VIRY.CZ

žádná změna

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5 

*crack* /s
*keygen* /s
*loader* /s

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku

OTL logfile created on: 4.1.2013 12:13:38 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\James\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

7,98 Gb Total Physical Memory | 6,11 Gb Available Physical Memory | 76,50% Memory free
15,96 Gb Paging File | 13,76 Gb Available in Paging File | 86,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148,95 Gb Total Space | 108,50 Gb Free Space | 72,85% Space Free | Partition Type: NTFS
Drive D: | 186,30 Gb Total Space | 68,25 Gb Free Space | 36,63% Space Free | Partition Type: NTFS

Computer Name: JAMES-PC | User Name: James | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2013.01.04 12:10:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\James\Desktop\OTL.exe
PRC - [2012.12.24 23:23:45 | 001,354,736 | ---- | M] (Valve Corporation) -- D:\Steam\Steam.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.12.05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012.12.03 16:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.11.30 22:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.08 14:39:22 | 000,026,016 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2010.11.20 04:17:56 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

========== Modules (No Company Name) ==========

MOD - [2012.12.24 23:25:29 | 000,647,168 | ---- | M] () -- D:\Steam\sdl.dll
MOD - [2012.12.24 23:25:28 | 020,320,240 | ---- | M] () -- D:\Steam\bin\libcef.dll
MOD - [2012.12.24 23:25:28 | 001,100,800 | ---- | M] () -- D:\Steam\bin\avcodec-53.dll
MOD - [2012.12.24 23:25:28 | 000,969,280 | ---- | M] () -- D:\Steam\bin\chromehtml.dll
MOD - [2012.12.24 23:25:28 | 000,192,000 | ---- | M] () -- D:\Steam\bin\avformat-53.dll
MOD - [2012.12.24 23:25:28 | 000,124,416 | ---- | M] () -- D:\Steam\bin\avutil-51.dll
MOD - [2012.12.05 02:15:15 | 012,456,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
MOD - [2012.12.05 02:15:15 | 000,460,904 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll
MOD - [2012.12.05 02:15:14 | 004,008,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
MOD - [2012.12.05 02:14:29 | 000,587,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libglesv2.dll
MOD - [2012.12.05 02:14:28 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libegl.dll
MOD - [2012.12.05 02:14:21 | 000,157,304 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avutil-51.dll
MOD - [2012.12.05 02:14:20 | 000,275,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avformat-54.dll
MOD - [2012.12.05 02:14:19 | 002,168,952 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012.11.14 12:00:10 | 000,678,416 | ---- | M] () [Auto | Running] -- C:\Program Files\EslWire\service\WireHelperSvc.exe -- (EslWireHelper)
SRV:64bit: - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012.05.04 12:33:20 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.12.27 01:13:24 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.24 23:25:28 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.03 16:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.11.30 22:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.11.29 09:26:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.12.29 22:58:32 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.11.14 11:59:58 | 000,160,784 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC)
DRV:64bit: - [2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.10.15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.05.04 12:33:12 | 002,196,592 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.08.23 14:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.07.29 04:40:00 | 000,079,104 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011.07.29 04:40:00 | 000,056,960 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - SOFTWARE\Classes\CLSID\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2998107535-2503329283-2762459063-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2998107535-2503329283-2762459063-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-2998107535-2503329283-2762459063-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B7473b6bd-4691-4744-a82b-7854eb3d70b6%7D:10.13.40.15
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.12.25 02:06:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 00:47:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012.12.27 00:47:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Extensions
[2012.12.29 17:31:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\a6h6pa1t.default\extensions
[2012.12.29 17:31:56 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\a6h6pa1t.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2012.12.27 00:47:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.11.29 09:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.29 12:32:34 | 000,002,208 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\heureka-cz.xml
[2012.11.29 12:32:34 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml
[2012.11.29 12:32:34 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\seznam-cz.xml
[2012.11.29 12:32:34 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\slunecnice-cz.xml
[2012.11.29 12:32:35 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-cz.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U10 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java Deployment Toolkit 7.0.100.18 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: YouTube = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: AdBlock = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.54_0\
CHR - Extension: avast! WebRep = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: FVD Speed Dial 3D Wall, New Tab Page Launcher = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgeoanibcknhniccgaoaiolihidecjn\1.0.0_0\
CHR - Extension: FVD Speed Dial - 3D Wall, Sync, New Tab Page = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\llaficoajjainaijghjlofdfmbjpebpa\3.1.5_0\
CHR - Extension: Gmail = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013.01.03 18:02:43 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKU\S-1-5-21-2998107535-2503329283-2762459063-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2998107535-2503329283-2762459063-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2998107535-2503329283-2762459063-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2998107535-2503329283-2762459063-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2998107535-2503329283-2762459063-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2998107535-2503329283-2762459063-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.96.167.50 212.96.167.18 89.190.50.18
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30D303E7-1187-4EDC-AF63-DF64DE87EA06}: DhcpNameServer = 212.96.167.50 212.96.167.18 89.190.50.18
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Program Files (x86)\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2013.01.04 12:11:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\James\Desktop\OTL.exe
[2013.01.03 18:03:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.01.03 18:00:40 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.01.03 17:16:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.01.03 17:16:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.01.03 17:16:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.01.03 17:16:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.03 17:16:12 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.01.03 17:13:17 | 005,018,515 | R--- | C] (Swearware) -- C:\Users\James\Desktop\ComboFix.exe
[2013.01.03 17:11:51 | 000,000,000 | ---D | C] -- C:\Users\James\Desktop\rkill
[2013.01.03 17:11:29 | 001,754,528 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\James\Desktop\rkill.com
[2013.01.03 16:27:14 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2013.01.03 16:27:14 | 000,000,000 | ---D | C] -- C:\rsit
[2013.01.03 15:36:29 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Malwarebytes
[2013.01.03 15:36:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.03 15:36:21 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.03 15:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.03 15:36:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.03 13:47:56 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Uniblue
[2013.01.03 13:47:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2013.01.03 13:47:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2012.12.31 15:40:00 | 000,160,784 | ---- | C] (<Turtle Entertainment>) -- C:\Windows\SysNative\drivers\ESLWireACD.sys
[2012.12.31 15:39:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESL Wire
[2012.12.31 15:39:54 | 000,000,000 | ---D | C] -- C:\Program Files\EslWire
[2012.12.31 15:39:54 | 000,000,000 | ---D | C] -- C:\ProgramData\ESL Wire
[2012.12.31 12:19:22 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\.minecraft
[2012.12.31 12:18:44 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\James\Desktop\mc.exe
[2012.12.29 22:59:53 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\TuneUp Software
[2012.12.29 22:59:37 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.12.29 22:59:27 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012.12.29 22:59:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.12.29 22:58:32 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012.12.29 22:58:28 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\DAEMON Tools Lite
[2012.12.29 22:58:27 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\OpenCandy
[2012.12.29 22:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2012.12.29 22:57:19 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012.12.29 17:31:58 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\CRE
[2012.12.29 17:31:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012.12.29 17:31:52 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\Conduit
[2012.12.29 17:31:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrentControl_v2
[2012.12.29 17:30:26 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012.12.29 17:29:32 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\uTorrent

