VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosím o kontrolu, (NTB z druhej ruky)

https://forum.viry.cz:443/viewtopic.php?t=136032

Stránka 2 z 3

Re: Prosím o kontrolu, (NTB z druhej ruky)

Napsal: 15 úno 2014 18:58
od Márty84
Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=-
"BCSSync"=-

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Driver::
SkypeUpdate

Reboot::
Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

:!: Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
:!: Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

Re: Prosím o kontrolu, (NTB z druhej ruky)

Napsal: 16 úno 2014 14:03
od godfather13
Nový Log z ComboFix:

ComboFix 14-02-14.01 - Keramont . 02. 2014 13:47:26.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.5611.4137 [GMT 1:00]
Running from: c:\users\Keramont\Desktop\ComboFix.exe
Command switches used :: c:\users\Keramont\Desktop\CFScript.txt
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Files Created from 2014-01-16 to 2014-02-16 )))))))))))))))))))))))))))))))
.
.
2014-02-16 12:54 . 2014-02-16 12:54 -------- d-----w- c:\users\Metro\AppData\Local\temp
2014-02-16 12:54 . 2014-02-16 12:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-14 16:18 . 2014-02-14 16:18 -------- d-----w- c:\users\Keramont\AppData\Local\EdgeOfReality
2014-02-12 11:42 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-12 11:42 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-12 11:41 . 2014-02-06 11:30 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-02-12 11:41 . 2014-02-06 10:20 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-02-12 11:41 . 2014-02-06 10:17 195584 ----a-w- c:\windows\system32\msrating.dll
2014-02-12 11:41 . 2014-02-06 08:47 353280 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2014-02-12 11:41 . 2014-02-06 08:37 251392 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll
2014-02-12 11:41 . 2014-02-06 22:55 293080 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2014-02-12 11:41 . 2014-02-06 22:24 235224 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2014-02-12 11:41 . 2014-02-06 10:52 574976 ----a-w- c:\windows\system32\ieui.dll
2014-02-12 11:41 . 2014-02-06 08:29 271360 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll
2014-02-12 10:26 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-11 22:19 . 2014-02-11 22:19 -------- d-----w- c:\users\Keramont\AppData\Roaming\steamvr
2014-02-07 22:07 . 2014-02-07 22:07 -------- d-----w- c:\users\Keramont\AppData\Roaming\Malwarebytes
2014-02-07 22:07 . 2014-02-07 22:07 -------- d-----w- c:\programdata\Malwarebytes
2014-02-07 22:07 . 2014-02-07 22:07 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-02-07 22:07 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-07 15:04 . 2014-02-08 16:22 -------- d-----w- c:\program files\trend micro
2014-02-07 15:04 . 2014-02-07 15:04 -------- d-----w- C:\rsit
2014-02-02 13:10 . 2014-02-15 20:57 -------- d-----w- C:\The KMPlayer
2014-02-02 00:19 . 2014-02-02 00:20 -------- d-----w- c:\users\Keramont\AppData\Local\Google
2014-02-02 00:19 . 2014-02-02 00:19 -------- d-----w- c:\program files (x86)\Google
2014-02-01 20:07 . 2014-02-07 22:09 -------- d-----w- C:\AdwCleaner
2014-02-01 17:43 . 2014-02-01 17:43 -------- d-----w- c:\users\Keramont\AppData\Local\Ubisoft
2014-02-01 17:29 . 2014-02-10 10:47 -------- d-----w- c:\program files (x86)\Common Files\Steam
2014-02-01 17:29 . 2014-02-14 17:30 -------- d-----w- c:\program files (x86)\Steam
2014-02-01 17:28 . 2014-02-01 17:28 -------- d-----w- c:\program files\CCleaner
2014-02-01 16:12 . 2014-02-01 16:12 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2014-02-01 16:12 . 2014-02-01 16:12 -------- d-----w- c:\program files (x86)\Reason
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-04 21:02 . 2012-07-04 14:24 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-04 21:02 . 2011-08-07 13:47 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-15 21:06 . 2012-07-13 15:53 86054176 ----a-w- c:\windows\system32\MRT.exe
2013-11-27 01:41 . 2014-01-15 18:51 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-27 01:41 . 2014-01-15 18:51 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-27 01:41 . 2014-01-15 18:51 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-27 01:41 . 2014-01-15 18:51 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-27 01:41 . 2014-01-15 18:51 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-11-27 01:41 . 2014-01-15 18:51 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-27 01:41 . 2014-01-15 18:51 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-11-26 11:40 . 2014-01-15 18:51 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2013-11-26 10:32 . 2014-01-15 18:51 3156480 ----a-w- c:\windows\system32\win32k.sys
2013-11-23 18:26 . 2013-12-11 21:15 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 21:15 465920 ----a-w- c:\windows\system32\WMPhoto.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{17E113E6-CD0E-4045-B154-65F0E57959EF}]
c:\program files\IMPI\Extension32.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"3200 Scan2PC"="c:\windows\twain_32\Samsung\SCX3200\Scan2Pc.exe" [2010-05-18 1989120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SafetyNutManager;SafetyNut Manager;c:\program files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe;c:\program files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys;c:\windows\SYSNATIVE\DRIVERS\silabenm.sys [x]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys;c:\windows\SYSNATIVE\DRIVERS\silabser.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1501000.012\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1501000.012\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [x]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\ccSetx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140214.001\IDSvia64.sys;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140214.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1501000.012\SYMNETS.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 IMPI Updater;IMPI Updater;c:\program files\IMPI\ExtensionUpdaterService.exe;c:\program files\IMPI\ExtensionUpdaterService.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\21.1.0.18\N360.exe;c:\program files (x86)\Norton 360\Engine\21.1.0.18\N360.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 10:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-04 11:25 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-04 21:02]
.
2014-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-02 00:19]
.
2014-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-02 00:19]
.
2014-02-11 c:\windows\Tasks\HPCeeScheduleForKeramont.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-12-17 525312]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-06-14 795808]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.sk/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.34.133.21 212.186.211.21
FF - ProfilePath - c:\users\Keramont\AppData\Roaming\Mozilla\Firefox\Profiles\8ra28ait.Tomáš\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\program files (x86)\Silabs\MCU\DriverUninstall\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\21.1.0.18\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\21.1.0.18\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton 360\Engine\21.1.0.18;c:\program files (x86)\Norton 360\Engine64\21.1.0.18"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2014-02-16 14:02:31 - machine was rebooted
ComboFix-quarantined-files.txt 2014-02-16 13:02
ComboFix2.txt 2014-02-15 17:19
.
Pre-Run: 8 985 051 136 bytes free
Post-Run: 8 693 661 696 bytes free
.
- - End Of File - - 704400AEA47984CC626D62FBF5EC572A
A36C5E4F47E84449FF07ED3517B43A31

Re: Prosím o kontrolu, (NTB z druhej ruky)

Napsal: 16 úno 2014 19:09
od Márty84
Dejte aktualni log z RSIT

Re: Prosím o kontrolu, (NTB z druhej ruky)

