OTL logfile created on: 26. 10. 2016 19:26:43 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy
4,00 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 51,35% Memory free
9,99 Gb Paging File | 7,65 Gb Available in Paging File | 76,53% Paging File free
Paging file location(s): c:\pagefile.sys 6141 6141 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 130,61 Gb Total Space | 17,00 Gb Free Space | 13,01% Space Free | Partition Type: NTFS
Drive D: | 101,97 Gb Total Space | 29,57 Gb Free Space | 28,99% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2016/10/26 19:20:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL.exe
PRC - [2016/10/26 18:21:30 | 003,450,048 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_205.exe
PRC - [2016/10/21 19:47:39 | 000,509,384 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2016/08/08 18:20:18 | 008,900,328 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2016/07/14 16:35:04 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2016/07/09 12:21:48 | 000,197,128 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/03/14 23:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
========== Modules (No Company Name) ==========
MOD - [2016/10/26 18:21:29 | 019,637,440 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll
MOD - [2016/07/09 12:21:56 | 048,936,448 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2016/07/09 12:21:49 | 000,479,288 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\ffl2.dll
MOD - [2016/07/09 12:21:48 | 000,146,232 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
MOD - [2010/01/30 03:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
========== Services (SafeList) ==========
SRV:64bit: - [2016/07/09 12:21:48 | 000,197,128 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2015/11/30 11:55:50 | 001,368,408 | ---- | M] (Disc Soft Ltd) [On_Demand | Stopped] -- C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe -- (Disc Soft Lite Bus Service)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2016/10/26 18:21:31 | 000,270,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2016/10/21 19:47:39 | 000,172,488 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2016/10/13 03:58:30 | 001,459,488 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2016/09/20 12:54:54 | 000,324,224 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2016/07/14 16:35:04 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/03/15 07:53:06 | 001,266,464 | R--- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/03/14 23:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2016/08/05 10:51:02 | 000,292,704 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswvmm.sys -- (aswVmm)
DRV:64bit: - [2016/07/14 09:40:29 | 000,473,592 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2016/07/09 12:22:01 | 000,162,904 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2016/07/09 12:22:01 | 000,108,304 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2016/07/09 12:22:01 | 000,074,544 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2016/07/09 12:22:00 | 000,037,656 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2016/07/09 12:21:58 | 000,103,064 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2016/07/09 12:21:40 | 001,070,904 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2016/07/09 12:21:39 | 000,037,144 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2015/12/29 20:45:43 | 000,046,392 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtliteusbbus.sys -- (dtliteusbbus)
DRV:64bit: - [2015/12/29 20:45:16 | 000,030,264 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtlitescsibus.sys -- (dtlitescsibus)
DRV:64bit: - [2012/12/19 07:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/07/14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1906443015-4026824225-2091223967-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1906443015-4026824225-2091223967-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sk
IE - HKU\S-1-5-21-1906443015-4026824225-2091223967-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 81 4E 8F 23 23 D2 01 [binary data]
IE - HKU\S-1-5-21-1906443015-4026824225-2091223967-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1906443015-4026824225-2091223967-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-1906443015-4026824225-2091223967-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.countryCode: "SK"