========== Files - Modified Within 7 Days ==========

[2013.01.04 12:15:11 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013.01.04 12:10:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\James\Desktop\OTL.exe
[2013.01.04 11:52:00 | 000,000,950 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.04 11:40:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.04 06:58:46 | 000,004,306 | ---- | M] () -- C:\Users\James\Desktop\i_m_back.png
[2013.01.04 02:33:43 | 000,041,447 | ---- | M] () -- C:\Users\James\Desktop\asd.png
[2013.01.03 22:52:00 | 000,000,946 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.03 20:21:32 | 000,074,624 | ---- | M] () -- C:\Users\James\Desktop\0cd61000e2440c5669c152e1ff7f1194f552d8c0_full.jpg
[2013.01.03 18:30:56 | 000,217,563 | ---- | M] () -- C:\Users\James\Desktop\Bez názvu.png
[2013.01.03 18:10:24 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.03 18:10:24 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.03 18:07:03 | 001,576,554 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.03 18:07:03 | 000,666,194 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2013.01.03 18:07:03 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.03 18:07:03 | 000,139,890 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2013.01.03 18:07:03 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.03 18:02:43 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.01.03 18:02:23 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2013.01.03 18:01:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.03 18:01:48 | 2132,729,855 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.03 17:13:32 | 005,018,515 | R--- | M] (Swearware) -- C:\Users\James\Desktop\ComboFix.exe
[2013.01.03 17:10:26 | 001,754,528 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\James\Desktop\rkill.com
[2013.01.03 13:47:56 | 000,001,217 | ---- | M] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2013.01.03 12:41:12 | 000,381,813 | ---- | M] () -- C:\Users\James\Desktop\476382_413626611993149_2117501949_o.jpg
[2013.01.03 12:41:06 | 000,705,259 | ---- | M] () -- C:\Users\James\Desktop\470567_413629321992878_1290529917_o.jpg
[2013.01.03 00:20:34 | 000,050,733 | ---- | M] () -- C:\Users\James\Desktop\184156_1885135854647_400349_n.jpg
[2013.01.02 15:39:02 | 000,003,584 | ---- | M] () -- C:\Users\James\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.02 15:19:04 | 000,199,106 | ---- | M] () -- C:\Users\James\Desktop\175678_4500483720914_1155376138_o.jpg
[2013.01.02 06:59:13 | 000,072,270 | ---- | M] () -- C:\Users\James\Desktop\avatar_dbk2.jpg
[2013.01.02 06:58:15 | 003,232,171 | ---- | M] () -- C:\Users\James\Desktop\avatar_dbk.psd
[2013.01.02 06:55:09 | 000,070,744 | ---- | M] () -- C:\Users\James\Desktop\avatar_dbk.jpg
[2013.01.02 06:52:25 | 000,011,257 | ---- | M] () -- C:\Users\James\Desktop\avatar_dbk.png
[2012.12.31 12:18:46 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Users\James\Desktop\mc.exe
[2012.12.29 23:47:49 | 000,000,008 | ---- | M] () -- C:\Windows\SysNative\SearchEngine.dat
[2012.12.29 22:58:32 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys

========== Files Created - No Company Name ==========

[2013.01.04 12:15:11 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013.01.04 06:58:46 | 000,004,306 | ---- | C] () -- C:\Users\James\Desktop\i_m_back.png
[2013.01.04 02:33:43 | 000,041,447 | ---- | C] () -- C:\Users\James\Desktop\asd.png
[2013.01.03 19:43:54 | 000,074,624 | ---- | C] () -- C:\Users\James\Desktop\0cd61000e2440c5669c152e1ff7f1194f552d8c0_full.jpg
[2013.01.03 17:16:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.01.03 17:16:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.01.03 17:16:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.01.03 17:16:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.01.03 17:16:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.01.03 17:01:00 | 000,217,563 | ---- | C] () -- C:\Users\James\Desktop\Bez názvu.png
[2013.01.03 13:47:59 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job
[2013.01.03 13:47:56 | 000,001,217 | ---- | C] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2013.01.03 12:41:11 | 000,381,813 | ---- | C] () -- C:\Users\James\Desktop\476382_413626611993149_2117501949_o.jpg
[2013.01.03 12:41:05 | 000,705,259 | ---- | C] () -- C:\Users\James\Desktop\470567_413629321992878_1290529917_o.jpg
[2013.01.03 00:20:32 | 000,050,733 | ---- | C] () -- C:\Users\James\Desktop\184156_1885135854647_400349_n.jpg
[2013.01.02 15:39:02 | 000,003,584 | ---- | C] () -- C:\Users\James\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.02 15:19:04 | 000,199,106 | ---- | C] () -- C:\Users\James\Desktop\175678_4500483720914_1155376138_o.jpg
[2013.01.02 06:58:08 | 000,072,270 | ---- | C] () -- C:\Users\James\Desktop\avatar_dbk2.jpg
[2013.01.02 06:50:29 | 000,011,257 | ---- | C] () -- C:\Users\James\Desktop\avatar_dbk.png
[2012.12.29 23:47:49 | 000,000,008 | ---- | C] () -- C:\Windows\SysNative\SearchEngine.dat
[2012.12.26 13:47:36 | 000,470,540 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012.12.25 04:48:23 | 001,554,160 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.12.24 22:22:06 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.12.31 12:25:20 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\.minecraft
[2012.12.29 22:59:50 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\DAEMON Tools Lite
[2012.12.24 22:27:56 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Mikrotik
[2012.12.29 22:56:59 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\nbs-irc
[2012.12.25 06:14:07 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\OBS
[2012.12.29 22:58:27 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\OpenCandy
[2012.12.25 01:54:22 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\SplitMediaLabs
[2013.01.03 23:28:27 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\TS3Client
[2012.12.29 22:59:53 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\TuneUp Software
[2013.01.03 13:47:56 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Uniblue
[2012.12.31 10:32:38 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\uTorrent

========== Purity Check ==========

========== Custom Scans ==========

< >
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,004,522 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.12.24 22:38:56 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.12.24 22:42:49 | 000,000,946 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.12.24 22:42:51 | 000,000,950 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013.01.03 13:47:59 | 000,000,344 | ---- | C] () -- C:\Windows\Tasks\RegistryBooster.job

< >

< MD5 for: ATAPI.SYS >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010.11.20 05:24:28 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010.11.20 05:24:28 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2009.07.14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009.07.14 02:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
[2010.11.20 04:16:56 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010.11.20 04:16:56 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2009.07.14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
[2010.11.20 01:19:22 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010.11.20 01:19:22 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010.11.20 01:19:22 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 04:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.20 05:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe

< MD5 for: HAL.DLL >
[2009.07.14 02:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
[2010.11.20 05:33:36 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\SysNative\hal.dll
[2010.11.20 05:33:36 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll

< MD5 for: SCECLI.DLL >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache86\scecli.dll
[2010.11.20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 05:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\erdnt\cache64\scecli.dll
[2010.11.20 05:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 05:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SERVICES.EXE >
[2009.07.14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009.07.14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009.07.14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2012.10.03 18:56:54 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\erdnt\cache64\tcpip.sys
[2012.10.03 18:56:54 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\SysNative\drivers\tcpip.sys
[2012.10.03 18:56:54 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[2010.11.20 05:33:58 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2012.03.30 11:19:17 | 001,877,872 | ---- | M] (Microsoft Corporation) MD5=5EFD096DEF47F8B88EF591DA92143440 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_0faa5514992a39a7\tcpip.sys
[2012.03.30 12:09:53 | 001,895,280 | ---- | M] (Microsoft Corporation) MD5=624C5B3AA4C99B3184BB922D9ECE3FF0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_0f140fa780164fde\tcpip.sys
[2012.08.22 19:06:13 | 001,901,936 | ---- | M] (Microsoft Corporation) MD5=7880A26B7D3B96FDA8EFD9F985036B1D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_117a13de9661c145\tcpip.sys
[2012.03.30 11:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2009.07.14 02:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2012.03.30 12:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2012.10.03 18:44:29 | 001,902,472 | ---- | M] (Microsoft Corporation) MD5=D5707FC2300AA5B04B7BFE86D40C0133 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys
[2012.08.22 19:12:50 | 001,913,200 | ---- | M] (Microsoft Corporation) MD5=F782CAD3CEDBB3F9FFE3BF2775D92DDC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_113380f37d117668\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010.11.20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010.11.20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< >

