DC29-48C7-BADD-04F9CBDF0C5C}" = lport=7850 | protocol=6 | dir=in | name=war thunder |
"{3513BE55-6EEF-4A98-A2C3-C0CBD428F980}" = lport=443 | protocol=6 | dir=in | name=war thunder |
"{3924A8BE-CE5A-404D-95D0-3721DDFCAADA}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{40AA1758-6C90-41EE-A851-E35A6C831F2F}" = lport=20010 | protocol=17 | dir=in | name=war thunder |
"{4EAA29B7-11EF-4BB2-92ED-ED88BFE2D96E}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{827ED7D4-2602-4054-8419-77B4B7BFABE2}" = lport=7853 | protocol=6 | dir=in | name=war thunder |
"{AC5FF5D2-F1D6-4470-BE01-83209BFC0A4C}" = lport=3478 | protocol=17 | dir=in | name=war thunder |
"{B8FCC175-86FE-4F53-A4CF-DCC02F819F9A}" = lport=33333 | protocol=6 | dir=in | name=war thunder |
"{BA204108-966D-44B8-84DF-B96F69ABF6CD}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{CB4D5F33-7782-4A5C-8DA0-F6CC8D282B7F}" = lport=80 | protocol=6 | dir=in | name=war thunder |
"{D931C2C9-971C-4A3E-9217-39F284FD23C4}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{DD18E6FC-80B5-4CB1-BED8-2A9E00DFB76A}" = lport=7852 | protocol=6 | dir=in | name=war thunder |
"{DE59E9A0-06E0-4440-8BBA-3A14E520EC2A}" = lport=20443 | protocol=6 | dir=in | name=war thunder |
"{EAE94256-EC21-4F51-AEF4-22AED1A441FD}" = lport=27022 | protocol=6 | dir=in | name=war thunder |
"{F2FD23D0-F8DE-4888-827F-26E757B1AF48}" = lport=8090 | protocol=6 | dir=in | name=war thunder |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{069B2B1C-E7D6-4753-93D8-4D9C0B737DA7}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{19B8AC08-FDD4-4EB8-88C8-D3DF259F786F}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\bin\steamwebhelper.exe |
"{1CEB4577-16A5-45D5-B22B-B5B96D0FD88F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{1F6C4D02-3849-42A9-A745-291AE11499A7}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{2256D7C3-80D4-4A3B-80BF-D0DB56D8F081}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{2959B49A-2748-42D3-ADAF-0F3F73C60F53}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{4F055A19-8E3C-4CED-B2D4-0F50B8024EF5}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam.exe |
"{5CCDD687-E3A8-42CD-9A7C-DD683269AB9C}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe |
"{6DEFB7A0-4466-43C6-8519-22959F24C389}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{73C29837-2D7B-400F-B57C-315BD07174A0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{8AD9185D-AA9E-44CD-925E-7E4B55B4821F}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam.exe |
"{9326E360-0B0C-406A-9E13-959442D84C3D}" = protocol=17 | dir=in | app=g:\program files (x86)\origin games\battlefield bad company 2\bfbc2game.exe |
"{9EA9BC8D-7F1E-4D9B-855F-1B12361533EB}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\bin\steamwebhelper.exe |
"{B3079300-95E7-4809-9BF8-14F24405955E}" = protocol=17 | dir=in | app=g:\hry\warthunder\launcher.exe |
"{B57112A9-E498-42E6-BC0C-813B99CD4DB6}" = protocol=6 | dir=in | app=g:\program files (x86)\origin games\battlefield bad company 2\bfbc2game.exe |
"{B981A1E3-39E4-4846-908A-127CAA5B2E79}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{C504C4D5-D320-4E4B-A6C1-9665D8F9D3CA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{D208B1BC-4B57-4BBC-BD5D-91D18E914926}" = protocol=6 | dir=in | app=g:\hry\warthunder\launcher.exe |
"{D5BF5094-3918-48C2-B41D-CE2F17B15813}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{DF445D19-3893-4221-A780-10801C94AF07}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe |
"{FD14994F-F81F-4261-91EB-F3C1457148E1}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{39847B99-D0B1-47AA-9397-4B19BC01A784}C:\program files (x86)\xbmc\xbmc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe |
"UDP Query User{5FEFE1D2-D927-496D-8A7D-390F5B1185AF}C:\program files (x86)\xbmc\xbmc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26784146-6E05-3FF9-9335-786C7C0FB5BE}" = Microsoft .NET Framework 4.5.2
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{50813B8C-FCBB-3C61-8039-EAAA93029066}" = Microsoft .NET Framework 4.5.1 (CSY)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{738BD05C-189F-41C0-BE6D-71E9B99A1A44}" = Windows 7 Manager
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029" = Microsoft .NET Framework 4.5.1 (čeština)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2
"{B1E50355-2437-40B0-A016-67B7490FC93E}" = Intel Processor Diagnostic Tool 64bit
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Ovladač 3D Vision 347.25
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 347.25
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Ovladače grafiky 347.25
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.1.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Ovladač řídící jednotky 3D Vision 347.09
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Systémový software PhysX 9.14.0702
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizace NVIDIA 16.18.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService" = NVIDIA GeForce Experience Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Ovladač HD audia 1.3.33.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 16.18.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.27
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"5118100F6945E20FB40C6DEA7D3D348AFD9E43D7" = Windows Driver Package - Silicon Laboratories (silabenm) Ports (10/05/2012 6.6.0.0)
"CCleaner" = CCleaner
"Cool PDF Reader_is1" = Cool PDF Reader 3.16
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 5.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0FFC48C5-C74B-498E-B908-74CB44D30E32}" = LEGO® Batman™
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 7.0
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{26A24AE4-039D-4CA4-87B4-2F03217071FF}" = Java 7 Update 71
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{64958DA4-79D3-43FD-AF06-720DAD044F9E}" = LEGO® Pirates of the Caribbean The Video Game
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86F8FDFF-6965-4E37-8B28-2192E0406588}_is1" = Max - The Curse Of Brotherhood version 1.0u4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Processor Identification Utility
"{B455E95A-B804-439F-B533-336B1635AE97}" = NVIDIA PhysX
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CED8E25B-122A-4E80-B612-7F99B93284B3}" = Arc
"{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.355
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
"Call of Duty Advanced Warfare_is1" = Call of Duty Advanced Warfare
"DAEMON Tools Lite" = DAEMON Tools Lite
"InstallShield_{0FFC48C5-C74B-498E-B908-74CB44D30E32}" = LEGO® Batman™
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platforma Ovladače zařízení
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"IrfanView" = IrfanView (remove only)
"Minecraft1.5.2" = Minecraft1.5.2
"Mozilla Firefox 35.0.1 (x86 cs)" = Mozilla Firefox 35.0.1 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Q2FsbG9mRHV0eUFkdmFuY2VkV2FyZmFyZQ==_is1" = Call of Duty Advanced Warfare Update 1
"Shadows: Heretic Kingdoms_is1" = Shadows: Heretic Kingdoms
"Steam" = Steam
"Steam App 440" = Team Fortress 2
"Tunngle beta_is1" = Tunngle beta
"V29sZmVuc3RlaW5UaGVOZXdPcmRlcg==_is1" = Wolfenstein: The New Order
"VK Downloader" = VK Downloader
"VLC media player" = VLC media player 2.1.2
"ZRwTINhSZfduKONYrSCTiCiGPggQZdcLRvoAVxyCOXXpkHeC~1DC3968F_is1" = Aslain's XVM Mod version 4.1.31