FF - prefs.js..browser.search.region: "SK"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:49.0.2
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2016/07/09 12:22:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2016/07/09 12:22:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\sp@avast.com: C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016/07/09 12:22:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 49.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 49.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 49.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 49.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2015/12/19 17:06:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2016/10/26 18:39:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\8b1g0pcy.default\extensions
[2016/07/13 13:14:58 | 000,000,000 | ---D | M] (Seznam lištička) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\8b1g0pcy.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
[2016/10/26 18:39:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\8b1g0pcy.default\extensions\trash
[2016/10/26 18:39:09 | 001,054,969 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\8b1g0pcy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2016/04/28 19:28:51 | 001,036,367 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\8b1g0pcy.default\extensions\trash\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2016/10/24 16:54:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
========== Chrome ==========
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig\1.3.14_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd\1.2.14_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\11.1.0.955_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\8.4.0.9162_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak\1.7.13_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
O1 HOSTS File: ([2015/12/29 22:36:06 | 000,000,826 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1906443015-4026824225-2091223967-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_185_Plugin.exe -update plugin File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62553CF7-C999-48C3-9081-6B4D819B8CAA}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5425159c-deed-11e5-bc2f-00215a7343c5}\Shell - "" = AutoRun
O33 - MountPoints2\{5425159c-deed-11e5-bc2f-00215a7343c5}\Shell\AutoRun\command - "" = L:\Setup.exe
O33 - MountPoints2\{6de9eca8-b138-11e5-866a-00215a7343c5}\Shell - "" = AutoRun
O33 - MountPoints2\{6de9eca8-b138-11e5-866a-00215a7343c5}\Shell\AutoRun\command - "" = J:\setup.exe
O33 - MountPoints2\{e23c58ab-af9d-11e5-ac66-00215a7343c5}\Shell - "" = AutoRun
O33 - MountPoints2\{e23c58ab-af9d-11e5-ac66-00215a7343c5}\Shell\AutoRun\command - "" = K:\Autorun.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = Call of Duty - Black Ops.part01.exe
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
System Restore Service not available.
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 30 Days ==========
[2016/10/25 13:59:38 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2016/10/25 13:59:38 | 000,000,000 | ---D | C] -- C:\rsit
[2016/10/24 20:36:39 | 000,000,000 | ---D | C] -- C:\UsbFix
[2016/10/22 17:36:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Electronic Arts
[2016/10/22 17:14:30 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Electronic Arts
[2016/10/22 17:14:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2016/10/22 09:43:46 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2016/10/21 16:31:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2016/10/17 19:04:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2016/10/12 17:38:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2016/10/12 17:38:06 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2016/10/09 15:57:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BioShock Infinite - SK
[2016/10/09 15:57:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BioShock Infinite - SK