< %systemroot%*.* /U /s >
[2 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[2 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[3 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2012.12.31 12:25:20 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\.minecraft
[2012.12.27 01:43:31 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Adobe
[2012.12.29 22:59:50 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\DAEMON Tools Lite
[2012.12.24 22:17:36 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Identities
[2012.12.24 22:42:07 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Macromedia
[2013.01.03 15:36:29 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Malwarebytes
[2009.07.14 16:36:58 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Media Center Programs
[2012.12.27 01:12:53 | 000,000,000 | --SD | M] -- C:\Users\James\AppData\Roaming\Microsoft
[2012.12.24 22:27:56 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Mikrotik
[2012.12.25 10:35:10 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\mIRC
[2012.12.27 00:47:37 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Mozilla
[2012.12.29 22:56:59 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\nbs-irc
[2012.12.25 06:27:24 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\NVIDIA
[2012.12.25 06:14:07 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\OBS
[2012.12.29 22:58:27 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\OpenCandy
[2012.12.25 01:54:22 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\SplitMediaLabs
[2013.01.03 23:28:27 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\TS3Client
[2012.12.29 22:59:53 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\TuneUp Software
[2013.01.03 13:47:56 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Uniblue
[2012.12.31 10:32:38 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\uTorrent
[2012.12.25 02:07:47 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2012.12.25 10:44:37 | 000,059,446 | ---- | M] () -- C:\Users\James\AppData\Roaming\nbs-irc\uninstall_nbs.exe
[2012.11.28 00:39:16 | 027,905,968 | ---- | M] (TuneUp Software) -- C:\Users\James\AppData\Roaming\OpenCandy\BB7528FABC114B409AAA2300E404ADB2\TuneUpUtilities2013_2200329_cs-CZ.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2013.01.04 11:40:00 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013.01.03 22:52:00 | 000,000,946 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013.01.04 11:52:00 | 000,000,950 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013.01.03 18:02:23 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2012.11.29 09:26:08 | 000,916,960 | ---- | M] (Mozilla Corporation) MD5=5744FFF8E72D105C138DAE9E17BB29FE -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2012.12.25 16:50:54 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=0D286C0FE561D1A7EB30E83A0FF305B2 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2012.12.05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.) MD5=2D08AC1443FFA7FBED9A5EA5FD49AEB3 -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2013.01.04 12:15:11 | 000,000,512 | ---- | M] () MD5=001ED37C27AF7A105D77C9ADAA217673 -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2013.01.03 15:49:46 | 000,000,755 | ---- | M] () -- \Users\James\AppData\Roaming\Microsoft\Windows\Recent\Call-of-Duty-Black-Ops-2-crack-100%-funkční.rar.lnk
[2012.12.27 04:50:14 | 000,015,189 | ---- | M] () -- \Users\James\AppData\Roaming\nbs-irc\logs\QuakeNet\#crack.log

