Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o Kontrolu logu - preventívka

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
Slovak
Návštěvník
Návštěvník
Příspěvky: 78
Registrován: 20 pro 2014 18:42

Prosím o Kontrolu logu - preventívka

#1 Příspěvek od Slovak »

Logfile of random's system information tool 1.10 (written by random/random)
Run by Trifon at 2015-12-10 14:36:31
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 170 GB (74%) free of 229 GB
Total RAM: 8131 MB (80% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:36:37, on 10. 12. 2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Trifon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Volanie kliknutím - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Volanie kliknutím - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11310 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files\AVAST Software\Avast\afwServ.exe"
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe"
"C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\wbem\wmiprvse.exe
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-da5ab442-29fe-4a43-8380-c7f093384a7d -SystemEventPortName:HostProcess-c131948b-fd98-41ab-9856-81f847daaea7 -IoCancelEventPortName:HostProcess-2c93c780-af33-41d3-b28d-d44c2fb26478 -NonStateChangingEventPortName:HostProcess-a3b76dd7-6fd7-4d5c-a3e4-98693b1d20fd -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:15f1ef77-41e3-4fc6-98b8-10bec663d6c0 -DeviceGroupId:
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" nss 584ea06d-fb53-4877-879b-0f014fa526c2 1
\??\C:\Windows\system32\conhost.exe "-5236695031274831246-689352265646720192037394613538897939-229724745-2091021000
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "-6447300079963053181129619779760285245765882061720785957-4166227551650304195
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Windows\system32\GWX\GWX.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
taskhost.exe C:\Windows\system32\defrag.exe -c

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="4584.0.1146795120\1733313842" --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,12,23,51,61 --gpu-vendor-id=0x10de --gpu-device-id=0x05e6 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.4181 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/14DaySingleProfile/*DomRel-Enable/enable/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/StableHQPFrequencyBugFix_PrePeriod_1/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Disabled/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Enabled/SafeBrowsingSocialEngineeringStrings/Enabled/SessionRestoreBackgroundLoading/Restore/SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/WebRTC-PeerConnectionDTLS1.2/Control/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="4584.2.631757946\470395302" --font-cache-shared-handle=2360 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/14DaySingleProfile/*DomRel-Enable/enable/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/StableHQPFrequencyBugFix_PrePeriod_1/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Disabled/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Enabled/SafeBrowsingSocialEngineeringStrings/Enabled/SessionRestoreBackgroundLoading/Restore/SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/WebRTC-PeerConnectionDTLS1.2/Control/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="4584.3.1445517710\362544371" --font-cache-shared-handle=2808 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/14DaySingleProfile/*DomRel-Enable/enable/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/StableHQPFrequencyBugFix_PrePeriod_1/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Disabled/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Enabled/SafeBrowsingSocialEngineeringStrings/Enabled/SessionRestoreBackgroundLoading/Restore/SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/WebRTC-PeerConnectionDTLS1.2/Control/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="4584.4.1724481711\1358801986" --font-cache-shared-handle=2912 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/14DaySingleProfile/*DomRel-Enable/enable/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/StableHQPFrequencyBugFix_PrePeriod_1/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Disabled/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Enabled/SafeBrowsingSocialEngineeringStrings/Enabled/SessionRestoreBackgroundLoading/Restore/SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/WebRTC-PeerConnectionDTLS1.2/Control/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="4584.5.899625478\1388656123" --font-cache-shared-handle=2924 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=*AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/14DaySingleProfile/*DomRel-Enable/enable/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/StableHQPFrequencyBugFix_PrePeriod_1/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Disabled/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Enabled/SafeBrowsingSocialEngineeringStrings/Enabled/SessionRestoreBackgroundLoading/Restore/SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/WebRTC-PeerConnectionDTLS1.2/Control/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="4584.8.1418132624\1831414990" --font-cache-shared-handle=4960 /prefetch:673131151
"D:\Downloads\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\Trifon\AppData\Roaming\Mozilla\Firefox\Profiles\rk8vrt1e.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll


C:\Program Files (x86)\Mozilla Firefox\plugins\
npMeetingJoinPluginOC.dll
npwachk.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-11-18 219304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-10 885152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-10-14 256456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL [2014-01-23 881880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL [2015-11-10 2339032]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18 153768]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-10 664184]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-10-14 194504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL [2014-01-22 707800]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [2015-11-10 1731800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-10-14 256456]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-10-14 194504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2013-10-22 7203032]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2015-08-18 2585744]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2015-08-18 1514528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [2009-11-19 75048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]
C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [2009-04-27 50472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [2009-07-06 87336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files (x86)\Steam\steam.exe [2015-11-10 3011152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files (x86)\Winamp\winampa.exe [2010-07-12 74752]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2014-08-25 293872]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-11-10 7004376]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-12-10 14:36:31 ----D---- C:\rsit
2015-12-10 14:36:31 ----D---- C:\Program Files\trend micro
2015-12-09 20:51:56 ----SHD---- C:\Config.Msi
2015-12-09 11:44:26 ----A---- C:\Windows\SYSWOW64\usp10.dll
2015-12-09 11:44:26 ----A---- C:\Windows\SYSWOW64\tzres.dll
2015-12-09 11:44:26 ----A---- C:\Windows\system32\usp10.dll
2015-12-09 11:44:26 ----A---- C:\Windows\system32\tzres.dll
2015-12-09 11:44:25 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-12-09 11:44:25 ----A---- C:\Windows\SYSWOW64\wups.dll
2015-12-09 11:44:25 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-12-09 11:44:25 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-12-09 11:44:25 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-12-09 11:44:25 ----A---- C:\Windows\system32\wuwebv.dll
2015-12-09 11:44:25 ----A---- C:\Windows\system32\wups2.dll
2015-12-09 11:44:25 ----A---- C:\Windows\system32\wups.dll
2015-12-09 11:44:25 ----A---- C:\Windows\system32\wudriver.dll
2015-12-09 11:44:25 ----A---- C:\Windows\system32\wucltux.dll
2015-12-09 11:44:25 ----A---- C:\Windows\system32\wuaueng.dll
2015-12-09 11:44:25 ----A---- C:\Windows\system32\wuauclt.exe
2015-12-09 11:44:25 ----A---- C:\Windows\system32\wuapp.exe
2015-12-09 11:44:25 ----A---- C:\Windows\system32\wuapi.dll
2015-12-09 11:44:25 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-12-09 11:44:25 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-12-09 11:44:23 ----A---- C:\Windows\SYSWOW64\nlsbres.dll
2015-12-09 11:44:23 ----A---- C:\Windows\SYSWOW64\kbdgeoqw.dll
2015-12-09 11:44:23 ----A---- C:\Windows\SYSWOW64\KBDAZEL.DLL
2015-12-09 11:44:23 ----A---- C:\Windows\SYSWOW64\KBDAZE.DLL
2015-12-09 11:44:23 ----A---- C:\Windows\system32\nlsbres.dll
2015-12-09 11:44:23 ----A---- C:\Windows\system32\kbdgeoqw.dll
2015-12-09 11:44:23 ----A---- C:\Windows\system32\KBDAZEL.DLL
2015-12-09 11:44:23 ----A---- C:\Windows\system32\KBDAZE.DLL
2015-12-09 11:44:22 ----A---- C:\Windows\SYSWOW64\user32.dll
2015-12-09 11:44:22 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2015-12-09 11:44:22 ----A---- C:\Windows\system32\win32k.sys
2015-12-09 11:44:22 ----A---- C:\Windows\system32\user32.dll
2015-12-09 11:44:22 ----A---- C:\Windows\system32\FntCache.dll
2015-12-09 11:44:22 ----A---- C:\Windows\system32\DWrite.dll
2015-12-09 11:44:21 ----A---- C:\Windows\SYSWOW64\wshrm.dll
2015-12-09 11:44:21 ----A---- C:\Windows\SYSWOW64\comsvcs.dll
2015-12-09 11:44:21 ----A---- C:\Windows\SYSWOW64\catsrvut.dll
2015-12-09 11:44:21 ----A---- C:\Windows\system32\wshrm.dll
2015-12-09 11:44:21 ----A---- C:\Windows\system32\drivers\rmcast.sys
2015-12-09 11:44:21 ----A---- C:\Windows\system32\comsvcs.dll
2015-12-09 11:44:21 ----A---- C:\Windows\system32\catsrvut.dll
2015-12-09 11:44:20 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-12-09 11:44:20 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-12-09 11:44:20 ----A---- C:\Windows\SYSWOW64\occache.dll
2015-12-09 11:44:20 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-12-09 11:44:20 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-12-09 11:44:20 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-12-09 11:44:20 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-12-09 11:44:20 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-12-09 11:44:20 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-12-09 11:44:20 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-12-09 11:44:20 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-12-09 11:44:20 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-12-09 11:44:20 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-09 11:44:20 ----A---- C:\Windows\system32\iertutil.dll
2015-12-09 11:44:20 ----A---- C:\Windows\system32\iernonce.dll
2015-12-09 11:44:20 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-12-09 11:44:20 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-12-09 11:44:20 ----A---- C:\Windows\system32\ie4uinit.exe
2015-12-09 11:44:19 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-12-09 11:44:19 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-12-09 11:44:19 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-12-09 11:44:19 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-12-09 11:44:19 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-12-09 11:44:19 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-12-09 11:44:19 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-12-09 11:44:19 ----A---- C:\Windows\system32\urlmon.dll
2015-12-09 11:44:19 ----A---- C:\Windows\system32\occache.dll
2015-12-09 11:44:19 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-09 11:44:19 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-12-09 11:44:19 ----A---- C:\Windows\system32\iedkcs32.dll
2015-12-09 11:44:19 ----A---- C:\Windows\system32\dxtrans.dll
2015-12-09 11:44:18 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-12-09 11:44:18 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-12-09 11:44:18 ----A---- C:\Windows\system32\msfeeds.dll
2015-12-09 11:44:18 ----A---- C:\Windows\system32\iesetup.dll
2015-12-09 11:44:18 ----A---- C:\Windows\system32\ieapfltr.dll
2015-12-09 11:44:17 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-12-09 11:44:17 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2015-12-09 11:44:17 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-12-09 11:44:17 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-12-09 11:44:17 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-12-09 11:44:17 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-12-09 11:44:17 ----A---- C:\Windows\system32\vbscript.dll
2015-12-09 11:44:17 ----A---- C:\Windows\system32\jsproxy.dll
2015-12-09 11:44:17 ----A---- C:\Windows\system32\ieui.dll
2015-12-09 11:44:17 ----A---- C:\Windows\system32\ieframe.dll
2015-12-09 11:44:17 ----A---- C:\Windows\system32\dxtmsft.dll
2015-12-09 11:44:16 ----A---- C:\Windows\system32\wininet.dll
2015-12-09 11:44:16 ----A---- C:\Windows\system32\webcheck.dll
2015-12-09 11:44:16 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-12-09 11:44:16 ----A---- C:\Windows\system32\mshtmled.dll
2015-12-09 11:44:16 ----A---- C:\Windows\system32\jscript9diag.dll
2015-12-09 11:44:16 ----A---- C:\Windows\system32\jscript9.dll
2015-12-09 11:44:16 ----A---- C:\Windows\system32\jscript.dll
2015-12-09 11:44:16 ----A---- C:\Windows\system32\ieUnatt.exe
2015-12-09 11:44:15 ----A---- C:\Windows\system32\msrating.dll
2015-12-09 11:44:15 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-12-09 11:44:15 ----A---- C:\Windows\system32\mshtml.dll
2015-12-09 11:43:58 ----A---- C:\Windows\SYSWOW64\els.dll
2015-12-09 11:43:58 ----A---- C:\Windows\system32\els.dll
2015-12-04 19:27:56 ----D---- C:\Users\Trifon\AppData\Roaming\.mono
2015-12-04 19:27:56 ----D---- C:\ProgramData\.mono
2015-12-03 18:47:23 ----D---- C:\Program Files\Common Files\AV
2015-12-02 14:29:05 ----D---- C:\Users\Trifon\AppData\Roaming\AC3Filter
2015-11-23 21:26:26 ----D---- C:\Users\Trifon\AppData\Roaming\NVIDIA
2015-11-18 20:45:48 ----A---- C:\Windows\SYSWOW64\xinput1_3.dll
2015-11-18 20:45:48 ----A---- C:\Windows\SYSWOW64\XAudio2_4.dll
2015-11-18 20:45:48 ----A---- C:\Windows\SYSWOW64\X3DAudio1_6.dll
2015-11-18 20:45:48 ----A---- C:\Windows\SYSWOW64\D3DX9_41.dll
2015-11-18 20:45:47 ----A---- C:\Windows\SYSWOW64\xinput1_2.dll
2015-11-18 20:45:47 ----A---- C:\Windows\SYSWOW64\xinput1_1.dll
2015-11-18 20:45:47 ----A---- C:\Windows\SYSWOW64\d3dx9_27.dll
2015-11-11 11:45:32 ----D---- C:\Program Files (x86)\Microsoft ASP.NET
2015-11-11 11:35:41 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-11-11 11:35:41 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-11-11 11:35:41 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-11-11 11:35:41 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-11-11 11:35:41 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-11-11 11:35:41 ----A---- C:\Windows\SYSWOW64\bcryptprimitives.dll
2015-11-11 11:35:41 ----A---- C:\Windows\system32\schannel.dll
2015-11-11 11:35:41 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-11-11 11:35:41 ----A---- C:\Windows\system32\ncrypt.dll
2015-11-11 11:35:41 ----A---- C:\Windows\system32\kerberos.dll
2015-11-11 11:35:41 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-11-11 11:35:41 ----A---- C:\Windows\system32\drivers\cng.sys
2015-11-11 11:35:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 11:35:40 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-11 11:35:40 ----A---- C:\Windows\SYSWOW64\wow32.dll
2015-11-11 11:35:40 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-11-11 11:35:40 ----A---- C:\Windows\SYSWOW64\user.exe
2015-11-11 11:35:40 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-11-11 11:35:40 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-11-11 11:35:40 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-11-11 11:35:40 ----A---- C:\Windows\SYSWOW64\setup16.exe
2015-11-11 11:35:40 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-11-11 11:35:40 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2015-11-11 11:35:40 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2015-11-11 11:35:40 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2015-11-11 11:35:40 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-11-11 11:35:40 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2015-11-11 11:35:40 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2015-11-11 11:35:40 ----A---- C:\Windows\SYSWOW64\instnm.exe
2015-11-11 11:35:40 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2015-11-11 11:35:40 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-11-11 11:35:40 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-11-11 11:35:40 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2015-11-11 11:35:40 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-11-11 11:35:40 ----A---- C:\Windows\system32\wow64win.dll
2015-11-11 11:35:40 ----A---- C:\Windows\system32\wow64cpu.dll
2015-11-11 11:35:40 ----A---- C:\Windows\system32\wow64.dll
2015-11-11 11:35:40 ----A---- C:\Windows\system32\winsrv.dll
2015-11-11 11:35:40 ----A---- C:\Windows\system32\wdigest.dll
2015-11-11 11:35:40 ----A---- C:\Windows\system32\TSpkg.dll
2015-11-11 11:35:40 ----A---- C:\Windows\system32\sspisrv.dll
2015-11-11 11:35:40 ----A---- C:\Windows\system32\sspicli.dll
2015-11-11 11:35:40 ----A---- C:\Windows\system32\srcore.dll
2015-11-11 11:35:40 ----A---- C:\Windows\system32\srclient.dll
2015-11-11 11:35:40 ----A---- C:\Windows\system32\smss.exe
2015-11-11 11:35:40 ----A---- C:\Windows\system32\secur32.dll
2015-11-11 11:35:40 ----A---- C:\Windows\system32\rstrui.exe
2015-11-11 11:35:40 ----A---- C:\Windows\system32\rpcrt4.dll
2015-11-11 11:35:40 ----A---- C:\Windows\system32\ntvdm64.dll
2015-11-11 11:35:40 ----A---- C:\Windows\system32\ntdll.dll
2015-11-11 11:35:40 ----A---- C:\Windows\system32\msv1_0.dll
2015-11-11 11:35:40 ----A---- C:\Windows\system32\lsass.exe
2015-11-11 11:35:40 ----A---- C:\Windows\system32\lsasrv.dll
2015-11-11 11:35:40 ----A---- C:\Windows\system32\KernelBase.dll
2015-11-11 11:35:40 ----A---- C:\Windows\system32\kernel32.dll
2015-11-11 11:35:40 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2015-11-11 11:35:40 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2015-11-11 11:35:40 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2015-11-11 11:35:40 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-11-11 11:35:40 ----A---- C:\Windows\system32\csrsrv.dll
2015-11-11 11:35:40 ----A---- C:\Windows\system32\cryptbase.dll
2015-11-11 11:35:40 ----A---- C:\Windows\system32\credssp.dll
2015-11-11 11:35:40 ----A---- C:\Windows\system32\conhost.exe
2015-11-11 11:35:40 ----A---- C:\Windows\system32\bcryptprimitives.dll
2015-11-11 11:35:40 ----A---- C:\Windows\system32\auditpol.exe
2015-11-11 11:35:40 ----A---- C:\Windows\system32\apisetschema.dll
2015-11-11 11:35:40 ----A---- C:\Windows\system32\adtschema.dll
2015-11-11 11:35:39 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-11-11 11:35:39 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-11-11 11:35:39 ----A---- C:\Windows\system32\msobjs.dll
2015-11-11 11:35:39 ----A---- C:\Windows\system32\msaudite.dll
2015-11-11 11:35:37 ----A---- C:\Windows\SYSWOW64\shimeng.dll
2015-11-11 11:35:37 ----A---- C:\Windows\SYSWOW64\sdbinst.exe
2015-11-11 11:35:37 ----A---- C:\Windows\SYSWOW64\apphelp.dll
2015-11-11 11:35:37 ----A---- C:\Windows\system32\shimeng.dll
2015-11-11 11:35:37 ----A---- C:\Windows\system32\sdbinst.exe
2015-11-11 11:35:37 ----A---- C:\Windows\system32\drivers\tdx.sys
2015-11-11 11:35:37 ----A---- C:\Windows\system32\drivers\afd.sys
2015-11-11 11:35:37 ----A---- C:\Windows\system32\apphelp.dll
2015-11-11 11:35:37 ----A---- C:\Windows\system32\aelupsvc.dll
2015-11-11 11:35:36 ----A---- C:\Windows\system32\drivers\ndis.sys
2015-11-11 11:35:35 ----A---- C:\Windows\SYSWOW64\InkEd.dll
2015-11-11 11:35:35 ----A---- C:\Windows\system32\jnwmon.dll
2015-11-11 11:35:35 ----A---- C:\Windows\system32\InkEd.dll

======List of files/folders modified in the last 1 month======

2015-12-10 14:36:31 ----RD---- C:\Program Files
2015-12-10 13:26:33 ----D---- C:\Windows\Microsoft.NET
2015-12-10 13:26:31 ----D---- C:\Windows\System32
2015-12-10 13:26:31 ----D---- C:\Windows\inf
2015-12-10 13:26:31 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-12-10 13:26:17 ----RSD---- C:\Windows\assembly
2015-12-10 13:20:19 ----D---- C:\Windows\Temp
2015-12-10 13:19:50 ----D---- C:\Windows\system32\Tasks
2015-12-10 13:19:35 ----D---- C:\ProgramData\NVIDIA
2015-12-10 11:23:33 ----D---- C:\Users\Trifon\AppData\Roaming\uTorrent
2015-12-10 11:14:51 ----D---- C:\Windows\winsxs
2015-12-10 11:14:51 ----D---- C:\Windows\system32\config
2015-12-10 11:14:05 ----RSD---- C:\Windows\Fonts
2015-12-10 11:14:05 ----D---- C:\Windows\SYSWOW64\sk-SK
2015-12-10 11:14:05 ----D---- C:\Windows\SYSWOW64\en-US
2015-12-10 11:14:05 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-12-10 11:14:05 ----D---- C:\Windows\SysWOW64
2015-12-10 11:14:05 ----D---- C:\Windows\system32\sk-SK
2015-12-10 11:14:05 ----D---- C:\Windows\system32\en-US
2015-12-10 11:14:05 ----D---- C:\Windows\system32\cs-CZ
2015-12-10 11:14:04 ----D---- C:\Windows\system32\drivers
2015-12-10 11:14:04 ----D---- C:\Windows\ehome
2015-12-10 11:14:04 ----D---- C:\Program Files\Internet Explorer
2015-12-10 11:14:04 ----D---- C:\Program Files (x86)\Internet Explorer
2015-12-09 20:52:25 ----SHD---- C:\Windows\Installer
2015-12-09 20:52:14 ----D---- C:\ProgramData\Microsoft Help
2015-12-09 20:51:50 ----A---- C:\Windows\win.ini
2015-12-09 20:49:09 ----D---- C:\Windows\system32\MRT
2015-12-09 20:46:49 ----A---- C:\Windows\system32\MRT.exe
2015-12-09 20:45:46 ----SHD---- C:\System Volume Information
2015-12-09 20:06:04 ----D---- C:\Users\Trifon\AppData\Roaming\vlc
2015-12-09 12:18:18 ----D---- C:\Windows\system32\drivers\UMDF
2015-12-09 11:42:08 ----D---- C:\Windows\system32\catroot2
2015-12-09 11:14:20 ----D---- C:\Users\Trifon\AppData\Roaming\CDisplayEx
2015-12-08 20:51:45 ----D---- C:\Program Files (x86)\Steam
2015-12-04 19:27:56 ----HD---- C:\ProgramData
2015-12-04 07:48:11 ----RD---- C:\Program Files (x86)
2015-12-04 07:48:10 ----D---- C:\Windows\Tasks
2015-12-03 18:47:23 ----D---- C:\Program Files\Common Files
2015-12-03 18:47:23 ----D---- C:\Program Files (x86)\Common Files
2015-11-12 12:24:04 ----D---- C:\Windows\rescache
2015-11-11 13:14:43 ----D---- C:\Windows\system32\migration
2015-11-11 13:14:43 ----D---- C:\Windows\AppPatch
2015-11-11 11:51:18 ----D---- C:\Windows\debug
2015-11-11 11:46:53 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2015-11-11 11:45:31 ----D---- C:\Program Files\Windows Journal

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswNdisFlt;Avast! Firewall Driver; C:\Windows\system32\DRIVERS\aswNdisFlt.sys [2015-11-10 466400]
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2015-11-10 65224]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2015-11-10 273784]
R0 iaStorA;iaStorA; C:\Windows\system32\DRIVERS\iaStorA.sys [2013-08-07 644968]
R0 iaStorF;iaStorF; C:\Windows\system32\DRIVERS\iaStorF.sys [2013-08-07 28008]
R0 iusb3hcs;Ovládač prepínača hostiteľského radiča Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2014-08-25 20464]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2015-10-10 381440]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2012-08-22 15232]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2015-11-10 28144]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2015-11-10 93528]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2015-11-10 1059656]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2015-11-10 449992]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2015/10/10 21:44:31]; \??\C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [2009-02-28 146928]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2015-11-10 28656]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2015-11-10 97648]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2015-11-10 154256]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2013-10-22 3692632]
R3 ISCT;Intel(R) Smart Connect Technology Device Driver; C:\Windows\system32\DRIVERS\ISCTD.sys [2014-04-29 44744]
R3 iusb3hub;Ovládač rozbočovača Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2014-08-25 383984]
R3 iusb3xhc;Ovládač hostiteľského radiča Intel(R) USB 3.0 eXtensible; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2014-08-25 795120]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2013-09-16 99288]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-08-18 19600]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2015-08-18 38032]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2012-12-28 805088]
S3 a66apts5;a66apts5; C:\Windows\system32\drivers\a66apts5.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2015-06-11 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 asComSvc;ASUS Com Service; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [2014-06-18 936728]
R2 AsSysCtrlService;ASUS System Control Service; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [2014-06-18 1360016]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-11-10 174416]
R2 avast! Firewall;Avast Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [2015-11-10 109520]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-08-18 1148560]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-08-27 747520]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-09-16 169432]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-09-16 390616]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-08-18 1706128]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2015-08-18 21833360]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-08-18 933168]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2015-10-14 76888]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-08-17 409776]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-10 144200]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-10 144200]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2015-10-14 194032]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-11-08 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-08-27 828376]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-10-16 147624]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2013-01-25 178760]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-01 5132888]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2015-10-14 838224]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2015-10-16 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]

-----------------EOF-----------------
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Prosím o Kontrolu logu - preventívka

#2 Příspěvek od Márty84 »

Zdravim :)

:arrow: Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s
Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
Slovak
Návštěvník
Návštěvník
Příspěvky: 78
Registrován: 20 pro 2014 18:42

Re: Prosím o Kontrolu logu - preventívka

#3 Příspěvek od Slovak »

OTL logfile created on: 11. 12. 2015 14:50:38 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Trifon\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18124)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

7,94 Gb Total Physical Memory | 5,23 Gb Available Physical Memory | 65,85% Memory free
7,94 Gb Paging File | 5,21 Gb Available in Paging File | 65,65% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223,47 Gb Total Space | 165,46 Gb Free Space | 74,04% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 538,62 Gb Free Space | 57,82% Space Free | Partition Type: NTFS
Drive G: | 149,05 Gb Total Space | 148,77 Gb Free Space | 99,81% Space Free | Partition Type: NTFS
Drive H: | 931,28 Gb Total Space | 279,74 Gb Free Space | 30,04% Space Free | Partition Type: FAT32

Computer Name: TRIFON-PC | User Name: Trifon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015/12/11 14:32:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Trifon\Desktop\OTL.exe
PRC - [2015/12/04 22:32:56 | 000,741,704 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2015/11/10 18:47:18 | 007,004,376 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2015/11/10 18:47:17 | 000,174,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2015/11/10 18:47:15 | 000,109,520 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2015/10/14 13:15:23 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2015/08/18 09:48:55 | 002,585,744 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2015/08/18 09:48:55 | 001,706,128 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2015/08/17 22:43:04 | 000,409,776 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2014/08/25 04:50:12 | 000,293,872 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2014/06/18 06:54:04 | 001,360,016 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
PRC - [2014/06/18 06:54:00 | 000,936,728 | R--- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
PRC - [2013/09/16 11:18:28 | 000,390,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2013/09/16 11:17:42 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2009/12/23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


========== Modules (No Company Name) ==========

MOD - [2015/12/04 22:32:53 | 001,583,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libglesv2.dll
MOD - [2015/12/04 22:32:52 | 000,081,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libegl.dll
MOD - [2015/11/10 18:47:18 | 040,540,672 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2015/11/10 18:47:18 | 000,466,448 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\ffl2.dll
MOD - [2015/11/10 18:47:18 | 000,103,888 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\log.dll
MOD - [2015/11/10 18:47:17 | 000,125,512 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll


========== Services (SafeList) ==========

SRV:64bit: - [2015/11/10 18:47:17 | 000,174,416 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2015/11/10 18:47:15 | 000,109,520 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2015/11/08 23:01:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2015/08/18 09:48:55 | 021,833,360 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2015/08/18 09:48:55 | 001,148,560 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV:64bit: - [2015/07/23 01:02:54 | 001,390,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2013/08/27 13:32:30 | 000,828,376 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R)
SRV:64bit: - [2013/08/27 13:32:14 | 000,747,520 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2015/10/16 07:52:00 | 000,147,624 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/10/14 21:56:14 | 000,838,224 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2015/10/14 13:15:23 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2015/08/18 09:48:55 | 001,706,128 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2015/08/17 22:43:04 | 000,409,776 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014/06/18 06:54:04 | 001,360,016 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2014/06/18 06:54:00 | 000,936,728 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe -- (asComSvc)
SRV - [2014/04/11 22:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014/03/20 23:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/16 11:18:28 | 000,390,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/09/16 11:17:42 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012/01/05 16:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv)
SRV - [2009/12/23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2015/11/10 18:47:18 | 000,449,992 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2015/11/10 18:47:18 | 000,273,784 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2015/11/10 18:47:18 | 000,154,256 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2015/11/10 18:47:18 | 000,097,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2015/11/10 18:47:18 | 000,093,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2015/11/10 18:47:18 | 000,065,224 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2015/11/10 18:47:18 | 000,028,656 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2015/11/10 18:47:16 | 001,059,656 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2015/11/10 18:47:16 | 000,028,144 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2015/11/10 18:47:15 | 000,466,400 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdisFlt.sys -- (aswNdisFlt)
DRV:64bit: - [2015/10/10 20:46:43 | 000,381,440 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2015/08/18 09:48:55 | 000,038,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2015/08/18 09:48:55 | 000,019,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2015/06/11 18:15:53 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014/08/25 04:49:22 | 000,020,464 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2014/08/25 04:49:14 | 000,795,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2014/08/25 04:49:14 | 000,383,984 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2014/04/29 09:51:00 | 000,044,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD.sys -- (ISCT)
DRV:64bit: - [2013/09/16 11:17:42 | 000,099,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:64bit: - [2013/08/07 13:23:46 | 000,644,968 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/08/07 13:23:46 | 000,028,008 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2012/12/28 02:26:12 | 000,805,088 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/28 18:40:18 | 000,146,928 | ---- | M] (CyberLink Corp.) [2015/10/10 21:44:31] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1601266965-4254244799-107981220-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1601266965-4254244799-107981220-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IESR02
IE - HKU\S-1-5-21-1601266965-4254244799-107981220-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "SK"
FF - prefs.js..browser.search.region: "SK"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:41.0.2
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/11/10 18:48:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\sp@avast.com: C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015/11/10 18:47:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 41.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 41.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015/12/09 20:46:43 | 000,000,000 | ---D | M]