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2016/10/26 19:29:20 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2016/10/26 19:21:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2016/10/26 19:14:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2016/10/26 18:29:02 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\update-sys.job
[2016/10/26 18:21:30 | 000,796,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2016/10/26 18:21:30 | 000,142,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2016/10/26 17:18:00 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-1906443015-4026824225-2091223967-1001.job
[2016/10/26 15:44:52 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2016/10/26 15:44:52 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2016/10/26 15:38:03 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2016/10/26 15:37:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016/10/26 15:37:26 | 3220,033,536 | -HS- | M] () -- C:\hiberfil.sys
[2016/10/25 14:23:42 | 000,002,195 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2016/10/24 20:55:13 | 000,791,434 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2016/10/24 20:55:13 | 000,660,218 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2016/10/24 20:55:13 | 000,124,408 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2016/10/22 17:22:26 | 000,002,069 | ---- | M] () -- C:\Users\Public\Desktop\Dead Space™.lnk
[2016/10/21 16:30:52 | 000,000,964 | ---- | M] () -- C:\Users\User\Desktop\Crysis 3.lnk
[2016/10/09 15:51:12 | 000,000,916 | ---- | M] () -- C:\Users\User\Desktop\BioShock Infinite.lnk
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2016/10/26 19:29:20 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2016/10/22 17:22:26 | 000,002,069 | ---- | C] () -- C:\Users\Public\Desktop\Dead Space™.lnk
[2016/10/21 16:30:52 | 000,000,964 | ---- | C] () -- C:\Users\User\Desktop\Crysis 3.lnk
[2016/10/09 15:51:12 | 000,000,916 | ---- | C] () -- C:\Users\User\Desktop\BioShock Infinite.lnk
[2016/08/04 18:33:10 | 000,000,097 | ---- | C] () -- C:\Users\User\AppData\Roaming\LauncherSettings_live.cfg
[2016/08/01 19:48:42 | 000,011,097 | ---- | C] () -- C:\Users\User\AppData\Roaming\TheHunterSettings_live.bin
[2016/08/01 19:40:52 | 000,000,042 | ---- | C] () -- C:\Users\User\AppData\Roaming\TheHunterSettings_local.cfg
[2016/08/01 13:15:34 | 000,007,321 | ---- | C] () -- C:\Users\User\AppData\Roaming\TheHunterPrimevalSettings_live.bin
[2016/07/28 19:01:53 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2016/07/27 10:39:14 | 000,000,016 | ---- | C] () -- C:\ProgramData\mntemp
[2016/07/14 15:51:28 | 000,000,092 | ---- | C] () -- C:\Users\User\AppData\Local\fusioncache.dat
[2016/06/25 15:28:26 | 000,798,942 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2016/06/21 17:29:57 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2016/06/21 17:29:55 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2016/06/15 17:00:06 | 000,010,255 | ---- | C] () -- C:\ProgramData\regid.2011-06.com.youtubebyclick_3C521B99-9ACE-47EA-AC9F-26075467D03B.swidtag
[2015/12/29 22:35:22 | 000,000,424 | ---- | C] () -- C:\Users\User\AppData\Local\UserProducts.xml
========== ZeroAccess Check ==========
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009/07/14 03:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/14 03:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2016/01/26 16:07:19 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\AVAST Software
[2016/08/20 13:10:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Aliens vs. Predator
[2015/12/29 20:58:37 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\AVAST Software
[2016/01/08 17:12:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BSplayer
[2015/12/29 20:22:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BSplayer Pro
[2016/10/21 15:51:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Lite
[2016/06/18 09:33:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GHISLER
[2015/12/30 11:27:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\RPEng
[2016/01/26 16:03:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Seznam.cz
[2016/05/07 15:53:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\The Creative Assembly
[2016/08/04 18:30:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\theHunter
[2016/08/01 13:10:56 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\theHunterPrimal