Napsal: 17 úno 2014 19:49
od godfather13
Log z RSIT

Logfile of random's system information tool 1.09 (written by random/random)
Run by Keramont at 2014-02-17 19:48:27
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 9 GB (12%) free of 74 GB
Total RAM: 5611 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:48:31, on 17. 2. 2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\trend micro\Keramont.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IMPI Helper - {17E113E6-CD0E-4045-B154-65F0E57959EF} - C:\Program Files\IMPI\Extension32.dll (file missing)
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coIEPlg.dll
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - (no file)
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coIEPlg.dll
O4 - HKLM\..\Run: [3200 Scan2PC] "C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Keramont\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IMPI Updater - Unknown owner - C:\Program Files\IMPI\ExtensionUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: SafetyNut Manager (SafetyNutManager) - Unknown owner - C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11304 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
winlogon.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files\IDT\WDM\STacSV64.exe"
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 35846368
\??\C:\Windows\system32\conhost.exe "-1017540570-1839364143-2015767924829538251-110234086480481845-13901201571742997277
taskeng.exe {60CDEDC4-6F60-4413-9192-82638CF96227}
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe"
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
C:\Windows\SysWOW64\ezSharedSvcHost.exe
"C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe"
"C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe"
"C:\Program Files\IMPI\ExtensionUpdaterService.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\diMaster.dll" /prefetch:1
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2340
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\servicing\TrustedInstaller.exe
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe" /c /a /s UserSession
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe"
taskeng.exe {E4AD8378-BF12-4E6F-AF4A-C8DE999565CA}
"C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
C:\Windows\system32\sppsvc.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"G:\DOWNLOAD\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\HPCeeScheduleForKeramont.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Keramont\AppData\Roaming\Mozilla\Firefox\Profiles\8ra28ait.Tomáš

"{17E113E6-CD0E-4045-B154-65F0E57959EF}"=C:\Program Files\IMPI\Firefox


[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 12.0.0.44 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.5.1]
"Description"=
"Path"=C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.8]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0]
"Description"=WildTangent Games App Presence Detector Plugin
"Path"=C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.170 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.17.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coIEPlg.dll [2013-10-06 769360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
SteadyVideoBHO Class - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-07 81024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-03-25 551840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-03-25 209824]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17E113E6-CD0E-4045-B154-65F0E57959EF}]
IMPI - C:\Program Files\IMPI\Extension32.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coIEPlg.dll [2013-10-06 526672]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Norton Vulnerability Protection - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\IPS\IPSBHO.DLL [2013-09-29 388504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}]
CIESpeechBHO Class - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-06-14 51872]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-07-07 157680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coIEPlg.dll [2013-10-06 769360]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coIEPlg.dll [2013-10-06 526672]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-06-10 2799912]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2010-12-17 525312]
"AthBtTray"=C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [2011-06-14 795808]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=C:\Users\Keramont\AppData\Roaming\uTorrent\uTorrent.exe [2013-05-26 1043536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2013-12-18 40312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAMNGR]
C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\DATAMN~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easybits Recovery]
C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [2011-05-17 61112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Quick Launch]
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [2011-04-08 586808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPOSD]
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [2011-06-13 336440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPQuickWebProxy]
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [2011-06-27 168504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InboxToolbar]
C:\Program Files (x86)\Inbox Toolbar\Inbox.exe /STARTUP []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2011-03-04 2741616]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe /WinStart []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
C:\Windows\Samsung\PanelMgr\SSMMgr.exe [2010-10-28 618496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefault]
C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [2011-06-27 42808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-07-05 336384]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"3200 Scan2PC"=C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe [2010-05-18 1989120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"=C:\Windows\SysWow64\EZUPBH~1.DLL [2011-08-07 52920]
"UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"= []
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0
"DisableChangePassword"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"HideFastUserSwitching"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"EnableShellExecuteHooks"=1
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"midi2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2014-02-16 14:02:38 ----SHD---- C:\$RECYCLE.BIN
2014-02-16 14:02:34 ----D---- C:\Windows\temp
2014-02-16 14:02:32 ----A---- C:\ComboFix.txt
2014-02-15 18:05:48 ----A---- C:\Windows\zip.exe
2014-02-15 18:05:48 ----A---- C:\Windows\SWSC.exe
2014-02-15 18:05:48 ----A---- C:\Windows\SWREG.exe
2014-02-15 18:05:48 ----A---- C:\Windows\sed.exe
2014-02-15 18:05:48 ----A---- C:\Windows\PEV.exe
2014-02-15 18:05:48 ----A---- C:\Windows\NIRCMD.exe
2014-02-15 18:05:48 ----A---- C:\Windows\MBR.exe
2014-02-15 18:05:48 ----A---- C:\Windows\grep.exe
2014-02-15 17:57:59 ----D---- C:\Qoobox
2014-02-15 17:57:29 ----D---- C:\Windows\erdnt
2014-02-14 18:32:55 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-02-12 12:42:39 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-02-12 12:42:39 ----A---- C:\Windows\system32\vbscript.dll
2014-02-12 12:41:01 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-02-12 12:41:01 ----A---- C:\Windows\system32\msrating.dll
2014-02-12 12:41:00 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-02-12 12:41:00 ----A---- C:\Windows\system32\ieui.dll
2014-02-12 12:40:59 ----A---- C:\Windows\system32\iernonce.dll
2014-02-12 12:40:59 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 12:40:59 ----A---- C:\Windows\system32\ie4uinit.exe
2014-02-12 12:40:58 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-02-12 12:40:58 ----A---- C:\Windows\system32\msfeeds.dll
2014-02-12 12:40:58 ----A---- C:\Windows\system32\jsproxy.dll
2014-02-12 12:40:57 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-02-12 12:40:57 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-02-12 12:40:57 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-02-12 12:40:57 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-02-12 12:40:57 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-02-12 12:40:57 ----A---- C:\Windows\system32\ieUnatt.exe
2014-02-12 12:40:57 ----A---- C:\Windows\system32\iesetup.dll
2014-02-12 12:40:57 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-02-12 12:40:57 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-02-12 12:40:55 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-02-12 12:40:55 ----A---- C:\Windows\system32\mshtml.dll
2014-02-12 12:40:54 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-02-12 12:40:54 ----A---- C:\Windows\system32\jscript9diag.dll
2014-02-12 12:40:54 ----A---- C:\Windows\system32\ieapfltr.dll
2014-02-12 12:40:53 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-02-12 12:40:53 ----A---- C:\Windows\system32\iertutil.dll
2014-02-12 12:40:52 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-02-12 12:40:52 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-02-12 12:40:52 ----A---- C:\Windows\system32\wininet.dll
2014-02-12 12:40:52 ----A---- C:\Windows\system32\urlmon.dll
2014-02-12 12:40:50 ----A---- C:\Windows\system32\ieframe.dll
2014-02-12 12:40:49 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-02-12 12:40:47 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-02-12 12:40:46 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-02-12 12:40:46 ----A---- C:\Windows\system32\jscript9.dll
2014-02-12 11:26:52 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2014-02-12 11:26:52 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2014-02-12 11:26:52 ----A---- C:\Windows\system32\msxml3r.dll
2014-02-12 11:26:52 ----A---- C:\Windows\system32\msxml3.dll
2014-02-12 11:26:43 ----A---- C:\Windows\SYSWOW64\secproc_isv.dll
2014-02-12 11:26:43 ----A---- C:\Windows\SYSWOW64\RMActivate_ssp_isv.exe
2014-02-12 11:26:43 ----A---- C:\Windows\SYSWOW64\RMActivate_ssp.exe
2014-02-12 11:26:43 ----A---- C:\Windows\SYSWOW64\RMActivate_isv.exe
2014-02-12 11:26:43 ----A---- C:\Windows\SYSWOW64\RMActivate.exe
2014-02-12 11:26:43 ----A---- C:\Windows\system32\secproc_isv.dll
2014-02-12 11:26:43 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 11:26:43 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 11:26:43 ----A---- C:\Windows\system32\RMActivate_isv.exe
2014-02-12 11:26:43 ----A---- C:\Windows\system32\RMActivate.exe
2014-02-12 11:26:42 ----A---- C:\Windows\SYSWOW64\secproc_ssp_isv.dll
2014-02-12 11:26:42 ----A---- C:\Windows\SYSWOW64\secproc_ssp.dll
2014-02-12 11:26:42 ----A---- C:\Windows\SYSWOW64\secproc.dll
2014-02-12 11:26:42 ----A---- C:\Windows\SYSWOW64\msdrm.dll
2014-02-12 11:26:42 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 11:26:42 ----A---- C:\Windows\system32\secproc_ssp.dll
2014-02-12 11:26:42 ----A---- C:\Windows\system32\secproc.dll
2014-02-12 11:26:42 ----A---- C:\Windows\system32\msdrm.dll
2014-02-12 11:26:40 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll
2014-02-12 11:26:39 ----A---- C:\Windows\SYSWOW64\d2d1.dll
2014-02-12 11:26:39 ----A---- C:\Windows\system32\d3d10warp.dll
2014-02-12 11:26:39 ----A---- C:\Windows\system32\d2d1.dll
2014-02-11 23:19:06 ----D---- C:\Users\Keramont\AppData\Roaming\steamvr
2014-02-07 23:07:28 ----D---- C:\Users\Keramont\AppData\Roaming\Malwarebytes
2014-02-07 23:07:14 ----D---- C:\ProgramData\Malwarebytes
2014-02-07 23:07:11 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-07 23:07:11 ----A---- C:\Windows\system32\drivers\mbam.sys
2014-02-07 16:04:41 ----D---- C:\rsit
2014-02-07 16:04:41 ----D---- C:\Program Files\trend micro
2014-02-02 14:10:48 ----D---- C:\The KMPlayer
2014-02-02 01:19:11 ----D---- C:\Program Files (x86)\Google
2014-02-01 21:07:33 ----D---- C:\AdwCleaner
2014-02-01 18:29:18 ----D---- C:\Program Files (x86)\Steam
2014-02-01 18:28:41 ----D---- C:\Program Files\CCleaner
2014-02-01 17:12:23 ----SHD---- C:\Windows\SYSWOW64\AI_RecycleBin
2014-02-01 17:12:21 ----D---- C:\Program Files (x86)\Reason