[2015/10/10 20:41:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Trifon\AppData\Roaming\mozilla\Extensions
[2015/10/14 08:19:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Trifon\AppData\Roaming\mozilla\Firefox\Profiles\rk8vrt1e.default\extensions
[2015/10/16 07:51:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/10/16 07:52:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2015/11/18 15:57:24 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[2010/07/12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.9.4_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck\11.1.0.210_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.45_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\11.1.0.210_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpcdepnceibhgcfmkehlleemiejahmbp\1.2_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdeoflfbkpmebldjfkemfhjomgjipgn\0.1_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmlmehpiikmcdamekkndkbkcefnfefai\1.1.0.0_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\S-1-5-21-1601266965-4254244799-107981220-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.23.254.124 217.23.254.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F4109E8-C368-4BBD-B627-550F3133A50A}: DhcpNameServer = 217.23.254.124 217.23.254.125
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6ba8e36e-6f74-11e5-9acc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6ba8e36e-6f74-11e5-9acc-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Bin\ASSETUP.exe
O33 - MountPoints2\{f01fa5cc-6f79-11e5-bb95-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f01fa5cc-6f79-11e5-bb95-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Bin\ASSETUP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2015/12/11 14:32:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Trifon\Desktop\OTL.exe
[2015/12/10 14:36:31 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2015/12/10 14:36:31 | 000,000,000 | ---D | C] -- C:\rsit
[2015/12/09 20:51:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2015/12/09 11:44:26 | 000,802,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2015/12/09 11:44:25 | 003,170,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2015/12/09 11:44:25 | 000,709,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2015/12/09 11:44:25 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2015/12/09 11:44:25 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2015/12/09 11:44:25 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2015/12/09 11:44:25 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2015/12/09 11:44:25 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2015/12/09 11:44:25 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2015/12/09 11:44:25 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSetupUI.dll
[2015/12/09 11:44:25 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2015/12/09 11:44:25 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2015/12/09 11:44:25 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2015/12/09 11:44:25 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2015/12/09 11:44:25 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2015/12/09 11:44:25 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wu.upgrade.ps.dll
[2015/12/09 11:44:23 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlsbres.dll
[2015/12/09 11:44:23 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nlsbres.dll
[2015/12/09 11:44:23 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kbdgeoqw.dll
[2015/12/09 11:44:23 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDAZEL.DLL
[2015/12/09 11:44:23 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDAZE.DLL
[2015/12/09 11:44:23 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDAZE.DLL
[2015/12/09 11:44:23 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\kbdgeoqw.dll
[2015/12/09 11:44:23 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDAZEL.DLL
[2015/12/09 11:44:22 | 001,648,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2015/12/09 11:44:22 | 001,008,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\user32.dll
[2015/12/09 11:44:21 | 001,735,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comsvcs.dll
[2015/12/09 11:44:21 | 001,242,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comsvcs.dll
[2015/12/09 11:44:21 | 000,525,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\catsrvut.dll
[2015/12/09 11:44:21 | 000,487,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\catsrvut.dll
[2015/12/09 11:44:21 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rmcast.sys
[2015/12/09 11:44:21 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshrm.dll
[2015/12/09 11:44:21 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshrm.dll
[2015/12/09 11:44:20 | 000,718,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2015/12/09 11:44:20 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2015/12/09 11:44:20 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2015/12/09 11:44:20 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2015/12/09 11:44:20 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2015/12/09 11:44:20 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2015/12/09 11:44:20 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2015/12/09 11:44:20 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2015/12/09 11:44:20 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2015/12/09 11:44:20 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2015/12/09 11:44:20 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2015/12/09 11:44:19 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2015/12/09 11:44:19 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2015/12/09 11:44:19 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2015/12/09 11:44:19 | 000,663,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2015/12/09 11:44:19 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2015/12/09 11:44:19 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2015/12/09 11:44:19 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2015/12/09 11:44:19 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2015/12/09 11:44:19 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2015/12/09 11:44:18 | 002,123,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2015/12/09 11:44:18 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2015/12/09 11:44:18 | 000,798,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2015/12/09 11:44:18 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2015/12/09 11:44:18 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2015/12/09 11:44:17 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2015/12/09 11:44:17 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2015/12/09 11:44:17 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2015/12/09 11:44:17 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2015/12/09 11:44:17 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2015/12/09 11:44:17 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2015/12/09 11:44:17 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2015/12/09 11:44:16 | 005,923,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2015/12/09 11:44:16 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2015/12/09 11:44:16 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2015/12/09 11:44:16 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2015/12/09 11:44:16 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2015/12/09 11:44:16 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2015/12/09 11:44:15 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2015/12/09 11:44:15 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2015/12/09 11:44:15 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2015/12/09 11:43:58 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\els.dll
[2015/12/09 11:43:58 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\els.dll
[2015/12/04 19:27:56 | 000,000,000 | ---D | C] -- C:\Users\Trifon\AppData\Roaming\.mono
[2015/12/04 19:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\.mono
[2015/12/04 19:27:53 | 000,000,000 | ---D | C] -- C:\Users\Trifon\AppData\Local\Colossal Order
[2015/12/03 18:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AV
[2015/12/03 18:47:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AV
[2015/12/02 14:29:05 | 000,000,000 | ---D | C] -- C:\Users\Trifon\AppData\Roaming\AC3Filter
[2015/11/26 11:29:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
[2015/11/26 11:29:06 | 000,000,000 | ---D | C] -- C:\Users\Trifon\Documents\My ISO Files
[2015/11/26 11:29:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EZB Systems
[2015/11/25 19:55:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Catalyst
[2015/11/24 22:36:34 | 000,000,000 | ---D | C] -- C:\Users\Trifon\AppData\Local\Depression Quest
[2015/11/23 21:26:26 | 000,000,000 | ---D | C] -- C:\Users\Trifon\AppData\Roaming\NVIDIA
[2015/11/18 20:45:48 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2015/11/18 20:45:48 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2015/11/18 20:45:48 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2015/11/18 20:45:48 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2015/11/18 20:45:47 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2015/11/18 20:45:47 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2015/11/18 20:45:47 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2015/12/11 14:51:47 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2015/12/11 14:32:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Trifon\Desktop\OTL.exe
[2015/12/11 13:53:59 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/12/11 13:10:06 | 000,013,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/12/11 13:10:06 | 000,013,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/12/11 13:09:12 | 001,587,976 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/12/11 13:09:12 | 000,661,796 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2015/12/11 13:09:12 | 000,655,292 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/12/11 13:09:12 | 000,141,944 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2015/12/11 13:09:12 | 000,122,662 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/12/11 13:02:21 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/12/11 13:02:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/12/11 13:02:13 | 2099,212,287 | -HS- | M] () -- C:\hiberfil.sys
[2015/12/10 18:54:43 | 000,002,213 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/12/10 14:36:15 | 001,222,144 | ---- | M] () -- C:\Users\Trifon\Desktop\RSITx64.exe
[2015/12/10 11:14:45 | 000,433,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/12/09 12:18:19 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2015/11/26 11:29:06 | 000,000,675 | ---- | M] () -- C:\Users\Public\Desktop\UltraISO.lnk
[2015/11/26 11:27:00 | 000,000,124 | ---- | M] () -- C:\Users\Trifon\Documents\ax_files.xml
[2015/11/25 19:55:51 | 000,001,341 | ---- | M] () -- C:\Users\Trifon\Desktop\Heroes VII.lnk
[2015/11/25 13:41:31 | 000,000,222 | ---- | M] () -- C:\Users\Trifon\Desktop\Everlasting Summer.url
[2015/11/24 18:37:27 | 000,000,222 | ---- | M] () -- C:\Users\Trifon\Desktop\Emily is Away.url
[2015/11/20 19:54:59 | 003,170,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2015/11/20 19:54:59 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2015/11/20 19:54:59 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2015/11/20 19:54:59 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2015/11/20 19:54:59 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2015/11/20 19:54:58 | 000,709,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2015/11/20 19:54:28 | 000,091,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WinSetupUI.dll
[2015/11/20 19:54:18 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wu.upgrade.ps.dll
[2015/11/20 19:54:15 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2015/11/20 19:54:15 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2015/11/20 19:34:36 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2015/11/20 19:34:36 | 000,093,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2015/11/20 19:34:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2015/11/20 19:34:35 | 000,573,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2015/11/20 19:33:56 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2015/11/11 19:53:48 | 001,735,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\comsvcs.dll
[2015/11/11 19:53:47 | 000,525,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\catsrvut.dll
[2015/11/11 19:39:34 | 001,242,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\comsvcs.dll
[2015/11/11 19:39:33 | 000,487,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\catsrvut.dll
[2015/11/11 16:12:51 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2015/11/11 15:57:36 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2015/12/11 14:35:20 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2015/12/11 14:32:43 | 001,222,144 | ---- | C] () -- C:\Users\Trifon\Desktop\RSITx64.exe
[2015/12/09 12:18:19 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2015/11/26 11:29:06 | 000,000,675 | ---- | C] () -- C:\Users\Public\Desktop\UltraISO.lnk
[2015/11/25 19:55:51 | 000,001,341 | ---- | C] () -- C:\Users\Trifon\Desktop\Heroes VII.lnk
[2015/11/25 13:41:31 | 000,000,222 | ---- | C] () -- C:\Users\Trifon\Desktop\Everlasting Summer.url
[2015/11/24 18:37:27 | 000,000,222 | ---- | C] () -- C:\Users\Trifon\Desktop\Emily is Away.url
[2015/10/16 13:12:29 | 000,000,082 | ---- | C] () -- C:\Windows\SysWow64\winsevr.dat
[2015/10/14 13:15:41 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2015/10/14 13:15:23 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2015/10/14 12:29:43 | 000,079,872 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2015/10/10 19:43:24 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2015/10/10 19:42:40 | 001,554,464 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2015/10/10 19:39:05 | 000,015,232 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2015/10/10 19:38:26 | 000,000,138 | ---- | C] () -- C:\Windows\scd.ini
[2015/10/10 19:38:25 | 000,060,220 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2015/10/10 19:38:25 | 000,000,000 | ---- | C] () -- C:\Windows\Ascd_err.ini
[2015/10/10 19:36:17 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2015/10/10 19:36:13 | 000,042,097 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/08/06 19:04:07 | 014,176,768 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/08/06 18:44:51 | 012,875,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2015/12/04 19:27:56 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\.mono
[2015/12/02 14:29:05 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\AC3Filter
[2015/10/10 20:53:29 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\AVAST Software
[2015/10/10 20:50:56 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\AVG
[2015/12/09 11:14:20 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\CDisplayEx
[2015/10/10 20:50:48 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\OpenCandy
[2015/10/16 17:26:58 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\The Creative Assembly
[2015/10/14 17:05:50 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\uplay
[2015/12/10 11:23:33 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\uTorrent
[2015/10/14 11:34:44 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\Wargaming.net

========== Purity Check ==========



========== Custom Scans ==========

< >
[2009/07/14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 06:08:49 | 000,028,366 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2015/10/10 19:37:10 | 000,000,932 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2015/10/10 19:37:10 | 000,000,936 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< >

< MD5 for: AGP440.SYS >
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010/11/20 14:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010/11/20 14:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2009/07/14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009/07/14 02:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
[2010/11/20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010/11/20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2009/07/14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
[2010/11/20 10:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010/11/20 10:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010/11/20 10:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2015/02/03 04:50:56 | 000,190,976 | ---- | M] (Microsoft Corporation) MD5=00D0F7BA3B27126A3E25B540979A9F39 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22948_none_d492bbeccaa14239\cryptsvc.dll
[2015/04/27 20:17:29 | 000,190,976 | ---- | M] (Microsoft Corporation) MD5=0925E2BEAC4493C887099F850D69BA3B -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.23040_none_d48a91becaa8aac3\cryptsvc.dll
[2010/11/20 14:25:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[2015/02/03 04:30:56 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=1CD76A83B9E8E9A5A3519B39E28354D9 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18741_none_d4021b35b189f3e7\cryptsvc.dll
[2013/05/10 05:49:59 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=33ADF6E0853AB39EA1723BE82842C1D3 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_77d7a417f9359661\cryptsvc.dll
[2015/04/27 20:04:37 | 000,143,872 | ---- | M] (Microsoft Corporation) MD5=33F67BBCC3C0499D3F3382473114CFA8 -- C:\Windows\SysWOW64\cryptsvc.dll
[2015/04/27 20:04:37 | 000,143,872 | ---- | M] (Microsoft Corporation) MD5=33F67BBCC3C0499D3F3382473114CFA8 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18839_none_77f653d3f91d2e9f\cryptsvc.dll
[2013/05/13 05:45:55 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=3897DFF247D9ED0006190349DE264E14 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_77d8a461f934afb8\cryptsvc.dll
[2015/02/03 04:12:14 | 000,143,872 | ---- | M] (Microsoft Corporation) MD5=49474B3E37969AF4B5C076F42B623AFF -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18741_none_77e37fb1f92c82b1\cryptsvc.dll
[2013/10/05 03:25:30 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=509D31797A4B8A3D6ED78A330B19A919 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_d46d4138cabe2596\cryptsvc.dll
[2015/04/27 19:55:50 | 000,145,920 | ---- | M] (Microsoft Corporation) MD5=59AF628BEF750EE470FD36751CA52137 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.23040_none_786bf63b124b398d\cryptsvc.dll
[2013/07/09 06:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=6B400F211BEE880A37A1ED0368776BF4 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_d431528fb165f7bc\cryptsvc.dll
[2015/04/27 20:23:13 | 000,188,416 | ---- | M] (Microsoft Corporation) MD5=7BC3E861F7E8EB543A630090FAE779E0 -- C:\Windows\SysNative\cryptsvc.dll
[2015/04/27 20:23:13 | 000,188,416 | ---- | M] (Microsoft Corporation) MD5=7BC3E861F7E8EB543A630090FAE779E0 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18839_none_d414ef57b17a9fd5\cryptsvc.dll
[2013/07/09 05:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=7CA1BECEA5DE2643ADDAD32670E7A4C9 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_7812b70bf9088686\cryptsvc.dll
[2013/05/10 06:49:28 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=7FDC4626B01106A8EF328C88C7C0DEE3 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_d3f63f9bb1930797\cryptsvc.dll
[2013/05/11 06:18:23 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=8122252F0A4ACFA92FA0C1D50D18493B -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_d4a24ea4ca968363\cryptsvc.dll
[2009/07/14 02:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009/07/14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2010/11/20 13:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2013/05/11 05:59:05 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=AC04D05309BB2C418D0D80B9FB014642 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_7883b3211239122d\cryptsvc.dll
[2015/02/03 04:31:49 | 000,145,920 | ---- | M] (Microsoft Corporation) MD5=B97E16D36DB7B7DD22C97857506FA58A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22948_none_787420691243d103\cryptsvc.dll
[2013/05/10 06:18:53 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=CA13C4F92BEE66DB48E58AB3223DDF6E -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_d4a14e5aca976a0c\cryptsvc.dll
[2013/05/13 06:51:01 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=D8129C49798CBBFB2E4351D4B7B8EF9C -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_d3f73fe5b19220ee\cryptsvc.dll
[2013/05/10 06:06:21 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=E122AA1C9A3CC46FF9DDDE46E5EB0C58 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_7882b2d71239f8d6\cryptsvc.dll
[2013/10/05 02:52:03 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=F2D9242C3BBD1C36467FCAE1AE01733F -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_784ea5b51260b460\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/11/20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe

< MD5 for: HAL.DLL >
[2009/07/14 02:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
[2010/11/20 14:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\SysNative\hal.dll
[2010/11/20 14:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll

< MD5 for: IASTORV.SYS >
[2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009/07/14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\drivers\isapnp.sys
[2009/07/14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\isapnp.sys
[2009/07/14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\isapnp.sys
[2009/07/14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\isapnp.sys

< MD5 for: LSASS.EXE >
[2009/07/14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009/07/14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009/07/14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe
[2009/07/14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
[2011/11/17 07:20:34 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0A10B74FBB437FF9A23F1D5DE4446A83 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe
[2015/07/15 19:10:10 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0D48E93C6BE3143C0198CB252B992D16 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18933_none_0459e0df737bef3f\lsass.exe
[2015/10/20 02:10:48 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0F3591FD0F246CD5941B6DC8184E66B7 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23250_none_04cab6fc8cacab4f\lsass.exe
[2011/11/17 08:05:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=156F6159457D0AA7E59B62681B56EB90 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_028b374176436a30\lsass.exe
[2015/05/25 19:18:19 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=17A6A9AAD04CCC6EE53290585BFC43AF -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18869_none_043f70f1738eddf5\lsass.exe
[2015/01/14 07:04:46 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=1E31700D9C9E0FB79999D02A8437482C -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18717_none_04737e137368226b\lsass.exe
[2014/04/12 03:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=204F3F58212B3E422C90BD9691A2DF28 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18443_none_044f07757384196d\lsass.exe
[2014/04/12 03:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=204F3F58212B3E422C90BD9691A2DF28 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18496_none_041bf8b773a9f127\lsass.exe
[2014/04/12 03:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=204F3F58212B3E422C90BD9691A2DF28 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18526_none_0467aa1173712ab7\lsass.exe
[2014/04/12 03:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=204F3F58212B3E422C90BD9691A2DF28 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18637_none_045ddc5573785d26\lsass.exe
[2015/05/25 19:21:24 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=2A953A1104439BA166FD63A5806A16DF -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23072_none_04b713ec8cbb1b91\lsass.exe
[2015/10/20 02:04:53 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=2BC45F4CF55B45BDD650828192F132B8 -- C:\Windows\SysNative\lsass.exe
[2015/10/20 02:04:53 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=2BC45F4CF55B45BDD650828192F132B8 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.19045_none_0450e9a973827120\lsass.exe
[2015/07/15 04:19:24 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=2CCFA4793B9696F26214634300FE8B37 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23126_none_04f126968c8ef25f\lsass.exe
[2015/07/15 19:08:44 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=31359EDA482F9A4C5DB36741596550AC -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23136_none_04e656aa8c970e50\lsass.exe
[2014/09/19 10:42:18 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=341655B216721D89CADE9DEA2F33872F -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18606_none_047d4bcf7360effc\lsass.exe
[2015/04/04 04:20:52 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=4C3FAC816925F73A34AD52F1F7C0A7EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18812_none_046e7e87736ca0df\lsass.exe
[2015/10/16 19:04:04 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=50996040C28F2E644F7270D2A3BE2BC8 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.19043_none_044ee91573843e72\lsass.exe
[2015/09/15 19:10:32 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=5424EC756808C1002457033D969115C7 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.19007_none_047e29ed7360340a\lsass.exe
[2015/10/16 19:10:51 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=642713B5EFA4A27E1CB88E99208F160A -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23249_none_04de89828c9c736d\lsass.exe
[2014/04/12 03:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22653_none_04cdd63a8ca9d24f\lsass.exe
[2014/04/12 03:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22712_none_04f817868c8a465b\lsass.exe
[2014/04/12 03:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22807_none_0507eaca8c7da644\lsass.exe
[2014/04/12 03:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22843_none_04d8a9f28ca1b0ac\lsass.exe
[2014/04/12 03:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22923_none_04ee4bb08c9175f1\lsass.exe
[2015/02/03 04:30:31 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=7554A1B82B4A222FD4CC292ABD38A558 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18741_none_044d0c937385de34\lsass.exe
[2015/09/16 00:37:18 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=A51431778979B82E6C7041EAB29F66F4 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23211_none_04f6f6f68c8b54e2\lsass.exe
[2015/07/15 04:19:02 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=A7C232F194DE012B41B5EE0C5021CFDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18923_none_0464b0cb7373d34e\lsass.exe
[2015/10/17 19:09:03 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=AECDFB5F08DC5069563AFC6F47C0DDE5 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.19044_none_044fe95f738357c9\lsass.exe
[2014/09/19 10:47:37 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=B84317193B6A29F5F5DCF538C34FDCED -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22814_none_04fa1a008c887630\lsass.exe
[2015/04/04 04:25:34 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=BB9C1B746086558899935E3333CD4580 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23017_none_04fcf4e68c85f29e\lsass.exe
[2011/11/17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe
[2015/02/03 04:50:23 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=CBB80CC43E683F929F8D5E50330F7BA6 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22948_none_04ddad4a8c9d2c86\lsass.exe
[2011/11/17 07:42:52 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=D21BD47E528CD62E79311FB5DF0150E6 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_02bb2a0a8fa4d398\lsass.exe
[2015/07/22 23:03:07 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=FBD94DDAB6D96DE7ECE7D38E48035A75 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23142_none_04d785968ca2c4e5\lsass.exe
[2015/07/23 01:01:53 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=FDD980360C9D72DA77F4C59376AE95C9 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18939_none_045fe29b73768749\lsass.exe

< MD5 for: NDIS.SYS >
[2012/08/22 19:06:07 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=5E74508FCB5820B29EEAFE24E6035BCF -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.22097_none_06232d534c0a8d67\ndis.sys
[2012/08/22 19:12:40 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=760E38053BF56E501D562B70AD796B88 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_05dc9a6832ba428a\ndis.sys
[2010/11/20 14:33:45 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys
[2015/10/13 00:04:07 | 000,949,184 | ---- | M] (Microsoft Corporation) MD5=901D1BE3F8567B5D02747B1174FF708F -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.23235_none_0661f94b4bdbc702\ndis.sys
[2009/07/14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys
[2015/10/13 05:57:21 | 000,950,720 | ---- | M] (Microsoft Corporation) MD5=F7309F42555F8AAB7144A51A1F2585B0 -- C:\Windows\SysNative\drivers\ndis.sys
[2015/10/13 05:57:21 | 000,950,720 | ---- | M] (Microsoft Corporation) MD5=F7309F42555F8AAB7144A51A1F2585B0 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.19030_none_05d3592832c2ab5e\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
Nahoru
Slovak
Návštěvník
Návštěvník
Příspěvky: 78
Registrován: 20 pro 2014 18:42

Re: Prosím o Kontrolu logu - preventívka

#4 Příspěvek od Slovak »

OTL logfile created on: 11. 12. 2015 14:50:38 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Trifon\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18124)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

7,94 Gb Total Physical Memory | 5,23 Gb Available Physical Memory | 65,85% Memory free
7,94 Gb Paging File | 5,21 Gb Available in Paging File | 65,65% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223,47 Gb Total Space | 165,46 Gb Free Space | 74,04% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 538,62 Gb Free Space | 57,82% Space Free | Partition Type: NTFS
Drive G: | 149,05 Gb Total Space | 148,77 Gb Free Space | 99,81% Space Free | Partition Type: NTFS
Drive H: | 931,28 Gb Total Space | 279,74 Gb Free Space | 30,04% Space Free | Partition Type: FAT32

Computer Name: TRIFON-PC | User Name: Trifon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015/12/11 14:32:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Trifon\Desktop\OTL.exe
PRC - [2015/12/04 22:32:56 | 000,741,704 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2015/11/10 18:47:18 | 007,004,376 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2015/11/10 18:47:17 | 000,174,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2015/11/10 18:47:15 | 000,109,520 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2015/10/14 13:15:23 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2015/08/18 09:48:55 | 002,585,744 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2015/08/18 09:48:55 | 001,706,128 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2015/08/17 22:43:04 | 000,409,776 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2014/08/25 04:50:12 | 000,293,872 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2014/06/18 06:54:04 | 001,360,016 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
PRC - [2014/06/18 06:54:00 | 000,936,728 | R--- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
PRC - [2013/09/16 11:18:28 | 000,390,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2013/09/16 11:17:42 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2009/12/23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


========== Modules (No Company Name) ==========

MOD - [2015/12/04 22:32:53 | 001,583,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libglesv2.dll
MOD - [2015/12/04 22:32:52 | 000,081,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libegl.dll
MOD - [2015/11/10 18:47:18 | 040,540,672 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2015/11/10 18:47:18 | 000,466,448 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\ffl2.dll
MOD - [2015/11/10 18:47:18 | 000,103,888 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\log.dll
MOD - [2015/11/10 18:47:17 | 000,125,512 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll


========== Services (SafeList) ==========

SRV:64bit: - [2015/11/10 18:47:17 | 000,174,416 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2015/11/10 18:47:15 | 000,109,520 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2015/11/08 23:01:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2015/08/18 09:48:55 | 021,833,360 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2015/08/18 09:48:55 | 001,148,560 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV:64bit: - [2015/07/23 01:02:54 | 001,390,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2013/08/27 13:32:30 | 000,828,376 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R)
SRV:64bit: - [2013/08/27 13:32:14 | 000,747,520 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2015/10/16 07:52:00 | 000,147,624 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/10/14 21:56:14 | 000,838,224 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2015/10/14 13:15:23 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2015/08/18 09:48:55 | 001,706,128 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2015/08/17 22:43:04 | 000,409,776 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014/06/18 06:54:04 | 001,360,016 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2014/06/18 06:54:00 | 000,936,728 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe -- (asComSvc)
SRV - [2014/04/11 22:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014/03/20 23:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/16 11:18:28 | 000,390,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/09/16 11:17:42 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012/01/05 16:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv)
SRV - [2009/12/23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2015/11/10 18:47:18 | 000,449,992 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2015/11/10 18:47:18 | 000,273,784 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2015/11/10 18:47:18 | 000,154,256 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2015/11/10 18:47:18 | 000,097,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2015/11/10 18:47:18 | 000,093,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2015/11/10 18:47:18 | 000,065,224 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2015/11/10 18:47:18 | 000,028,656 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2015/11/10 18:47:16 | 001,059,656 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2015/11/10 18:47:16 | 000,028,144 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2015/11/10 18:47:15 | 000,466,400 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdisFlt.sys -- (aswNdisFlt)
DRV:64bit: - [2015/10/10 20:46:43 | 000,381,440 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2015/08/18 09:48:55 | 000,038,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2015/08/18 09:48:55 | 000,019,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2015/06/11 18:15:53 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014/08/25 04:49:22 | 000,020,464 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2014/08/25 04:49:14 | 000,795,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2014/08/25 04:49:14 | 000,383,984 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2014/04/29 09:51:00 | 000,044,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD.sys -- (ISCT)
DRV:64bit: - [2013/09/16 11:17:42 | 000,099,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:64bit: - [2013/08/07 13:23:46 | 000,644,968 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/08/07 13:23:46 | 000,028,008 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2012/12/28 02:26:12 | 000,805,088 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/28 18:40:18 | 000,146,928 | ---- | M] (CyberLink Corp.) [2015/10/10 21:44:31] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1601266965-4254244799-107981220-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1601266965-4254244799-107981220-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IESR02
IE - HKU\S-1-5-21-1601266965-4254244799-107981220-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "SK"
FF - prefs.js..browser.search.region: "SK"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:41.0.2
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/11/10 18:48:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\sp@avast.com: C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015/11/10 18:47:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 41.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 41.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015/12/09 20:46:43 | 000,000,000 | ---D | M]