[2016/06/21 17:07:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ubisoft
[2016/10/21 20:03:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent
[2016/06/25 15:36:07 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\YouTubeByClick
========== Purity Check ==========
========== Custom Scans ==========
< >
[2009/07/14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 07:08:49 | 000,032,600 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2015/12/29 20:39:08 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2015/12/29 21:02:50 | 000,000,932 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2015/12/29 21:02:53 | 000,000,936 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2015/12/29 22:35:21 | 000,000,386 | ---- | C] () -- C:\Windows\Tasks\update-sys.job
[2015/12/29 22:35:22 | 000,000,386 | ---- | C] () -- C:\Windows\Tasks\update-S-1-5-21-1906443015-4026824225-2091223967-1001.job
< >
< MD5 for: ATAPI.SYS >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\SysWOW64\autochk.exe
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009/07/14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\SysNative\autochk.exe
[2009/07/14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
< MD5 for: CDROM.SYS >
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\drivers\cdrom.sys
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
< MD5 for: EXPLORER.EXE >
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\SysWOW64\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\explorer.exe
[2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
< MD5 for: HAL.DLL >
[2009/07/14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\SysNative\hal.dll
[2009/07/14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
< MD5 for: SCECLI.DLL >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
< MD5 for: SERVICES.EXE >
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: TCPIP.SYS >
[2009/07/14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\SysNative\drivers\tcpip.sys
[2009/07/14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
< MD5 for: USERINIT.EXE >
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\SysNative\winlogon.exe
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
< >
< %systemroot%*.* /U /s >
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[3 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[5 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]
[1 C:\Windows\Temp\_avast_\*.tmp files -> C:\Windows\Temp\_avast_\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2015/12/29 20:43:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Adobe
[2016/08/20 13:10:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Aliens vs. Predator
[2015/12/29 20:58:37 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\AVAST Software
[2016/01/08 17:12:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BSplayer
[2015/12/29 20:22:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BSplayer Pro
[2016/10/21 15:51:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Lite
[2016/06/18 09:33:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GHISLER
[2015/12/19 16:19:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Identities
[2016/06/18 17:24:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\InstallShield
[2015/12/29 20:43:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Macromedia
[2009/07/14 09:54:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Media Center Programs
[2016/07/06 10:40:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Microsoft
[2016/01/04 18:52:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Microsoft Game Studios
[2015/12/19 17:06:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla
[2016/01/25 19:17:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\NVIDIA
[2015/12/30 11:27:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\RPEng
[2016/07/14 15:45:07 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SecuROM
[2016/01/26 16:03:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Seznam.cz
[2016/10/21 19:15:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Skype
[2016/05/07 15:53:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\The Creative Assembly
[2016/08/04 18:30:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\theHunter