< *keygen* /s >

< *loader* /s >
[2012.11.01 09:32:14 | 000,057,224 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2012.11.01 09:32:44 | 000,065,416 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader64.dll
[2012.09.04 23:34:12 | 000,083,848 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader.dll
[2012.09.04 23:34:12 | 000,088,968 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader64.dll
[2011.05.28 21:04:04 | 000,054,784 | ---- | M] () -- \Program Files\Winrar\Formats\ace32loader.exe
[2012.12.31 10:09:45 | 000,000,401 | ---- | M] () -- \Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\llaficoajjainaijghjlofdfmbjpebpa\3.1.5_0\js\newtab\contextmenu\imgs\dhxmenu_dhx_black\dhtmlxmenu_loader.gif
[2012.12.31 10:09:45 | 000,000,401 | ---- | M] () -- \Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\llaficoajjainaijghjlofdfmbjpebpa\3.1.5_0\js\newtab\contextmenu\imgs\dhxmenu_dhx_blue\dhtmlxmenu_loader.gif
[2012.12.31 10:09:45 | 000,000,401 | ---- | M] () -- \Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\llaficoajjainaijghjlofdfmbjpebpa\3.1.5_0\js\newtab\contextmenu\imgs\dhxmenu_dhx_skyblue\dhtmlxmenu_loader.gif
[2012.12.31 10:09:45 | 000,001,683 | ---- | M] () -- \Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\llaficoajjainaijghjlofdfmbjpebpa\3.1.5_0\js\newtab\contextmenu\imgs\dhxmenu_dhx_web\dhxmenu_loader.gif
[2012.12.24 22:39:29 | 000,004,659 | ---- | M] () -- \Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\701OF1RA\ajaxLoader[1].gif
[2012.12.24 22:40:45 | 000,003,705 | ---- | M] () -- \Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T0CS37NR\lang_loader[1].gif
[2012.11.19 22:15:42 | 000,000,847 | ---- | M] () -- \Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\a6h6pa1t.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ac\img\ajax-loader.gif
[2012.11.19 22:15:42 | 000,001,135 | ---- | M] () -- \Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\a6h6pa1t.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ac\img\loader-icon.png
[2012.11.19 22:15:42 | 000,003,208 | ---- | M] () -- \Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\a6h6pa1t.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\gf\img\loader.gif
[2012.11.19 22:15:42 | 000,001,849 | ---- | M] () -- \Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\a6h6pa1t.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TWITTER\resources\ajax-loader.gif
[2009.07.14 13:25:34 | 002,202,645 | R--- | M] () -- \Windows\Setup\SCRIPTS\Windows7Loader.exe
[2011.02.05 14:09:50 | 000,005,799 | ---- | M] () -- \Windows\SoftwareDistribution\Download\d639f7376b627c8f37f9acbbf7c6234a\amd64_microsoft-windows-e..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_9c05f879842e1792.manifest
[2011.02.05 14:05:03 | 000,005,799 | ---- | M] () -- \Windows\SoftwareDistribution\Download\d639f7376b627c8f37f9acbbf7c6234a\amd64_microsoft-windows-e..vironment-os-loader_31bf3856ad364e35_6.1.7600.20897_none_9c6455949d6c2720.manifest
[2011.02.05 18:34:40 | 000,005,799 | ---- | M] () -- \Windows\SoftwareDistribution\Download\d639f7376b627c8f37f9acbbf7c6234a\amd64_microsoft-windows-e..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_9deb553581556a27.manifest
[2011.02.05 14:10:12 | 000,005,799 | ---- | M] () -- \Windows\SoftwareDistribution\Download\d639f7376b627c8f37f9acbbf7c6234a\amd64_microsoft-windows-e..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_9e73f1b69a73f09a.manifest
[2012.10.04 17:40:37 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2012.10.04 17:40:37 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2009.07.14 02:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009.07.14 02:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:28:57 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17135_none_66dcd6a595588d81\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:26:17 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21335_none_67667556ae762a72\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:38:48 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_68a2edab92971725\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:35:00 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_6957a248ab947a6d\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 16:17:49 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2009.07.14 16:17:49 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.efi.mui_35ee487d
[2009.07.14 16:17:49 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.exe.mui_3bc5b827
[2009.07.14 16:17:49 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.efi.mui_f412814e
[2009.07.14 16:17:49 | 000,030,288 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.exe.mui_ff8b5358
[2012.12.25 16:45:54 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2012.12.25 16:45:54 | 000,642,944 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.efi_75834aa0
[2012.12.25 16:45:54 | 000,605,552 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.exe_75835076
[2012.12.25 16:45:54 | 000,566,208 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.efi_85cd069f
[2012.12.25 16:45:54 | 000,518,672 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.exe_85cd1215
[2009.07.14 03:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 03:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2009.07.14 16:15:51 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2009.07.14 03:13:42 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef.manifest
[2011.02.05 14:09:31 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66.manifest
[2011.02.05 14:04:44 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20897_none_b79c80e49f7bc9f4.manifest
[2010.11.20 06:12:44 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89.manifest
[2011.02.05 18:34:23 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2011.02.05 14:09:57 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e.manifest
[2009.07.14 03:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 17:45:38 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17135_none_0abe3b21dcfb1c4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 17:48:05 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21335_none_0b47d9d2f618b93c\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 17:40:37 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_0c845227da39a5ef\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 17:29:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_0d3906c4f3370937\api-ms-win-core-libraryloader-l1-1-0.dll

< End of report >

OTL Extras logfile created on: 4.1.2013 12:13:38 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\James\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

7,98 Gb Total Physical Memory | 6,11 Gb Available Physical Memory | 76,50% Memory free
15,96 Gb Paging File | 13,76 Gb Available in Paging File | 86,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148,95 Gb Total Space | 108,50 Gb Free Space | 72,85% Space Free | Partition Type: NTFS
Drive D: | 186,30 Gb Total Space | 68,25 Gb Free Space | 36,63% Space Free | Partition Type: NTFS