[2015/10/10 20:41:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Trifon\AppData\Roaming\mozilla\Extensions
[2015/10/14 08:19:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Trifon\AppData\Roaming\mozilla\Firefox\Profiles\rk8vrt1e.default\extensions
[2015/10/16 07:51:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/10/16 07:52:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2015/11/18 15:57:24 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[2010/07/12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.9.4_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck\11.1.0.210_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.45_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\11.1.0.210_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpcdepnceibhgcfmkehlleemiejahmbp\1.2_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdeoflfbkpmebldjfkemfhjomgjipgn\0.1_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmlmehpiikmcdamekkndkbkcefnfefai\1.1.0.0_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\S-1-5-21-1601266965-4254244799-107981220-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.23.254.124 217.23.254.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F4109E8-C368-4BBD-B627-550F3133A50A}: DhcpNameServer = 217.23.254.124 217.23.254.125
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6ba8e36e-6f74-11e5-9acc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6ba8e36e-6f74-11e5-9acc-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Bin\ASSETUP.exe
O33 - MountPoints2\{f01fa5cc-6f79-11e5-bb95-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f01fa5cc-6f79-11e5-bb95-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Bin\ASSETUP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2015/12/11 14:32:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Trifon\Desktop\OTL.exe
[2015/12/10 14:36:31 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2015/12/10 14:36:31 | 000,000,000 | ---D | C] -- C:\rsit
[2015/12/09 20:51:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2015/12/09 11:44:26 | 000,802,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2015/12/09 11:44:25 | 003,170,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2015/12/09 11:44:25 | 000,709,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2015/12/09 11:44:25 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2015/12/09 11:44:25 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2015/12/09 11:44:25 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2015/12/09 11:44:25 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2015/12/09 11:44:25 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2015/12/09 11:44:25 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2015/12/09 11:44:25 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSetupUI.dll
[2015/12/09 11:44:25 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2015/12/09 11:44:25 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2015/12/09 11:44:25 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2015/12/09 11:44:25 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2015/12/09 11:44:25 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2015/12/09 11:44:25 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wu.upgrade.ps.dll
[2015/12/09 11:44:23 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlsbres.dll
[2015/12/09 11:44:23 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nlsbres.dll
[2015/12/09 11:44:23 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kbdgeoqw.dll
[2015/12/09 11:44:23 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDAZEL.DLL
[2015/12/09 11:44:23 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDAZE.DLL
[2015/12/09 11:44:23 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDAZE.DLL
[2015/12/09 11:44:23 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\kbdgeoqw.dll
[2015/12/09 11:44:23 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDAZEL.DLL
[2015/12/09 11:44:22 | 001,648,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2015/12/09 11:44:22 | 001,008,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\user32.dll
[2015/12/09 11:44:21 | 001,735,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comsvcs.dll
[2015/12/09 11:44:21 | 001,242,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comsvcs.dll
[2015/12/09 11:44:21 | 000,525,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\catsrvut.dll
[2015/12/09 11:44:21 | 000,487,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\catsrvut.dll
[2015/12/09 11:44:21 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rmcast.sys
[2015/12/09 11:44:21 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshrm.dll
[2015/12/09 11:44:21 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshrm.dll
[2015/12/09 11:44:20 | 000,718,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2015/12/09 11:44:20 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2015/12/09 11:44:20 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2015/12/09 11:44:20 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2015/12/09 11:44:20 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2015/12/09 11:44:20 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2015/12/09 11:44:20 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2015/12/09 11:44:20 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2015/12/09 11:44:20 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2015/12/09 11:44:20 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2015/12/09 11:44:20 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2015/12/09 11:44:19 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2015/12/09 11:44:19 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2015/12/09 11:44:19 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2015/12/09 11:44:19 | 000,663,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2015/12/09 11:44:19 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2015/12/09 11:44:19 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2015/12/09 11:44:19 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2015/12/09 11:44:19 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2015/12/09 11:44:19 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2015/12/09 11:44:18 | 002,123,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2015/12/09 11:44:18 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2015/12/09 11:44:18 | 000,798,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2015/12/09 11:44:18 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2015/12/09 11:44:18 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2015/12/09 11:44:17 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2015/12/09 11:44:17 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2015/12/09 11:44:17 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2015/12/09 11:44:17 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2015/12/09 11:44:17 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2015/12/09 11:44:17 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2015/12/09 11:44:17 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2015/12/09 11:44:16 | 005,923,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2015/12/09 11:44:16 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2015/12/09 11:44:16 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2015/12/09 11:44:16 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2015/12/09 11:44:16 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2015/12/09 11:44:16 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2015/12/09 11:44:15 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2015/12/09 11:44:15 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2015/12/09 11:44:15 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2015/12/09 11:43:58 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\els.dll
[2015/12/09 11:43:58 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\els.dll
[2015/12/04 19:27:56 | 000,000,000 | ---D | C] -- C:\Users\Trifon\AppData\Roaming\.mono
[2015/12/04 19:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\.mono
[2015/12/04 19:27:53 | 000,000,000 | ---D | C] -- C:\Users\Trifon\AppData\Local\Colossal Order
[2015/12/03 18:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AV
[2015/12/03 18:47:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AV
[2015/12/02 14:29:05 | 000,000,000 | ---D | C] -- C:\Users\Trifon\AppData\Roaming\AC3Filter
[2015/11/26 11:29:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
[2015/11/26 11:29:06 | 000,000,000 | ---D | C] -- C:\Users\Trifon\Documents\My ISO Files
[2015/11/26 11:29:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EZB Systems
[2015/11/25 19:55:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Catalyst
[2015/11/24 22:36:34 | 000,000,000 | ---D | C] -- C:\Users\Trifon\AppData\Local\Depression Quest
[2015/11/23 21:26:26 | 000,000,000 | ---D | C] -- C:\Users\Trifon\AppData\Roaming\NVIDIA
[2015/11/18 20:45:48 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2015/11/18 20:45:48 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2015/11/18 20:45:48 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2015/11/18 20:45:48 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2015/11/18 20:45:47 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2015/11/18 20:45:47 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2015/11/18 20:45:47 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2015/12/11 14:51:47 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2015/12/11 14:32:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Trifon\Desktop\OTL.exe
[2015/12/11 13:53:59 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/12/11 13:10:06 | 000,013,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/12/11 13:10:06 | 000,013,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/12/11 13:09:12 | 001,587,976 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/12/11 13:09:12 | 000,661,796 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2015/12/11 13:09:12 | 000,655,292 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/12/11 13:09:12 | 000,141,944 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2015/12/11 13:09:12 | 000,122,662 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/12/11 13:02:21 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/12/11 13:02:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/12/11 13:02:13 | 2099,212,287 | -HS- | M] () -- C:\hiberfil.sys
[2015/12/10 18:54:43 | 000,002,213 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/12/10 14:36:15 | 001,222,144 | ---- | M] () -- C:\Users\Trifon\Desktop\RSITx64.exe
[2015/12/10 11:14:45 | 000,433,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/12/09 12:18:19 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2015/11/26 11:29:06 | 000,000,675 | ---- | M] () -- C:\Users\Public\Desktop\UltraISO.lnk
[2015/11/26 11:27:00 | 000,000,124 | ---- | M] () -- C:\Users\Trifon\Documents\ax_files.xml
[2015/11/25 19:55:51 | 000,001,341 | ---- | M] () -- C:\Users\Trifon\Desktop\Heroes VII.lnk
[2015/11/25 13:41:31 | 000,000,222 | ---- | M] () -- C:\Users\Trifon\Desktop\Everlasting Summer.url
[2015/11/24 18:37:27 | 000,000,222 | ---- | M] () -- C:\Users\Trifon\Desktop\Emily is Away.url
[2015/11/20 19:54:59 | 003,170,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2015/11/20 19:54:59 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2015/11/20 19:54:59 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2015/11/20 19:54:59 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2015/11/20 19:54:59 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2015/11/20 19:54:58 | 000,709,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2015/11/20 19:54:28 | 000,091,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WinSetupUI.dll
[2015/11/20 19:54:18 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wu.upgrade.ps.dll
[2015/11/20 19:54:15 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2015/11/20 19:54:15 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2015/11/20 19:34:36 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2015/11/20 19:34:36 | 000,093,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2015/11/20 19:34:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2015/11/20 19:34:35 | 000,573,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2015/11/20 19:33:56 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2015/11/11 19:53:48 | 001,735,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\comsvcs.dll
[2015/11/11 19:53:47 | 000,525,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\catsrvut.dll
[2015/11/11 19:39:34 | 001,242,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\comsvcs.dll
[2015/11/11 19:39:33 | 000,487,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\catsrvut.dll
[2015/11/11 16:12:51 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2015/11/11 15:57:36 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2015/12/11 14:35:20 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2015/12/11 14:32:43 | 001,222,144 | ---- | C] () -- C:\Users\Trifon\Desktop\RSITx64.exe
[2015/12/09 12:18:19 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2015/11/26 11:29:06 | 000,000,675 | ---- | C] () -- C:\Users\Public\Desktop\UltraISO.lnk
[2015/11/25 19:55:51 | 000,001,341 | ---- | C] () -- C:\Users\Trifon\Desktop\Heroes VII.lnk
[2015/11/25 13:41:31 | 000,000,222 | ---- | C] () -- C:\Users\Trifon\Desktop\Everlasting Summer.url
[2015/11/24 18:37:27 | 000,000,222 | ---- | C] () -- C:\Users\Trifon\Desktop\Emily is Away.url
[2015/10/16 13:12:29 | 000,000,082 | ---- | C] () -- C:\Windows\SysWow64\winsevr.dat
[2015/10/14 13:15:41 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2015/10/14 13:15:23 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2015/10/14 12:29:43 | 000,079,872 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2015/10/10 19:43:24 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2015/10/10 19:42:40 | 001,554,464 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2015/10/10 19:39:05 | 000,015,232 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2015/10/10 19:38:26 | 000,000,138 | ---- | C] () -- C:\Windows\scd.ini
[2015/10/10 19:38:25 | 000,060,220 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2015/10/10 19:38:25 | 000,000,000 | ---- | C] () -- C:\Windows\Ascd_err.ini
[2015/10/10 19:36:17 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2015/10/10 19:36:13 | 000,042,097 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/08/06 19:04:07 | 014,176,768 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/08/06 18:44:51 | 012,875,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2015/12/04 19:27:56 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\.mono
[2015/12/02 14:29:05 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\AC3Filter
[2015/10/10 20:53:29 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\AVAST Software
[2015/10/10 20:50:56 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\AVG
[2015/12/09 11:14:20 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\CDisplayEx
[2015/10/10 20:50:48 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\OpenCandy
[2015/10/16 17:26:58 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\The Creative Assembly
[2015/10/14 17:05:50 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\uplay
[2015/12/10 11:23:33 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\uTorrent
[2015/10/14 11:34:44 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\Wargaming.net

========== Purity Check ==========



========== Custom Scans ==========

< >
[2009/07/14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 06:08:49 | 000,028,366 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2015/10/10 19:37:10 | 000,000,932 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2015/10/10 19:37:10 | 000,000,936 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< >

< MD5 for: AGP440.SYS >
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010/11/20 14:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010/11/20 14:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2009/07/14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009/07/14 02:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
[2010/11/20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010/11/20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2009/07/14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
[2010/11/20 10:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010/11/20 10:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010/11/20 10:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2015/02/03 04:50:56 | 000,190,976 | ---- | M] (Microsoft Corporation) MD5=00D0F7BA3B27126A3E25B540979A9F39 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22948_none_d492bbeccaa14239\cryptsvc.dll
[2015/04/27 20:17:29 | 000,190,976 | ---- | M] (Microsoft Corporation) MD5=0925E2BEAC4493C887099F850D69BA3B -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.23040_none_d48a91becaa8aac3\cryptsvc.dll
[2010/11/20 14:25:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[2015/02/03 04:30:56 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=1CD76A83B9E8E9A5A3519B39E28354D9 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18741_none_d4021b35b189f3e7\cryptsvc.dll
[2013/05/10 05:49:59 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=33ADF6E0853AB39EA1723BE82842C1D3 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_77d7a417f9359661\cryptsvc.dll
[2015/04/27 20:04:37 | 000,143,872 | ---- | M] (Microsoft Corporation) MD5=33F67BBCC3C0499D3F3382473114CFA8 -- C:\Windows\SysWOW64\cryptsvc.dll
[2015/04/27 20:04:37 | 000,143,872 | ---- | M] (Microsoft Corporation) MD5=33F67BBCC3C0499D3F3382473114CFA8 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18839_none_77f653d3f91d2e9f\cryptsvc.dll
[2013/05/13 05:45:55 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=3897DFF247D9ED0006190349DE264E14 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_77d8a461f934afb8\cryptsvc.dll
[2015/02/03 04:12:14 | 000,143,872 | ---- | M] (Microsoft Corporation) MD5=49474B3E37969AF4B5C076F42B623AFF -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18741_none_77e37fb1f92c82b1\cryptsvc.dll
[2013/10/05 03:25:30 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=509D31797A4B8A3D6ED78A330B19A919 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_d46d4138cabe2596\cryptsvc.dll
[2015/04/27 19:55:50 | 000,145,920 | ---- | M] (Microsoft Corporation) MD5=59AF628BEF750EE470FD36751CA52137 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.23040_none_786bf63b124b398d\cryptsvc.dll
[2013/07/09 06:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=6B400F211BEE880A37A1ED0368776BF4 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_d431528fb165f7bc\cryptsvc.dll
[2015/04/27 20:23:13 | 000,188,416 | ---- | M] (Microsoft Corporation) MD5=7BC3E861F7E8EB543A630090FAE779E0 -- C:\Windows\SysNative\cryptsvc.dll
[2015/04/27 20:23:13 | 000,188,416 | ---- | M] (Microsoft Corporation) MD5=7BC3E861F7E8EB543A630090FAE779E0 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18839_none_d414ef57b17a9fd5\cryptsvc.dll
[2013/07/09 05:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=7CA1BECEA5DE2643ADDAD32670E7A4C9 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_7812b70bf9088686\cryptsvc.dll
[2013/05/10 06:49:28 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=7FDC4626B01106A8EF328C88C7C0DEE3 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_d3f63f9bb1930797\cryptsvc.dll
[2013/05/11 06:18:23 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=8122252F0A4ACFA92FA0C1D50D18493B -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_d4a24ea4ca968363\cryptsvc.dll
[2009/07/14 02:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009/07/14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2010/11/20 13:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2013/05/11 05:59:05 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=AC04D05309BB2C418D0D80B9FB014642 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_7883b3211239122d\cryptsvc.dll
[2015/02/03 04:31:49 | 000,145,920 | ---- | M] (Microsoft Corporation) MD5=B97E16D36DB7B7DD22C97857506FA58A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22948_none_787420691243d103\cryptsvc.dll
[2013/05/10 06:18:53 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=CA13C4F92BEE66DB48E58AB3223DDF6E -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_d4a14e5aca976a0c\cryptsvc.dll
[2013/05/13 06:51:01 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=D8129C49798CBBFB2E4351D4B7B8EF9C -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_d3f73fe5b19220ee\cryptsvc.dll
[2013/05/10 06:06:21 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=E122AA1C9A3CC46FF9DDDE46E5EB0C58 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_7882b2d71239f8d6\cryptsvc.dll
[2013/10/05 02:52:03 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=F2D9242C3BBD1C36467FCAE1AE01733F -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_784ea5b51260b460\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/11/20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe

< MD5 for: HAL.DLL >
[2009/07/14 02:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
[2010/11/20 14:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\SysNative\hal.dll
[2010/11/20 14:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll

< MD5 for: IASTORV.SYS >
[2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009/07/14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\drivers\isapnp.sys
[2009/07/14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\isapnp.sys
[2009/07/14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\isapnp.sys
[2009/07/14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\isapnp.sys

< MD5 for: LSASS.EXE >
[2009/07/14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009/07/14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009/07/14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe
[2009/07/14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
[2011/11/17 07:20:34 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0A10B74FBB437FF9A23F1D5DE4446A83 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe
[2015/07/15 19:10:10 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0D48E93C6BE3143C0198CB252B992D16 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18933_none_0459e0df737bef3f\lsass.exe
[2015/10/20 02:10:48 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0F3591FD0F246CD5941B6DC8184E66B7 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23250_none_04cab6fc8cacab4f\lsass.exe
[2011/11/17 08:05:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=156F6159457D0AA7E59B62681B56EB90 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_028b374176436a30\lsass.exe
[2015/05/25 19:18:19 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=17A6A9AAD04CCC6EE53290585BFC43AF -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18869_none_043f70f1738eddf5\lsass.exe
[2015/01/14 07:04:46 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=1E31700D9C9E0FB79999D02A8437482C -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18717_none_04737e137368226b\lsass.exe
[2014/04/12 03:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=204F3F58212B3E422C90BD9691A2DF28 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18443_none_044f07757384196d\lsass.exe
[2014/04/12 03:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=204F3F58212B3E422C90BD9691A2DF28 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18496_none_041bf8b773a9f127\lsass.exe
[2014/04/12 03:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=204F3F58212B3E422C90BD9691A2DF28 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18526_none_0467aa1173712ab7\lsass.exe
[2014/04/12 03:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=204F3F58212B3E422C90BD9691A2DF28 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18637_none_045ddc5573785d26\lsass.exe
[2015/05/25 19:21:24 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=2A953A1104439BA166FD63A5806A16DF -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23072_none_04b713ec8cbb1b91\lsass.exe
[2015/10/20 02:04:53 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=2BC45F4CF55B45BDD650828192F132B8 -- C:\Windows\SysNative\lsass.exe
[2015/10/20 02:04:53 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=2BC45F4CF55B45BDD650828192F132B8 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.19045_none_0450e9a973827120\lsass.exe
[2015/07/15 04:19:24 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=2CCFA4793B9696F26214634300FE8B37 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23126_none_04f126968c8ef25f\lsass.exe
[2015/07/15 19:08:44 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=31359EDA482F9A4C5DB36741596550AC -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23136_none_04e656aa8c970e50\lsass.exe
[2014/09/19 10:42:18 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=341655B216721D89CADE9DEA2F33872F -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18606_none_047d4bcf7360effc\lsass.exe
[2015/04/04 04:20:52 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=4C3FAC816925F73A34AD52F1F7C0A7EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18812_none_046e7e87736ca0df\lsass.exe
[2015/10/16 19:04:04 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=50996040C28F2E644F7270D2A3BE2BC8 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.19043_none_044ee91573843e72\lsass.exe
[2015/09/15 19:10:32 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=5424EC756808C1002457033D969115C7 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.19007_none_047e29ed7360340a\lsass.exe
[2015/10/16 19:10:51 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=642713B5EFA4A27E1CB88E99208F160A -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23249_none_04de89828c9c736d\lsass.exe
[2014/04/12 03:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22653_none_04cdd63a8ca9d24f\lsass.exe
[2014/04/12 03:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22712_none_04f817868c8a465b\lsass.exe
[2014/04/12 03:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22807_none_0507eaca8c7da644\lsass.exe
[2014/04/12 03:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22843_none_04d8a9f28ca1b0ac\lsass.exe
[2014/04/12 03:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22923_none_04ee4bb08c9175f1\lsass.exe
[2015/02/03 04:30:31 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=7554A1B82B4A222FD4CC292ABD38A558 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18741_none_044d0c937385de34\lsass.exe
[2015/09/16 00:37:18 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=A51431778979B82E6C7041EAB29F66F4 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23211_none_04f6f6f68c8b54e2\lsass.exe
[2015/07/15 04:19:02 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=A7C232F194DE012B41B5EE0C5021CFDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18923_none_0464b0cb7373d34e\lsass.exe
[2015/10/17 19:09:03 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=AECDFB5F08DC5069563AFC6F47C0DDE5 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.19044_none_044fe95f738357c9\lsass.exe
[2014/09/19 10:47:37 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=B84317193B6A29F5F5DCF538C34FDCED -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22814_none_04fa1a008c887630\lsass.exe
[2015/04/04 04:25:34 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=BB9C1B746086558899935E3333CD4580 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23017_none_04fcf4e68c85f29e\lsass.exe
[2011/11/17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe
[2015/02/03 04:50:23 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=CBB80CC43E683F929F8D5E50330F7BA6 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22948_none_04ddad4a8c9d2c86\lsass.exe
[2011/11/17 07:42:52 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=D21BD47E528CD62E79311FB5DF0150E6 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_02bb2a0a8fa4d398\lsass.exe
[2015/07/22 23:03:07 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=FBD94DDAB6D96DE7ECE7D38E48035A75 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23142_none_04d785968ca2c4e5\lsass.exe
[2015/07/23 01:01:53 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=FDD980360C9D72DA77F4C59376AE95C9 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18939_none_045fe29b73768749\lsass.exe

< MD5 for: NDIS.SYS >
[2012/08/22 19:06:07 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=5E74508FCB5820B29EEAFE24E6035BCF -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.22097_none_06232d534c0a8d67\ndis.sys
[2012/08/22 19:12:40 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=760E38053BF56E501D562B70AD796B88 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_05dc9a6832ba428a\ndis.sys
[2010/11/20 14:33:45 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys
[2015/10/13 00:04:07 | 000,949,184 | ---- | M] (Microsoft Corporation) MD5=901D1BE3F8567B5D02747B1174FF708F -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.23235_none_0661f94b4bdbc702\ndis.sys
[2009/07/14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys
[2015/10/13 05:57:21 | 000,950,720 | ---- | M] (Microsoft Corporation) MD5=F7309F42555F8AAB7144A51A1F2585B0 -- C:\Windows\SysNative\drivers\ndis.sys
[2015/10/13 05:57:21 | 000,950,720 | ---- | M] (Microsoft Corporation) MD5=F7309F42555F8AAB7144A51A1F2585B0 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.19030_none_05d3592832c2ab5e\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
Nahoru
Slovak
Návštěvník
Návštěvník
Příspěvky: 78
Registrován: 20 pro 2014 18:42

Re: Prosím o Kontrolu logu - preventívka

#5 Příspěvek od Slovak »

OTL logfile created on: 11. 12. 2015 14:50:38 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Trifon\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18124)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

7,94 Gb Total Physical Memory | 5,23 Gb Available Physical Memory | 65,85% Memory free
7,94 Gb Paging File | 5,21 Gb Available in Paging File | 65,65% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223,47 Gb Total Space | 165,46 Gb Free Space | 74,04% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 538,62 Gb Free Space | 57,82% Space Free | Partition Type: NTFS
Drive G: | 149,05 Gb Total Space | 148,77 Gb Free Space | 99,81% Space Free | Partition Type: NTFS
Drive H: | 931,28 Gb Total Space | 279,74 Gb Free Space | 30,04% Space Free | Partition Type: FAT32

Computer Name: TRIFON-PC | User Name: Trifon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015/12/11 14:32:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Trifon\Desktop\OTL.exe
PRC - [2015/12/04 22:32:56 | 000,741,704 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2015/11/10 18:47:18 | 007,004,376 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2015/11/10 18:47:17 | 000,174,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2015/11/10 18:47:15 | 000,109,520 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2015/10/14 13:15:23 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2015/08/18 09:48:55 | 002,585,744 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2015/08/18 09:48:55 | 001,706,128 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2015/08/17 22:43:04 | 000,409,776 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2014/08/25 04:50:12 | 000,293,872 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2014/06/18 06:54:04 | 001,360,016 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
PRC - [2014/06/18 06:54:00 | 000,936,728 | R--- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
PRC - [2013/09/16 11:18:28 | 000,390,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2013/09/16 11:17:42 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2009/12/23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


========== Modules (No Company Name) ==========

MOD - [2015/12/04 22:32:53 | 001,583,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libglesv2.dll
MOD - [2015/12/04 22:32:52 | 000,081,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libegl.dll
MOD - [2015/11/10 18:47:18 | 040,540,672 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2015/11/10 18:47:18 | 000,466,448 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\ffl2.dll
MOD - [2015/11/10 18:47:18 | 000,103,888 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\log.dll
MOD - [2015/11/10 18:47:17 | 000,125,512 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll


========== Services (SafeList) ==========

SRV:64bit: - [2015/11/10 18:47:17 | 000,174,416 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2015/11/10 18:47:15 | 000,109,520 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2015/11/08 23:01:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2015/08/18 09:48:55 | 021,833,360 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2015/08/18 09:48:55 | 001,148,560 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV:64bit: - [2015/07/23 01:02:54 | 001,390,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2013/08/27 13:32:30 | 000,828,376 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R)
SRV:64bit: - [2013/08/27 13:32:14 | 000,747,520 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2015/10/16 07:52:00 | 000,147,624 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/10/14 21:56:14 | 000,838,224 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2015/10/14 13:15:23 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2015/08/18 09:48:55 | 001,706,128 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2015/08/17 22:43:04 | 000,409,776 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014/06/18 06:54:04 | 001,360,016 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2014/06/18 06:54:00 | 000,936,728 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe -- (asComSvc)
SRV - [2014/04/11 22:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014/03/20 23:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/16 11:18:28 | 000,390,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/09/16 11:17:42 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012/01/05 16:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv)
SRV - [2009/12/23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2015/11/10 18:47:18 | 000,449,992 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2015/11/10 18:47:18 | 000,273,784 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2015/11/10 18:47:18 | 000,154,256 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2015/11/10 18:47:18 | 000,097,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2015/11/10 18:47:18 | 000,093,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2015/11/10 18:47:18 | 000,065,224 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2015/11/10 18:47:18 | 000,028,656 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2015/11/10 18:47:16 | 001,059,656 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2015/11/10 18:47:16 | 000,028,144 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2015/11/10 18:47:15 | 000,466,400 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdisFlt.sys -- (aswNdisFlt)
DRV:64bit: - [2015/10/10 20:46:43 | 000,381,440 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2015/08/18 09:48:55 | 000,038,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2015/08/18 09:48:55 | 000,019,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2015/06/11 18:15:53 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014/08/25 04:49:22 | 000,020,464 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2014/08/25 04:49:14 | 000,795,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2014/08/25 04:49:14 | 000,383,984 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2014/04/29 09:51:00 | 000,044,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD.sys -- (ISCT)
DRV:64bit: - [2013/09/16 11:17:42 | 000,099,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:64bit: - [2013/08/07 13:23:46 | 000,644,968 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/08/07 13:23:46 | 000,028,008 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2012/12/28 02:26:12 | 000,805,088 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/28 18:40:18 | 000,146,928 | ---- | M] (CyberLink Corp.) [2015/10/10 21:44:31] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1601266965-4254244799-107981220-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1601266965-4254244799-107981220-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IESR02
IE - HKU\S-1-5-21-1601266965-4254244799-107981220-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "SK"
FF - prefs.js..browser.search.region: "SK"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:41.0.2
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/11/10 18:48:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\sp@avast.com: C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015/11/10 18:47:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 41.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 41.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015/12/09 20:46:43 | 000,000,000 | ---D | M]