[2016/08/01 13:10:56 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\theHunterPrimal
[2016/06/21 17:07:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ubisoft
[2016/10/21 20:03:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent
[2015/12/30 17:19:52 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WinRAR
[2016/06/25 15:36:07 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\YouTubeByClick
< %APPDATA%\*.exe /s >
[2016/08/20 11:05:33 | 001,291,115 | ---- | M] () -- C:\Users\User\AppData\Roaming\Aliens vs. Predator\Uninstall\unins000.exe
[2015/12/30 11:27:53 | 000,000,000 | ---- | M] () -- C:\Users\User\AppData\Roaming\RPEng\A98AD97646B74373A772C5BF32CB864D\dhi1006.exe
[2016/09/14 15:17:58 | 002,139,840 | ---- | M] (BitTorrent Inc.) -- C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
[2015/12/30 11:23:46 | 002,026,520 | ---- | M] (BitTorrent Inc.) -- C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.5_41372.exe
[2016/02/11 16:04:57 | 002,065,944 | ---- | M] (BitTorrent Inc.) -- C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.5_41712.exe
[2016/03/05 10:39:55 | 002,094,080 | ---- | M] (BitTorrent Inc.) -- C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.5_41865.exe
[2016/04/09 09:44:46 | 001,959,424 | ---- | M] (BitTorrent Inc.) -- C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.6_42094.exe
[2016/05/29 20:15:28 | 002,133,504 | ---- | M] (BitTorrent Inc.) -- C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.7_42330.exe
[2016/08/11 18:43:38 | 001,972,224 | ---- | M] (BitTorrent Inc.) -- C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.8_42449.exe
[2016/09/14 15:17:58 | 002,139,840 | ---- | M] (BitTorrent Inc.) -- C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.8_42576.exe
[2015/12/30 11:28:08 | 000,336,896 | ---- | M] (BitTorrent Inc.) -- C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
[2016/02/11 20:39:42 | 000,335,872 | ---- | M] (BitTorrent Inc.) -- C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.5_41712\utorrentie.exe
[2016/03/05 16:04:14 | 000,335,872 | ---- | M] (BitTorrent Inc.) -- C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe
[2016/04/09 13:31:40 | 000,340,480 | ---- | M] (BitTorrent Inc.) -- C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.6_42094\utorrentie.exe
[2016/05/30 15:30:26 | 000,387,072 | ---- | M] (BitTorrent Inc.) -- C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe
[2016/08/16 11:40:36 | 000,387,072 | ---- | M] (BitTorrent Inc.) -- C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe
[2016/09/15 10:02:43 | 000,387,072 | ---- | M] (BitTorrent Inc.) -- C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.8_42576\utorrentie.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job >
[2016/10/26 19:21:00 | 000,000,830 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2016/10/26 15:38:03 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2016/10/26 19:14:00 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2016/10/26 17:18:00 | 000,000,386 | ---- | M] () -- C:\Windows\Tasks\update-S-1-5-21-1906443015-4026824225-2091223967-1001.job
[2016/10/26 18:29:02 | 000,000,386 | ---- | M] () -- C:\Windows\Tasks\update-sys.job
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2016/10/26 18:21:30 | 000,796,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerApp.exe
[2016/10/26 18:21:30 | 000,142,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerCPLApp.cpl
< %SYSTEMDRIVE%\*.exe >
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
< >
< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2016/10/21 19:47:39 | 000,509,384 | ---- | M] (Mozilla Corporation) MD5=BD30EA1B259469D88BD20D141104F951 -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2009/07/14 03:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
< %PROGRAMFILES%\Opera\opera.exe /md5 >
< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2016/10/20 10:47:20 | 000,921,704 | ---- | M] (Google Inc.) MD5=D07D7BC13E6C433593EB476A3BEF99E8 -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
< >
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2016/10/26 19:29:20 | 000,000,512 | ---- | M] () MD5=DFF41203E1C1B5AE315ED8A1F474C698 -- C:\PhysicalMBR.bin
< >
< *crack* /s >
[2016/07/27 14:49:46 | 000,096,860 | ---- | M] () -- \Counter-Strike 1.6\cstrike\models\p_firecracker.mdl