======List of files/folders modified in the last 1 month======

2014-02-17 19:42:03 ----D---- C:\Users\Keramont\AppData\Roaming\uTorrent
2014-02-17 19:41:19 ----D---- C:\Windows\system32\config
2014-02-17 19:40:46 ----SHD---- C:\System Volume Information
2014-02-17 10:24:42 ----D---- C:\Windows\system32\MRT
2014-02-17 10:24:38 ----D---- C:\Windows\debug
2014-02-17 10:24:33 ----A---- C:\Windows\system32\MRT.exe
2014-02-16 14:02:36 ----D---- C:\Windows\system32\drivers
2014-02-16 14:02:34 ----D---- C:\Windows
2014-02-16 14:02:32 ----D---- C:\Windows\Prefetch
2014-02-16 13:57:17 ----A---- C:\Windows\system.ini
2014-02-16 13:57:00 ----D---- C:\Windows\system32\drivers\etc
2014-02-16 13:51:42 ----D---- C:\Windows\SYSWOW64\drivers
2014-02-16 13:51:42 ----D---- C:\Windows\SysWOW64
2014-02-16 13:51:42 ----D---- C:\Windows\AppPatch
2014-02-16 13:51:41 ----D---- C:\Program Files (x86)\Common Files
2014-02-16 01:04:06 ----D---- C:\Windows\System32
2014-02-16 01:04:06 ----D---- C:\Windows\inf
2014-02-16 01:04:06 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-02-15 18:15:23 ----D---- C:\ProgramData
2014-02-15 18:15:22 ----D---- C:\Program Files\IMPI
2014-02-15 17:44:11 ----D---- C:\Windows\Logs
2014-02-14 20:25:04 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-14 20:25:03 ----D---- C:\Program Files (x86)
2014-02-14 12:19:27 ----D---- C:\Windows\rescache
2014-02-14 11:33:04 ----RSD---- C:\Windows\assembly
2014-02-14 11:33:04 ----D---- C:\Windows\Microsoft.NET
2014-02-14 10:30:33 ----D---- C:\Windows\winsxs
2014-02-13 23:30:47 ----SHD---- C:\Windows\Installer
2014-02-13 23:30:26 ----D---- C:\ProgramData\Microsoft Help
2014-02-13 21:03:41 ----D---- C:\Windows\SYSWOW64\sk-SK
2014-02-13 21:03:40 ----D---- C:\Windows\system32\sk-SK
2014-02-13 21:03:17 ----D---- C:\Windows\system32\catroot
2014-02-12 15:57:02 ----D---- C:\Program Files (x86)\Internet Explorer
2014-02-12 15:57:01 ----D---- C:\Program Files\Internet Explorer
2014-02-12 12:45:43 ----A---- C:\Windows\win.ini
2014-02-12 12:43:26 ----D---- C:\Windows\system32\catroot2
2014-02-11 22:34:41 ----D---- C:\Users\Keramont\AppData\Roaming\vlc
2014-02-08 16:47:31 ----D---- C:\Windows\Tasks
2014-02-08 16:47:31 ----D---- C:\Windows\system32\Tasks
2014-02-08 11:20:07 ----D---- C:\ProgramData\Wincert
2014-02-07 16:04:41 ----RD---- C:\Program Files
2014-02-07 15:46:25 ----D---- C:\Users\Keramont\AppData\Roaming\DAEMON Tools Lite
2014-02-07 15:40:42 ----D---- C:\Windows\Panther
2014-02-07 15:40:42 ----D---- C:\Windows\ModemLogs
2014-02-07 15:40:41 ----D---- C:\Windows\Minidump
2014-02-06 19:27:26 ----D---- C:\Users\Keramont\AppData\Roaming\Skype
2014-02-05 20:48:17 ----SD---- C:\Users\Keramont\AppData\Roaming\Microsoft
2014-02-04 22:02:26 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-02-02 11:13:33 ----D---- C:\Program Files (x86)\MarkAny
2014-02-01 21:42:29 ----D---- C:\Users\Keramont\AppData\Roaming\Samsung
2014-02-01 21:42:29 ----D---- C:\Program Files (x86)\Samsung
2014-02-01 21:42:26 ----D---- C:\Windows\system32\DriverStore
2014-02-01 21:40:50 ----D---- C:\ProgramData\Samsung
2014-02-01 21:40:49 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-02-01 21:30:12 ----D---- C:\Program Files (x86)\PC Connectivity Solution
2014-02-01 21:30:09 ----DC---- C:\Windows\system32\DRVSTORE
2014-02-01 21:27:14 ----D---- C:\Program Files (x86)\Nero
2014-02-01 21:25:42 ----D---- C:\ProgramData\Nero
2014-02-01 18:37:58 ----D---- C:\Program Files (x86)\SystemRequirementsLab
2014-02-01 17:36:47 ----SD---- C:\ProgramData\Microsoft
2014-02-01 17:36:47 ----D---- C:\Program Files (x86)\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys [2011-04-16 79488]
R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys [2011-04-16 40064]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2012-07-03 198944]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2013-03-02 834544]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\N360x64\1501000.012\SYMDS64.SYS [2013-09-10 493656]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\N360x64\1501000.012\SYMEFA64.SYS [2013-09-27 1147480]
R1 BHDrvx64;BHDrvx64; \??\C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [2013-12-18 1526488]
R1 ccSet_N360;N360 Settings Manager; C:\Windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys [2013-09-26 162392]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-07 283200]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2013-11-22 484952]
R1 IDSVia64;IDSVia64; \??\C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140214.001\IDSvia64.sys [2014-01-28 521944]
R1 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\N360x64\1501000.012\SRTSP64.SYS [2013-09-27 858200]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS [2013-09-10 36952]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS [2013-09-27 264280]
R1 SymNetS;Symantec Network Security WFP Driver; C:\Windows\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS [2013-09-26 590936]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2009-11-17 11576]
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-07-06 9359872]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-07-06 309760]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-04-21 2727424]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
R3 BTATH_BUS;Atheros Bluetooth Bus; C:\Windows\system32\DRIVERS\btath_bus.sys [2011-06-14 30368]
R3 clwvd;CyberLink WebCam Virtual Driver; C:\Windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-22 137648]
R3 NAVENG;NAVENG; \??\C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140215.007\ENG64.SYS [2014-02-06 126040]
R3 NAVEX15;NAVEX15; \??\C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140215.007\EX64.SYS [2014-02-06 2099288]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver; C:\Windows\system32\DRIVERS\RtsPStor.sys [2011-01-13 333928]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-11-30 412264]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10322; C:\Windows\system32\DRIVERS\stwrt64.sys [2010-12-17 520192]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2013-11-17 177752]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-06-10 1451056]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2010-12-16 47232]
S2 DgiVecp;DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys []
S3 AthBTPort;Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2011-06-14 36000]
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2009-06-10 1311232]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2011-06-14 330400]
S3 btath_avdt;Atheros Bluetooth AVDT Service; C:\Windows\system32\drivers\btath_avdt.sys [2011-06-14 110240]
S3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\Windows\system32\DRIVERS\btath_hcrp.sys [2011-06-14 167072]
S3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2011-06-14 68256]
S3 BTATH_RCP;Bluetooth AVRCP Device; C:\Windows\system32\DRIVERS\btath_rcp.sys [2011-06-14 280992]
S3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2011-06-14 496800]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [2010-05-01 20568]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys []
S3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys []
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys []
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver; C:\Windows\system32\DRIVERS\silabenm.sys [2011-08-08 27336]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver; C:\Windows\system32\DRIVERS\silabser.sys [2011-08-08 70656]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 taphss6;Anchorfree HSS VPN Adapter; C:\Windows\system32\DRIVERS\taphss6.sys [2013-04-24 42184]
S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [2010-05-01 16392]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-18 65432]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-07-06 204288]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-05 365568]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-06-14 138400]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2011-06-14 97952]
R2 ezSharedSvc;Easybits Services for Windows; C:\Windows\syswow64\ezSharedSvcHost.exe [2010-04-23 514232]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 HPClientSvc;HP Client Services; C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-03-14 197504]
R2 HPWMISVC;HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-04-08 26680]
R2 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-01-14 1751656]
R2 IMPI Updater;IMPI Updater; C:\Program Files\IMPI\ExtensionUpdaterService.exe [2013-02-05 185856]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2011-03-04 73728]
R2 N360;Norton 360; C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe [2013-10-08 264360]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10122; C:\Program Files\IDT\WDM\STacSV64.exe [2010-12-17 276992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-02 116648]
S2 SafetyNutManager;SafetyNut Manager; C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe []
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-04 257928]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-02 116648]
S3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2012-03-14 994176]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-02-06 111616]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-02-14 118896]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-01-27 571816]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-07-06 1255736]
S4 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service; C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2007-02-22 2217416]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Re: Prosím o kontrolu, (NTB z druhej ruky)