[2015/10/10 20:41:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Trifon\AppData\Roaming\mozilla\Extensions
[2015/10/14 08:19:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Trifon\AppData\Roaming\mozilla\Firefox\Profiles\rk8vrt1e.default\extensions
[2015/10/16 07:51:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/10/16 07:52:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2015/11/18 15:57:24 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[2010/07/12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.9.4_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck\11.1.0.210_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.45_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\11.1.0.210_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpcdepnceibhgcfmkehlleemiejahmbp\1.2_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdeoflfbkpmebldjfkemfhjomgjipgn\0.1_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmlmehpiikmcdamekkndkbkcefnfefai\1.1.0.0_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\S-1-5-21-1601266965-4254244799-107981220-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.23.254.124 217.23.254.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F4109E8-C368-4BBD-B627-550F3133A50A}: DhcpNameServer = 217.23.254.124 217.23.254.125
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6ba8e36e-6f74-11e5-9acc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6ba8e36e-6f74-11e5-9acc-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Bin\ASSETUP.exe
O33 - MountPoints2\{f01fa5cc-6f79-11e5-bb95-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f01fa5cc-6f79-11e5-bb95-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Bin\ASSETUP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2015/12/11 14:32:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Trifon\Desktop\OTL.exe
[2015/12/10 14:36:31 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2015/12/10 14:36:31 | 000,000,000 | ---D | C] -- C:\rsit
[2015/12/09 20:51:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2015/12/09 11:44:26 | 000,802,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2015/12/09 11:44:25 | 003,170,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2015/12/09 11:44:25 | 000,709,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2015/12/09 11:44:25 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2015/12/09 11:44:25 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2015/12/09 11:44:25 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2015/12/09 11:44:25 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2015/12/09 11:44:25 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2015/12/09 11:44:25 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2015/12/09 11:44:25 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSetupUI.dll
[2015/12/09 11:44:25 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2015/12/09 11:44:25 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2015/12/09 11:44:25 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2015/12/09 11:44:25 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2015/12/09 11:44:25 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2015/12/09 11:44:25 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wu.upgrade.ps.dll
[2015/12/09 11:44:23 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlsbres.dll
[2015/12/09 11:44:23 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nlsbres.dll
[2015/12/09 11:44:23 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kbdgeoqw.dll
[2015/12/09 11:44:23 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDAZEL.DLL
[2015/12/09 11:44:23 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDAZE.DLL
[2015/12/09 11:44:23 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDAZE.DLL
[2015/12/09 11:44:23 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\kbdgeoqw.dll
[2015/12/09 11:44:23 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDAZEL.DLL
[2015/12/09 11:44:22 | 001,648,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2015/12/09 11:44:22 | 001,008,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\user32.dll
[2015/12/09 11:44:21 | 001,735,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comsvcs.dll
[2015/12/09 11:44:21 | 001,242,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comsvcs.dll
[2015/12/09 11:44:21 | 000,525,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\catsrvut.dll
[2015/12/09 11:44:21 | 000,487,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\catsrvut.dll
[2015/12/09 11:44:21 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rmcast.sys
[2015/12/09 11:44:21 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshrm.dll
[2015/12/09 11:44:21 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshrm.dll
[2015/12/09 11:44:20 | 000,718,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2015/12/09 11:44:20 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2015/12/09 11:44:20 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2015/12/09 11:44:20 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2015/12/09 11:44:20 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2015/12/09 11:44:20 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2015/12/09 11:44:20 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2015/12/09 11:44:20 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2015/12/09 11:44:20 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2015/12/09 11:44:20 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2015/12/09 11:44:20 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2015/12/09 11:44:19 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2015/12/09 11:44:19 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2015/12/09 11:44:19 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2015/12/09 11:44:19 | 000,663,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2015/12/09 11:44:19 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2015/12/09 11:44:19 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2015/12/09 11:44:19 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2015/12/09 11:44:19 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2015/12/09 11:44:19 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2015/12/09 11:44:18 | 002,123,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2015/12/09 11:44:18 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2015/12/09 11:44:18 | 000,798,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2015/12/09 11:44:18 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2015/12/09 11:44:18 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2015/12/09 11:44:17 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2015/12/09 11:44:17 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2015/12/09 11:44:17 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2015/12/09 11:44:17 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2015/12/09 11:44:17 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2015/12/09 11:44:17 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2015/12/09 11:44:17 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2015/12/09 11:44:16 | 005,923,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2015/12/09 11:44:16 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2015/12/09 11:44:16 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2015/12/09 11:44:16 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2015/12/09 11:44:16 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2015/12/09 11:44:16 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2015/12/09 11:44:15 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2015/12/09 11:44:15 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2015/12/09 11:44:15 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2015/12/09 11:43:58 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\els.dll
[2015/12/09 11:43:58 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\els.dll
[2015/12/04 19:27:56 | 000,000,000 | ---D | C] -- C:\Users\Trifon\AppData\Roaming\.mono
[2015/12/04 19:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\.mono
[2015/12/04 19:27:53 | 000,000,000 | ---D | C] -- C:\Users\Trifon\AppData\Local\Colossal Order
[2015/12/03 18:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AV
[2015/12/03 18:47:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AV
[2015/12/02 14:29:05 | 000,000,000 | ---D | C] -- C:\Users\Trifon\AppData\Roaming\AC3Filter
[2015/11/26 11:29:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
[2015/11/26 11:29:06 | 000,000,000 | ---D | C] -- C:\Users\Trifon\Documents\My ISO Files
[2015/11/26 11:29:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EZB Systems
[2015/11/25 19:55:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Catalyst
[2015/11/24 22:36:34 | 000,000,000 | ---D | C] -- C:\Users\Trifon\AppData\Local\Depression Quest
[2015/11/23 21:26:26 | 000,000,000 | ---D | C] -- C:\Users\Trifon\AppData\Roaming\NVIDIA
[2015/11/18 20:45:48 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2015/11/18 20:45:48 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2015/11/18 20:45:48 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2015/11/18 20:45:48 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2015/11/18 20:45:47 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2015/11/18 20:45:47 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2015/11/18 20:45:47 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2015/12/11 14:51:47 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2015/12/11 14:32:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Trifon\Desktop\OTL.exe
[2015/12/11 13:53:59 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/12/11 13:10:06 | 000,013,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/12/11 13:10:06 | 000,013,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/12/11 13:09:12 | 001,587,976 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/12/11 13:09:12 | 000,661,796 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2015/12/11 13:09:12 | 000,655,292 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/12/11 13:09:12 | 000,141,944 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2015/12/11 13:09:12 | 000,122,662 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/12/11 13:02:21 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/12/11 13:02:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/12/11 13:02:13 | 2099,212,287 | -HS- | M] () -- C:\hiberfil.sys
[2015/12/10 18:54:43 | 000,002,213 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/12/10 14:36:15 | 001,222,144 | ---- | M] () -- C:\Users\Trifon\Desktop\RSITx64.exe
[2015/12/10 11:14:45 | 000,433,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/12/09 12:18:19 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2015/11/26 11:29:06 | 000,000,675 | ---- | M] () -- C:\Users\Public\Desktop\UltraISO.lnk
[2015/11/26 11:27:00 | 000,000,124 | ---- | M] () -- C:\Users\Trifon\Documents\ax_files.xml
[2015/11/25 19:55:51 | 000,001,341 | ---- | M] () -- C:\Users\Trifon\Desktop\Heroes VII.lnk
[2015/11/25 13:41:31 | 000,000,222 | ---- | M] () -- C:\Users\Trifon\Desktop\Everlasting Summer.url
[2015/11/24 18:37:27 | 000,000,222 | ---- | M] () -- C:\Users\Trifon\Desktop\Emily is Away.url
[2015/11/20 19:54:59 | 003,170,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2015/11/20 19:54:59 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2015/11/20 19:54:59 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2015/11/20 19:54:59 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2015/11/20 19:54:59 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2015/11/20 19:54:58 | 000,709,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2015/11/20 19:54:28 | 000,091,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WinSetupUI.dll
[2015/11/20 19:54:18 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wu.upgrade.ps.dll
[2015/11/20 19:54:15 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2015/11/20 19:54:15 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2015/11/20 19:34:36 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2015/11/20 19:34:36 | 000,093,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2015/11/20 19:34:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2015/11/20 19:34:35 | 000,573,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2015/11/20 19:33:56 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2015/11/11 19:53:48 | 001,735,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\comsvcs.dll
[2015/11/11 19:53:47 | 000,525,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\catsrvut.dll
[2015/11/11 19:39:34 | 001,242,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\comsvcs.dll
[2015/11/11 19:39:33 | 000,487,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\catsrvut.dll
[2015/11/11 16:12:51 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2015/11/11 15:57:36 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2015/12/11 14:35:20 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2015/12/11 14:32:43 | 001,222,144 | ---- | C] () -- C:\Users\Trifon\Desktop\RSITx64.exe
[2015/12/09 12:18:19 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2015/11/26 11:29:06 | 000,000,675 | ---- | C] () -- C:\Users\Public\Desktop\UltraISO.lnk
[2015/11/25 19:55:51 | 000,001,341 | ---- | C] () -- C:\Users\Trifon\Desktop\Heroes VII.lnk
[2015/11/25 13:41:31 | 000,000,222 | ---- | C] () -- C:\Users\Trifon\Desktop\Everlasting Summer.url
[2015/11/24 18:37:27 | 000,000,222 | ---- | C] () -- C:\Users\Trifon\Desktop\Emily is Away.url
[2015/10/16 13:12:29 | 000,000,082 | ---- | C] () -- C:\Windows\SysWow64\winsevr.dat
[2015/10/14 13:15:41 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2015/10/14 13:15:23 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2015/10/14 12:29:43 | 000,079,872 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2015/10/10 19:43:24 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2015/10/10 19:42:40 | 001,554,464 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2015/10/10 19:39:05 | 000,015,232 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2015/10/10 19:38:26 | 000,000,138 | ---- | C] () -- C:\Windows\scd.ini
[2015/10/10 19:38:25 | 000,060,220 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2015/10/10 19:38:25 | 000,000,000 | ---- | C] () -- C:\Windows\Ascd_err.ini
[2015/10/10 19:36:17 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2015/10/10 19:36:13 | 000,042,097 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/08/06 19:04:07 | 014,176,768 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/08/06 18:44:51 | 012,875,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2015/12/04 19:27:56 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\.mono
[2015/12/02 14:29:05 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\AC3Filter
[2015/10/10 20:53:29 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\AVAST Software
[2015/10/10 20:50:56 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\AVG
[2015/12/09 11:14:20 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\CDisplayEx
[2015/10/10 20:50:48 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\OpenCandy
[2015/10/16 17:26:58 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\The Creative Assembly
[2015/10/14 17:05:50 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\uplay
[2015/12/10 11:23:33 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\uTorrent
[2015/10/14 11:34:44 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\Wargaming.net

========== Purity Check ==========



========== Custom Scans ==========

< >
[2009/07/14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 06:08:49 | 000,028,366 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2015/10/10 19:37:10 | 000,000,932 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2015/10/10 19:37:10 | 000,000,936 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< >

< MD5 for: AGP440.SYS >
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010/11/20 14:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010/11/20 14:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2009/07/14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009/07/14 02:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
[2010/11/20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010/11/20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2009/07/14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
[2010/11/20 10:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010/11/20 10:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010/11/20 10:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2015/02/03 04:50:56 | 000,190,976 | ---- | M] (Microsoft Corporation) MD5=00D0F7BA3B27126A3E25B540979A9F39 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22948_none_d492bbeccaa14239\cryptsvc.dll
[2015/04/27 20:17:29 | 000,190,976 | ---- | M] (Microsoft Corporation) MD5=0925E2BEAC4493C887099F850D69BA3B -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.23040_none_d48a91becaa8aac3\cryptsvc.dll
[2010/11/20 14:25:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[2015/02/03 04:30:56 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=1CD76A83B9E8E9A5A3519B39E28354D9 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18741_none_d4021b35b189f3e7\cryptsvc.dll
[2013/05/10 05:49:59 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=33ADF6E0853AB39EA1723BE82842C1D3 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_77d7a417f9359661\cryptsvc.dll
[2015/04/27 20:04:37 | 000,143,872 | ---- | M] (Microsoft Corporation) MD5=33F67BBCC3C0499D3F3382473114CFA8 -- C:\Windows\SysWOW64\cryptsvc.dll
[2015/04/27 20:04:37 | 000,143,872 | ---- | M] (Microsoft Corporation) MD5=33F67BBCC3C0499D3F3382473114CFA8 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18839_none_77f653d3f91d2e9f\cryptsvc.dll
[2013/05/13 05:45:55 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=3897DFF247D9ED0006190349DE264E14 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_77d8a461f934afb8\cryptsvc.dll
[2015/02/03 04:12:14 | 000,143,872 | ---- | M] (Microsoft Corporation) MD5=49474B3E37969AF4B5C076F42B623AFF -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18741_none_77e37fb1f92c82b1\cryptsvc.dll
[2013/10/05 03:25:30 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=509D31797A4B8A3D6ED78A330B19A919 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_d46d4138cabe2596\cryptsvc.dll
[2015/04/27 19:55:50 | 000,145,920 | ---- | M] (Microsoft Corporation) MD5=59AF628BEF750EE470FD36751CA52137 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.23040_none_786bf63b124b398d\cryptsvc.dll
[2013/07/09 06:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=6B400F211BEE880A37A1ED0368776BF4 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_d431528fb165f7bc\cryptsvc.dll
[2015/04/27 20:23:13 | 000,188,416 | ---- | M] (Microsoft Corporation) MD5=7BC3E861F7E8EB543A630090FAE779E0 -- C:\Windows\SysNative\cryptsvc.dll
[2015/04/27 20:23:13 | 000,188,416 | ---- | M] (Microsoft Corporation) MD5=7BC3E861F7E8EB543A630090FAE779E0 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18839_none_d414ef57b17a9fd5\cryptsvc.dll
[2013/07/09 05:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=7CA1BECEA5DE2643ADDAD32670E7A4C9 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_7812b70bf9088686\cryptsvc.dll
[2013/05/10 06:49:28 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=7FDC4626B01106A8EF328C88C7C0DEE3 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_d3f63f9bb1930797\cryptsvc.dll
[2013/05/11 06:18:23 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=8122252F0A4ACFA92FA0C1D50D18493B -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_d4a24ea4ca968363\cryptsvc.dll
[2009/07/14 02:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009/07/14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2010/11/20 13:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2013/05/11 05:59:05 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=AC04D05309BB2C418D0D80B9FB014642 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_7883b3211239122d\cryptsvc.dll
[2015/02/03 04:31:49 | 000,145,920 | ---- | M] (Microsoft Corporation) MD5=B97E16D36DB7B7DD22C97857506FA58A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22948_none_787420691243d103\cryptsvc.dll
[2013/05/10 06:18:53 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=CA13C4F92BEE66DB48E58AB3223DDF6E -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_d4a14e5aca976a0c\cryptsvc.dll
[2013/05/13 06:51:01 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=D8129C49798CBBFB2E4351D4B7B8EF9C -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_d3f73fe5b19220ee\cryptsvc.dll
[2013/05/10 06:06:21 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=E122AA1C9A3CC46FF9DDDE46E5EB0C58 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_7882b2d71239f8d6\cryptsvc.dll
[2013/10/05 02:52:03 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=F2D9242C3BBD1C36467FCAE1AE01733F -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_784ea5b51260b460\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/11/20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe

< MD5 for: HAL.DLL >
[2009/07/14 02:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
[2010/11/20 14:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\SysNative\hal.dll
[2010/11/20 14:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll

< MD5 for: IASTORV.SYS >
[2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009/07/14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\drivers\isapnp.sys
[2009/07/14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\isapnp.sys
[2009/07/14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\isapnp.sys
[2009/07/14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\isapnp.sys

< MD5 for: LSASS.EXE >
[2009/07/14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009/07/14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009/07/14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe
[2009/07/14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
[2011/11/17 07:20:34 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0A10B74FBB437FF9A23F1D5DE4446A83 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe
[2015/07/15 19:10:10 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0D48E93C6BE3143C0198CB252B992D16 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18933_none_0459e0df737bef3f\lsass.exe
[2015/10/20 02:10:48 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0F3591FD0F246CD5941B6DC8184E66B7 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23250_none_04cab6fc8cacab4f\lsass.exe
[2011/11/17 08:05:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=156F6159457D0AA7E59B62681B56EB90 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_028b374176436a30\lsass.exe
[2015/05/25 19:18:19 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=17A6A9AAD04CCC6EE53290585BFC43AF -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18869_none_043f70f1738eddf5\lsass.exe
[2015/01/14 07:04:46 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=1E31700D9C9E0FB79999D02A8437482C -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18717_none_04737e137368226b\lsass.exe
[2014/04/12 03:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=204F3F58212B3E422C90BD9691A2DF28 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18443_none_044f07757384196d\lsass.exe
[2014/04/12 03:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=204F3F58212B3E422C90BD9691A2DF28 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18496_none_041bf8b773a9f127\lsass.exe
[2014/04/12 03:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=204F3F58212B3E422C90BD9691A2DF28 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18526_none_0467aa1173712ab7\lsass.exe
[2014/04/12 03:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=204F3F58212B3E422C90BD9691A2DF28 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18637_none_045ddc5573785d26\lsass.exe
[2015/05/25 19:21:24 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=2A953A1104439BA166FD63A5806A16DF -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23072_none_04b713ec8cbb1b91\lsass.exe
[2015/10/20 02:04:53 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=2BC45F4CF55B45BDD650828192F132B8 -- C:\Windows\SysNative\lsass.exe
[2015/10/20 02:04:53 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=2BC45F4CF55B45BDD650828192F132B8 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.19045_none_0450e9a973827120\lsass.exe
[2015/07/15 04:19:24 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=2CCFA4793B9696F26214634300FE8B37 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23126_none_04f126968c8ef25f\lsass.exe
[2015/07/15 19:08:44 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=31359EDA482F9A4C5DB36741596550AC -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23136_none_04e656aa8c970e50\lsass.exe
[2014/09/19 10:42:18 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=341655B216721D89CADE9DEA2F33872F -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18606_none_047d4bcf7360effc\lsass.exe
[2015/04/04 04:20:52 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=4C3FAC816925F73A34AD52F1F7C0A7EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18812_none_046e7e87736ca0df\lsass.exe
[2015/10/16 19:04:04 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=50996040C28F2E644F7270D2A3BE2BC8 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.19043_none_044ee91573843e72\lsass.exe
[2015/09/15 19:10:32 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=5424EC756808C1002457033D969115C7 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.19007_none_047e29ed7360340a\lsass.exe
[2015/10/16 19:10:51 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=642713B5EFA4A27E1CB88E99208F160A -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23249_none_04de89828c9c736d\lsass.exe
[2014/04/12 03:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22653_none_04cdd63a8ca9d24f\lsass.exe
[2014/04/12 03:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22712_none_04f817868c8a465b\lsass.exe
[2014/04/12 03:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22807_none_0507eaca8c7da644\lsass.exe
[2014/04/12 03:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22843_none_04d8a9f28ca1b0ac\lsass.exe
[2014/04/12 03:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22923_none_04ee4bb08c9175f1\lsass.exe
[2015/02/03 04:30:31 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=7554A1B82B4A222FD4CC292ABD38A558 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18741_none_044d0c937385de34\lsass.exe
[2015/09/16 00:37:18 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=A51431778979B82E6C7041EAB29F66F4 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23211_none_04f6f6f68c8b54e2\lsass.exe
[2015/07/15 04:19:02 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=A7C232F194DE012B41B5EE0C5021CFDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18923_none_0464b0cb7373d34e\lsass.exe
[2015/10/17 19:09:03 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=AECDFB5F08DC5069563AFC6F47C0DDE5 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.19044_none_044fe95f738357c9\lsass.exe
[2014/09/19 10:47:37 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=B84317193B6A29F5F5DCF538C34FDCED -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22814_none_04fa1a008c887630\lsass.exe
[2015/04/04 04:25:34 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=BB9C1B746086558899935E3333CD4580 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23017_none_04fcf4e68c85f29e\lsass.exe
[2011/11/17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe
[2015/02/03 04:50:23 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=CBB80CC43E683F929F8D5E50330F7BA6 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22948_none_04ddad4a8c9d2c86\lsass.exe
[2011/11/17 07:42:52 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=D21BD47E528CD62E79311FB5DF0150E6 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_02bb2a0a8fa4d398\lsass.exe
[2015/07/22 23:03:07 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=FBD94DDAB6D96DE7ECE7D38E48035A75 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23142_none_04d785968ca2c4e5\lsass.exe
[2015/07/23 01:01:53 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=FDD980360C9D72DA77F4C59376AE95C9 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18939_none_045fe29b73768749\lsass.exe

< MD5 for: NDIS.SYS >
[2012/08/22 19:06:07 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=5E74508FCB5820B29EEAFE24E6035BCF -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.22097_none_06232d534c0a8d67\ndis.sys
[2012/08/22 19:12:40 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=760E38053BF56E501D562B70AD796B88 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_05dc9a6832ba428a\ndis.sys
[2010/11/20 14:33:45 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys
[2015/10/13 00:04:07 | 000,949,184 | ---- | M] (Microsoft Corporation) MD5=901D1BE3F8567B5D02747B1174FF708F -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.23235_none_0661f94b4bdbc702\ndis.sys
[2009/07/14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys
[2015/10/13 05:57:21 | 000,950,720 | ---- | M] (Microsoft Corporation) MD5=F7309F42555F8AAB7144A51A1F2585B0 -- C:\Windows\SysNative\drivers\ndis.sys
[2015/10/13 05:57:21 | 000,950,720 | ---- | M] (Microsoft Corporation) MD5=F7309F42555F8AAB7144A51A1F2585B0 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.19030_none_05d3592832c2ab5e\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
Nahoru
Slovak
Návštěvník
Návštěvník
Příspěvky: 78
Registrován: 20 pro 2014 18:42

Re: Prosím o Kontrolu logu - preventívka

#6 Příspěvek od Slovak »

< MD5 for: NVRAID.SYS >
[2011/03/11 07:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\Windows\SysNative\drivers\nvraid.sys
[2011/03/11 07:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvraid.sys
[2011/03/11 07:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvraid.sys
[2009/07/14 02:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys
[2010/11/20 14:33:48 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=5D9FD91F3D38DC9DA01E3CB5FA89CD48 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvraid.sys
[2010/11/20 14:33:48 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=5D9FD91F3D38DC9DA01E3CB5FA89CD48 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvraid.sys
[2011/03/11 07:19:21 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=666CA16F17914C1CD3616CF16DE0A6EA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvraid.sys
[2011/03/11 07:23:06 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=A4D9C9A608A97F59307C2F2600EDC6A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvraid.sys
[2011/03/11 07:25:53 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=A5C82EB2F72AA004887F90B84A771F73 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SMSS.EXE >
[2015/10/20 02:11:06 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=12E497414382EF5970A5E42AEBA7AD2E -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23250_none_0abad437491312d3\smss.exe
[2015/05/25 19:21:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=18196A0F4C3904C81ACE6E91529227D9 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23072_none_0aa7312749218315\smss.exe
[2009/07/14 02:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe
[2014/04/12 03:31:44 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=3442A918386D4716D74C661543151746 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22653_none_0abdf375491039d3\smss.exe
[2014/04/12 03:31:44 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=3442A918386D4716D74C661543151746 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22921_none_0adc685748f9aac7\smss.exe
[2014/04/12 03:31:44 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=3442A918386D4716D74C661543151746 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22923_none_0ade68eb48f7dd75\smss.exe
[2015/07/23 01:02:14 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=50EEE09D03B94A13DFEFEFC1D774FC31 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18939_none_0a4fffd62fdceecd\smss.exe
[2015/07/15 19:10:25 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=55C48343919A72B0C8F5C42E4C798FCA -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18933_none_0a49fe1a2fe256c3\smss.exe
[2015/07/15 19:08:53 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=5E200958CFBDB2B82C78B6F883236640 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23136_none_0ad673e548fd75d4\smss.exe
[2015/02/03 04:30:42 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=63D3C30B497347495B8EA78A38188969 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18741_none_0a3d29ce2fec45b8\smss.exe
[2013/03/19 04:20:12 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=7180204786A9DED8723B2D8CF3CDD388 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.21980_none_08b427b34c04d2dc\smss.exe
[2015/09/28 19:15:54 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=740DBD927AE4C290E62023F09CC8740E -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23223_none_0ade44d948f80b05\smss.exe
[2015/02/03 04:50:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=8CD5A97B8D155718D357B2D9BC6B113D -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22948_none_0acdca854903940a\smss.exe
[2015/10/20 02:05:13 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=9066AE964D95B1ABC999CED271556A7C -- C:\Windows\SysNative\smss.exe
[2015/10/20 02:05:13 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=9066AE964D95B1ABC999CED271556A7C -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.19045_none_0a4106e42fe8d8a4\smss.exe
[2015/10/01 19:06:20 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=9815B80E8F45D4CFF468899A444FE3B8 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23226_none_0ae145b748f5570a\smss.exe
[2015/05/25 19:18:39 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=9BBEA639884C0338DD78654277BD188A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18869_none_0a2f8e2c2ff54579\smss.exe
[2015/07/15 04:19:24 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=B094FD54A16671683B4A27A8C43BCDD0 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18923_none_0a54ce062fda3ad2\smss.exe
[2015/07/15 04:19:40 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=C95509F69D3584BB216C5B2365E74956 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23126_none_0ae143d148f559e3\smss.exe
[2015/09/29 04:10:30 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=D2E2A613EBD0C959E72556C3A63A6B4A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.19018_none_0a6477862fcdd0d6\smss.exe
[2015/07/22 23:03:29 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=E31F311AEACDAB79CFA4E5B5ACB2B954 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23142_none_0ac7a2d149092c69\smss.exe
[2013/08/02 01:59:09 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=F0970A4BC8395659C22BF53D0FADF16F -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18229_none_0a5ac2782fd4e6cb\smss.exe
[2013/03/19 04:19:03 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=FA64733BD65F52712F0545F56FDB4BE6 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.17273_none_0838504e32dc743c\smss.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2014/04/05 03:47:20 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=04ADD18EE5CC9FBEDAEC1DD1CD0CB45E -- C:\Windows\SysNative\drivers\tcpip.sys
[2014/04/05 03:47:20 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=04ADD18EE5CC9FBEDAEC1DD1CD0CB45E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18438_none_113260637d1284ef\tcpip.sys
[2012/10/03 18:56:54 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[2013/09/08 03:30:37 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_1118bb977d265d27\tcpip.sys
[2014/04/05 03:37:43 | 001,897,408 | ---- | M] (Microsoft Corporation) MD5=4F80944B03112F486212DC20BE166079 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22648_none_11b12f2896383dd1\tcpip.sys
[2010/11/20 14:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2013/09/07 03:27:48 | 001,896,896 | ---- | M] (Microsoft Corporation) MD5=75F9106B74585D38C8FF6BB5CAD262D7 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_11ad2a34963bde27\tcpip.sys
[2009/07/14 02:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2012/10/03 18:44:29 | 001,902,472 | ---- | M] (Microsoft Corporation) MD5=D5707FC2300AA5B04B7BFE86D40C0133 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2014/03/04 12:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014/03/04 10:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[2014/07/17 03:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\SysNative\winlogon.exe
[2014/07/17 03:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_cdc47ed1ebad0e4e\winlogon.exe
[2014/07/16 04:23:23 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=98AA0BFEE089C7E5DADB94190D93456C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_ce434d9704d2c730\winlogon.exe
[2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WS2_32.DLL >
[2010/11/20 14:27:29 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- C:\Windows\SysNative\ws2_32.dll
[2010/11/20 14:27:29 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_50ddb631e4f59005\ws2_32.dll
[2009/07/14 02:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[2010/11/20 13:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\SysWOW64\ws2_32.dll
[2010/11/20 13:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll
[2009/07/14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[3 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[7 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[1 C:\Windows\inf\Intel Storage Counters\*.tmp files -> C:\Windows\inf\Intel Storage Counters\*.tmp -> ]
[1 C:\Windows\inf\Intel Storage Counters\0000\*.tmp files -> C:\Windows\inf\Intel Storage Counters\0000\*.tmp -> ]
[1 C:\Windows\inf\Intel Storage Counters\0005\*.tmp files -> C:\Windows\inf\Intel Storage Counters\0005\*.tmp -> ]
[1 C:\Windows\inf\Intel Storage Counters\0009\*.tmp files -> C:\Windows\inf\Intel Storage Counters\0009\*.tmp -> ]
[1 C:\Windows\inf\Intel Storage Counters\001B\*.tmp files -> C:\Windows\inf\Intel Storage Counters\001B\*.tmp -> ]
[42 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2015/12/04 19:27:56 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\.mono
[2015/12/02 14:29:05 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\AC3Filter
[2015/11/02 09:20:55 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\Adobe
[2015/10/10 20:53:29 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\AVAST Software
[2015/10/10 20:50:56 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\AVG
[2015/12/09 11:14:20 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\CDisplayEx
[2015/10/10 20:45:57 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\CyberLink
[2015/10/10 19:53:52 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\Google
[2015/10/10 19:33:37 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\Identities
[2015/10/10 19:45:10 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\InstallShield
[2015/10/10 19:46:42 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\Intel Corporation
[2015/10/10 19:25:45 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\Macromedia
[2009/07/14 08:45:14 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\Media Center Programs
[2015/12/10 19:01:31 | 000,000,000 | --SD | M] -- C:\Users\Trifon\AppData\Roaming\Microsoft
[2015/10/10 20:41:41 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\Mozilla
[2015/10/10 20:40:10 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\Nero
[2015/11/23 21:26:26 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\NVIDIA
[2015/10/10 20:50:48 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\OpenCandy
[2015/10/16 17:26:58 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\The Creative Assembly
[2015/10/14 17:05:50 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\uplay
[2015/12/10 11:23:33 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\uTorrent
[2015/12/10 18:38:58 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\vlc
[2015/10/14 11:34:44 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\Wargaming.net
[2015/10/10 20:52:03 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\Winamp
[2015/10/22 14:31:06 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2015/10/10 20:50:50 | 050,630,456 | ---- | M] (AVG Technologies) -- C:\Users\Trifon\AppData\Roaming\OpenCandy\OpenCandy_F80F3A010DFE4DF3AE751AB016D661CE\PCTU-EN-1-day-2200642.exe
[2015/04/25 19:30:00 | 000,294,312 | ---- | M] (emc) -- C:\Users\Trifon\AppData\Roaming\uTorrent\uninstall.exe
[2015/02/22 20:30:00 | 000,416,168 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Trifon\AppData\Roaming\uTorrent\utorrent.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< >