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2625917205-3976902407-1191094420-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1" = World of Tanks
"UnityWebPlayer" = Unity Web Player
"XBMC" = XBMC

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 30.1.2015 8:02:09 | Computer Name = 11-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: ExtensionUpdaterService.exe, verze: 0.0.0.0,
časové razítko: 0x5482a19e Název chybujícího modulu: ExtensionUpdaterService.exe,
verze: 0.0.0.0, časové razítko: 0x5482a19e Kód výjimky: 0xc0000005 Posun chyby: 0x000028d6
ID
chybujícího procesu: 0x848 Čas spuštění chybující aplikace: 0x01d03c83de16a4d0 Cesta
k chybující aplikaci: C:\Program Files (x86)\VK Downloader\Basement\ExtensionUpdaterService.exe
Cesta
k chybujícímu modulu: C:\Program Files (x86)\VK Downloader\Basement\ExtensionUpdaterService.exe
ID
zprávy: d07f4956-a877-11e4-aba9-90e6ba848b8d

Error - 30.1.2015 13:38:58 | Computer Name = 11-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: plugin-container.exe, verze: 35.0.1.5500,
časové razítko: 0x54c1f9f3 Název chybujícího modulu: mozalloc.dll, verze: 35.0.1.5500,
časové razítko: 0x54c1f224 Kód výjimky: 0x80000003 Posun chyby: 0x00001425 ID chybujícího
procesu: 0x418 Čas spuštění chybující aplikace: 0x01d03caf27ab9ef8 Cesta k chybující
aplikaci: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Cesta k chybujícímu
modulu: C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll ID zprávy: de87a0ab-a8a6-11e4-aba9-90e6ba848b8d

Error - 31.1.2015 9:42:47 | Computer Name = 11-PC | Source = WinMgmt | ID = 10
Description =

Error - 31.1.2015 10:16:09 | Computer Name = 11-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: plugin-container.exe, verze: 35.0.1.5500,
časové razítko: 0x54c1f9f3 Název chybujícího modulu: mozalloc.dll, verze: 35.0.1.5500,
časové razítko: 0x54c1f224 Kód výjimky: 0x80000003 Posun chyby: 0x00001425 ID chybujícího
procesu: 0x144 Čas spuštění chybující aplikace: 0x01d03d5d6aa04e20 Cesta k chybující
aplikaci: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Cesta k chybujícímu
modulu: C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll ID zprávy: b35b54ff-a953-11e4-aba3-90e6ba848b8d

Error - 1.2.2015 11:02:36 | Computer Name = 11-PC | Source = WinMgmt | ID = 10
Description =

Error - 1.2.2015 14:49:12 | Computer Name = 11-PC | Source = WinMgmt | ID = 10
Description =

Error - 2.2.2015 6:01:09 | Computer Name = 11-PC | Source = WinMgmt | ID = 10
Description =

Error - 2.2.2015 14:21:04 | Computer Name = 11-PC | Source = WinMgmt | ID = 10
Description =

Error - 3.2.2015 8:05:37 | Computer Name = 11-PC | Source = WinMgmt | ID = 10
Description =

Error - 3.2.2015 11:10:34 | Computer Name = 11-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 15.1.2015 3:59:42 | Computer Name = 11-PC | Source = Service Control Manager | ID = 7000
Description = Služba Klient zásad skupiny neuspěla při spuštění v důsledku následující
chyby: %%1053

Error - 15.1.2015 3:59:44 | Computer Name = 11-PC | Source = Service Control Manager | ID = 7000
Description = Služba MBAMScheduler neuspěla při spuštění v důsledku následující
chyby: %%2

Error - 15.1.2015 3:59:44 | Computer Name = 11-PC | Source = Service Control Manager | ID = 7001
Description = Služba MBAMService závisí na službě MBAMProtector, která neuspěla
při spuštění v důsledku následující chyby: %%2

Error - 15.1.2015 3:59:50 | Computer Name = 11-PC | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: HWiNFO32

Error - 15.1.2015 11:29:19 | Computer Name = 11-PC | Source = Service Control Manager | ID = 7000
Description = Služba MBAMProtector neuspěla při spuštění v důsledku následující
chyby: %%2

Error - 15.1.2015 11:29:20 | Computer Name = 11-PC | Source = Service Control Manager | ID = 7009
Description = Při čekání na připojení služby Klient zásad skupiny bylo dosaženo
časového limitu (30000 ms).

Error - 15.1.2015 11:29:20 | Computer Name = 11-PC | Source = Service Control Manager | ID = 7000
Description = Služba Klient zásad skupiny neuspěla při spuštění v důsledku následující
chyby: %%1053

Error - 15.1.2015 11:29:23 | Computer Name = 11-PC | Source = Service Control Manager | ID = 7000
Description = Služba MBAMScheduler neuspěla při spuštění v důsledku následující
chyby: %%2

Error - 15.1.2015 11:29:23 | Computer Name = 11-PC | Source = Service Control Manager | ID = 7001
Description = Služba MBAMService závisí na službě MBAMProtector, která neuspěla
při spuštění v důsledku následující chyby: %%2

Error - 15.1.2015 11:29:29 | Computer Name = 11-PC | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: HWiNFO32