Napsal: 18 úno 2014 09:54
od Márty84
Jeste jeden sken a budem mazat.


:arrow: Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s
Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

Re: Prosím o kontrolu, (NTB z druhej ruky)

Napsal: 25 úno 2014 19:13
od godfather13
Znova sa ospravedlňujem a oneskorenú odozvu. No... po niekoľkých pokusoch o spustenie OTL sa vždy stalo to isté.... napísalo mi chybné hlásenie : ,,Cannot create file C:\Users\Keramont\Destkop\cmd.bat.'' a po odkliknutí OK scan stagnuje a nedokončí sa...

Re: Prosím o kontrolu, (NTB z druhej ruky)

Napsal: 25 úno 2014 19:27
od Márty84
Obcas se to stane, ze OTL tuhle chybku vyhodi :roll:

Spustte ho podle stejneho navodu jeste jednou, ale s timto upravenym skriptem

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

A jelikoz je to zase dlouha doba, tak spolu s logem z OTL tu dejte i novy log z RSIT. At je oboji ze stejneho dne.

Re: Prosím o kontrolu, (NTB z druhej ruky)

Napsal: 26 úno 2014 22:28
od godfather13
Log z OTL: OTL.txt

Bohužial som log vypol a neviem ho nájsť... zrovna robím druhý scan

Re: Prosím o kontrolu, (NTB z druhej ruky)

Napsal: 26 úno 2014 22:29
od godfather13
Log z OTL : Extras.txt

OTL Extras logfile created on: 26.2.2014 21:25:54 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Keramont\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000405 | Country: Slovensko | Language: SKY | Date Format: d. M. yyyy

5,48 Gb Total Physical Memory | 4,16 Gb Available Physical Memory | 75,93% Memory free
5,97 Gb Paging File | 4,60 Gb Available in Paging File | 77,15% Paging File free
Paging file location(s): c:\pagefile.sys 500 1000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 71,90 Gb Total Space | 8,38 Gb Free Space | 11,66% Space Free | Partition Type: NTFS
Drive E: | 3,96 Gb Total Space | 1,10 Gb Free Space | 27,79% Space Free | Partition Type: FAT32
Drive G: | 304,86 Gb Total Space | 164,72 Gb Free Space | 54,03% Space Free | Partition Type: NTFS
Drive H: | 301,18 Gb Total Space | 236,88 Gb Free Space | 78,65% Space Free | Partition Type: NTFS