[2016/07/27 14:49:47 | 000,065,492 | ---- | M] () -- \Counter-Strike 1.6\cstrike\models\shell_firecracker.mdl
[2016/07/27 14:49:45 | 001,034,940 | ---- | M] () -- \Counter-Strike 1.6\cstrike\models\v_firecracker.mdl
[2016/07/27 14:49:47 | 000,095,396 | ---- | M] () -- \Counter-Strike 1.6\cstrike\models\w_firecracker.mdl
[2016/07/27 14:41:02 | 000,060,264 | ---- | M] () -- \Counter-Strike 1.6\cstrike\sound\weapons\firecracker-1.wav
[2016/07/27 14:41:03 | 000,054,056 | ---- | M] () -- \Counter-Strike 1.6\cstrike\sound\weapons\firecracker-2.wav
[2016/07/27 14:41:04 | 000,025,802 | ---- | M] () -- \Counter-Strike 1.6\cstrike\sound\weapons\firecracker-wick.wav
[2016/07/27 14:41:03 | 000,009,662 | ---- | M] () -- \Counter-Strike 1.6\cstrike\sound\weapons\firecracker_bounce1.wav
[2016/07/27 14:41:03 | 000,007,380 | ---- | M] () -- \Counter-Strike 1.6\cstrike\sound\weapons\firecracker_bounce2.wav
[2016/07/27 14:41:03 | 000,008,318 | ---- | M] () -- \Counter-Strike 1.6\cstrike\sound\weapons\firecracker_bounce3.wav
[2016/07/27 14:41:03 | 000,012,788 | ---- | M] () -- \Counter-Strike 1.6\cstrike\sound\weapons\firecracker_draw.wav
[2016/07/27 14:41:04 | 000,051,978 | ---- | M] () -- \Counter-Strike 1.6\cstrike\sound\weapons\firecracker_explode.wav
[2016/10/22 17:12:23 | 000,000,705 | ---- | M] () -- \Users\User\AppData\Roaming\Microsoft\Windows\Recent\CRACK + SERIAL.lnk
[2016/10/21 19:46:41 | 000,000,729 | ---- | M] () -- \Users\User\AppData\Roaming\Microsoft\Windows\Recent\crysis-3-crack-skidrow-download.lnk
[2016/10/21 19:48:39 | 000,000,704 | ---- | M] () -- \Users\User\AppData\Roaming\Microsoft\Windows\Recent\Crysis-3-crack-skidrow.rar.lnk
[2016/10/22 10:34:33 | 000,000,759 | ---- | M] () -- \Users\User\AppData\Roaming\Microsoft\Windows\Recent\Dead-Space-1-CZ-Crack+CDkey-pix.part1.lnk
[2016/10/22 12:45:49 | 000,000,759 | ---- | M] () -- \Users\User\AppData\Roaming\Microsoft\Windows\Recent\Dead-Space-1-CZ-Crack+CDkey-pix.part2.lnk
[2016/10/22 16:22:35 | 000,000,759 | ---- | M] () -- \Users\User\AppData\Roaming\Microsoft\Windows\Recent\Dead-Space-1-CZ-Crack+CDkey-pix.part3.lnk
[2016/10/22 17:03:32 | 000,000,759 | ---- | M] () -- \Users\User\AppData\Roaming\Microsoft\Windows\Recent\Dead-Space-1-CZ-Crack+CDkey-pix.part4.lnk
[2016/10/21 19:53:13 | 000,000,704 | ---- | M] () -- \Users\User\AppData\Roaming\Microsoft\Windows\Recent\patch Crysis 3 - Crack Fix.lnk
[2016/10/23 15:25:01 | 000,000,704 | ---- | M] () -- \Users\User\AppData\Roaming\Microsoft\Windows\Recent\patch-Crysis-3---Crack-Fix.lnk
[2016/07/14 16:39:00 | 000,003,038 | ---- | M] () -- \Users\User\AppData\Roaming\uTorrent\Crysis Crack 64bit (Works In Win7 64bit).1.torrent
[2016/07/14 16:44:40 | 000,003,038 | ---- | M] () -- \Users\User\AppData\Roaming\uTorrent\Crysis Crack 64bit (Works In Win7 64bit).2.torrent
[2016/07/13 16:41:58 | 000,003,038 | ---- | M] () -- \Users\User\AppData\Roaming\uTorrent\Crysis Crack 64bit (Works In Win7 64bit).torrent
[2016/10/21 19:56:54 | 000,003,482 | ---- | M] () -- \Users\User\AppData\Roaming\uTorrent\Crysis.3.Crackfix.INTERNAL-RELOADED.torrent
[2016/10/22 10:34:32 | 2147,483,648 | ---- | M] () -- \Users\User\Downloads\Dead-Space-1-CZ-Crack+CDkey-pix.part1.rar
[2016/10/22 12:45:49 | 2147,483,648 | ---- | M] () -- \Users\User\Downloads\Dead-Space-1-CZ-Crack+CDkey-pix.part2.rar
[2016/10/22 16:22:34 | 2147,483,648 | ---- | M] () -- \Users\User\Downloads\Dead-Space-1-CZ-Crack+CDkey-pix.part3.rar
[2016/10/22 17:03:32 | 071,153,857 | ---- | M] () -- \Users\User\Downloads\Dead-Space-1-CZ-Crack+CDkey-pix.part4.rar
< *keygen* /s >
< *loader* /s >
[2003/09/15 14:02:00 | 000,169,384 | ---- | M] () -- \Counter-Strike 1.6\cstrike\models\qloader.mdl
[2003/09/15 13:55:50 | 000,352,548 | ---- | M] () -- \Counter-Strike 1.6\valve\models\loader.mdl
[2003/09/15 13:56:04 | 000,012,764 | ---- | M] () -- \Counter-Strike 1.6\valve\sound\ambience\loader_hydra1.wav
[2003/09/15 13:56:04 | 000,012,164 | ---- | M] () -- \Counter-Strike 1.6\valve\sound\ambience\loader_step1.wav
[2006/10/26 14:40:34 | 000,057,344 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006/10/26 14:40:34 | 000,005,120 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2010/03/24 21:12:34 | 000,249,680 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll
[2010/03/24 21:12:34 | 000,018,264 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2016/09/24 11:49:22 | 000,019,136 | ---- | M] () -- \Program Files (x86)\Mozilla Firefox\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/01 10:32:14 | 000,057,224 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2012/11/01 10:32:44 | 000,065,416 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader64.dll
[2012/09/05 00:34:12 | 000,083,848 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader.dll
[2012/09/05 00:34:12 | 000,088,968 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader64.dll
[2016/07/11 14:46:36 | 000,261,784 | ---- | M] () -- \Program Files (x86)\Skillbrains\lightshot\5.4.0.1\uploader.dll
[2014/12/10 02:17:20 | 000,001,701 | ---- | M] () -- \Program Files (x86)\Steam\friends\broadcastuploaderrornotification.res
[2013/07/20 04:18:04 | 000,007,825 | ---- | M] () -- \Program Files (x86)\Steam\remoteui\static\libs\images\ajax-loader.gif
[2016/08/21 12:03:15 | 000,169,384 | ---- | M] () -- \Program Files (x86)\Steam\steamapps\common\Half-Life\cstrike\models\qloader.mdl
[2016/08/20 11:23:35 | 000,352,548 | ---- | M] () -- \Program Files (x86)\Steam\steamapps\common\Half-Life\valve\models\loader.mdl
[2016/08/20 11:22:09 | 000,012,764 | ---- | M] () -- \Program Files (x86)\Steam\steamapps\common\Half-Life\valve\sound\ambience\loader_hydra1.wav
[2016/08/20 11:25:35 | 000,012,164 | ---- | M] () -- \Program Files (x86)\Steam\steamapps\common\Half-Life\valve\sound\ambience\loader_step1.wav
[2016/07/09 12:21:47 | 000,090,040 | ---- | M] () -- \Program Files\AVAST Software\Avast\aswWrcIELoader32.exe
[2016/07/09 12:21:47 | 000,109,344 | ---- | M] () -- \Program Files\AVAST Software\Avast\aswWrcIELoader64.exe
[2016/07/09 12:21:35 | 000,060,128 | ---- | M] () -- \Program Files\AVAST Software\Avast\ie_loader.exe
[2016/07/09 12:21:50 | 000,019,136 | ---- | M] () -- \Program Files\AVAST Software\Avast\setup\CRT\data\avast.vc140.crt\amd64\api-ms-win-core-libraryloader-l1-1-0.dll
[2016/07/09 12:21:51 | 000,019,136 | ---- | M] () -- \Program Files\AVAST Software\Avast\setup\CRT\data\avast.vc140.crt\x86\api-ms-win-core-libraryloader-l1-1-0.dll
[2016/07/09 12:21:36 | 000,067,832 | ---- | M] () -- \Program Files\AVAST Software\Avast\x64\ie_loader.exe
[2016/06/17 15:21:02 | 001,400,612 | ---- | M] () -- \Program Files\AVAST Software\SZBrowser\1.48.2066.114\resources\bundled_extensions\video-downloader.crx
[2016/09/06 13:04:17 | 001,406,200 | ---- | M] () -- \Program Files\AVAST Software\SZBrowser\1.51.2220.62\resources\bundled_extensions\video-downloader.crx
[2016/09/06 13:04:17 | 001,406,200 | ---- | M] () -- \Program Files\AVAST Software\SZBrowser\resources\bundled_extensions\video-downloader.crx
[2010/03/24 21:35:48 | 000,370,512 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll
[2010/03/24 21:35:48 | 000,018,264 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2015/11/18 15:16:00 | 000,062,968 | ---- | M] () -- \Program Files\WinRAR\Ace32Loader.exe
[2016/10/24 20:55:51 | 000,021,288 | ---- | M] () -- \Windows\Prefetch\ASWWRCIELOADER32.EXE-F211C07F.pf
[2016/10/24 20:55:51 | 000,018,904 | ---- | M] () -- \Windows\Prefetch\ASWWRCIELOADER64.EXE-49148940.pf
[2009/09/30 18:39:46 | 002,199,375 | R--- | M] () -- \Windows\Setup\SCRIPTS\Windows7Loader.exe
[2009/07/14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009/07/14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2016/02/24 17:57:10 | 000,019,136 | ---- | M] () -- \Windows\winsxs\amd64_avast.vc140.crt_fcc99ee6193ebbca_14.0.23506.0_none_545784f92070b665\api-ms-win-core-libraryloader-l1-1-0.dll
[2016/04/04 17:58:09 | 000,019,136 | ---- | M] () -- \Windows\winsxs\amd64_avast.vc140.crt_fcc99ee6193ebbca_14.0.23918.0_none_53c8344321b452ba\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 03:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009/07/14 03:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 09:44:39 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a.manifest
[2009/07/14 09:44:39 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winload.efi.mui_35ee487d
[2009/07/14 09:44:39 | 000,033,344 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winload.exe.mui_3bc5b827
[2009/07/14 09:44:39 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winresume.efi.mui_f412814e