< type c:\boot.ini >> test.txt /c >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2015/12/11 14:51:47 | 000,000,512 | ---- | M] () MD5=67F0399630CD23DD86CBC4098253A39F -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2013/07/24 08:06:30 | 000,017,170 | ---- | M] () -- \Users\Trifon\Documents\Paradox Interactive\Crusader Kings II\mod\A Game of Thrones\gfx\flags\c_northern_crackclaw_point.tga
[2013/07/24 08:07:02 | 000,017,170 | ---- | M] () -- \Users\Trifon\Documents\Paradox Interactive\Crusader Kings II\mod\A Game of Thrones\gfx\flags\c_southern_crackclaw_point.tga
[2013/07/24 08:07:52 | 000,017,170 | ---- | M] () -- \Users\Trifon\Documents\Paradox Interactive\Crusader Kings II\mod\A Game of Thrones\gfx\flags\d_crackclaw_point.tga
[2013/07/24 08:09:20 | 000,017,170 | ---- | M] () -- \Users\Trifon\Documents\Paradox Interactive\Crusader Kings II\mod\A Game of Thrones\gfx\flags\k_crackclaw_point.tga
[2013/07/24 08:07:52 | 000,017,170 | ---- | M] () -- \Users\Trifon\Documents\Paradox Interactive\Crusader Kings II\mod\A Game of Thrones\gfx\flags\k_crackclaw_pointTK.tga
[2014/06/24 15:01:30 | 000,000,561 | ---- | M] () -- \Users\Trifon\Documents\Paradox Interactive\Crusader Kings II\mod\A Game of Thrones\history\provinces\215 - South Crackclaw Point.txt
[2014/06/24 15:01:30 | 000,000,517 | ---- | M] () -- \Users\Trifon\Documents\Paradox Interactive\Crusader Kings II\mod\A Game of Thrones\history\provinces\218 - North Crackclaw Point.txt
[2014/04/18 14:14:56 | 000,000,779 | ---- | M] () -- \Users\Trifon\Documents\Paradox Interactive\Crusader Kings II\mod\A Game of Thrones\history\titles\c_northern_crackclaw_point.txt
[2014/04/18 14:15:06 | 000,000,752 | ---- | M] () -- \Users\Trifon\Documents\Paradox Interactive\Crusader Kings II\mod\A Game of Thrones\history\titles\c_southern_crackclaw_point.txt
[2012/10/29 18:39:00 | 000,000,069 | ---- | M] () -- \Users\Trifon\Documents\Paradox Interactive\Crusader Kings II\mod\A Game of Thrones\history\titles\d_crackclaw_point.txt
[2013/12/30 19:25:40 | 000,000,146 | ---- | M] () -- \Users\Trifon\Documents\Paradox Interactive\Crusader Kings II\mod\A Game of Thrones\history\titles\k_crackclaw_point.txt

< *keygen* /s >

< *AntiWPA* /s >

< *loader* /s >
[2014/09/02 23:27:24 | 000,268,432 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll
[2014/09/02 23:27:24 | 000,019,096 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2009/11/20 16:22:16 | 000,010,779 | ---- | M] () -- \Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\mm\MediaCtrl\ImageLoader.kc
[2009/11/20 16:22:22 | 000,003,490 | ---- | M] () -- \Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\widget\langloader.kc
[2009/11/20 16:22:22 | 000,013,373 | ---- | M] () -- \Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\widget\layoutloader.kc
[2015/08/18 09:48:55 | 001,176,208 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\ExtensionLoader.dll
[2014/06/10 16:42:34 | 000,065,344 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2014/06/10 16:42:34 | 000,067,904 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader64.dll
[2014/06/10 16:42:30 | 000,070,464 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader.dll
[2014/06/10 16:42:30 | 000,085,312 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader64.dll
[2014/12/10 02:28:04 | 000,001,701 | ---- | M] () -- \Program Files (x86)\Steam\friends\broadcastuploaderrornotification.res
[2014/11/11 19:48:42 | 000,007,825 | ---- | M] () -- \Program Files (x86)\Steam\remoteui\static\libs\images\ajax-loader.gif
[2006/12/23 16:37:56 | 000,044,032 | ---- | M] () -- \Program Files (x86)\WinRAR\RarExtLoader.exe
[2015/11/10 18:47:17 | 000,072,440 | ---- | M] () -- \Program Files\AVAST Software\Avast\aswWrcIELoader32.exe
[2015/11/10 18:47:17 | 000,088,408 | ---- | M] () -- \Program Files\AVAST Software\Avast\aswWrcIELoader64.exe
[2015/11/10 18:47:16 | 000,060,128 | ---- | M] () -- \Program Files\AVAST Software\Avast\ie_loader.exe
[2015/11/10 18:47:16 | 000,067,832 | ---- | M] () -- \Program Files\AVAST Software\Avast\x64\ie_loader.exe
[2015/10/30 07:42:28 | 001,701,016 | ---- | M] () -- \Program Files\AVAST Software\SZBrowser\1.46.1990.55\resources\bundled_extensions\video-downloader.crx
[2015/10/30 07:42:28 | 001,701,016 | ---- | M] () -- \Program Files\AVAST Software\SZBrowser\resources\bundled_extensions\video-downloader.crx
[2014/09/02 23:27:24 | 000,364,176 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll
[2014/09/02 23:27:24 | 000,019,096 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2015/11/24 11:49:24 | 000,003,208 | ---- | M] () -- \Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.9.4_0\skin\ajax-loader.gif
[2015/12/03 13:26:06 | 000,003,605 | ---- | M] () -- \Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.45_0\img\loader.gif
[2015/10/17 18:07:17 | 000,008,787 | ---- | M] () -- \Users\Trifon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MI0GZU2M\movie-loader[1].gif
[2015/10/17 18:07:17 | 000,002,608 | ---- | M] () -- \Users\Trifon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O5G8DFFV\ajax-loader-sign[1].gif
[2015/10/18 11:45:15 | 000,017,920 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.O29577370#\9367b89a43f87cb93b1e7f7139fa7073\Microsoft.Office.InfoPath.CLRLoader.ni.dll
[2015/10/18 11:45:15 | 000,000,696 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.O29577370#\9367b89a43f87cb93b1e7f7139fa7073\Microsoft.Office.InfoPath.CLRLoader.ni.dll.aux
[2013/05/09 00:43:22 | 000,019,080 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00005109110000000100000000F01FEC\15.0.4420\FL_VSTOLoaderUI_dll_amd64_ln.3643236F_FC70_11D3_A536_0090278A1BB8
[2012/10/01 19:34:40 | 000,019,048 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00005109110000000100000000F01FEC\15.0.4420\FL_VSTOLoaderUI_dll_amd64_ln.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25
[2013/05/09 00:43:22 | 000,019,080 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00005109110000000100000000F01FEC\15.0.4420\FL_VSTOLoaderUI_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8
[2012/10/01 19:34:40 | 000,019,048 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00005109110000000100000000F01FEC\15.0.4420\FL_VSTOLoaderUI_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25
[2013/05/09 00:43:22 | 000,364,168 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00005109110000000100000000F01FEC\15.0.4420\VSTOLoader_dll_amd64.3643236F_FC70_11D3_A536_0090278A1BB8
[2012/10/01 19:34:40 | 000,364,128 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00005109110000000100000000F01FEC\15.0.4420\VSTOLoader_dll_amd64.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25
[2013/05/09 00:43:22 | 000,268,440 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00005109110000000100000000F01FEC\15.0.4420\VSTOLoader_dll_x86.3643236F_FC70_11D3_A536_0090278A1BB8
[2012/10/01 19:34:40 | 000,268,384 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00005109110000000100000000F01FEC\15.0.4420\VSTOLoader_dll_x86.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25
[2015/10/14 13:57:02 | 000,015,528 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.InfoPath.CLRLoader\v4.0_15.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.CLRLoader.dll
[2015/10/20 01:35:03 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2015/10/20 01:35:03 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2009/07/14 02:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009/07/14 02:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 18:28:57 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17135_none_66dcd6a595588d81\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 06:41:11 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17179_none_66b5981d957562a1\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 18:26:17 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21335_none_67667556ae762a72\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 06:36:06 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21386_none_67316604ae9dcf7e\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 18:38:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_68a2edab92971725\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 06:38:44 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/02 03:12:19 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/05/25 19:11:40 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18869_none_68a6d625929398fb\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/07/15 04:06:41 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18923_none_68cc15ff92788e54\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/07/15 19:00:47 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18933_none_68c146139280aa45\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/07/23 00:52:00 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18939_none_68c747cf927b424f\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/09/29 04:01:16 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.19018_none_68dbbf7f926c2458\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/10/20 01:53:47 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.19045_none_68b84edd92872c26\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 18:35:00 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_6957a248ab947a6d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 06:39:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_69239340abbb38d0\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/04/12 03:28:21 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_69353b6eabae8d55\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/05/25 19:14:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23072_none_691e7920abbfd697\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/07/15 04:11:33 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23126_none_69588bcaab93ad65\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/07/15 19:05:03 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23136_none_694dbbdeab9bc956\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/07/22 22:52:11 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23142_none_693eeacaaba77feb\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/09/28 19:06:01 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23223_none_69558cd2ab965e87\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/10/01 18:57:33 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23226_none_69588db0ab93aa8c\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/10/20 02:01:41 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23250_none_69321c30abb16655\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/10/16 13:58:47 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.19021_cs-cz_915a6c4113b415c1.manifest
[2015/10/16 13:58:47 | 000,033,216 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.19021_cs-cz_915a6c4113b415c1_winload.efi.mui_35ee487d
[2015/10/16 13:58:47 | 000,034,752 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.19021_cs-cz_915a6c4113b415c1_winload.exe.mui_3bc5b827
[2015/10/16 13:58:47 | 000,029,632 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.19021_cs-cz_915a6c4113b415c1_winresume.efi.mui_f412814e
[2015/10/16 13:58:47 | 000,030,144 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.19021_cs-cz_915a6c4113b415c1_winresume.exe.mui_ff8b5358
[2015/10/16 13:58:47 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.19021_en-us_d4b0b79cfaae721f.manifest
[2015/10/16 13:58:47 | 000,033,216 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.19021_en-us_d4b0b79cfaae721f_winload.efi.mui_35ee487d
[2015/10/16 13:58:47 | 000,033,216 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.19021_en-us_d4b0b79cfaae721f_winload.exe.mui_3bc5b827
[2015/10/16 13:58:47 | 000,029,632 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.19021_en-us_d4b0b79cfaae721f_winresume.efi.mui_f412814e
[2015/10/16 13:58:47 | 000,029,632 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.19021_en-us_d4b0b79cfaae721f_winresume.exe.mui_ff8b5358
[2015/10/16 13:58:47 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.19021_none_b93eb7c983517bf4.manifest
[2015/10/16 13:58:47 | 000,692,672 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.19021_none_b93eb7c983517bf4_winload.efi_75834aa0
[2015/10/16 13:58:47 | 000,619,056 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.19021_none_b93eb7c983517bf4_winload.exe_75835076
[2015/10/16 13:58:47 | 000,616,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.19021_none_b93eb7c983517bf4_winresume.efi_85cd069f
[2015/10/16 13:58:47 | 000,532,176 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.19021_none_b93eb7c983517bf4_winresume.exe_85cd1215
[2009/07/14 03:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009/07/14 03:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2015/10/16 13:53:05 | 000,000,616 | ---- | M] () -- \Windows\winsxs\FileMaps\programdata_microsoft_diagnosis_asimovuploader_0413bca0c3dfdda4.cdf-ms
[2009/07/26 19:38:16 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2009/07/14 03:44:20 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a.manifest
[2015/02/03 05:49:45 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18741_cs-cz_9144f07b13c42013.manifest
[2015/02/03 04:35:06 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18741_en-us_d49b3bd6fabe7c71.manifest
[2015/10/01 20:47:40 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.19021_cs-cz_915a6c4113b415c1.manifest
[2015/10/01 19:06:16 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.19021_en-us_d4b0b79cfaae721f.manifest
[2015/01/12 23:17:25 | 000,004,141 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22921_cs-cz_91e42f042cd18522.manifest
[2015/01/12 23:17:17 | 000,004,141 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22921_en-us_d53a7a6013cbe180.manifest
[2015/01/16 07:36:46 | 000,004,141 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22923_cs-cz_91e62f982ccfb7d0.manifest
[2015/01/16 07:36:33 | 000,004,141 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22923_en-us_d53c7af413ca142e.manifest
[2015/02/03 06:30:16 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22948_cs-cz_91d591322cdb6e65.manifest
[2015/02/03 04:54:55 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22948_en-us_d52bdc8e13d5cac3.manifest
[2015/05/25 21:04:06 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23072_cs-cz_91aef7d42cf95d70.manifest
[2015/05/25 19:25:12 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23072_en-us_d505433013f3b9ce.manifest
[2015/07/15 06:49:58 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23126_cs-cz_91e90a7e2ccd343e.manifest
[2015/07/15 04:32:59 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23126_en-us_d53f55da13c7909c.manifest
[2015/07/15 21:47:39 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23136_cs-cz_91de3a922cd5502f.manifest
[2015/07/15 19:15:00 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23136_en-us_d53485ee13cfac8d.manifest
[2015/07/23 04:58:18 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23142_cs-cz_91cf697e2ce106c4.manifest
[2015/07/22 23:05:32 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23142_en-us_d525b4da13db6322.manifest
[2015/09/28 23:00:52 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23223_cs-cz_91e60b862ccfe560.manifest
[2015/09/28 19:18:04 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23223_en-us_d53c56e213ca41be.manifest
[2015/10/01 20:13:38 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23226_cs-cz_91e90c642ccd3165.manifest
[2015/10/01 19:08:53 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23226_en-us_d53f57c013c78dc3.manifest
[2015/10/20 03:31:26 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23250_cs-cz_91c29ae42ceaed2e.manifest
[2015/10/20 02:13:06 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23250_en-us_d518e64013e5498c.manifest
[2009/07/14 03:13:42 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef.manifest
[2011/02/05 14:09:31 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66.manifest
[2011/02/05 14:04:44 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20897_none_b79c80e49f7bc9f4.manifest
[2010/11/20 05:12:44 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89.manifest
[2011/02/05 18:34:23 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2015/02/03 04:51:30 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18741_none_b9293c0383618646.manifest
[2015/10/01 19:31:17 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.19021_none_b93eb7c983517bf4.manifest
[2011/02/05 14:09:57 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e.manifest
[2015/01/12 04:50:53 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22921_none_b9c87a8c9c6eeb55.manifest
[2015/01/16 07:37:02 | 000,005,511 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22923_none_b9ca7b209c6d1e03.manifest
[2015/02/03 05:17:47 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22948_none_b9b9dcba9c78d498.manifest
[2015/05/25 19:45:47 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23072_none_b993435c9c96c3a3.manifest
[2015/07/15 04:48:43 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23126_none_b9cd56069c6a9a71.manifest
[2015/07/15 19:39:45 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23136_none_b9c2861a9c72b662.manifest
[2015/07/23 02:47:39 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23142_none_b9b3b5069c7e6cf7.manifest
[2015/09/28 21:29:36 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23223_none_b9ca570e9c6d4b93.manifest
[2015/10/01 19:34:58 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23226_none_b9cd57ec9c6a9798.manifest
[2015/10/20 02:39:39 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23250_none_b9a6e66c9c885361.manifest
[2009/07/14 03:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2015/10/16 10:40:41 | 000,532,176 | ---- | M] () -- \Windows\winsxs\Temp\PendingRenames\1c47c7b8f607d101b24c00007004380d.amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.19021_none_b93eb7c983517bf4_winresume.exe_85cd1215
[2015/10/16 10:20:34 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Temp\PendingRenames\282d35e9f307d101832000007004380d.amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2015/10/16 10:20:34 | 000,642,944 | ---- | M] () -- \Windows\winsxs\Temp\PendingRenames\282d35e9f307d101842000007004380d.amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.efi_75834aa0
[2015/10/16 10:20:34 | 000,566,208 | ---- | M] () -- \Windows\winsxs\Temp\PendingRenames\2a3848e9f307d101862000007004380d.amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.efi_85cd069f
[2015/10/16 10:20:34 | 000,518,672 | ---- | M] () -- \Windows\winsxs\Temp\PendingRenames\6c8056e9f307d101872000007004380d.amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.exe_85cd1215
[2015/10/16 10:40:41 | 000,619,056 | ---- | M] () -- \Windows\winsxs\Temp\PendingRenames\7a9db6b8f607d101b04c00007004380d.amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.19021_none_b93eb7c983517bf4_winload.exe_75835076
[2015/10/16 10:40:41 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Temp\PendingRenames\99b6aab8f607d101a74c00007004380d.amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.19021_cs-cz_915a6c4113b415c1.manifest
[2015/10/16 10:40:41 | 000,033,216 | ---- | M] () -- \Windows\winsxs\Temp\PendingRenames\99b6aab8f607d101a84c00007004380d.amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.19021_cs-cz_915a6c4113b415c1_winload.efi.mui_35ee487d
[2015/10/16 10:40:41 | 000,034,752 | ---- | M] () -- \Windows\winsxs\Temp\PendingRenames\99b6aab8f607d101a94c00007004380d.amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.19021_cs-cz_915a6c4113b415c1_winload.exe.mui_3bc5b827
[2015/10/16 10:40:41 | 000,029,632 | ---- | M] () -- \Windows\winsxs\Temp\PendingRenames\99b6aab8f607d101aa4c00007004380d.amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.19021_cs-cz_915a6c4113b415c1_winresume.efi.mui_f412814e
[2015/10/16 10:40:41 | 000,030,144 | ---- | M] () -- \Windows\winsxs\Temp\PendingRenames\99b6aab8f607d101ab4c00007004380d.amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.19021_cs-cz_915a6c4113b415c1_winresume.exe.mui_ff8b5358
[2015/10/16 10:40:41 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Temp\PendingRenames\99b6aab8f607d101ae4c00007004380d.amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.19021_none_b93eb7c983517bf4.manifest
[2015/10/16 10:40:41 | 000,692,672 | ---- | M] () -- \Windows\winsxs\Temp\PendingRenames\99b6aab8f607d101af4c00007004380d.amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.19021_none_b93eb7c983517bf4_winload.efi_75834aa0
[2015/10/16 10:40:41 | 000,616,360 | ---- | M] () -- \Windows\winsxs\Temp\PendingRenames\9bc1bdb8f607d101b14c00007004380d.amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.19021_none_b93eb7c983517bf4_winresume.efi_85cd069f
[2015/10/16 10:20:34 | 000,605,552 | ---- | M] () -- \Windows\winsxs\Temp\PendingRenames\a9b23ee9f307d101852000007004380d.amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.exe_75835076
[2015/10/16 10:40:41 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Temp\PendingRenames\b7cf9eb8f607d101984c00007004380d.amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.19021_en-us_d4b0b79cfaae721f.manifest
[2015/10/16 10:40:41 | 000,033,216 | ---- | M] () -- \Windows\winsxs\Temp\PendingRenames\b7cf9eb8f607d101994c00007004380d.amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.19021_en-us_d4b0b79cfaae721f_winload.efi.mui_35ee487d
[2015/10/16 10:40:41 | 000,033,216 | ---- | M] () -- \Windows\winsxs\Temp\PendingRenames\b7cf9eb8f607d1019a4c00007004380d.amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.19021_en-us_d4b0b79cfaae721f_winload.exe.mui_3bc5b827
[2015/10/16 10:40:41 | 000,029,632 | ---- | M] () -- \Windows\winsxs\Temp\PendingRenames\b7cf9eb8f607d1019b4c00007004380d.amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.19021_en-us_d4b0b79cfaae721f_winresume.efi.mui_f412814e
[2015/10/16 10:40:41 | 000,029,632 | ---- | M] () -- \Windows\winsxs\Temp\PendingRenames\b7cf9eb8f607d1019c4c00007004380d.amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.19021_en-us_d4b0b79cfaae721f_winresume.exe.mui_ff8b5358
[2015/10/16 10:30:21 | 000,000,616 | ---- | M] () -- \Windows\winsxs\Temp\PendingRenames\fb318847f507d1016a3a00007004380d.programdata_microsoft_diagnosis_asimovuploader_0413bca0c3dfdda4.cdf-ms
[2009/07/14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009/07/14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 17:45:38 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17135_none_0abe3b21dcfb1c4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 05:56:23 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17179_none_0a96fc99dd17f16b\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 17:48:05 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21335_none_0b47d9d2f618b93c\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 05:44:10 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21386_none_0b12ca80f6405e48\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 17:40:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_0c845227da39a5ef\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 05:45:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/02 02:48:15 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/05/25 18:55:18 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18869_none_0c883aa1da3627c5\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/07/15 03:47:54 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18923_none_0cad7a7bda1b1d1e\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/07/15 18:44:18 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18933_none_0ca2aa8fda23390f\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/07/22 18:42:39 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18939_none_0ca8ac4bda1dd119\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/09/29 03:49:51 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.19018_none_0cbd23fbda0eb322\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/10/20 01:35:03 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.19045_none_0c99b359da29baf0\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 17:29:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_0d3906c4f3370937\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 05:46:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_0d04f7bcf35dc79a\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/04/12 03:03:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_0d169feaf3511c1f\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/05/25 19:00:35 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23072_none_0cffdd9cf3626561\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/07/15 03:51:41 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23126_none_0d39f046f3363c2f\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/07/15 18:40:57 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23136_none_0d2f205af33e5820\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/07/23 00:54:11 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23142_none_0d204f46f34a0eb5\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/09/28 21:07:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23223_none_0d36f14ef338ed51\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/10/20 01:37:58 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23250_none_0d1380acf353f51f\api-ms-win-core-libraryloader-l1-1-0.dll

< *minodlogin* /s >

< *tnod* /s >

< *AutoKMS* /s >
[1 \Windows\*.tmp files -> \Windows\*.tmp -> ]
[2015/10/14 13:58:52 | 003,334,144 | ---- | M] () -- \Windows\AutoKMS\AutoKMS.exe
[2015/12/11 13:02:31 | 000,023,512 | ---- | M] () -- \Windows\AutoKMS\AutoKMS.log
[2015/10/16 15:50:04 | 006,950,204 | ---- | M] () -- \Windows\System32\config\systemprofile\AppData\Local\CrashDumps\AutoKMS.exe.1768.dmp
[2015/10/16 15:50:04 | 006,950,204 | ---- | M] () -- \Windows\SysWOW64\config\systemprofile\AppData\Local\CrashDumps\AutoKMS.exe.1768.dmp