Computer Name: METRO-HP | User Name: Keramont | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-1200702374-1131186070-1473926133-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EEFCD1B-F81A-4933-8A08-8EC381B8FB04}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{1048D622-D3A0-4DFA-AB4F-737534BC74A5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{19A30E33-FDE4-4EA0-BC7A-45A72B1BF020}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1D18C6CA-7B9E-4AB4-8520-A18B2FA5CCFF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{330E5FAA-733B-4F9F-8F07-A83863478F9D}" = rport=137 | protocol=17 | dir=out | app=system |
"{3F1964F6-167B-497E-95F0-BC833534BA51}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4EA251B0-3C07-43F7-9F27-D76B424AABDF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{515841D9-74C6-47D4-A42F-352385E9BE48}" = rport=139 | protocol=6 | dir=out | app=system |
"{5206A274-CE7D-4D67-AF49-78BD90FEFAFB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{54673E66-6737-40FE-A008-7B8BEDD280B9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{595C1FFE-74D0-4982-B8E1-C000750FA9EA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6083BDF5-0D61-4DB8-B6D7-514C507EE020}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{76217AB7-DE3E-4821-8888-DAA13E3AB162}" = lport=138 | protocol=17 | dir=in | app=system |
"{80C51E25-412C-4FDF-ACF9-43ACF5563029}" = lport=139 | protocol=6 | dir=in | app=system |
"{89F7B547-F2A1-40BB-81A7-FA6F2B73BFA4}" = lport=445 | protocol=6 | dir=in | app=system |
"{8C1FFF56-1CD6-4BDB-85F4-AAA58FDD5B12}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{91F36EEA-83F2-4A13-B2A7-0EFA3D768E6D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9DFCFD8B-93DB-49E6-862B-CAECEAEFD2EC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9F921DDC-C333-4800-81BE-A24A88B1F293}" = rport=445 | protocol=6 | dir=out | app=system |
"{B7EA7106-C1BF-4B72-B84C-878F4289F26B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BC4DF359-9305-43C5-8402-4DCA40E9DFDC}" = rport=138 | protocol=17 | dir=out | app=system |
"{BD07826B-318E-469B-8735-568EA463AC3B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C53CDCDD-37F3-4943-911F-93FFD552E4A5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D4D60785-B5F4-48BE-A3F4-2F5D11395386}" = lport=137 | protocol=17 | dir=in | app=system |
"{F452D41E-D262-406B-A1D5-BCC27E338923}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F9987CBD-3D6C-49EC-9EA4-7950DAD45A0B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F0D94FB-4B5A-4A74-99B1-2EFD0FF2DD7A}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{1712ADE7-3E81-49CC-9178-EFD045FE0189}" = protocol=58 | dir=in | app=system |
"{1C469AD1-8B46-490C-96A4-8F02771313D2}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe |
"{1D03DF33-7736-4248-A51B-229482CA3130}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe |
"{1D1A1EAB-AFF4-47C9-877A-640B76A40790}" = protocol=17 | dir=in | app=c:\users\keramont\appdata\roaming\utorrent\utorrent.exe |
"{1EC51FBA-9755-4466-AC84-669584C4273B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe |
"{254128E5-D0D7-435F-9D0D-28881748DE58}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{2CB5AA74-E85A-4D8A-B7B9-96287CF7DAFD}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{2E9EB002-C107-4FFD-85E8-AD747E7A32A6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3CFA9E55-2CF3-465A-9990-E361ED3F46F4}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe |
"{40405F55-351C-46CB-A788-4490EB78E4A3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4089035C-98AC-45AA-B06B-73888E455A60}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{416C327E-7A43-409A-9019-BEFC8DBC21EE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{49C4EB99-A71A-4DC6-961B-CD01F2D50E26}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{4AB3B98D-48EC-41A6-957A-6620E8992FCF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\might & magic - duel of champions\game.exe |
"{51B138CC-5212-4BE6-98B8-7FF5FA2B5405}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scx3200\scan2pc.exe |
"{5764FA16-DA03-424D-8885-6CDD176A253A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{60479643-C43A-4B1E-BFA7-51BEBB8974D7}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe |
"{6064C807-901A-49D8-8CEA-F1F6EB87936F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{62315FA8-8880-4B4D-83FA-6FDF725C9E65}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{62BF4991-160E-42E6-AC68-B0F442327524}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{630597E3-E76A-4C0B-8914-C27BB9C60C1F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{648C64C4-4E7D-45C4-8F20-B825E2766466}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scx3200\sscan2io.exe |
"{6A4809BE-E219-4231-873B-68AC6D9036B7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6A7ECF36-E957-4992-8E2C-1D90CBCD57CF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{756EBCDB-E37F-4545-A2B3-E2268BFF5D15}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{7A7075F5-C145-4D3C-908C-76DCB2BC2F07}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{82CA0A91-698B-4D6F-A4B5-8F1C84278099}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8A0BD411-A05A-4E9F-9194-EE7D8DABF74F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\might & magic - duel of champions\game.exe |
"{8CC4D0EF-6D37-48D2-9B5C-A3F2308E314E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8D51D3D5-B1D3-4ACA-A1A6-491FA0FAB49A}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{8DD22D9B-5DF5-4F15-AF79-5F66129BDD8E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{921B6311-7EBE-42BF-A3D0-95E1120693D1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{9456EF8B-8E7B-4750-B883-1D2138D8ECFC}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{99C3F1C7-E7C3-411D-B897-26C5C7A3C168}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{9CF857A3-37EF-487C-A5D6-344424A081CB}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{A751EE52-33A9-4EEE-9D4A-27FCD99D68FE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B14BF5E8-0A6B-4ECB-A9C9-F5C0EFC42E46}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C41BDDF6-5DCE-4E82-877D-0E559FAB941E}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{DCF79750-82AF-42D8-ADAD-64DEE9ACA2DF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DFC2685E-980F-45C2-A9D6-332D5E8AB723}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scx3200\scan2pc.exe |
"{E04966CF-3EF5-42E9-929A-98EA6273CE58}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{E21CC189-B350-474F-AFCA-A3C705AEB6C4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E8EA3862-53AB-433F-93E0-CC68A376A1FF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe |
"{EA692B4B-1539-43FD-BA45-4CA6329B4282}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EBF78DDB-84FE-4F90-8125-1940B46AE766}" = protocol=6 | dir=out | app=system |
"{EF03FBFF-3712-4FCB-A951-D4C690A3EC84}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EF7C5A89-3A63-465B-A1AA-ED479268C1BB}" = protocol=6 | dir=in | app=c:\users\keramont\appdata\roaming\utorrent\utorrent.exe |
"{F55CF8AC-2A3C-46A5-8449-99BD2BB38BB4}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scx3200\sscan2io.exe |
"{F967963D-75CD-47AF-A5C4-1BF9EE1E0BEE}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{FBFEBBB6-9A83-49B8-8402-42ECAE9BF1B8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{058EB68D-8F07-4E07-BD3B-B97D18E092F0}" = AVG 2013
"{17E113E6-CD0E-4045-B154-65F0E57959EF}_is1" = IMPI 2.0.0.429
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1FB1AA7C-9ECD-4350-AE3D-3CB3698C5CEB}" = AVG 2013
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{48C46F0E-7B86-AC31-ACFC-2B40F1C90ACE}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4E04DB4D-CBE9-40C3-9906-723308D48EB0}" = AVG 2013
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6153098B-60DB-6A9F-EA0F-B006A96B57D5}" = ATI Catalyst Install Manager
"{64A3A4F4-B792-11D6-A78A-00B0D0170170}" = Java SE Development Kit 7 Update 17 (64-bit)
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6ECDAC2F-12C1-E49B-448E-6002368967E0}" = AMD Steady Video Plug-In
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825ECBB1-2BCD-4BA5-BB46-63DB8D9ABF45}" = AVG 2013
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2010
"{92C0E71C-5917-4FF2-9A5E-8BB0E85E0625}" = AVG 2013
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B305FB9-297D-4F86-BC8B-740E7A1EF200}" = AVG 2013
"{9CAB2212-0732-4827-8EC4-61D8EF0AA65B}" = HP Launch Box
"{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012