< End of report >

#7 Příspěvek od **Rudy** » 03 úno 2015 22:16

Znovu spustte OTL jako spravce
Do spodniho okna vlozte nasledujici text:

:OTL
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2625917205-3976902407-1191094420-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-2625917205-3976902407-1191094420-1000\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}: "URL" = http://go.mail.ru/search?q={SearchTerms ... blackbear6
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[Purity]
[CreateRestorePoint]

Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

cros · #8 Příspěvek od **cros** » 04 úno 2015 18:29

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2625917205-3976902407-1191094420-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2625917205-3976902407-1191094420-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
C:\Windows\LastGood.Tmp\SysWow64 folder moved successfully.
C:\Windows\LastGood.Tmp\system32\DRIVERS folder moved successfully.
C:\Windows\LastGood.Tmp\system32 folder moved successfully.
C:\Windows\LastGood.Tmp folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: 11
->Temp folder emptied: 44690653 bytes
->Temporary Internet Files folder emptied: 3805476 bytes
->Java cache emptied: 316122 bytes
->FireFox cache emptied: 26607403 bytes
->Flash cache emptied: 1482 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15652576 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes
RecycleBin emptied: 20437919716 bytes

Total Files Cleaned = 19 578,00 mb

[EMPTYFLASH]

User: 11
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 02042015_182152

Files\Folders moved on Reboot...
File move failed. C:\Users\11\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\440ec2b251141faab5a5e914d6bdbb9e_fce8395c8fd8a861_6229ccd76215aea1_0_0.bin scheduled to be moved on reboot.
File move failed. C:\Users\11\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\440ec2b251141faab5a5e914d6bdbb9e_fce8395c8fd8a861_6229ccd76215aea1_0_0.toc scheduled to be moved on reboot.
C:\Users\11\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#9 Příspěvek od **Rudy** » 04 úno 2015 18:40

Smazáno. Nastala nějaká změna?

cros · #10 Příspěvek od **cros** » 04 úno 2015 19:40

stále vyskakuje stranka

Kód: Vybrat vše

http://goinf.ru/index3

2 v prohližeči mozila.
Díky

#11 Příspěvek od **Rudy** » 04 úno 2015 20:00

Zkuste ještě tento sken:

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
• Ulozte nejlepe na plochu
• Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
• Probehne vytvoreni zalohy a nasledne prohledavani
• Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

cros · #12 Příspěvek od **cros** » 04 úno 2015 20:51

Po tomto scanu stále nabíhá nechtěná stránka

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Ultimate x64
Ran by 11 on st 04.02.2015 at 20:45:19,67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\drivergenius"

~~~ FireFox

Successfully deleted: [File] C:\Users\11\AppData\Roaming\mozilla\firefox\profiles\rf2mz14n.default-1422213530672\invalidprefs.js
Emptied folder: C:\Users\11\AppData\Roaming\mozilla\firefox\profiles\rf2mz14n.default-1422213530672\minidumps [3 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on st 04.02.2015 at 20:48:48,22
End of JRT log

#13 Příspěvek od **Rudy** » 04 úno 2015 21:05

OK. FF zazálohujte pomocí MozBackup: http://www.stahuj.centrum.cz/utility_a_ ... mozbackup/ . Pak FF odinstalujte vč. jeho profilu. Znovu nainstalujte a zpět ze zálohy nakopírujte pouze záložky, příp. hesla.

cros · #14 Příspěvek od **cros** » 08 úno 2015 12:41

Zaloha a pořeinstalace hotova ale stale stranka vyskakuje momentalne

Kód: Vybrat vše

http://reg1vulkan.com/vulcanno/

#15 Příspěvek od **Rudy** » 08 úno 2015 13:01

Odinstaloval jste profil FF?

VIRY.CZ

Zpomalené PC

Zpomalené PC

Re: Zpomalené PC

Re: Zpomalené PC

Re: Zpomalené PC

Re: Zpomalené PC

Re: Zpomalené PC

Re: Zpomalené PC

Re: Zpomalené PC

Re: Zpomalené PC

Re: Zpomalené PC

Re: Zpomalené PC

Re: Zpomalené PC

Re: Zpomalené PC

Re: Zpomalené PC

Re: Zpomalené PC