< *activator* /s >

< *serial* /s >
[2014/07/10 23:24:10 | 000,970,752 | ---- | M] () -- \Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2010/11/05 02:53:39 | 000,090,112 | ---- | M] () -- \Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[2015/09/15 13:58:12 | 000,167,616 | ---- | M] () -- \Program Files\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.BackEnd.XmlSerializers.dll
[2015/09/15 13:58:12 | 000,210,624 | ---- | M] () -- \Program Files\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.Common.FrontEnd.XmlSerializers.dll
[2014/07/10 23:24:01 | 000,847,872 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2010/11/05 02:54:42 | 000,090,112 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[2015/12/10 14:44:12 | 000,006,144 | ---- | M] () -- \Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.serialzone.cz_0.localstorage
[2015/12/10 14:44:12 | 000,000,000 | ---- | M] () -- \Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.serialzone.cz_0.localstorage-journal
[2013/07/08 13:43:52 | 000,011,776 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2014/06/24 00:43:20 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2013/07/08 13:44:55 | 000,090,112 | ---- | M] () -- \Windows\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
[2014/07/10 23:24:10 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2015/10/16 15:54:11 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\91eb4f41130c65ef17f0fee1d3ab48fb\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2015/10/16 15:54:53 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\b1e0939384cc320d6ac7b8921ccc2877\System.Runtime.Serialization.ni.dll
[2015/10/16 15:52:16 | 000,396,288 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\2a07bf9a29a64827bf06e7853214fc0f\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2015/10/16 15:55:17 | 003,073,536 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\5015b90fbd31c9ba4fff989b2c79711b\System.Runtime.Serialization.ni.dll
[2015/10/17 20:16:45 | 000,306,176 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#\a94049de665f1854ea5df1a857b2c68f\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2015/10/17 20:16:45 | 000,000,440 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#\a94049de665f1854ea5df1a857b2c68f\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux
[2015/10/17 20:17:58 | 002,803,200 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\ad1a5e8488b493088c4317191604dc81\System.Runtime.Serialization.ni.dll
[2015/10/17 20:17:58 | 000,000,980 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\ad1a5e8488b493088c4317191604dc81\System.Runtime.Serialization.ni.dll.aux
[2015/10/18 11:42:34 | 000,025,600 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.84e525b7#\ad0261438ff8f46e093faa717226ebef\System.Xml.Serialization.ni.dll
[2015/10/18 11:42:34 | 000,000,284 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.84e525b7#\ad0261438ff8f46e093faa717226ebef\System.Xml.Serialization.ni.dll.aux
[2015/10/18 11:46:19 | 000,366,080 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\769e80c5193dedd5ef90a962c002d15a\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2015/10/18 11:46:19 | 000,000,440 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\769e80c5193dedd5ef90a962c002d15a\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux
[2015/10/18 11:47:10 | 003,529,216 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runteb92aa12#\7b514c716b9db5ea31e6307c1a1cf4a6\System.Runtime.Serialization.ni.dll
[2015/10/18 11:47:10 | 000,000,980 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runteb92aa12#\7b514c716b9db5ea31e6307c1a1cf4a6\System.Runtime.Serialization.ni.dll.aux
[2015/10/18 11:48:34 | 000,027,648 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Xml.84e525b7#\85b2d15d965e64489744325c53d91db0\System.Xml.Serialization.ni.dll
[2015/10/18 11:48:34 | 000,000,284 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Xml.84e525b7#\85b2d15d965e64489744325c53d91db0\System.Xml.Serialization.ni.dll.aux
[2012/10/01 19:36:32 | 000,166,864 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00005109110000000100000000F01FEC\15.0.4420\AS_Client_BackEnd_XmlSerializers_dll_64.47B66533_5246_4BD8_8040_12B3E5660DA4
[2012/10/01 19:36:32 | 000,209,360 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00005109110000000100000000F01FEC\15.0.4420\AS_Client_Common_FrontEnd_XmlSerializers_dll_64.47B66533_5246_4BD8_8040_12B3E5660DA4
[2014/04/11 23:48:40 | 001,051,888 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Runtime.Serialization.dll.amd64
[2014/04/11 23:48:40 | 001,051,888 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Runtime.Serialization.dll.x86
[2014/04/11 23:48:40 | 001,051,888 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Runtime.Serialization.dll_gac_x86
[2014/04/11 23:48:40 | 000,133,432 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2014/04/11 22:08:06 | 000,029,472 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Json\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Json.dll
[2014/04/11 22:08:06 | 000,029,512 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Primitives.dll
[2014/04/11 22:08:06 | 000,029,976 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Xml\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Xml.dll
[2014/07/23 00:17:44 | 001,050,840 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2014/04/11 22:08:06 | 000,045,800 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
[2014/04/11 22:08:06 | 000,029,928 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.XmlSerializer\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Xml.XmlSerializer.dll
[2014/06/24 00:43:20 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2010/11/05 02:53:33 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2014/07/10 23:24:11 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2014/07/23 00:17:44 | 001,050,840 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2014/04/11 23:48:40 | 000,133,432 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2014/04/11 22:08:06 | 000,029,472 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Json.dll
[2014/04/11 22:08:06 | 000,029,512 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Primitives.dll
[2014/04/11 22:08:06 | 000,029,976 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Xml.dll
[2014/04/11 22:08:06 | 000,045,800 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll
[2014/04/11 22:08:06 | 000,029,928 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.XmlSerializer.dll
[2014/06/24 00:43:09 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2010/11/05 02:54:38 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2014/07/10 23:24:02 | 000,847,872 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2014/07/23 00:17:44 | 001,050,840 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.dll
[2014/04/11 23:48:40 | 000,133,432 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2014/04/11 22:08:06 | 000,029,472 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Json.dll
[2014/04/11 22:08:06 | 000,029,512 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Primitives.dll
[2014/04/11 22:08:06 | 000,029,976 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Xml.dll
[2014/04/11 22:08:06 | 000,045,800 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.Serialization.dll
[2014/04/11 22:08:06 | 000,029,928 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.XmlSerializer.dll
[2009/07/14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2009/07/26 19:39:19 | 000,005,120 | ---- | M] () -- \Windows\System32\cs-CZ\serialui.dll.mui
[2009/07/14 01:00:40 | 000,094,208 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_amd64_neutral_fdcfb86ce78678d1\serial.sys
[2009/06/10 21:37:50 | 000,038,400 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_amd64_neutral_6fb75ea318f84fe5\grserial.sys
[2009/07/14 03:10:04 | 000,005,120 | ---- | M] () -- \Windows\System32\en-US\serialui.dll.mui
[2009/07/26 19:36:24 | 000,005,120 | ---- | M] () -- \Windows\System32\sk-SK\serialui.dll.mui
[2009/07/14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\SysWOW64\serialui.dll
[2009/07/26 19:39:19 | 000,005,120 | ---- | M] () -- \Windows\SysWOW64\cs-CZ\serialui.dll.mui
[2009/07/14 03:10:04 | 000,005,120 | ---- | M] () -- \Windows\SysWOW64\en-US\serialui.dll.mui
[2009/07/26 19:36:24 | 000,005,120 | ---- | M] () -- \Windows\SysWOW64\sk-SK\serialui.dll.mui
[2009/07/26 19:39:27 | 000,011,776 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_1c215c9ac50719c5\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2010/11/05 02:54:38 | 000,011,776 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_1e527062c1f59d5f\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2010/11/05 02:54:38 | 000,011,776 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_cs-cz_1e468964c1feb99a\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2010/11/05 02:54:38 | 000,011,776 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.22731_cs-cz_1ec35795db263fce\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2009/07/26 19:39:30 | 000,005,120 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_aa5fd338fd5bcb23\serialui.dll.mui
[2009/07/14 03:26:50 | 000,005,120 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_en-us_edb61e94e4562781\serialui.dll.mui
[2009/07/26 19:36:23 | 000,005,120 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_sk-sk_d5f23af62a751552\serialui.dll.mui
[2009/07/14 02:41:54 | 000,017,920 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360\serialui.dll
[2009/07/26 19:39:39 | 000,090,112 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_b96904386c2fe002\System.RunTime.Serialization.Resources.dll
[2010/11/05 02:54:42 | 000,090,112 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_bb9a1800691e639c\System.RunTime.Serialization.Resources.dll
[2010/11/05 02:54:42 | 000,090,112 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_cs-cz_bb8e310269277fd7\System.RunTime.Serialization.Resources.dll
[2010/11/05 02:54:42 | 000,090,112 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.22733_cs-cz_bc0cffc7824d38b9\System.RunTime.Serialization.Resources.dll
[2009/07/26 19:39:32 | 000,009,728 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_20ab142d65ed6acc\serial.sys.mui
[2009/07/14 03:30:28 | 000,010,240 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_64015f894ce7c72a\serial.sys.mui
[2009/07/14 01:00:40 | 000,094,208 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_548ca258d20f4ada\serial.sys
[2009/06/10 21:40:06 | 000,131,072 | ---- | M] () -- \Windows\winsxs\amd64_netfx-system.runtim..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_a9d1bee515273f56\System.Runtime.Serialization.Formatters.Soap.dll
[2014/06/24 00:43:09 | 000,131,072 | ---- | M] () -- \Windows\winsxs\amd64_netfx-system.runtim..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7601.18523_none_a9a7e561157d82e9\System.Runtime.Serialization.Formatters.Soap.dll
[2014/06/24 00:43:05 | 000,131,072 | ---- | M] () -- \Windows\winsxs\amd64_netfx-system.runtim..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7601.22733_none_92db3ec72f23fc97\System.Runtime.Serialization.Formatters.Soap.dll
[2009/06/10 21:37:50 | 000,038,400 | ---- | M] () -- \Windows\winsxs\amd64_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_ce9ed3064deed3aa\grserial.sys
[2009/06/10 21:30:46 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7600.16385_none_5943b25a748cb06c\System.Runtime.Serialization.dll
[2010/11/05 02:52:16 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17514_none_5918bfde74e3f722\System.Runtime.Serialization.dll
[2014/03/09 22:48:51 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.18523_none_5919d8d674e2f3ff\System.Runtime.Serialization.dll
[2014/07/10 23:24:02 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.18532_none_591aefe874e1f3b5\System.Runtime.Serialization.dll
[2014/03/17 15:38:51 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.22733_none_424d323c8e896dad\System.Runtime.Serialization.dll
[2014/07/08 00:36:29 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.22743_none_424e32868e888704\System.Runtime.Serialization.dll
[2009/06/10 21:30:43 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_941abf24c884ab05\System.Runtime.Serialization.dll
[2010/11/05 02:52:08 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_93efcca8c8dbf1bb\System.Runtime.Serialization.dll
[2014/03/09 22:48:50 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.18523_none_93f0e5a0c8daee98\System.Runtime.Serialization.dll
[2014/07/10 23:24:01 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.18532_none_93f1fcb2c8d9ee4e\System.Runtime.Serialization.dll
[2014/03/17 15:38:51 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22733_none_7d243f06e2816846\System.Runtime.Serialization.dll
[2014/07/08 00:36:29 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22743_none_7d253f50e280819d\System.Runtime.Serialization.dll
[2015/10/16 13:47:39 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8.manifest
[2015/10/16 13:47:39 | 000,017,792 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8_kdcom.dll_db5e7744
[2009/07/26 19:40:31 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_aa5fd338fd5bcb23_serialui.dll.mui_7d29d2a3
[2009/07/14 06:37:34 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_en-us_edb61e94e4562781_serialui.dll.mui_7d29d2a3
[2009/07/26 19:36:50 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_sk-sk_d5f23af62a751552_serialui.dll.mui_7d29d2a3
[2009/07/14 03:57:29 | 000,017,920 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360_serialui.dll_bea29328
[2009/07/26 19:40:36 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed_serialui.dll.mui_7d29d2a3
[2009/07/14 06:37:35 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_en-us_919783112bf8b64b_serialui.dll.mui_7d29d2a3
[2009/07/26 19:36:48 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_sk-sk_79d39f727217a41c_serialui.dll.mui_7d29d2a3
[2009/07/14 03:58:37 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a_serialui.dll_bea29328
[2009/07/14 03:15:17 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_6daa7ec5c65bf5bc.manifest
[2011/02/05 14:10:43 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16757_none_6dccf6b5c641c933.manifest
[2011/02/05 14:05:47 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.20897_none_6e2b53d0df7fd8c1.manifest
[2011/02/05 18:35:45 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8.manifest
[2011/02/05 14:11:05 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.21655_none_703aeff2dc87a23b.manifest
[2009/07/14 03:11:30 | 000,000,868 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.1.7600.16385_none_88b1c48f2026fe3f.manifest
[2009/07/14 03:26:23 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7600.16385_none_5943b25a748cb06c.manifest
[2010/11/20 05:21:24 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17514_none_5918bfde74e3f722.manifest
[2014/07/02 07:30:52 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.18523_none_5919d8d674e2f3ff.manifest
[2014/07/14 03:24:48 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.18532_none_591aefe874e1f3b5.manifest
[2014/07/02 07:30:44 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.22733_none_424d323c8e896dad.manifest
[2014/07/14 03:13:57 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.22743_none_424e32868e888704.manifest
[2009/07/14 03:27:09 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_941abf24c884ab05.manifest
[2010/11/20 05:22:10 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_93efcca8c8dbf1bb.manifest
[2014/07/02 07:31:00 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.18523_none_93f0e5a0c8daee98.manifest
[2014/07/14 03:24:58 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.18532_none_93f1fcb2c8d9ee4e.manifest
[2014/07/02 07:30:53 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22733_none_7d243f06e2816846.manifest
[2014/07/14 03:14:06 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22743_none_7d253f50e280819d.manifest
[2009/07/14 02:52:33 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896.manifest
[2010/11/20 04:06:16 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c.manifest
[2014/07/02 06:57:49 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.18523_none_a6803b1074d97c29.manifest
[2014/07/14 03:04:09 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.18532_none_a681522274d87bdf.manifest
[2014/07/02 07:07:46 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22733_none_8fb394768e7ff5d7.manifest
[2014/07/14 03:04:27 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22743_none_8fb494c08e7f0f2e.manifest
[2009/07/26 19:38:37 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0.manifest
[2009/07/14 03:42:40 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_en-us_8f71d563bf7aa3c2.manifest
[2014/07/02 08:46:46 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.18523_cs-cz_342b81c984259c43.manifest
[2014/07/02 07:12:55 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.18523_en-us_8f47fbdfbfd0e755.manifest
[2014/07/14 05:02:27 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.18532_cs-cz_342c98db84249bf9.manifest
[2014/07/14 03:07:18 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.18532_en-us_8f4912f1bfcfe70b.manifest
[2014/07/02 09:08:13 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22733_cs-cz_1d5edb2f9dcc15f1.manifest
[2014/07/02 07:12:12 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22733_en-us_787b5545d9776103.manifest
[2014/07/14 05:06:58 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22743_cs-cz_1d5fdb799dcb2f48.manifest
[2014/07/14 02:56:59 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22743_en-us_787c558fd9767a5a.manifest
[2009/07/14 02:51:52 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9.manifest
[2010/11/20 04:05:38 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f.manifest
[2014/07/02 07:00:03 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.18523_none_d6c370aa9c807d5c.manifest
[2014/07/14 03:06:40 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.18532_none_d6c487bc9c7f7d12.manifest
[2014/07/02 07:10:04 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22733_none_bff6ca10b626f70a.manifest
[2014/07/14 03:06:53 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22743_none_bff7ca5ab6261061.manifest
[2009/07/14 02:57:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b.manifest
[2010/11/20 04:10:46 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1.manifest
[2014/07/02 06:58:58 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.18523_none_db9e1c77dd57179e.manifest
[2014/07/14 03:05:25 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.18532_none_db9f3389dd561754.manifest
[2014/07/02 07:08:55 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22733_none_c4d175ddf6fd914c.manifest
[2014/07/14 03:05:41 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22743_none_c4d27627f6fcaaa3.manifest
[2009/06/10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll
[2014/06/24 00:43:20 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7601.18523_none_1c70653de072abde\System.Runtime.Serialization.Formatters.Soap.dll
[2014/06/24 00:43:36 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7601.22733_none_05a3bea3fa19258c\System.Runtime.Serialization.Formatters.Soap.dll
[2009/07/26 19:39:28 | 000,011,776 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.1.7600.16385_cs-cz_d5c3552dd9b47144\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2013/07/08 13:43:52 | 000,011,776 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.1.7601.18523_cs-cz_d5997ba9da0ab4d7\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009/06/10 22:14:06 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896\System.Runtime.Serialization.dll
[2010/11/05 02:52:39 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c\System.Runtime.Serialization.dll
[2014/03/09 22:47:42 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.18523_none_a6803b1074d97c29\System.Runtime.Serialization.dll
[2014/07/10 23:24:11 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.18532_none_a681522274d87bdf\System.Runtime.Serialization.dll
[2014/03/17 15:38:28 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22733_none_8fb394768e7ff5d7\System.Runtime.Serialization.dll
[2014/07/08 00:27:52 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22743_none_8fb494c08e7f0f2e\System.Runtime.Serialization.dll
[2009/07/26 19:39:39 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0\System.RunTime.Serialization.Resources.dll
[2013/07/08 13:44:55 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.18523_cs-cz_342b81c984259c43\System.RunTime.Serialization.Resources.dll
[2013/07/08 13:44:55 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.18532_cs-cz_342c98db84249bf9\System.RunTime.Serialization.Resources.dll
[2013/07/09 07:34:25 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22733_cs-cz_1d5edb2f9dcc15f1\System.RunTime.Serialization.Resources.dll
[2013/07/09 07:34:25 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22743_cs-cz_1d5fdb799dcb2f48\System.RunTime.Serialization.Resources.dll
[2009/06/10 22:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9\System.Runtime.Serialization.dll
[2010/11/05 02:52:27 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f\System.Runtime.Serialization.dll
[2014/03/09 22:47:42 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.18523_none_d6c370aa9c807d5c\System.Runtime.Serialization.dll
[2014/07/10 23:24:10 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.18532_none_d6c487bc9c7f7d12\System.Runtime.Serialization.dll
[2014/03/17 15:38:27 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22733_none_bff6ca10b626f70a\System.Runtime.Serialization.dll
[2014/07/08 00:27:52 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22743_none_bff7ca5ab6261061\System.Runtime.Serialization.dll
[2015/10/16 10:20:34 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Temp\PendingRenames\8ca45de9f307d101882000007004380d.amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8.manifest
[2015/10/16 10:20:34 | 000,017,792 | ---- | M] () -- \Windows\winsxs\Temp\PendingRenames\8ca45de9f307d101892000007004380d.amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8_kdcom.dll_db5e7744
[2009/07/26 19:39:30 | 000,011,776 | ---- | M] () -- \Windows\winsxs\wow64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_267606ecf967dbc0\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010/11/05 02:53:33 | 000,011,776 | ---- | M] () -- \Windows\winsxs\wow64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_28a71ab4f6565f5a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010/11/05 02:53:33 | 000,011,776 | ---- | M] () -- \Windows\winsxs\wow64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_cs-cz_289b33b6f65f7b95\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010/11/05 02:53:33 | 000,011,776 | ---- | M] () -- \Windows\winsxs\wow64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.22731_cs-cz_291801e80f8701c9\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009/07/26 19:39:19 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed\serialui.dll.mui
[2009/07/14 03:10:04 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_en-us_919783112bf8b64b\serialui.dll.mui
[2009/07/26 19:36:24 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_sk-sk_79d39f727217a41c\serialui.dll.mui
[2009/07/14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a\serialui.dll
[2009/07/26 19:39:39 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_5d4a68b4b3d26ecc\System.RunTime.Serialization.Resources.dll
[2010/11/05 02:53:39 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_5f7b7c7cb0c0f266\System.RunTime.Serialization.Resources.dll
[2010/11/05 02:53:39 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_cs-cz_5f6f957eb0ca0ea1\System.RunTime.Serialization.Resources.dll
[2010/11/05 02:53:39 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.22733_cs-cz_5fee6443c9efc783\System.RunTime.Serialization.Resources.dll
[2009/06/10 22:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b\System.Runtime.Serialization.dll
[2010/11/05 02:52:27 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1\System.Runtime.Serialization.dll
[2014/03/09 22:47:42 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.18523_none_db9e1c77dd57179e\System.Runtime.Serialization.dll
[2014/07/10 23:24:10 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.18532_none_db9f3389dd561754\System.Runtime.Serialization.dll
[2014/03/17 15:38:27 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22733_none_c4d175ddf6fd914c\System.Runtime.Serialization.dll
[2014/07/08 00:27:52 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22743_none_c4d27627f6fcaaa3\System.Runtime.Serialization.dll

< *w7lxe* /s >

< End of report >
Nahoru
Slovak
Návštěvník
Návštěvník
Příspěvky: 78
Registrován: 20 pro 2014 18:42

Re: Prosím o Kontrolu logu - preventívka

#7 Příspěvek od Slovak »

OTL Extras logfile created on: 11. 12. 2015 14:50:38 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Trifon\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18124)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

7,94 Gb Total Physical Memory | 5,23 Gb Available Physical Memory | 65,85% Memory free
7,94 Gb Paging File | 5,21 Gb Available in Paging File | 65,65% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223,47 Gb Total Space | 165,46 Gb Free Space | 74,04% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 538,62 Gb Free Space | 57,82% Space Free | Partition Type: NTFS
Drive G: | 149,05 Gb Total Space | 148,77 Gb Free Space | 99,81% Space Free | Partition Type: NTFS
Drive H: | 931,28 Gb Total Space | 279,74 Gb Free Space | 30,04% Space Free | Partition Type: FAT32

Computer Name: TRIFON-PC | User Name: Trifon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1601266965-4254244799-107981220-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16BD0B93-6121-410A-9FD5-FB9527F89EF2}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{22492088-43F8-4808-8373-A7A810DF6748}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{331E6E45-13CA-4562-BD73-EA8A5A9A8191}" = rport=137 | protocol=17 | dir=out | app=system |
"{3D39BA02-40FA-40C5-9792-EC1E3329F987}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3D402E16-4B89-43E1-A817-952C6E26DA58}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3D6CA357-B9A8-4F1A-AA26-0AF9D7B41205}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe |
"{3DB7A70C-806C-4061-B682-0ADCFA4A28DC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{54AA90F2-3346-498A-8890-142842E323B3}" = lport=445 | protocol=6 | dir=in | app=system |
"{65E96F38-B98F-44F6-A421-D0C57EE5779A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{70FD0E86-F5F1-4536-B45E-3462ADDC8267}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7A20A6EB-0B61-44F5-97D3-38D948BFF79A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7BF6201F-75AB-4B4E-9869-0B7C725A57E4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{97CF5D35-6D5D-4704-A0B8-5B6E8E7A0884}" = lport=139 | protocol=6 | dir=in | app=system |
"{9A015628-720E-4973-9CCA-58C5A486BFD8}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{A8A8B78F-F1D7-40A2-B1DC-408F606D26B2}" = rport=139 | protocol=6 | dir=out | app=system |
"{C14DC876-4C33-46A2-8CA8-D03CDD3216F6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C5171D8D-F78D-4CC7-A800-C80A186D19A5}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{CCB5FB39-F08F-48BA-93E0-05F0150EE8CC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CE97467B-1D71-4631-9777-9509A4F44558}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{CF964E0C-6E98-4B9C-8442-86665DC76953}" = lport=138 | protocol=17 | dir=in | app=system |
"{D167F735-BE43-4791-9CC5-E0B22CFD089E}" = lport=47995 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{D2D9B119-3783-41B9-A97F-E61152CC9B2D}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{D36172F5-BB23-41A0-AE4E-CFB1FD973C73}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D93A4E29-9565-4DF5-B193-68531BFCA196}" = rport=445 | protocol=6 | dir=out | app=system |
"{E246F1D7-979E-45C2-A4F1-1951CC507521}" = lport=137 | protocol=17 | dir=in | app=system |
"{E4023594-6E7F-4F31-8D73-FE7EA401E1E8}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{EAE743F2-8697-4E3B-B2A1-AD65DA25838F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F086433B-4A2E-4DFB-847F-AF5AB5B5C31A}" = rport=138 | protocol=17 | dir=out | app=system |
"{F4CCBA32-76F6-4EFB-9B52-4029AE5756A3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{052F12C9-FE18-4127-915B-7DA862DD3053}" = dir=in | app=c:\program files (x86)\world of tanks\worldoftanks.exe |
"{0E68B9D7-A73A-4A4F-9C55-783F2D1760E8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0E83EADA-9917-40A5-BD27-7482B727398E}" = protocol=6 | dir=in | app=d:\steam - games\steamapps\common\emily is away\emily is away.exe |
"{17F3ABB1-07C5-471B-A849-2733F169A831}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{19AAFC65-0F62-403C-9E96-56382DC7144C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1A559CFB-608C-4667-B49E-DDC8544437B6}" = protocol=17 | dir=in | app=c:\users\trifon\appdata\roaming\utorrent\utorrent.exe |
"{1EA01923-2EBC-45AC-9E52-17B0913D6884}" = dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"{1EAE6B85-6898-436B-B0D0-745928A2A721}" = protocol=17 | dir=in | app=d:\steam - games\steamapps\common\the walking dead\walkingdead101.exe |
"{2886AA2B-D58D-4AAC-BE96-B5FFDB1F42C2}" = protocol=6 | dir=in | app=d:\steam - games\steamapps\common\the walking dead season two\thewalkingdead2.exe |
"{2CB05739-336B-454D-9938-1C41DEA3DEEE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2ECB0ED4-2610-46A9-8F1E-8FEC7FAB2458}" = protocol=6 | dir=in | app=d:\steam - games\steamapps\common\crusader kings ii\ck2game.exe |
"{3268138F-9713-4FAC-8E48-28114642ABA7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{335E15BD-5DD2-41C1-8E02-4A220A2F3665}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{37A7D8D9-1FB3-46BC-8011-EF6E3B0FEA53}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{38FDF4A1-B608-4BB0-BC39-EDD427B52F1B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{42A4A556-E211-4BE2-BC9E-D813AC85AEFA}" = dir=in | app=d:\program files (x86) instal games\world_of_tanks\wotlauncher.exe |
"{4A5F8A5F-8958-4512-88B5-5C4A82307473}" = protocol=6 | dir=in | app=d:\steam - games\steamapps\common\everlasting summer\everlasting summer.exe |
"{4B5085C9-16E5-49EC-ADCC-185CE3C41815}" = protocol=6 | dir=in | app=d:\steam - games\steamapps\common\the walking dead\walkingdead101.exe |
"{4B552FDA-4905-4D13-A5FE-A974187E559C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4CA0F572-6B1B-4D94-8E43-723C76826240}" = protocol=6 | dir=in | app=d:\steam - games\steamapps\common\tales from the borderlands\borderlands.exe |
"{4DBF69A9-73EF-4284-98BC-89976F50EB10}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{52EF7E53-0D84-4AE3-AF43-73B574D8DE57}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{57DCE6FD-E0CF-4818-A71D-ABC99ABF8ACF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5CA85846-5BF6-4F70-9866-2D1D25A7A461}" = dir=in | app=d:\program files (x86) instal games\world_of_tanks\worldoftanks.exe |
"{6604C3D6-D38E-44CF-A387-F0D7DDA05193}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{6A602CA1-767D-4739-98E7-752D64D085EB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{6CC14C0A-7367-426E-B004-8776DC8DA736}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6EA6E843-F08E-42D1-828B-1C853CEF3DF0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{70340229-F3BD-4466-8A2E-61D602675450}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{778C11D8-8B43-4B41-8A3E-028B797057EB}" = dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"{82405AA8-2F0B-4E2D-9CFF-2EC9AD92FBDC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{84AFA459-92E4-4AE7-AF0E-7CB7031E869D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{84B7BB18-367E-4E4C-88A5-7780BF037E67}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{86137082-B2F6-4901-8E95-9254FD00F754}" = protocol=17 | dir=in | app=d:\steam - games\steamapps\common\crusader kings ii\ck2game.exe |
"{86526ACC-20E7-44F7-BD46-908B90BFF34E}" = protocol=17 | dir=in | app=d:\steam - games\steamapps\common\everlasting summer\everlasting summer.exe |
"{8B0127F6-A681-49D2-A058-B3226F7F03AB}" = protocol=17 | dir=in | app=d:\steam - games\steamapps\common\life is strange\binaries\win32\lifeisstrange.exe |
"{987DC8D2-C96F-4E0E-B40D-62E393A281DF}" = protocol=17 | dir=in | app=d:\steam - games\steamapps\common\the walking dead season two\thewalkingdead2.exe |
"{9D6F8C32-2CE9-403E-A15B-7AF5C83D6DC6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{A3E38900-0374-4D10-9B17-3F9C6AAAB418}" = protocol=17 | dir=in | app=d:\steam - games\steamapps\common\the wolf among us\thewolfamongus.exe |
"{A611279B-8FD0-4A7F-99B7-2C76AA40D5ED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A8846615-3F80-4CDF-8BAC-5BF04C086FA3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{AB23FEB9-2F12-45EB-B725-BBEDF206EC18}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{AE84C771-3F25-4F35-8C14-EE3D344CCEDA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B6CA1D62-88CF-4C44-9272-0AAAD9399D4A}" = protocol=17 | dir=in | app=d:\steam - games\steamapps\common\tales from the borderlands\borderlands.exe |
"{B85A73F4-DB0A-46C8-AFEF-928F19BAFCB2}" = protocol=6 | dir=in | app=d:\steam - games\steamapps\common\game of thrones\thrones.exe |
"{B9B592B3-6C38-4DEE-AC3C-1310DD4D42B4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe |
"{C5A9B363-8667-464F-A45A-FB143980A0E1}" = protocol=6 | dir=in | app=c:\users\trifon\appdata\roaming\utorrent\utorrent.exe |
"{C7227D57-33F8-45BB-B243-9CBEF00F0F0C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{CB275BE8-AB72-493F-8F44-63EF2795AE72}" = protocol=17 | dir=in | app=d:\steam - games\steamapps\common\game of thrones\thrones.exe |
"{CE77FD76-C76E-428A-AD6B-1809D208C965}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CF9F731B-69EE-4ABD-9E05-99DA7E86C226}" = dir=in | app=c:\program files (x86)\world of tanks\wotlauncher.exe |
"{D3475DD7-3593-423A-BE8F-C1B1A7A1B754}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{D43ED52E-5166-4DBB-BEA0-A0D697B64553}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{DEEFED16-7B1D-41C3-9126-343C800C3D6B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe |
"{E168BA11-0526-4061-9863-52F298D09A49}" = protocol=6 | dir=out | app=system |
"{E313BCA9-1991-45C6-971B-65372F467698}" = protocol=6 | dir=in | app=d:\steam - games\steamapps\common\life is strange\binaries\win32\lifeisstrange.exe |
"{EA5A8FF6-4A98-453D-A9AE-B6ADC35BCCC3}" = protocol=6 | dir=in | app=d:\steam - games\steamapps\common\the wolf among us\thewolfamongus.exe |
"{EBF5BB3D-8E6D-4253-82CA-D61110C77034}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ED880DD7-8A66-492F-B7C5-CCF7E01BAA1E}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{F72F351F-C523-4BA8-B154-F9E29E854CA5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FA174CE8-A579-457B-9663-4E2E6A6D5A89}" = protocol=17 | dir=in | app=d:\steam - games\steamapps\common\emily is away\emily is away.exe |
"TCP Query User{0DF0CC84-8C2C-4E6B-9327-17B9D7F9B408}D:\program files (x86) instal games\witcher 2\the witcher 2 assassins of kings\bin\witcher2.exe" = protocol=6 | dir=in | app=d:\program files (x86) instal games\witcher 2\the witcher 2 assassins of kings\bin\witcher2.exe |
"TCP Query User{20884A81-65D8-4EF5-A8F6-BDE8C7B7BDBB}C:\program files (x86)\total war - rome ii\rome2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\total war - rome ii\rome2.exe |
"TCP Query User{628B0641-27BF-41DD-B059-3F15939BD6F9}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"TCP Query User{6E6A7638-8A7B-48A1-B0FF-2498F85AAC32}D:\program files (x86) instal games\total war - rome ii\rome2.exe" = protocol=6 | dir=in | app=d:\program files (x86) instal games\total war - rome ii\rome2.exe |
"TCP Query User{7B1E8666-0318-4932-AD9E-F688BE96AFE3}D:\program files (x86) instal games\witcher 2\the witcher 2 assassins of kings\bin\witcher2.exe" = protocol=6 | dir=in | app=d:\program files (x86) instal games\witcher 2\the witcher 2 assassins of kings\bin\witcher2.exe |
"TCP Query User{8E0505DF-C797-4D7F-AF50-CE01E1EE46E5}D:\program files (x86) instal games\total war - rome ii\rome2.exe" = protocol=6 | dir=in | app=d:\program files (x86) instal games\total war - rome ii\rome2.exe |
"TCP Query User{929F30D3-29AA-4A09-A31C-9A4160548320}D:\program files (x86) instal games\total war - attila\attila.exe" = protocol=6 | dir=in | app=d:\program files (x86) instal games\total war - attila\attila.exe |
"TCP Query User{9D8EF86B-D889-4638-8E74-8039C38A698C}D:\program files (x86) instal games\total war - attila\attila.exe" = protocol=6 | dir=in | app=d:\program files (x86) instal games\total war - attila\attila.exe |
"TCP Query User{DC2510A3-8CB1-4E82-A827-34666BBEEEF9}D:\program files (x86) instal games\r.g. catalyst\heroes vii\binaries\win64\mmh7game-win64-shipping.exe" = protocol=6 | dir=in | app=d:\program files (x86) instal games\r.g. catalyst\heroes vii\binaries\win64\mmh7game-win64-shipping.exe |
"TCP Query User{E43B60D4-2949-49CA-92FA-2F1F7EF3F458}C:\program files (x86)\far cry 3\bin\farcry3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\far cry 3\bin\farcry3.exe |
"TCP Query User{F08E5FF0-6B8A-4B19-82DF-F2EE0E2C3EFD}C:\program files (x86)\might and magic heroes vii\binaries\win64\mmh7game-win64-shipping.exe" = protocol=6 | dir=in | app=c:\program files (x86)\might and magic heroes vii\binaries\win64\mmh7game-win64-shipping.exe |
"UDP Query User{42FDCB54-EEC4-415F-BC0B-601119D88BB8}D:\program files (x86) instal games\witcher 2\the witcher 2 assassins of kings\bin\witcher2.exe" = protocol=17 | dir=in | app=d:\program files (x86) instal games\witcher 2\the witcher 2 assassins of kings\bin\witcher2.exe |
"UDP Query User{5006E6A2-77F2-49FA-941F-27AD3F9B177C}C:\program files (x86)\might and magic heroes vii\binaries\win64\mmh7game-win64-shipping.exe" = protocol=17 | dir=in | app=c:\program files (x86)\might and magic heroes vii\binaries\win64\mmh7game-win64-shipping.exe |
"UDP Query User{5D5E216C-E15B-451E-81CF-9AD53A4EF5E9}C:\program files (x86)\total war - rome ii\rome2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\total war - rome ii\rome2.exe |
"UDP Query User{9A4BA697-3378-4A9D-A4F2-9AA1D65C0DD2}D:\program files (x86) instal games\witcher 2\the witcher 2 assassins of kings\bin\witcher2.exe" = protocol=17 | dir=in | app=d:\program files (x86) instal games\witcher 2\the witcher 2 assassins of kings\bin\witcher2.exe |
"UDP Query User{A333A1F8-CFC4-418E-BB84-DCEAA53D4397}D:\program files (x86) instal games\r.g. catalyst\heroes vii\binaries\win64\mmh7game-win64-shipping.exe" = protocol=17 | dir=in | app=d:\program files (x86) instal games\r.g. catalyst\heroes vii\binaries\win64\mmh7game-win64-shipping.exe |
"UDP Query User{AE45D4E4-BA9F-4E08-9EA3-27FD71CB33A0}C:\program files (x86)\far cry 3\bin\farcry3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\far cry 3\bin\farcry3.exe |
"UDP Query User{BCD41BAC-48DE-45AB-8271-B3870A3889DD}D:\program files (x86) instal games\total war - rome ii\rome2.exe" = protocol=17 | dir=in | app=d:\program files (x86) instal games\total war - rome ii\rome2.exe |
"UDP Query User{BF29248B-B6DB-47F7-B2D1-E7FB05183CE5}D:\program files (x86) instal games\total war - attila\attila.exe" = protocol=17 | dir=in | app=d:\program files (x86) instal games\total war - attila\attila.exe |
"UDP Query User{CB9A2F80-E166-43B4-B100-25B77AD63693}D:\program files (x86) instal games\total war - attila\attila.exe" = protocol=17 | dir=in | app=d:\program files (x86) instal games\total war - attila\attila.exe |
"UDP Query User{F08C12D7-2971-4138-93AB-42BDAC506066}D:\program files (x86) instal games\total war - rome ii\rome2.exe" = protocol=17 | dir=in | app=d:\program files (x86) instal games\total war - rome ii\rome2.exe |
"UDP Query User{F69D36C8-0C0C-474E-96F4-0AB99DBC95B6}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26784146-6E05-3FF9-9335-786C7C0FB5BE}" = Microsoft .NET Framework 4.5.2
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{90150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{90150000-0015-041B-1000-0000000FF1CE}" = Microsoft Access MUI (Slovak) 2013
"{90150000-0016-041B-1000-0000000FF1CE}" = Microsoft Excel MUI (Slovak) 2013
"{90150000-0018-041B-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (Slovak) 2013
"{90150000-0019-041B-1000-0000000FF1CE}" = Microsoft Publisher MUI (Slovak) 2013
"{90150000-001A-041B-1000-0000000FF1CE}" = Microsoft Outlook MUI (Slovak) 2013
"{90150000-001B-041B-1000-0000000FF1CE}" = Microsoft Word MUI (Slovak) 2013
"{90150000-001F-0405-1000-0000000FF1CE}" = Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština
"{90150000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040E-1000-0000000FF1CE}" = Microsoft Office Nyelvi ellenőrző eszközök 2013 – magyar
"{90150000-001F-041B-1000-0000000FF1CE}" = Nástroje korektúry balíka Microsoft Office 2013 - slovenčina
"{90150000-002C-041B-1000-0000000FF1CE}" = Microsoft Office Proofing (Slovak) 2013
"{90150000-0044-041B-1000-0000000FF1CE}" = Microsoft InfoPath MUI (Slovak) 2013
"{90150000-006E-041B-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Slovak) 2013
"{90150000-0090-041B-1000-0000000FF1CE}" = Microsoft DCF MUI (Slovak) 2013
"{90150000-00A1-041B-1000-0000000FF1CE}" = Microsoft OneNote MUI (Slovak) 2013
"{90150000-00BA-041B-1000-0000000FF1CE}" = Microsoft Groove MUI (Slovak) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-041B-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Slovak) 2013
"{90150000-00E1-041B-1000-0000000FF1CE}" = Microsoft Office OSM MUI (Slovak) 2013
"{90150000-00E2-041B-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (Slovak) 2013
"{90150000-012B-041B-1000-0000000FF1CE}" = Microsoft Lync MUI (Slovak) 2013
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2
"{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Ovládač 3D Vision 341.81
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 341.81
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafický ovládač 341.81
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.2.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision radič ovládača 340.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizácie NVIDIA 17.12.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService" = NVIDIA GeForce Experience Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 17.12.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.27
"{B5E06417-A4AC-4225-B36E-7E34C91616E7}" = Intel® Trusted Connect Service Client
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"CCleaner" = CCleaner
"CDisplayEx_is1" = CDisplayEx 1.10.29
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Office15.PROPLUS" = Microsoft Office 2013 Professional Plus
"VLC media player" = VLC media player