[2009/07/14 09:44:39 | 000,029,760 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winresume.exe.mui_ff8b5358
[2009/07/14 04:58:45 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef.manifest
[2009/07/14 04:58:45 | 000,641,088 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef_winload.efi_75834aa0
[2009/07/14 04:58:45 | 000,604,192 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef_winload.exe_75835076
[2009/07/14 04:58:45 | 000,557,136 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef_winresume.efi_85cd069f
[2009/07/14 04:58:45 | 000,518,352 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef_winresume.exe_85cd1215
[2009/07/14 04:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009/07/14 04:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2009/07/14 09:43:41 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a.manifest
[2009/07/14 04:13:42 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef.manifest
[2009/07/14 04:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2016/02/24 17:57:10 | 000,019,136 | ---- | M] () -- \Windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.23506.0_none_9c04bbd034ecdf6b\api-ms-win-core-libraryloader-l1-1-0.dll
[2016/04/04 17:58:05 | 000,019,136 | ---- | M] () -- \Windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.23918.0_none_9b756b1a36307bc0\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009/07/14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
< End of report >
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Vírus
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119672
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vírus
Rudy píše:Jak je na tom váš oper. systém s legalitou?
Co potom v systému dělá nelegální aktivátor?Boris píše:zatial pohodetakže je všetko poriadku?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
Rudy
- Site Admin
- Příspěvky: 119672
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vírus
Pokud jste to nepochopil, váš oper. systém je nelegální navzdory tomu, že vy tvrdíte, že je OK. Je vidět, že jste nečetl pravidla fóra: http://forum.viry.cz/viewtopic.php?f=12&t=115512 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
Rudy
- Site Admin
- Příspěvky: 119672
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vírus
To ale není naše chyba. Alespoň já, pokud někam vstupuji, ověřím si, co je v daném místě dovoleno a co ne. Pokud jsem reagoval ostře, pak jen proto, že jste zcela pominul můj příspěvek:Boris píše:Ja som nevedel že sú tu pravidlá a že nemôžem mať taký sofware
a ptal jste se na něco zcela jiného. Navíc jste lhal, že máte OS v pořádku.Rudy píše:
Jak je na tom váš oper. systém s legalitou?
Boris píše:
zatial pohode
Co potom v systému dělá nelegální aktivátor?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
Rudy
- Site Admin
- Příspěvky: 119672
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vírus
Vy vůbec nemáte OS v pořádku, vy ho máte nelegální. Pokud chcete přeložit do slovenštiny to, co je psáno v pravidlech, klidně to udělám. Je tam jasně řečeno, že ten kdo má nelegální (tj. upravovaný oper. systém), nemá na tomto fóru nárok, aby byly řešeny jeho problémy. Jsme fórum s mezinárodní akreditací a nepřejeme si nějakou mezinárodní ostudu, že tu napomáháme IT kriminalitě a navíc uprvovaný OS se při čištění chová jinak, než ten originální. To bychom pak ještě mohli řešit jeho opravu po zhroucení.
Podtrženo a sečteno, váš problém já a ani jiný rádce na tomto fóru řešit nebude.
Podtrženo a sečteno, váš problém já a ani jiný rádce na tomto fóru řešit nebude.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
a ďakujme za pomoc.-
Rudy
- Site Admin
- Příspěvky: 119672
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vírus
Neuškodil jste nijak, měl jste si ale přečíst pravidla. To že jste nevěděl, že nemáte legální OS považuji ale za výmluvu. Přece víte, že oper. systém je placený.Čili pokud jste za něj nazaplatil a máte ho, logicky není legální. Nemáte zač.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
Rudy
- Site Admin
- Příspěvky: 119672
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vírus
Nechme toho. Ve vyúčtování by měla být položka za oper. systém uvedena.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?