"{AADE02D5-DCBF-04C3-CD05-ABA83D28BC4A}" = AMD Fuel
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B9D80BD8-C6F4-467C-9717-0ABA9684DA29}" = AVG 2013
"{BF46C84D-1AC3-4CC3-A45C-EF6257B80984}" = AVG 2012
"{BFAB7835-55A2-41CD-AE66-F673BCA4E49F}" = AVG 2013
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D9B7744C-1C39-49B8-86B3-F930631B4FE2}" = AVG 2013
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBA2849B-6C95-9FD2-7ACC-BF456F1958AA}" = AMD Media Foundation Decoders
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"STORMWARE PDF Printer_is1" = STORMWARE PDF Printer 8.2.0.1406
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.20 (64-bitová verzia)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{15412249-0AFA-D2A1-E7E2-E57AE1A96781}" = CCC Help Swedish
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19EAB36E-A979-0870-F58F-6F4F34017D29}" = CCC Help Chinese Traditional
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2070F457-B044-FCEE-B6DA-CB2C12CD76A5}" = CCC Help German
"{224CA902-F494-FD2A-4211-771454ED464B}" = CCC Help English
"{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = Acronis Disk Director Suite
"{252FC4D1-4056-7237-6B19-4C66D0CF45A9}" = CCC Help Dutch
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{32A3A4F4-B792-11D6-A78A-00B0D0160000}" = Java(TM) SE Development Kit 6
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3BE2E4AA-C164-FEB5-6C82-BBBC90C88915}" = CCC Help Hungarian
"{4144F415-7434-4501-97DE-CED4FAF64E7D}" = AMD System Monitor
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{44D822AA-DA6D-1915-4B64-60D06AE613CE}" = CCC Help Danish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A917E5E-2567-C01E-7F41-AF09DAE523A1}" = AMD VISION Engine Control Center
"{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}" = Should I Remove It
"{4F06C1D7-08F0-4410-AC94-EB1175FA2ED6}" = STORMWARE POHODA SK Mini
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{5036764A-435D-40C9-869C-31085A3D741D}" = HP Setup
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5377D0E6-0B77-5C94-A3F8-2A7C0E5791A1}" = CCC Help French
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{5FE625A7-E8D6-2E41-4693-F6AC6310C467}" = CCC Help Polish
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FAF41F-C0BA-4B71-B3B9-639D30FFED88}" = HP Software Framework
"{6E63C96D-25F8-4A61-A9F8-C82A107D80B6}" = Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7
"{6F076041-F337-5F67-75E7-6C1324D43EC6}" = CCC Help Japanese
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7FA82763-D04B-A656-159B-BD8847176377}" = CCC Help Russian
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{872B1C80-38EC-4A31-A25C-980820593900}" = HP Power Manager
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2010
"{90140000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2010
"{90140000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2010
"{90140000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2010
"{90140000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2010
"{90140000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2010
"{90140000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2010
"{90140000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2010
"{90140000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2010
"{90140000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2010
"{90140000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2010
"{90140000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{955CB8C1-F5F9-B649-FC65-FD65F9EC0459}" = CCC Help Korean
"{97E33108-2206-087B-9399-29F5201AAC98}" = CCC Help Portuguese
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{999164B6-5B78-4DD3-BACE-7292640AD0DD}" = HP QuickWeb
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B3CC933-5EF7-A868-7B74-1A227394566E}" = CCC Help Finnish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1ACD45F-0D8E-0566-0EC0-530CDCD7E8F4}" = Catalyst Control Center Graphics Previews Common
"{A3D1D38D-9C85-7BEB-5AC8-EC2D90E2882A}" = CCC Help Czech
"{A407FC22-36BF-4C82-A516-59D94BC505A9}" = System Requirements Lab Detection
"{A440179F-D169-B9DA-B478-6CE97FDB3D4C}" = CCC Help Greek
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABEF00D0-FCAE-4E47-8D4E-D4AE5FD72B15}" = HP Quick Launch
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.9) MUI
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B6190387-0036-4BEB-8D74-A0AFC5F14706}" = Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení
"{B898ABBB-4723-84B5-04C4-32A15F9DBD48}" = CCC Help Chinese Standard
"{B91459FD-63A9-71E3-68F1-82352B0892B3}" = Catalyst Control Center Localization All
"{B976E52C-93A3-5CD1-FF67-658877850EDD}" = CCC Help Italian
"{BEDC570A-C947-D0C8-3014-A1EAA042779D}" = CCC Help Turkish
"{BF6CF460-40C3-49BA-800A-4B934B6498B1}" = Scan Assistant
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2EE0EA6-826F-63EA-8751-E2F3714DBA40}" = CCC Help Thai
"{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}" = Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7670221-BF9B-4DFF-B26B-5BE55A87329F}" = HP On Screen Display
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE15C5EC-7C30-44BF-ACEB-03960FC5601D}" = HP Documentation
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF0C8A32-E0DD-493F-8752-54AF37EEE322}" = ODIS 2010
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5441D19-417C-8C34-3F31-CCBD563C946E}" = Catalyst Control Center InstallProxy
"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
"{EA8CC2F2-BC30-141C-92B6-CC870B4B2977}" = CCC Help Spanish
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F30403FF-0146-4633-AAC5-D5CD5C50AE70}" = Catalyst Control Center - Branding
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3
"{F8FBF4C7-5ADA-66B1-6509-09E05C257963}" = CCC Help Norwegian
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"7-Zip" = Free Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Any Video Converter_is1" = Any Video Converter 5.5.1
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"DAEMON Tools Lite" = DAEMON Tools Lite
"EasyBits Magic Desktop" = Magic Desktop
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verzia 1.75.0.1300
"Mozilla Firefox 27.0.1 (x86 cs)" = Mozilla Firefox 27.0.1 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Opera 12.16.1860" = Opera 12.16
"Rockstar Games Social Club" = Rockstar Games Social Club
"Samsung SCX-3200 Series" = Samsung SCX-3200 Series
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"Steam" = Steam
"Steam App 256410" = Might & Magic: Duel of Champions
"Steam App 440" = Team Fortress 2
"The KMPlayer" = The KMPlayer (remove only)
"Totalcmd" = Total Commander (Remove or Repair)
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.1.2
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WTA-03fb3d35-f84b-49b8-a407-b9a254e5079b" = Penguins!
"WTA-0f0d5908-14b8-4348-887b-746c494de8a3" = Virtual Villagers 5 - New Believers
"WTA-14f42819-e649-424b-a03a-21a0fae24acc" = Final Drive: Nitro
"WTA-1dff31a4-6417-4a9b-82f2-84644ff3b899" = Mystery of Mortlake Mansion
"WTA-2496e214-8813-4403-a575-48846c7e5596" = Namco All-Stars: PAC-MAN
"WTA-267afd88-d6a3-4139-86d3-31d3812a77d8" = Poker Superstars III
"WTA-39a0af63-d93b-4aef-9cf7-9208376d0454" = Jewel Quest: The Sleepless Star - Collector's Edition
"WTA-515e0868-9f28-4f3c-82d2-bf847222fed9" = Blackhawk Striker 2
"WTA-5510bb93-8752-4d1e-a9eb-32a235b3ea0c" = Bounce Symphony
"WTA-5a6ae634-a1ac-4562-b847-b09f5f1c8003" = Zuma Deluxe
"WTA-690bf5d3-fa31-4f74-a337-04bc8e72cf55" = Slingo Supreme
"WTA-72a644d5-d99c-4e2f-aade-84a58418e8e6" = Blasterball 3
"WTA-7eaf5d62-dd64-400f-8b7c-adaf05073c5b" = FATE
"WTA-816b8207-cb17-408c-ac70-ddefe46e150b" = Agatha Christie - Peril at End House
"WTA-84c0e424-0446-466d-bf6b-3e771c232be9" = Mah Jong Medley
"WTA-862b110b-d0b2-49d6-922b-f36b80720cc9" = Bejeweled 3
"WTA-a46f0348-63a8-4b93-8af1-f024c2d4215b" = Polar Bowler
"WTA-b84a0404-1db8-43ec-adef-d839274faa4b" = Cradle of Rome 2
"WTA-bf7d1771-17ae-418f-9657-2d601b900db7" = Governor of Poker 2 Premium Edition
"WTA-c91357b7-cb61-43b7-8a8f-1d1a403d4274" = Chuzzle Deluxe
"WTA-da2f4328-7ab0-4096-9bcd-15845aedc503" = Plants vs. Zombies - Game of the Year
"WTA-e0eae9f3-6e86-4169-b5a9-a7d74af24ce0" = Farm Frenzy
"WTA-e279d791-ea33-4dd5-bfb0-199bd54a71cf" = Cake Mania
"WTA-e7f647e9-8258-4f36-a613-3b768fe83112" = Vacation Quest - The Hawaiian Islands
"WTA-eabe9fb3-d9fd-4774-9a04-d0f11f18f896" = Chronicles of Albian
"WTA-fa524dbe-a8bd-403b-aaf7-b39f0492db4c" = Polar Golfer
"YU2010_is1" = Your Uninstaller! 7