Computer Name: JAMES-PC | User Name: James | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-2998107535-2503329283-2762459063-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17714C35-3ACD-43AB-BBF3-99FBF9AC1C92}" = rport=139 | protocol=6 | dir=out | app=system |
"{1FF7516F-0F70-4127-9740-AEA3109A83E9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{20C39FF6-4728-45A7-80D5-64B212A6DF03}" = lport=138 | protocol=17 | dir=in | app=system |
"{6BE69B8C-4FD3-4E74-A537-7687B804359D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7275DE8B-FC84-4C3C-B205-15538057688F}" = rport=138 | protocol=17 | dir=out | app=system |
"{837D2D4A-DE9C-41C2-AEF7-8639B3F52624}" = lport=139 | protocol=6 | dir=in | app=system |
"{8D4ADF8B-17FC-4093-8179-4CFA1D350949}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{96D81440-A343-452A-82C9-E736DB028B09}" = rport=445 | protocol=6 | dir=out | app=system |
"{C636534E-BE06-45B7-9A7E-12BC0EAA43E2}" = lport=137 | protocol=17 | dir=in | app=system |
"{CD60AF9A-E41C-4659-9F8D-B55C1C945972}" = lport=445 | protocol=6 | dir=in | app=system |
"{D4AC83CF-AEF6-4D52-9665-DEBAE5BA2AEB}" = rport=137 | protocol=17 | dir=out | app=system |
"{E68E5168-43FE-497D-84E8-DA5357808D5C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3C1BE3AE-8D96-48C4-8F9E-35FAA02D2B45}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{42F9BE19-BA21-483F-9A2B-9A841E0F0116}" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"{4E4C6727-94D2-4A7D-B3EB-BEF6EA3006DB}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{68110985-70F2-4CAE-B29E-6043502ECF6F}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{7176691E-51F8-41AF-81FF-43542ADCDFE9}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{74513681-03DD-48C5-BEF9-1BB6BF67539A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8FC9D4C7-DF4B-4BAC-B29E-4F7071E3A16E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9F726C66-6A1E-4DAD-A05C-85B0FA80E5C9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B2A0E924-313B-4398-A98A-3B2501412192}" = dir=in | app=c:\program files\eslwire\wire.exe |
"{B6A4B2F3-524D-4743-AF1C-885FE237D8DC}" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"{DCAD9F89-D439-4C3E-A4F2-05474D4A28FA}" = dir=out | app=c:\program files\eslwire\wire.exe |
"{FF1E7939-B5D6-44AC-BC8B-F5FA12AC8335}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{524E21A0-9CCB-4F48-9EFA-CD585BCE0C9E}D:\games\call of duty black ops ii\t6sp.dll" = protocol=6 | dir=in | app=d:\games\call of duty black ops ii\t6sp.dll |
"TCP Query User{86AEE52A-5D79-4DB6-83E8-8B704CC57CF9}C:\users\james\desktop\winbox.exe" = protocol=6 | dir=in | app=c:\users\james\desktop\winbox.exe |
"TCP Query User{A0C45341-9F67-48B1-BEA1-CDD4C8D8DDA0}C:\program files\ffsplit\ffsplit.exe" = protocol=6 | dir=in | app=c:\program files\ffsplit\ffsplit.exe |
"TCP Query User{C1640AEB-2D46-4DB2-957F-115569660517}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{E99EBC33-6D59-43A7-A732-108CC781F36F}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{52B682B3-41B7-469A-9704-BDCFFD377BDB}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{5F59D0A1-4B55-4091-BC16-8ED00A518C17}D:\games\call of duty black ops ii\t6sp.dll" = protocol=17 | dir=in | app=d:\games\call of duty black ops ii\t6sp.dll |
"UDP Query User{7D78B9ED-4AF0-4D20-A016-0E812AA9873B}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{9BDF7277-BE5C-47BA-B1A7-D27D631B69D5}C:\users\james\desktop\winbox.exe" = protocol=17 | dir=in | app=c:\users\james\desktop\winbox.exe |
"UDP Query User{C39817DE-CB52-4D35-8BF3-12A65254C680}C:\program files\ffsplit\ffsplit.exe" = protocol=17 | dir=in | app=c:\program files\ffsplit\ffsplit.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{790E02A1-145A-3843-8C13-A4F41C9B48B7}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{A324DC11-FF02-3CE8-9D6F-67EBC006D970}" = Microsoft .NET Framework 4 Extended CSY Language Pack
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Ovladač 3D Vision 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Ovladače grafiky 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Ovladač řídící jednotky 3D Vision 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Systémový software PhysX 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizace NVIDIA 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ESL Wire_is1" = ESL Wire 1.15.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended CSY Language Pack" = Microsoft .NET Framework 4 Extended CSY Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-AB0000000001}" = Adobe Reader XI - Czech
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E55B3271-7CA8-4D0C-AE06-69A24856E997}_is1" = Uniblue RegistryBooster
"{F017778C-11C7-4E57-8124-F10C5AD74B1E}_is1" = Open Broadcaster Software version 0.461a
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"DAEMON Tools Lite" = DAEMON Tools Lite
"Google Chrome" = Google Chrome
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platforma Ovladače zařízení
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verze 1.70.0.1100
"mIRC" = mIRC
"Mozilla Firefox 17.0.1 (x86 cs)" = Mozilla Firefox 17.0.1 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Steam App 240" = Counter-Strike: Source
"Steam App 730" = Counter-Strike: Global Offensive
"uTorrent" = µTorrent
"uTorrentControl_v2 Toolbar" = uTorrentControl_v2 Toolbar