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0657F865-25B6-4391-A3B5-9917CF291AB3}" = Need For Speed Rivals
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}" = Microsoft ASP.NET MVC 4 Runtime
"{57BB4801-61C8-4E74-9672-2160728A461E}" = Google Earth Plug-in
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C20787A-7402-4FA7-BF25-6E5750930FDC}" = PowerDVD
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1051-7B44-A93000000001}" = Adobe Reader 9.3 - Slovak
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B455E95A-B804-439F-B533-336B1635AE97}" = NVIDIA PhysX
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"«Heroes VII»_is1" = «Heroes VII» 1.5.0.33749
"AC3Filter_is1" = AC3Filter 2.6.0b
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avast" = Avast Internet Security
"Bass Audio Decoder" = Bass Audio Decoder (remove only)
"DCoder Image Source" = DCoder Image Source (remove only)
"DirectVobSub" = DirectVobSub (remove only)
"ffdshow_is1" = ffdshow v1.2.4453 [2012-05-21]
"FFMPEG Core Files" = FFMPEG Core Files (remove only)
"Google Chrome" = Google Chrome
"HaaliMkx" = Haali Media Splitter
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"lavfilters_is1" = LAV Filters 0.62.0
"MadVR" = MadVR (remove only)
"Mozilla Firefox 41.0.2 (x86 sk)" = Mozilla Firefox 41.0.2 (x86 sk)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nero8Lite_is1" = Nero 8 Lite 8.2.8.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"RjEyMDE0_is1" = F1 2014
"SafeZone 1.46.1990.55" = SafeZone Stable 1.46.1990.55
"Steam" = Steam
"Steam App 203770" = Crusader Kings II
"Steam App 207610" = The Walking Dead
"Steam App 250320" = The Wolf Among Us
"Steam App 261030" = The Walking Dead: Season Two
"Steam App 319630" = Life Is Strange™
"Steam App 330830" = Tales from the Borderlands
"Steam App 330840" = Game of Thrones - A Telltale Games Series
"Steam App 331470" = Everlasting Summer
"Steam App 417860" = Emily is Away
"The Witcher 2 Assassins of Kings_is1" = The Witcher 2 Assassins of Kings
"Total War - Rome II_is1" = Total War - Rome II
"Total War ATTILA - Empires of Sand Culture Pack_is1" = Total War ATTILA - Empires of Sand Culture Pack
"UltraISO_is1" = UltraISO Premium V9.65
"uTorrent" = µTorrent
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archivátor
"ZoomPlayer" = Zoom Player (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1601266965-4254244799-107981220-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1" = World of Tanks
"{7C82709E-75FE-4C3A-976A-8C97908DDD7B}_is1" = A Game of Thrones version 1.0
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10. 12. 2015 9:29:47 | Computer Name = Trifon-PC | Source = Application Error | ID = 1000
Description = Názov chybovej aplikácie: GWXUX.exe, verzia: 6.3.9600.18064, časová
značka: 0x56042d8f Názov chybového modulu: ntdll.dll, verzia: 6.1.7601.19045, časová
značka: 0x56259295 Kód výnimky: 0xc0000005 Odstup chyby: 0x000000000004ac04 Identifikácia
chybného procesu: 0x1354 Čas spustenia chybnej aplikácie: 0x01d1334ed5efae62 Cesta
chybnej aplikácie: C:\Windows\System32\GWX\GWXUX.exe Cesta chybného modulu: C:\Windows\SYSTEM32\ntdll.dll
Identifikácia
hlásenia: 14b058e2-9f42-11e5-893b-0862669e4011

Error - 10. 12. 2015 9:34:11 | Computer Name = Trifon-PC | Source = Application Error | ID = 1000
Description = Názov chybovej aplikácie: D4Game.exe, verzia: 1.0.10246.0, časová
značka: 0x556d9fdf Názov chybového modulu: D4Game.exe, verzia: 1.0.10246.0, časová
značka: 0x556d9fdf Kód výnimky: 0xc0000005 Odstup chyby: 0x00000000009826ce Identifikácia
chybného procesu: 0x13b4 Čas spustenia chybnej aplikácie: 0x01d1334f6ffdbd1d Cesta
chybnej aplikácie: D:\Program Files (x86) instal games\d4\D4 - Dark Dreams Dont
Die\Binaries\Win64\D4Game.exe Cesta chybného modulu: D:\Program Files (x86) instal
games\d4\D4 - Dark Dreams Dont Die\Binaries\Win64\D4Game.exe Identifikácia hlásenia:
b20ba5e2-9f42-11e5-893b-0862669e4011

Error - 10. 12. 2015 9:34:22 | Computer Name = Trifon-PC | Source = Application Error | ID = 1000
Description = Názov chybovej aplikácie: D4Game.exe, verzia: 1.0.10246.0, časová
značka: 0x556d9fdf Názov chybového modulu: D4Game.exe, verzia: 1.0.10246.0, časová
značka: 0x556d9fdf Kód výnimky: 0xc0000005 Odstup chyby: 0x00000000009826ce Identifikácia
chybného procesu: 0x10e0 Čas spustenia chybnej aplikácie: 0x01d1334f78469cbc Cesta
chybnej aplikácie: D:\Program Files (x86) instal games\d4\D4 - Dark Dreams Dont
Die\Binaries\Win64\D4Game.exe Cesta chybného modulu: D:\Program Files (x86) instal
games\d4\D4 - Dark Dreams Dont Die\Binaries\Win64\D4Game.exe Identifikácia hlásenia:
b895feda-9f42-11e5-893b-0862669e4011

Error - 10. 12. 2015 9:34:32 | Computer Name = Trifon-PC | Source = Application Error | ID = 1000
Description = Názov chybovej aplikácie: D4Game.exe, verzia: 1.0.10246.0, časová
značka: 0x556d9fdf Názov chybového modulu: D4Game.exe, verzia: 1.0.10246.0, časová
značka: 0x556d9fdf Kód výnimky: 0xc0000005 Odstup chyby: 0x00000000009826ce Identifikácia
chybného procesu: 0x6d8 Čas spustenia chybnej aplikácie: 0x01d1334f7e23f9ce Cesta
chybnej aplikácie: D:\Program Files (x86) instal games\d4\D4 - Dark Dreams Dont
Die\Binaries\Win64\D4Game.exe Cesta chybného modulu: D:\Program Files (x86) instal
games\d4\D4 - Dark Dreams Dont Die\Binaries\Win64\D4Game.exe Identifikácia hlásenia:
be798deb-9f42-11e5-893b-0862669e4011

Error - 11. 12. 2015 3:05:15 | Computer Name = Trifon-PC | Source = Application Error | ID = 1000
Description = Názov chybovej aplikácie: GWXUX.exe, verzia: 6.3.9600.18064, časová
značka: 0x56042d8f Názov chybového modulu: ntdll.dll, verzia: 6.1.7601.19045, časová
značka: 0x56259295 Kód výnimky: 0xc0000005 Odstup chyby: 0x000000000004ac04 Identifikácia
chybného procesu: 0x12ec Čas spustenia chybnej aplikácie: 0x01d133e248e970c2 Cesta
chybnej aplikácie: C:\Windows\System32\GWX\GWXUX.exe Cesta chybného modulu: C:\Windows\SYSTEM32\ntdll.dll
Identifikácia
hlásenia: 8718e752-9fd5-11e5-9016-0862669e4011

Error - 11. 12. 2015 3:10:30 | Computer Name = Trifon-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 11. 12. 2015 3:10:30 | Computer Name = Trifon-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 11. 12. 2015 8:02:48 | Computer Name = Trifon-PC | Source = Application Error | ID = 1000
Description = Názov chybovej aplikácie: GWXUX.exe, verzia: 6.3.9600.18064, časová
značka: 0x56042d8f Názov chybového modulu: ntdll.dll, verzia: 6.1.7601.19045, časová
značka: 0x56259295 Kód výnimky: 0xc0000005 Odstup chyby: 0x000000000004ac04 Identifikácia
chybného procesu: 0x808 Čas spustenia chybnej aplikácie: 0x01d1340bda06de12 Cesta
chybnej aplikácie: C:\Windows\System32\GWX\GWXUX.exe Cesta chybného modulu: C:\Windows\SYSTEM32\ntdll.dll
Identifikácia
hlásenia: 17f3ae1a-9fff-11e5-9469-0862669e4011

Error - 11. 12. 2015 8:09:12 | Computer Name = Trifon-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 11. 12. 2015 8:09:12 | Computer Name = Trifon-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

[ System Events ]
Error - 6. 12. 2015 6:30:21 | Computer Name = Trifon-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 7. 12. 2015 9:49:01 | Computer Name = Trifon-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 8. 12. 2015 12:26:34 | Computer Name = Trifon-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 9. 12. 2015 6:10:23 | Computer Name = Trifon-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 9. 12. 2015 15:47:04 | Computer Name = Trifon-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort3.

Error - 10. 12. 2015 6:14:00 | Computer Name = Trifon-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 10. 12. 2015 6:14:37 | Computer Name = Trifon-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 10. 12. 2015 8:19:31 | Computer Name = Trifon-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 11. 12. 2015 3:04:39 | Computer Name = Trifon-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 11. 12. 2015 8:02:12 | Computer Name = Trifon-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!


< End of report >
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Prosím o Kontrolu logu - preventívka

#8 Příspěvek od Márty84 »

:???: Jak je to s legalitou systemu? Ultimate neni zrovna bezna domaci verze :?:


:arrow: Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner[C?].txt ). Ten mi sem zkopirujte.


:arrow: Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu (cili Vlastni sken vsech disku) http://forum.viry.cz/viewtopic.php?f=29&t=144868 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
Slovak
Návštěvník
Návštěvník
Příspěvky: 78
Registrován: 20 pro 2014 18:42

Re: Prosím o Kontrolu logu - preventívka

#9 Příspěvek od Slovak »

# AdwCleaner v5.024 - Logfile created 12/12/2015 at 10:26:28
# Updated 07/12/2015 by Xplode
# Database : 2015-12-07.3 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Trifon - TRIFON-PC
# Running from : C:\Users\Trifon\Desktop\adwcleaner_5.024.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Users\Trifon\AppData\Roaming\OpenCandy

***** [ Files ] *****

[-] File Deleted : C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage
[-] File Deleted : C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage-journal

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
[-] Key Deleted : HKCU\Software\OCS

***** [ Web browsers ] *****

[-] [C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www2.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=AE03DC85DE236353
[-] [C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://isearch.omiga-plus.com/?type=hp&ts=1420554224&from=amt&uid=WDCXWD7500BPVT-80HXZT3_WD-WXP1E91FPRYEFPRYE
[-] [C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www2.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=AE03DC85DE236353

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1797 bytes] ##########
Nahoru
Slovak
Návštěvník
Návštěvník
Příspěvky: 78
Registrován: 20 pro 2014 18:42

Re: Prosím o Kontrolu logu - preventívka

#10 Příspěvek od Slovak »

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 12. 12. 2015
Čas skenování: 10:31
Protokol: mbam výsledky.txt
Správce: Ano

Verze: 2.2.0.1024
Databáze malwaru: v2015.12.12.02
Databáze rootkitů: v2015.12.07.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Trifon

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 510851
Uplynulý čas: 40 min, 48 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Sken hloubkových rootkitů: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 1
RiskWare.FilePatcher, C:\Program Files (x86)\Zoom Player\zoom.player.max.v9.0.2.-patch.exe, , [2909198b1f6c75c19befc1ae3bc6aa56],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Prosím o Kontrolu logu - preventívka

#11 Příspěvek od Márty84 »

:arrow: Nalez nechte odstranit, pak muzete MBAM odinstalovat.

:???: Co odpoved na mou otazku?

:arrow: Dejte novy log z RSIT.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
Slovak
Návštěvník
Návštěvník
Příspěvky: 78
Registrován: 20 pro 2014 18:42

Re: Prosím o Kontrolu logu - preventívka

#12 Příspěvek od Slovak »

Logfile of random's system information tool 1.10 (written by random/random)
Run by Trifon at 2015-12-14 18:20:41
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 168 GB (74%) free of 229 GB
Total RAM: 8131 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:20:42, on 14. 12. 2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Trifon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Volanie kliknutím - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Volanie kliknutím - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11372 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs

"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
taskeng.exe {8BC6B018-8561-4821-9B38-7BB38B6A9321}
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\AVAST Software\Avast\afwServ.exe"
"C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe"
"C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\sppsvc.exe
"C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-ad2481a9-906a-495a-9c12-9c52f4054a53 -SystemEventPortName:HostProcess-b4ced0b5-6141-43a6-a135-d875010adf32 -IoCancelEventPortName:HostProcess-c55ea639-1b43-4c84-9b56-621d4777788e -NonStateChangingEventPortName:HostProcess-eef2b35e-5910-4107-b364-dadbda7c8c91 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:af7ac366-8be2-46de-bfef-029eb3a2f20e -DeviceGroupId:
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" nss 584ea06d-fb53-4877-879b-0f014fa526c2 1
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
\??\C:\Windows\system32\conhost.exe "384101655-309543691-110532424-1922373057-1879496566-11129283741092339588783519072
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "-4079742771615412460105383322180473591-1007296024-3348636911769350037-667225952
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="2328.0.1639187390\1085236092" --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,12,23,51,61 --gpu-vendor-id=0x10de --gpu-device-id=0x05e6 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.4181 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/*AutomaticTabDiscarding/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/CrossDevicePromo/14DaySingleProfile/*DomRel-Enable/enable/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/InstanceID/Enabled/IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/StableHQPFrequencyBugFix_PrePeriod_1/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Disabled/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Enabled/SafeBrowsingSocialEngineeringStrings/Enabled/SessionRestoreBackgroundLoading/Restore/SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/VarationsServiceControl/Interval_30min/VoiceTrigger/Install/WebRTC-PeerConnectionDTLS1.2/Default/ --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="2328.1.1234677705\488121335" --font-cache-shared-handle=2020 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/*AutomaticTabDiscarding/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/14DaySingleProfile/*DomRel-Enable/enable/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/StableHQPFrequencyBugFix_PrePeriod_1/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Disabled/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Enabled/SafeBrowsingSocialEngineeringStrings/Enabled/SessionRestoreBackgroundLoading/Restore/SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/WebRTC-PeerConnectionDTLS1.2/Default/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="2328.2.783838672\494493156" --font-cache-shared-handle=2208 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/*AutomaticTabDiscarding/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/14DaySingleProfile/*DomRel-Enable/enable/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/StableHQPFrequencyBugFix_PrePeriod_1/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Disabled/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Enabled/SafeBrowsingSocialEngineeringStrings/Enabled/SessionRestoreBackgroundLoading/Restore/SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/WebRTC-PeerConnectionDTLS1.2/Default/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="2328.3.765143333\179194893" --font-cache-shared-handle=2356 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/*AutomaticTabDiscarding/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/14DaySingleProfile/*DomRel-Enable/enable/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/StableHQPFrequencyBugFix_PrePeriod_1/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Disabled/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Enabled/SafeBrowsingSocialEngineeringStrings/Enabled/SessionRestoreBackgroundLoading/Restore/SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/WebRTC-PeerConnectionDTLS1.2/Default/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="2328.4.2117210061\1367708398" --font-cache-shared-handle=2476 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/*AutomaticTabDiscarding/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/14DaySingleProfile/*DomRel-Enable/enable/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/StableHQPFrequencyBugFix_PrePeriod_1/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Disabled/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Enabled/SafeBrowsingSocialEngineeringStrings/Enabled/SessionRestoreBackgroundLoading/Restore/SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/WebRTC-PeerConnectionDTLS1.2/Default/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="2328.5.966599743\1015637221" --font-cache-shared-handle=2508 /prefetch:673131151
C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding
"C:\Windows\system32\GWX\GWX.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/*AutomaticTabDiscarding/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/14DaySingleProfile/*DomRel-Enable/enable/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/StableHQPFrequencyBugFix_PrePeriod_1/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Disabled/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Enabled/SafeBrowsingSocialEngineeringStrings/Enabled/SessionRestoreBackgroundLoading/Restore/SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/WebRTC-PeerConnectionDTLS1.2/Default/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="2328.7.2070900618\2058565955" --font-cache-shared-handle=5584 /prefetch:673131151
taskeng.exe {9642E5D9-770E-4B4F-BCAF-716B1E3E6A5F}
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Users\Trifon\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\Trifon\AppData\Roaming\Mozilla\Firefox\Profiles\rk8vrt1e.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll


C:\Program Files (x86)\Mozilla Firefox\plugins\
npMeetingJoinPluginOC.dll
npwachk.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-11-18 219304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-10 885152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-10-14 256456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL [2014-01-23 881880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL [2015-11-10 2339032]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18 153768]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-10 664184]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-10-14 194504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL [2014-01-22 707800]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [2015-11-10 1731800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-10-14 256456]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-10-14 194504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2013-10-22 7203032]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2015-08-18 2585744]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2015-08-18 1514528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [2009-11-19 75048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]
C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [2009-04-27 50472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [2009-07-06 87336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files (x86)\Steam\steam.exe [2015-12-10 3013200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files (x86)\Winamp\winampa.exe [2010-07-12 74752]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2014-08-25 293872]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-11-10 7004376]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-12-12 10:29:50 ----D---- C:\ProgramData\Malwarebytes
2015-12-12 10:25:45 ----D---- C:\AdwCleaner
2015-12-10 14:36:31 ----D---- C:\rsit
2015-12-10 14:36:31 ----D---- C:\Program Files\trend micro
2015-12-09 20:51:56 ----SHD---- C:\Config.Msi
2015-12-09 11:44:26 ----A---- C:\Windows\SYSWOW64\usp10.dll
2015-12-09 11:44:26 ----A---- C:\Windows\SYSWOW64\tzres.dll
2015-12-09 11:44:26 ----A---- C:\Windows\system32\usp10.dll
2015-12-09 11:44:26 ----A---- C:\Windows\system32\tzres.dll
2015-12-09 11:44:25 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-12-09 11:44:25 ----A---- C:\Windows\SYSWOW64\wups.dll
2015-12-09 11:44:25 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-12-09 11:44:25 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-12-09 11:44:25 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-12-09 11:44:25 ----A---- C:\Windows\system32\wuwebv.dll
2015-12-09 11:44:25 ----A---- C:\Windows\system32\wups2.dll
2015-12-09 11:44:25 ----A---- C:\Windows\system32\wups.dll
2015-12-09 11:44:25 ----A---- C:\Windows\system32\wudriver.dll
2015-12-09 11:44:25 ----A---- C:\Windows\system32\wucltux.dll
2015-12-09 11:44:25 ----A---- C:\Windows\system32\wuaueng.dll
2015-12-09 11:44:25 ----A---- C:\Windows\system32\wuauclt.exe
2015-12-09 11:44:25 ----A---- C:\Windows\system32\wuapp.exe
2015-12-09 11:44:25 ----A---- C:\Windows\system32\wuapi.dll
2015-12-09 11:44:25 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-12-09 11:44:25 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-12-09 11:44:23 ----A---- C:\Windows\SYSWOW64\nlsbres.dll
2015-12-09 11:44:23 ----A---- C:\Windows\SYSWOW64\kbdgeoqw.dll
2015-12-09 11:44:23 ----A---- C:\Windows\SYSWOW64\KBDAZEL.DLL
2015-12-09 11:44:23 ----A---- C:\Windows\SYSWOW64\KBDAZE.DLL
2015-12-09 11:44:23 ----A---- C:\Windows\system32\nlsbres.dll
2015-12-09 11:44:23 ----A---- C:\Windows\system32\kbdgeoqw.dll
2015-12-09 11:44:23 ----A---- C:\Windows\system32\KBDAZEL.DLL
2015-12-09 11:44:23 ----A---- C:\Windows\system32\KBDAZE.DLL
2015-12-09 11:44:22 ----A---- C:\Windows\SYSWOW64\user32.dll
2015-12-09 11:44:22 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2015-12-09 11:44:22 ----A---- C:\Windows\system32\win32k.sys
2015-12-09 11:44:22 ----A---- C:\Windows\system32\user32.dll
2015-12-09 11:44:22 ----A---- C:\Windows\system32\FntCache.dll
2015-12-09 11:44:22 ----A---- C:\Windows\system32\DWrite.dll
2015-12-09 11:44:21 ----A---- C:\Windows\SYSWOW64\wshrm.dll
2015-12-09 11:44:21 ----A---- C:\Windows\SYSWOW64\comsvcs.dll
2015-12-09 11:44:21 ----A---- C:\Windows\SYSWOW64\catsrvut.dll
2015-12-09 11:44:21 ----A---- C:\Windows\system32\wshrm.dll
2015-12-09 11:44:21 ----A---- C:\Windows\system32\drivers\rmcast.sys
2015-12-09 11:44:21 ----A---- C:\Windows\system32\comsvcs.dll
2015-12-09 11:44:21 ----A---- C:\Windows\system32\catsrvut.dll
2015-12-09 11:44:20 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-12-09 11:44:20 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-12-09 11:44:20 ----A---- C:\Windows\SYSWOW64\occache.dll
2015-12-09 11:44:20 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-12-09 11:44:20 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-12-09 11:44:20 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-12-09 11:44:20 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-12-09 11:44:20 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-12-09 11:44:20 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-12-09 11:44:20 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-12-09 11:44:20 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-12-09 11:44:20 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-12-09 11:44:20 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-09 11:44:20 ----A---- C:\Windows\system32\iertutil.dll
2015-12-09 11:44:20 ----A---- C:\Windows\system32\iernonce.dll
2015-12-09 11:44:20 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-12-09 11:44:20 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-12-09 11:44:20 ----A---- C:\Windows\system32\ie4uinit.exe
2015-12-09 11:44:19 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-12-09 11:44:19 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-12-09 11:44:19 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-12-09 11:44:19 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-12-09 11:44:19 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-12-09 11:44:19 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-12-09 11:44:19 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-12-09 11:44:19 ----A---- C:\Windows\system32\urlmon.dll
2015-12-09 11:44:19 ----A---- C:\Windows\system32\occache.dll
2015-12-09 11:44:19 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-09 11:44:19 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-12-09 11:44:19 ----A---- C:\Windows\system32\iedkcs32.dll
2015-12-09 11:44:19 ----A---- C:\Windows\system32\dxtrans.dll
2015-12-09 11:44:18 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-12-09 11:44:18 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-12-09 11:44:18 ----A---- C:\Windows\system32\msfeeds.dll
2015-12-09 11:44:18 ----A---- C:\Windows\system32\iesetup.dll
2015-12-09 11:44:18 ----A---- C:\Windows\system32\ieapfltr.dll
2015-12-09 11:44:17 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-12-09 11:44:17 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2015-12-09 11:44:17 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-12-09 11:44:17 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-12-09 11:44:17 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-12-09 11:44:17 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-12-09 11:44:17 ----A---- C:\Windows\system32\vbscript.dll
2015-12-09 11:44:17 ----A---- C:\Windows\system32\jsproxy.dll
2015-12-09 11:44:17 ----A---- C:\Windows\system32\ieui.dll
2015-12-09 11:44:17 ----A---- C:\Windows\system32\ieframe.dll
2015-12-09 11:44:17 ----A---- C:\Windows\system32\dxtmsft.dll
2015-12-09 11:44:16 ----A---- C:\Windows\system32\wininet.dll
2015-12-09 11:44:16 ----A---- C:\Windows\system32\webcheck.dll
2015-12-09 11:44:16 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-12-09 11:44:16 ----A---- C:\Windows\system32\mshtmled.dll
2015-12-09 11:44:16 ----A---- C:\Windows\system32\jscript9diag.dll
2015-12-09 11:44:16 ----A---- C:\Windows\system32\jscript9.dll
2015-12-09 11:44:16 ----A---- C:\Windows\system32\jscript.dll
2015-12-09 11:44:16 ----A---- C:\Windows\system32\ieUnatt.exe
2015-12-09 11:44:15 ----A---- C:\Windows\system32\msrating.dll
2015-12-09 11:44:15 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-12-09 11:44:15 ----A---- C:\Windows\system32\mshtml.dll
2015-12-09 11:43:58 ----A---- C:\Windows\SYSWOW64\els.dll
2015-12-09 11:43:58 ----A---- C:\Windows\system32\els.dll
2015-12-04 19:27:56 ----D---- C:\Users\Trifon\AppData\Roaming\.mono
2015-12-04 19:27:56 ----D---- C:\ProgramData\.mono
2015-12-03 18:47:23 ----D---- C:\Program Files\Common Files\AV
2015-12-02 14:29:05 ----D---- C:\Users\Trifon\AppData\Roaming\AC3Filter
2015-11-23 21:26:26 ----D---- C:\Users\Trifon\AppData\Roaming\NVIDIA
2015-11-18 20:45:48 ----A---- C:\Windows\SYSWOW64\xinput1_3.dll
2015-11-18 20:45:48 ----A---- C:\Windows\SYSWOW64\XAudio2_4.dll
2015-11-18 20:45:48 ----A---- C:\Windows\SYSWOW64\X3DAudio1_6.dll
2015-11-18 20:45:48 ----A---- C:\Windows\SYSWOW64\D3DX9_41.dll
2015-11-18 20:45:47 ----A---- C:\Windows\SYSWOW64\xinput1_2.dll
2015-11-18 20:45:47 ----A---- C:\Windows\SYSWOW64\xinput1_1.dll
2015-11-18 20:45:47 ----A---- C:\Windows\SYSWOW64\d3dx9_27.dll