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1200702374-1131186070-1473926133-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Should I Remove It 1.0.4" = Should I Remove It
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2.2.2014 8:36:34 | Computer Name = Metro-HP | Source = Application Error | ID = 1000
Description = Názov chybovej aplikácie: wmplayer.exe, verzia: 12.0.7601.18150, časová
značka: 0x518c6df8 Názov chybového modulu: ntdll.dll, verzia: 6.1.7601.18247, časová
značka: 0x521ea8e7 Kód výnimky: 0xc0000374 Odstup chyby: 0x000ce753 Identifikácia
chybného procesu: 0x10a4 Čas spustenia chybnej aplikácie: 0x01cf201366bd44d8 Cesta
chybnej aplikácie: C:\Program Files (x86)\Windows Media Player\wmplayer.exe Cesta
chybného modulu: C:\Windows\SysWOW64\ntdll.dll Identifikácia hlásenia: a5c6c3e0-8c06-11e3-b407-441ea1dc27f4

Error - 2.2.2014 8:36:43 | Computer Name = Metro-HP | Source = Application Error | ID = 1000
Description = Názov chybovej aplikácie: wmplayer.exe, verzia: 12.0.7601.18150, časová
značka: 0x518c6df8 Názov chybového modulu: ntdll.dll, verzia: 6.1.7601.18247, časová
značka: 0x521ea8e7 Kód výnimky: 0xc0000374 Odstup chyby: 0x000ce753 Identifikácia
chybného procesu: 0xbc0 Čas spustenia chybnej aplikácie: 0x01cf20136cc8e4cc Cesta
chybnej aplikácie: C:\Program Files (x86)\Windows Media Player\wmplayer.exe Cesta
chybného modulu: C:\Windows\SysWOW64\ntdll.dll Identifikácia hlásenia: ab9b7566-8c06-11e3-b407-441ea1dc27f4

Error - 2.2.2014 8:36:48 | Computer Name = Metro-HP | Source = Application Error | ID = 1000
Description = Názov chybovej aplikácie: wmplayer.exe, verzia: 12.0.7601.18150, časová
značka: 0x518c6df8 Názov chybového modulu: ntdll.dll, verzia: 6.1.7601.18247, časová
značka: 0x521ea8e7 Kód výnimky: 0xc0000374 Odstup chyby: 0x000ce753 Identifikácia
chybného procesu: 0x1558 Čas spustenia chybnej aplikácie: 0x01cf20136f6415e7 Cesta
chybnej aplikácie: C:\Program Files (x86)\Windows Media Player\wmplayer.exe Cesta
chybného modulu: C:\Windows\SysWOW64\ntdll.dll Identifikácia hlásenia: ae2d7eaa-8c06-11e3-b407-441ea1dc27f4

Error - 2.2.2014 8:37:33 | Computer Name = Metro-HP | Source = Application Error | ID = 1000
Description = Názov chybovej aplikácie: wmplayer.exe, verzia: 12.0.7601.18150, časová
značka: 0x518c6df8 Názov chybového modulu: ntdll.dll, verzia: 6.1.7601.18247, časová
značka: 0x521ea8e7 Kód výnimky: 0xc0000374 Odstup chyby: 0x000ce753 Identifikácia
chybného procesu: 0xc64 Čas spustenia chybnej aplikácie: 0x01cf20138a46fd60 Cesta
chybnej aplikácie: C:\Program Files (x86)\Windows Media Player\wmplayer.exe Cesta
chybného modulu: C:\Windows\SysWOW64\ntdll.dll Identifikácia hlásenia: c925613c-8c06-11e3-b407-441ea1dc27f4

Error - 2.2.2014 15:04:51 | Computer Name = Metro-HP | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 2.2.2014 15:04:51 | Computer Name = Metro-HP | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 3.2.2014 5:36:04 | Computer Name = Metro-HP | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 3.2.2014 5:36:04 | Computer Name = Metro-HP | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 3.2.2014 10:11:40 | Computer Name = Metro-HP | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 3.2.2014 10:11:41 | Computer Name = Metro-HP | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

[ Hewlett-Packard Events ]
Error - 9.7.2012 14:08:05 | Computer Name = Metro-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Súbor alebo adresár je poškodený a nečitateľný. Name: hpsa_service.exe Version: 06.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format:
sk-SK RAM: 5610 Ram Utilization: 30 TargetSite: Void UpdateDetail(System.String)

Error - 21.10.2012 3:57:14 | Computer Name = Metro-HP | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 at System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type
type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic)

at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib

Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: sk-SK RAM: 5610 Ram
Utilization: TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)

Error - 28.10.2012 3:27:33 | Computer Name = Metro-HP | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 at System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type
type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic)

at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib

Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: sk-SK RAM: 5610 Ram
Utilization: 20 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)

Error - 7.11.2012 15:24:55 | Computer Name = Metro-HP | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 at System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type
type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic)

at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib

Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: sk-SK RAM: 5610 Ram
Utilization: TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)

Error - 10.1.2013 12:10:38 | Computer Name = Metro-HP | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 at System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type
type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic)

at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib

Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: sk-SK RAM: 5610 Ram
Utilization: TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)

[ Media Center Events ]
Error - 18.2.2013 17:22:44 | Computer Name = Metro-HP | Source = MCUpdate | ID = 0
Description = 22:22:44 - Chyba pripájania na Internet. 22:22:44 - Nebolo možné
spojiť sa so serverom..