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 30.12.2012 10:24:53 | Computer Name = James-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: t6sp.dll, verze: 1.0.0.1, časové razítko:
0x509a7621 Název chybujícího modulu: t6sp.dll, verze: 1.0.0.1, časové razítko: 0x509a7621
Kód
výjimky: 0xc0000005 Posun chyby: 0x00439780 ID chybujícího procesu: 0x1df8 Čas spuštění
chybující aplikace: 0x01cde67c0702b290 Cesta k chybující aplikaci: D:\Games\Call
of Duty Black Ops II\t6sp.dll Cesta k chybujícímu modulu: D:\Games\Call of Duty
Black Ops II\t6sp.dll ID zprávy: acfe86dd-528c-11e2-9292-902b34972c26

Error - 30.12.2012 10:24:59 | Computer Name = James-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: t6sp.dll, verze: 1.0.0.1, časové razítko:
0x509a7621 Název chybujícího modulu: t6sp.dll, verze: 1.0.0.1, časové razítko: 0x509a7621
Kód
výjimky: 0xc0000005 Posun chyby: 0x0024ef4d ID chybujícího procesu: 0x1df8 Čas spuštění
chybující aplikace: 0x01cde67c0702b290 Cesta k chybující aplikaci: D:\Games\Call
of Duty Black Ops II\t6sp.dll Cesta k chybujícímu modulu: D:\Games\Call of Duty
Black Ops II\t6sp.dll ID zprávy: b09ffe29-528c-11e2-9292-902b34972c26

Error - 31.12.2012 4:57:06 | Computer Name = James-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: t6sp.dll, verze: 1.0.0.1, časové razítko:
0x509a7621 Název chybujícího modulu: steamclient.dll_unloaded, verze: 0.0.0.0, časové
razítko: 0x50a2aa1c Kód výjimky: 0xc0000005 Posun chyby: 0x6ce9b620 ID chybujícího
procesu: 0x928 Čas spuštění chybující aplikace: 0x01cde72cefab3065 Cesta k chybující
aplikaci: D:\Games\Call of Duty Black Ops II\t6sp.dll Cesta k chybujícímu modulu:
steamclient.dll ID zprávy: 0cb589cb-5328-11e2-b6da-902b34972c26

Error - 31.12.2012 4:57:09 | Computer Name = James-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: t6sp.dll, verze: 1.0.0.1, časové razítko:
0x509a7621 Název chybujícího modulu: t6sp.dll, verze: 1.0.0.1, časové razítko: 0x509a7621
Kód
výjimky: 0xc0000005 Posun chyby: 0x00439780 ID chybujícího procesu: 0x928 Čas spuštění
chybující aplikace: 0x01cde72cefab3065 Cesta k chybující aplikaci: D:\Games\Call
of Duty Black Ops II\t6sp.dll Cesta k chybujícímu modulu: D:\Games\Call of Duty
Black Ops II\t6sp.dll ID zprávy: 0eb272af-5328-11e2-b6da-902b34972c26

Error - 31.12.2012 4:58:33 | Computer Name = James-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: t6sp.dll, verze: 1.0.0.1, časové razítko:
0x509a7621 Název chybujícího modulu: t6sp.dll, verze: 1.0.0.1, časové razítko: 0x509a7621
Kód
výjimky: 0xc0000005 Posun chyby: 0x0024ef4d ID chybujícího procesu: 0x928 Čas spuštění
chybující aplikace: 0x01cde72cefab3065 Cesta k chybující aplikaci: D:\Games\Call
of Duty Black Ops II\t6sp.dll Cesta k chybujícímu modulu: D:\Games\Call of Duty
Black Ops II\t6sp.dll ID zprávy: 40c0e6d1-5328-11e2-b6da-902b34972c26

Error - 31.12.2012 6:06:18 | Computer Name = James-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: SETUP.EXE_unknown, verze: 0.0.0.0, časové
razítko: 0x04af3e70 Název chybujícího modulu: SETUP.EXE, verze: 0.0.0.0, časové
razítko: 0x04af3e70 Kód výjimky: 0xc0000005 Posun chyby: 0x00002784 ID chybujícího
procesu: 0xc30 Čas spuštění chybující aplikace: 0x01cde73e642eac2f Cesta k chybující
aplikaci: F:\SETUP.EXE Cesta k chybujícímu modulu: F:\SETUP.EXE ID zprávy: b7684120-5331-11e2-b6da-902b34972c26

Error - 1.1.2013 22:23:13 | Computer Name = James-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: csgo.exe, verze: 0.0.0.0, časové razítko:
0x50db6c47 Název chybujícího modulu: materialsystem.dll, verze: 0.0.0.0, časové
razítko: 0x50db6baf Kód výjimky: 0xc0000005 Posun chyby: 0x00168303 ID chybujícího
procesu: 0x1334 Čas spuštění chybující aplikace: 0x01cde88457d20710 Cesta k chybující
aplikaci: D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe Cesta
k chybujícímu modulu: d:\steam\steamapps\common\counter-strike global offensive\bin\materialsystem.dll
ID
zprávy: 5b8a2004-5483-11e2-b16d-902b34972c26