======List of files/folders modified in the last 1 month======

2015-12-14 18:20:26 ----RD---- C:\Program Files (x86)
2015-12-14 18:20:26 ----D---- C:\Windows\system32\drivers
2015-12-14 18:19:52 ----D---- C:\Windows\system32\Tasks
2015-12-14 18:19:34 ----D---- C:\ProgramData\NVIDIA
2015-12-14 18:18:36 ----D---- C:\Windows\Temp
2015-12-14 18:18:35 ----D---- C:\Windows\twain_32
2015-12-14 15:36:46 ----D---- C:\Users\Trifon\AppData\Roaming\vlc
2015-12-14 14:29:21 ----D---- C:\Users\Trifon\AppData\Roaming\uTorrent
2015-12-14 14:13:09 ----D---- C:\Windows\System32
2015-12-14 14:13:09 ----D---- C:\Windows\inf
2015-12-14 14:13:09 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-12-13 17:16:46 ----D---- C:\Program Files (x86)\Steam
2015-12-13 09:18:21 ----D---- C:\Windows\system32\config
2015-12-12 10:29:50 ----HD---- C:\ProgramData
2015-12-11 17:29:35 ----D---- C:\Users\Trifon\AppData\Roaming\CDisplayEx
2015-12-11 14:51:43 ----SHD---- C:\System Volume Information
2015-12-10 19:01:31 ----SD---- C:\Users\Trifon\AppData\Roaming\Microsoft
2015-12-10 14:36:31 ----RD---- C:\Program Files
2015-12-10 13:26:33 ----D---- C:\Windows\Microsoft.NET
2015-12-10 13:26:17 ----RSD---- C:\Windows\assembly
2015-12-10 11:14:51 ----D---- C:\Windows\winsxs
2015-12-10 11:14:05 ----RSD---- C:\Windows\Fonts
2015-12-10 11:14:05 ----D---- C:\Windows\SYSWOW64\sk-SK
2015-12-10 11:14:05 ----D---- C:\Windows\SYSWOW64\en-US
2015-12-10 11:14:05 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-12-10 11:14:05 ----D---- C:\Windows\SysWOW64
2015-12-10 11:14:05 ----D---- C:\Windows\system32\sk-SK
2015-12-10 11:14:05 ----D---- C:\Windows\system32\en-US
2015-12-10 11:14:05 ----D---- C:\Windows\system32\cs-CZ
2015-12-10 11:14:04 ----D---- C:\Windows\ehome
2015-12-10 11:14:04 ----D---- C:\Program Files\Internet Explorer
2015-12-10 11:14:04 ----D---- C:\Program Files (x86)\Internet Explorer
2015-12-09 20:52:25 ----SHD---- C:\Windows\Installer
2015-12-09 20:52:14 ----D---- C:\ProgramData\Microsoft Help
2015-12-09 20:51:50 ----A---- C:\Windows\win.ini
2015-12-09 20:49:09 ----D---- C:\Windows\system32\MRT
2015-12-09 20:46:49 ----A---- C:\Windows\system32\MRT.exe
2015-12-09 12:18:18 ----D---- C:\Windows\system32\drivers\UMDF
2015-12-09 11:42:08 ----D---- C:\Windows\system32\catroot2
2015-12-04 07:48:10 ----D---- C:\Windows\Tasks
2015-12-03 18:47:23 ----D---- C:\Program Files\Common Files
2015-12-03 18:47:23 ----D---- C:\Program Files (x86)\Common Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswNdisFlt;Avast! Firewall Driver; C:\Windows\system32\DRIVERS\aswNdisFlt.sys [2015-11-10 466400]
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2015-11-10 65224]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2015-11-10 273784]
R0 iaStorA;iaStorA; C:\Windows\system32\DRIVERS\iaStorA.sys [2013-08-07 644968]
R0 iaStorF;iaStorF; C:\Windows\system32\DRIVERS\iaStorF.sys [2013-08-07 28008]
R0 iusb3hcs;Ovládač prepínača hostiteľského radiča Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2014-08-25 20464]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2015-10-10 381440]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2012-08-22 15232]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2015-11-10 28144]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2015-11-10 93528]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2015-11-10 1059656]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2015-11-10 449992]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2015/10/10 21:44:31]; \??\C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [2009-02-28 146928]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2015-11-10 28656]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2015-11-10 97648]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2015-11-10 154256]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2013-10-22 3692632]
R3 ISCT;Intel(R) Smart Connect Technology Device Driver; C:\Windows\system32\DRIVERS\ISCTD.sys [2014-04-29 44744]
R3 iusb3hub;Ovládač rozbočovača Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2014-08-25 383984]
R3 iusb3xhc;Ovládač hostiteľského radiča Intel(R) USB 3.0 eXtensible; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2014-08-25 795120]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2013-09-16 99288]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-08-18 19600]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2015-08-18 38032]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2012-12-28 805088]
S3 a7o9h5i0;a7o9h5i0; C:\Windows\system32\drivers\a7o9h5i0.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2015-06-11 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 asComSvc;ASUS Com Service; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [2014-06-18 936728]
R2 AsSysCtrlService;ASUS System Control Service; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [2014-06-18 1360016]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-11-10 174416]
R2 avast! Firewall;Avast Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [2015-11-10 109520]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-08-18 1148560]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-08-27 747520]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-08-18 1706128]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2015-08-18 21833360]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-08-18 933168]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2015-10-14 76888]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-08-17 409776]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-01 5132888]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-10 144200]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-09-16 169432]
S2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-09-16 390616]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-10 144200]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2015-10-14 194032]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-11-08 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-08-27 828376]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-10-16 147624]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2013-01-25 178760]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2015-10-14 838224]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2015-10-16 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]

-----------------EOF-----------------
Nahoru
Slovak
Návštěvník
Návštěvník
Příspěvky: 78
Registrován: 20 pro 2014 18:42

Re: Prosím o Kontrolu logu - preventívka

#13 Příspěvek od Slovak »

Logfile of random's system information tool 1.10 (written by random/random)
Run by Trifon at 2015-12-14 18:20:41
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 168 GB (74%) free of 229 GB
Total RAM: 8131 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:20:42, on 14. 12. 2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Trifon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Volanie kliknutím - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Volanie kliknutím - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11372 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs

"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
taskeng.exe {8BC6B018-8561-4821-9B38-7BB38B6A9321}
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\AVAST Software\Avast\afwServ.exe"
"C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe"
"C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\sppsvc.exe
"C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-ad2481a9-906a-495a-9c12-9c52f4054a53 -SystemEventPortName:HostProcess-b4ced0b5-6141-43a6-a135-d875010adf32 -IoCancelEventPortName:HostProcess-c55ea639-1b43-4c84-9b56-621d4777788e -NonStateChangingEventPortName:HostProcess-eef2b35e-5910-4107-b364-dadbda7c8c91 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:af7ac366-8be2-46de-bfef-029eb3a2f20e -DeviceGroupId:
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" nss 584ea06d-fb53-4877-879b-0f014fa526c2 1
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
\??\C:\Windows\system32\conhost.exe "384101655-309543691-110532424-1922373057-1879496566-11129283741092339588783519072
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "-4079742771615412460105383322180473591-1007296024-3348636911769350037-667225952
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="2328.0.1639187390\1085236092" --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,12,23,51,61 --gpu-vendor-id=0x10de --gpu-device-id=0x05e6 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.4181 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/*AutomaticTabDiscarding/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/CrossDevicePromo/14DaySingleProfile/*DomRel-Enable/enable/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/InstanceID/Enabled/IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/StableHQPFrequencyBugFix_PrePeriod_1/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Disabled/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Enabled/SafeBrowsingSocialEngineeringStrings/Enabled/SessionRestoreBackgroundLoading/Restore/SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/VarationsServiceControl/Interval_30min/VoiceTrigger/Install/WebRTC-PeerConnectionDTLS1.2/Default/ --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="2328.1.1234677705\488121335" --font-cache-shared-handle=2020 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/*AutomaticTabDiscarding/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/14DaySingleProfile/*DomRel-Enable/enable/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/StableHQPFrequencyBugFix_PrePeriod_1/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Disabled/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Enabled/SafeBrowsingSocialEngineeringStrings/Enabled/SessionRestoreBackgroundLoading/Restore/SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/WebRTC-PeerConnectionDTLS1.2/Default/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="2328.2.783838672\494493156" --font-cache-shared-handle=2208 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/*AutomaticTabDiscarding/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/14DaySingleProfile/*DomRel-Enable/enable/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/StableHQPFrequencyBugFix_PrePeriod_1/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Disabled/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Enabled/SafeBrowsingSocialEngineeringStrings/Enabled/SessionRestoreBackgroundLoading/Restore/SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/WebRTC-PeerConnectionDTLS1.2/Default/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="2328.3.765143333\179194893" --font-cache-shared-handle=2356 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/*AutomaticTabDiscarding/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/14DaySingleProfile/*DomRel-Enable/enable/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/StableHQPFrequencyBugFix_PrePeriod_1/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Disabled/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Enabled/SafeBrowsingSocialEngineeringStrings/Enabled/SessionRestoreBackgroundLoading/Restore/SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/WebRTC-PeerConnectionDTLS1.2/Default/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="2328.4.2117210061\1367708398" --font-cache-shared-handle=2476 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/*AutomaticTabDiscarding/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/14DaySingleProfile/*DomRel-Enable/enable/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/StableHQPFrequencyBugFix_PrePeriod_1/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Disabled/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Enabled/SafeBrowsingSocialEngineeringStrings/Enabled/SessionRestoreBackgroundLoading/Restore/SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/WebRTC-PeerConnectionDTLS1.2/Default/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="2328.5.966599743\1015637221" --font-cache-shared-handle=2508 /prefetch:673131151
C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding
"C:\Windows\system32\GWX\GWX.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/*AutomaticTabDiscarding/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/14DaySingleProfile/*DomRel-Enable/enable/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/StableHQPFrequencyBugFix_PrePeriod_1/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Disabled/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Enabled/SafeBrowsingSocialEngineeringStrings/Enabled/SessionRestoreBackgroundLoading/Restore/SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/WebRTC-PeerConnectionDTLS1.2/Default/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="2328.7.2070900618\2058565955" --font-cache-shared-handle=5584 /prefetch:673131151
taskeng.exe {9642E5D9-770E-4B4F-BCAF-716B1E3E6A5F}
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Users\Trifon\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\Trifon\AppData\Roaming\Mozilla\Firefox\Profiles\rk8vrt1e.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll


C:\Program Files (x86)\Mozilla Firefox\plugins\
npMeetingJoinPluginOC.dll
npwachk.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-11-18 219304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-10 885152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-10-14 256456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL [2014-01-23 881880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL [2015-11-10 2339032]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18 153768]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-10 664184]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-10-14 194504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL [2014-01-22 707800]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [2015-11-10 1731800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-10-14 256456]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-10-14 194504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2013-10-22 7203032]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2015-08-18 2585744]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2015-08-18 1514528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [2009-11-19 75048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]
C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [2009-04-27 50472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [2009-07-06 87336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files (x86)\Steam\steam.exe [2015-12-10 3013200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files (x86)\Winamp\winampa.exe [2010-07-12 74752]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2014-08-25 293872]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-11-10 7004376]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-12-12 10:29:50 ----D---- C:\ProgramData\Malwarebytes
2015-12-12 10:25:45 ----D---- C:\AdwCleaner
2015-12-10 14:36:31 ----D---- C:\rsit
2015-12-10 14:36:31 ----D---- C:\Program Files\trend micro
2015-12-09 20:51:56 ----SHD---- C:\Config.Msi
2015-12-09 11:44:26 ----A---- C:\Windows\SYSWOW64\usp10.dll
2015-12-09 11:44:26 ----A---- C:\Windows\SYSWOW64\tzres.dll
2015-12-09 11:44:26 ----A---- C:\Windows\system32\usp10.dll
2015-12-09 11:44:26 ----A---- C:\Windows\system32\tzres.dll
2015-12-09 11:44:25 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-12-09 11:44:25 ----A---- C:\Windows\SYSWOW64\wups.dll
2015-12-09 11:44:25 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-12-09 11:44:25 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-12-09 11:44:25 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-12-09 11:44:25 ----A---- C:\Windows\system32\wuwebv.dll
2015-12-09 11:44:25 ----A---- C:\Windows\system32\wups2.dll
2015-12-09 11:44:25 ----A---- C:\Windows\system32\wups.dll
2015-12-09 11:44:25 ----A---- C:\Windows\system32\wudriver.dll
2015-12-09 11:44:25 ----A---- C:\Windows\system32\wucltux.dll
2015-12-09 11:44:25 ----A---- C:\Windows\system32\wuaueng.dll
2015-12-09 11:44:25 ----A---- C:\Windows\system32\wuauclt.exe
2015-12-09 11:44:25 ----A---- C:\Windows\system32\wuapp.exe
2015-12-09 11:44:25 ----A---- C:\Windows\system32\wuapi.dll
2015-12-09 11:44:25 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-12-09 11:44:25 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-12-09 11:44:23 ----A---- C:\Windows\SYSWOW64\nlsbres.dll
2015-12-09 11:44:23 ----A---- C:\Windows\SYSWOW64\kbdgeoqw.dll
2015-12-09 11:44:23 ----A---- C:\Windows\SYSWOW64\KBDAZEL.DLL
2015-12-09 11:44:23 ----A---- C:\Windows\SYSWOW64\KBDAZE.DLL
2015-12-09 11:44:23 ----A---- C:\Windows\system32\nlsbres.dll
2015-12-09 11:44:23 ----A---- C:\Windows\system32\kbdgeoqw.dll
2015-12-09 11:44:23 ----A---- C:\Windows\system32\KBDAZEL.DLL
2015-12-09 11:44:23 ----A---- C:\Windows\system32\KBDAZE.DLL
2015-12-09 11:44:22 ----A---- C:\Windows\SYSWOW64\user32.dll
2015-12-09 11:44:22 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2015-12-09 11:44:22 ----A---- C:\Windows\system32\win32k.sys
2015-12-09 11:44:22 ----A---- C:\Windows\system32\user32.dll
2015-12-09 11:44:22 ----A---- C:\Windows\system32\FntCache.dll
2015-12-09 11:44:22 ----A---- C:\Windows\system32\DWrite.dll
2015-12-09 11:44:21 ----A---- C:\Windows\SYSWOW64\wshrm.dll
2015-12-09 11:44:21 ----A---- C:\Windows\SYSWOW64\comsvcs.dll
2015-12-09 11:44:21 ----A---- C:\Windows\SYSWOW64\catsrvut.dll
2015-12-09 11:44:21 ----A---- C:\Windows\system32\wshrm.dll
2015-12-09 11:44:21 ----A---- C:\Windows\system32\drivers\rmcast.sys
2015-12-09 11:44:21 ----A---- C:\Windows\system32\comsvcs.dll
2015-12-09 11:44:21 ----A---- C:\Windows\system32\catsrvut.dll
2015-12-09 11:44:20 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-12-09 11:44:20 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-12-09 11:44:20 ----A---- C:\Windows\SYSWOW64\occache.dll
2015-12-09 11:44:20 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-12-09 11:44:20 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-12-09 11:44:20 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-12-09 11:44:20 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-12-09 11:44:20 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-12-09 11:44:20 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-12-09 11:44:20 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-12-09 11:44:20 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-12-09 11:44:20 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-12-09 11:44:20 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-09 11:44:20 ----A---- C:\Windows\system32\iertutil.dll
2015-12-09 11:44:20 ----A---- C:\Windows\system32\iernonce.dll
2015-12-09 11:44:20 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-12-09 11:44:20 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-12-09 11:44:20 ----A---- C:\Windows\system32\ie4uinit.exe
2015-12-09 11:44:19 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-12-09 11:44:19 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-12-09 11:44:19 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-12-09 11:44:19 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-12-09 11:44:19 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-12-09 11:44:19 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-12-09 11:44:19 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-12-09 11:44:19 ----A---- C:\Windows\system32\urlmon.dll
2015-12-09 11:44:19 ----A---- C:\Windows\system32\occache.dll
2015-12-09 11:44:19 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-09 11:44:19 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-12-09 11:44:19 ----A---- C:\Windows\system32\iedkcs32.dll
2015-12-09 11:44:19 ----A---- C:\Windows\system32\dxtrans.dll
2015-12-09 11:44:18 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-12-09 11:44:18 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-12-09 11:44:18 ----A---- C:\Windows\system32\msfeeds.dll
2015-12-09 11:44:18 ----A---- C:\Windows\system32\iesetup.dll
2015-12-09 11:44:18 ----A---- C:\Windows\system32\ieapfltr.dll
2015-12-09 11:44:17 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-12-09 11:44:17 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2015-12-09 11:44:17 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-12-09 11:44:17 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-12-09 11:44:17 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-12-09 11:44:17 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-12-09 11:44:17 ----A---- C:\Windows\system32\vbscript.dll
2015-12-09 11:44:17 ----A---- C:\Windows\system32\jsproxy.dll
2015-12-09 11:44:17 ----A---- C:\Windows\system32\ieui.dll
2015-12-09 11:44:17 ----A---- C:\Windows\system32\ieframe.dll
2015-12-09 11:44:17 ----A---- C:\Windows\system32\dxtmsft.dll
2015-12-09 11:44:16 ----A---- C:\Windows\system32\wininet.dll
2015-12-09 11:44:16 ----A---- C:\Windows\system32\webcheck.dll
2015-12-09 11:44:16 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-12-09 11:44:16 ----A---- C:\Windows\system32\mshtmled.dll
2015-12-09 11:44:16 ----A---- C:\Windows\system32\jscript9diag.dll
2015-12-09 11:44:16 ----A---- C:\Windows\system32\jscript9.dll
2015-12-09 11:44:16 ----A---- C:\Windows\system32\jscript.dll
2015-12-09 11:44:16 ----A---- C:\Windows\system32\ieUnatt.exe
2015-12-09 11:44:15 ----A---- C:\Windows\system32\msrating.dll
2015-12-09 11:44:15 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-12-09 11:44:15 ----A---- C:\Windows\system32\mshtml.dll
2015-12-09 11:43:58 ----A---- C:\Windows\SYSWOW64\els.dll
2015-12-09 11:43:58 ----A---- C:\Windows\system32\els.dll
2015-12-04 19:27:56 ----D---- C:\Users\Trifon\AppData\Roaming\.mono
2015-12-04 19:27:56 ----D---- C:\ProgramData\.mono
2015-12-03 18:47:23 ----D---- C:\Program Files\Common Files\AV
2015-12-02 14:29:05 ----D---- C:\Users\Trifon\AppData\Roaming\AC3Filter
2015-11-23 21:26:26 ----D---- C:\Users\Trifon\AppData\Roaming\NVIDIA
2015-11-18 20:45:48 ----A---- C:\Windows\SYSWOW64\xinput1_3.dll
2015-11-18 20:45:48 ----A---- C:\Windows\SYSWOW64\XAudio2_4.dll
2015-11-18 20:45:48 ----A---- C:\Windows\SYSWOW64\X3DAudio1_6.dll
2015-11-18 20:45:48 ----A---- C:\Windows\SYSWOW64\D3DX9_41.dll
2015-11-18 20:45:47 ----A---- C:\Windows\SYSWOW64\xinput1_2.dll
2015-11-18 20:45:47 ----A---- C:\Windows\SYSWOW64\xinput1_1.dll
2015-11-18 20:45:47 ----A---- C:\Windows\SYSWOW64\d3dx9_27.dll

======List of files/folders modified in the last 1 month======

2015-12-14 18:20:26 ----RD---- C:\Program Files (x86)
2015-12-14 18:20:26 ----D---- C:\Windows\system32\drivers
2015-12-14 18:19:52 ----D---- C:\Windows\system32\Tasks
2015-12-14 18:19:34 ----D---- C:\ProgramData\NVIDIA
2015-12-14 18:18:36 ----D---- C:\Windows\Temp
2015-12-14 18:18:35 ----D---- C:\Windows\twain_32
2015-12-14 15:36:46 ----D---- C:\Users\Trifon\AppData\Roaming\vlc
2015-12-14 14:29:21 ----D---- C:\Users\Trifon\AppData\Roaming\uTorrent
2015-12-14 14:13:09 ----D---- C:\Windows\System32
2015-12-14 14:13:09 ----D---- C:\Windows\inf
2015-12-14 14:13:09 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-12-13 17:16:46 ----D---- C:\Program Files (x86)\Steam
2015-12-13 09:18:21 ----D---- C:\Windows\system32\config
2015-12-12 10:29:50 ----HD---- C:\ProgramData
2015-12-11 17:29:35 ----D---- C:\Users\Trifon\AppData\Roaming\CDisplayEx
2015-12-11 14:51:43 ----SHD---- C:\System Volume Information
2015-12-10 19:01:31 ----SD---- C:\Users\Trifon\AppData\Roaming\Microsoft
2015-12-10 14:36:31 ----RD---- C:\Program Files
2015-12-10 13:26:33 ----D---- C:\Windows\Microsoft.NET
2015-12-10 13:26:17 ----RSD---- C:\Windows\assembly
2015-12-10 11:14:51 ----D---- C:\Windows\winsxs
2015-12-10 11:14:05 ----RSD---- C:\Windows\Fonts
2015-12-10 11:14:05 ----D---- C:\Windows\SYSWOW64\sk-SK
2015-12-10 11:14:05 ----D---- C:\Windows\SYSWOW64\en-US
2015-12-10 11:14:05 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-12-10 11:14:05 ----D---- C:\Windows\SysWOW64
2015-12-10 11:14:05 ----D---- C:\Windows\system32\sk-SK
2015-12-10 11:14:05 ----D---- C:\Windows\system32\en-US
2015-12-10 11:14:05 ----D---- C:\Windows\system32\cs-CZ
2015-12-10 11:14:04 ----D---- C:\Windows\ehome
2015-12-10 11:14:04 ----D---- C:\Program Files\Internet Explorer
2015-12-10 11:14:04 ----D---- C:\Program Files (x86)\Internet Explorer
2015-12-09 20:52:25 ----SHD---- C:\Windows\Installer
2015-12-09 20:52:14 ----D---- C:\ProgramData\Microsoft Help
2015-12-09 20:51:50 ----A---- C:\Windows\win.ini
2015-12-09 20:49:09 ----D---- C:\Windows\system32\MRT
2015-12-09 20:46:49 ----A---- C:\Windows\system32\MRT.exe
2015-12-09 12:18:18 ----D---- C:\Windows\system32\drivers\UMDF
2015-12-09 11:42:08 ----D---- C:\Windows\system32\catroot2
2015-12-04 07:48:10 ----D---- C:\Windows\Tasks
2015-12-03 18:47:23 ----D---- C:\Program Files\Common Files
2015-12-03 18:47:23 ----D---- C:\Program Files (x86)\Common Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswNdisFlt;Avast! Firewall Driver; C:\Windows\system32\DRIVERS\aswNdisFlt.sys [2015-11-10 466400]
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2015-11-10 65224]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2015-11-10 273784]
R0 iaStorA;iaStorA; C:\Windows\system32\DRIVERS\iaStorA.sys [2013-08-07 644968]
R0 iaStorF;iaStorF; C:\Windows\system32\DRIVERS\iaStorF.sys [2013-08-07 28008]
R0 iusb3hcs;Ovládač prepínača hostiteľského radiča Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2014-08-25 20464]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2015-10-10 381440]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2012-08-22 15232]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2015-11-10 28144]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2015-11-10 93528]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2015-11-10 1059656]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2015-11-10 449992]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2015/10/10 21:44:31]; \??\C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [2009-02-28 146928]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2015-11-10 28656]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2015-11-10 97648]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2015-11-10 154256]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2013-10-22 3692632]
R3 ISCT;Intel(R) Smart Connect Technology Device Driver; C:\Windows\system32\DRIVERS\ISCTD.sys [2014-04-29 44744]
R3 iusb3hub;Ovládač rozbočovača Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2014-08-25 383984]
R3 iusb3xhc;Ovládač hostiteľského radiča Intel(R) USB 3.0 eXtensible; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2014-08-25 795120]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2013-09-16 99288]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-08-18 19600]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2015-08-18 38032]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2012-12-28 805088]
S3 a7o9h5i0;a7o9h5i0; C:\Windows\system32\drivers\a7o9h5i0.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2015-06-11 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 asComSvc;ASUS Com Service; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [2014-06-18 936728]
R2 AsSysCtrlService;ASUS System Control Service; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [2014-06-18 1360016]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-11-10 174416]
R2 avast! Firewall;Avast Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [2015-11-10 109520]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-08-18 1148560]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-08-27 747520]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-08-18 1706128]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2015-08-18 21833360]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-08-18 933168]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2015-10-14 76888]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-08-17 409776]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-01 5132888]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-10 144200]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-09-16 169432]
S2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-09-16 390616]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-10 144200]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2015-10-14 194032]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-11-08 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-08-27 828376]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-10-16 147624]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2013-01-25 178760]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2015-10-14 838224]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2015-10-16 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]

-----------------EOF-----------------
Nahoru
Slovak
Návštěvník
Návštěvník
Příspěvky: 78
Registrován: 20 pro 2014 18:42

Re: Prosím o Kontrolu logu - preventívka

#14 Příspěvek od Slovak »

Normálne kúpený je ten Windows.
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Prosím o Kontrolu logu - preventívka

#15 Příspěvek od Márty84 »

:!: Vypnete antivir, at nebrani programu v praci.
:arrow: Znovu spustte OTL jako spravce
Do spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[Purity]
[CreateRestorePoint]

:services
gupdate
gupdatem
gusvc

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:otl
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1601266965-4254244799-107981220-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2015/10/10 20:50:56 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\AVG
[2015/10/10 19:37:10 | 000,000,932 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2015/10/10 19:37:10 | 000,000,936 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[3 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[7 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[1 C:\Windows\inf\Intel Storage Counters\*.tmp files -> C:\Windows\inf\Intel Storage Counters\*.tmp -> ]
[1 C:\Windows\inf\Intel Storage Counters\0000\*.tmp files -> C:\Windows\inf\Intel Storage Counters\0000\*.tmp -> ]
[1 C:\Windows\inf\Intel Storage Counters\0005\*.tmp files -> C:\Windows\inf\Intel Storage Counters\0005\*.tmp -> ]
[1 C:\Windows\inf\Intel Storage Counters\0009\*.tmp files -> C:\Windows\inf\Intel Storage Counters\0009\*.tmp -> ]
[1 C:\Windows\inf\Intel Storage Counters\001B\*.tmp files -> C:\Windows\inf\Intel Storage Counters\001B\*.tmp -> ]
[42 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] /64
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] /64
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] /64
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion] /64
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut] /64
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9] /64
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] /64
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] /64
Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
Zamčeno

Zpět na „Preventivní kontroly logů“