Error - 3.1.2013 8:10:31 | Computer Name = James-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: csgo.exe, verze: 0.0.0.0, časové razítko:
0x50db6c47 Název chybujícího modulu: tier0.dll, verze: 0.0.0.0, časové razítko:
0x50db6b13 Kód výjimky: 0x40000015 Posun chyby: 0x0001e8e6 ID chybujícího procesu:
0x1188 Čas spuštění chybující aplikace: 0x01cde9a7b38c4922 Cesta k chybující aplikaci:
D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe Cesta k chybujícímu
modulu: D:\Steam\steamapps\common\Counter-Strike Global Offensive\bin\tier0.dll
ID
zprávy: 917e3aee-559e-11e2-9841-902b34972c26

Error - 3.1.2013 12:08:39 | Computer Name = James-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: Steam.exe, verze: 1.0.1595.686, časové razítko:
0x50b7ef0d Název chybujícího modulu: Steam.dll_unloaded, verze: 0.0.0.0, časové
razítko: 0x50ccdba0 Kód výjimky: 0xc0000005 Posun chyby: 0x301f3bc6 ID chybujícího
procesu: 0x109c Čas spuštění chybující aplikace: 0x01cde9cc93b404af Cesta k chybující
aplikaci: D:\Steam\Steam.exe Cesta k chybujícímu modulu: Steam.dll ID zprávy: d5c7b359-55bf-11e2-b193-902b34972c26

Error - 3.1.2013 12:08:41 | Computer Name = James-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: Steam.exe, verze: 1.0.1595.686, časové razítko:
0x50b7ef0d Název chybujícího modulu: Steam.dll_unloaded, verze: 0.0.0.0, časové
razítko: 0x50ccdba0 Kód výjimky: 0xc0000005 Posun chyby: 0x300b55ce ID chybujícího
procesu: 0x109c Čas spuštění chybující aplikace: 0x01cde9cc93b404af Cesta k chybující
aplikaci: D:\Steam\Steam.exe Cesta k chybujícímu modulu: Steam.dll ID zprávy: d6e164d9-55bf-11e2-b193-902b34972c26

[ System Events ]
Error - 3.1.2013 13:00:48 | Computer Name = James-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.

Error - 4.1.2013 2:02:58 | Computer Name = James-PC | Source = Service Control Manager | ID = 7031
Description = Služba Koncové vytváření služby Windows Audio byla nečekaně ukončena.
Stalo se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund:
Restartovat službu.

Error - 4.1.2013 2:02:58 | Computer Name = James-PC | Source = Service Control Manager | ID = 7031
Description = Služba Offline soubory byla nečekaně ukončena. Stalo se to 1 krát.
Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.

Error - 4.1.2013 2:02:58 | Computer Name = James-PC | Source = Service Control Manager | ID = 7031
Description = Služba Přístup k zařízením standardu HID byla nečekaně ukončena. Stalo
se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat
službu.

Error - 4.1.2013 2:02:58 | Computer Name = James-PC | Source = Service Control Manager | ID = 7031
Description = Služba Síťová připojení byla nečekaně ukončena. Stalo se to 1 krát.
Následující opravná akce bude spuštěna za 100 milisekund: Restartovat službu.

Error - 4.1.2013 2:02:58 | Computer Name = James-PC | Source = Service Control Manager | ID = 7031
Description = Služba Program Compatibility Assistant Service byla nečekaně ukončena.
Stalo se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund:
Restartovat službu.

Error - 4.1.2013 2:02:58 | Computer Name = James-PC | Source = Service Control Manager | ID = 7031
Description = Služba Superfetch byla nečekaně ukončena. Stalo se to 1 krát. Následující
opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.

Error - 4.1.2013 2:02:58 | Computer Name = James-PC | Source = Service Control Manager | ID = 7031
Description = Služba Klient služby Sledování distribuovaných odkazů byla nečekaně
ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000
milisekund: Restartovat službu.

Error - 4.1.2013 2:02:58 | Computer Name = James-PC | Source = Service Control Manager | ID = 7031
Description = Služba Správce relací správce oken plochy byla nečekaně ukončena.
Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund:
Restartovat službu.

Error - 4.1.2013 2:03:58 | Computer Name = James-PC | Source = Service Control Manager | ID = 7032
Description = Správce služeb se pokusil o opravnou akci (Restartovat službu) po
nečekaném ukončení služby Program Compatibility Assistant Service, ale tato akce
selhala kvůli následující chybě: %%1056

< End of report >

Jen se zeptam, pouzivate legalni operacni system??

A nac je v legalnim OS potreba crack, ktery se aplikuje hned pri instalaci

no to nevim.. mám ten počítač od vánoc tak sem myslel že to je vše ok..

Tak snad vite jestli jste si licenci na windows kupoval nebo ne

VIRY.CZ

Trojan, svchost.exe

Re: Trojan, svchost.exe

Re: Trojan, svchost.exe

Re: Trojan, svchost.exe

Re: Trojan, svchost.exe

Re: Trojan, svchost.exe

Re: Trojan, svchost.exe

Re: Trojan, svchost.exe

Re: Trojan, svchost.exe

Re: Trojan, svchost.exe