Error - 19.2.2013 16:11:19 | Computer Name = Metro-HP | Source = MCUpdate | ID = 0
Description = 21:11:18 - Chyba pripájania na Internet. 21:11:18 - Nebolo možné
spojiť sa so serverom..

Error - 21.2.2013 17:03:27 | Computer Name = Metro-HP | Source = MCUpdate | ID = 0
Description = 22:03:27 - Chyba pripájania na Internet. 22:03:27 - Nebolo možné
spojiť sa so serverom..

Error - 21.2.2013 18:03:32 | Computer Name = Metro-HP | Source = MCUpdate | ID = 0
Description = 23:03:32 - Chyba pripájania na Internet. 23:03:32 - Nebolo možné
spojiť sa so serverom..

Error - 21.2.2013 19:03:37 | Computer Name = Metro-HP | Source = MCUpdate | ID = 0
Description = 0:03:37 - Chyba pripájania na Internet. 0:03:37 - Nebolo možné
spojiť sa so serverom..

Error - 22.2.2013 17:15:00 | Computer Name = Metro-HP | Source = MCUpdate | ID = 0
Description = 22:15:00 - Chyba pripájania na Internet. 22:15:00 - Nebolo možné
spojiť sa so serverom..

Error - 23.3.2013 5:37:26 | Computer Name = Metro-HP | Source = MCUpdate | ID = 0
Description = 10:37:26 - Nepodarilo sa načítať položku Directory (chyba: The remote
name could not be resolved: 'data.tvdownload.microsoft.com')

Error - 4.5.2013 13:54:30 | Computer Name = Metro-HP | Source = MCUpdate | ID = 0
Description = 19:53:56 - Chyba pripájania na Internet. 19:53:56 - Nebolo možné
spojiť sa so serverom..

[ System Events ]
Error - 24.2.2014 3:29:01 | Computer Name = Metro-HP | Source = Service Control Manager | ID = 7000
Description = Spustenie služby SafetyNut Manager zlyhalo kvôli nasledujúcej chybe:
%%2

Error - 24.2.2014 5:22:02 | Computer Name = Metro-HP | Source = DCOM | ID = 10010
Description =

Error - 24.2.2014 15:08:29 | Computer Name = Metro-HP | Source = Service Control Manager | ID = 7000
Description = Spustenie služby DgiVecp zlyhalo kvôli nasledujúcej chybe: %%2

Error - 24.2.2014 15:08:30 | Computer Name = Metro-HP | Source = Service Control Manager | ID = 7000
Description = Spustenie služby SafetyNut Manager zlyhalo kvôli nasledujúcej chybe:
%%2

Error - 24.2.2014 19:25:22 | Computer Name = Metro-HP | Source = DCOM | ID = 10010
Description =

Error - 25.2.2014 12:07:16 | Computer Name = Metro-HP | Source = Service Control Manager | ID = 7000
Description = Spustenie služby DgiVecp zlyhalo kvôli nasledujúcej chybe: %%2

Error - 25.2.2014 12:07:17 | Computer Name = Metro-HP | Source = Service Control Manager | ID = 7000
Description = Spustenie služby SafetyNut Manager zlyhalo kvôli nasledujúcej chybe:
%%2

Error - 25.2.2014 15:39:24 | Computer Name = Metro-HP | Source = DCOM | ID = 10010
Description =

Error - 26.2.2014 16:09:59 | Computer Name = Metro-HP | Source = Service Control Manager | ID = 7000
Description = Spustenie služby DgiVecp zlyhalo kvôli nasledujúcej chybe: %%2

Error - 26.2.2014 16:09:59 | Computer Name = Metro-HP | Source = Service Control Manager | ID = 7000
Description = Spustenie služby SafetyNut Manager zlyhalo kvôli nasledujúcej chybe:
%%2


< End of report >

Re: Prosím o kontrolu, (NTB z druhej ruky)

Napsal: 26 úno 2014 22:30
od godfather13
Log z RSIT

Logfile of random's system information tool 1.09 (written by random/random)
Run by Keramont at 2014-02-26 22:29:48
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 8 GB (11%) free of 74 GB
Total RAM: 5611 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:29:53, on 26. 2. 2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Keramont.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IMPI Helper - {17E113E6-CD0E-4045-B154-65F0E57959EF} - C:\Program Files\IMPI\Extension32.dll (file missing)
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coIEPlg.dll
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - (no file)
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coIEPlg.dll
O4 - HKLM\..\Run: [3200 Scan2PC] "C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Keramont\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IMPI Updater - Unknown owner - C:\Program Files\IMPI\ExtensionUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: SafetyNut Manager (SafetyNutManager) - Unknown owner - C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11356 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
winlogon.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files\IDT\WDM\STacSV64.exe"
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 23596272
\??\C:\Windows\system32\conhost.exe "6526607771664111827-1713997569-312513542-204610512-928925605-944975354311348603
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe"
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
C:\Windows\SysWOW64\ezSharedSvcHost.exe
"C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe"
"C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe"
"C:\Program Files\IMPI\ExtensionUpdaterService.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\diMaster.dll" /prefetch:1
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2352
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"taskhost.exe"
"C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe" /c /a /s UserSession
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
"C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
taskeng.exe {C17702B3-EAD7-4866-80D9-FBB405B24946}
"C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"G:\DOWNLOAD\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\HPCeeScheduleForKeramont.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Keramont\AppData\Roaming\Mozilla\Firefox\Profiles\8ra28ait.Tomáš

"{17E113E6-CD0E-4045-B154-65F0E57959EF}"=C:\Program Files\IMPI\Firefox


[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 12.0.0.70 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.5.1]
"Description"=
"Path"=C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.8]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0]
"Description"=WildTangent Games App Presence Detector Plugin
"Path"=C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 12.0.0.70 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.17.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coIEPlg.dll [2013-10-06 769360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
SteadyVideoBHO Class - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-07 81024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-03-25 551840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-03-25 209824]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17E113E6-CD0E-4045-B154-65F0E57959EF}]
IMPI - C:\Program Files\IMPI\Extension32.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coIEPlg.dll [2013-10-06 526672]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Norton Vulnerability Protection - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\IPS\IPSBHO.DLL [2013-09-29 388504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}]
CIESpeechBHO Class - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-06-14 51872]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-07-07 157680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coIEPlg.dll [2013-10-06 769360]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coIEPlg.dll [2013-10-06 526672]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-06-10 2799912]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2010-12-17 525312]
"AthBtTray"=C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [2011-06-14 795808]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=C:\Users\Keramont\AppData\Roaming\uTorrent\uTorrent.exe [2013-05-26 1043536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2013-12-18 40312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAMNGR]
C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\DATAMN~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easybits Recovery]
C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [2011-05-17 61112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Quick Launch]
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [2011-04-08 586808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPOSD]
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [2011-06-13 336440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPQuickWebProxy]
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [2011-06-27 168504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InboxToolbar]
C:\Program Files (x86)\Inbox Toolbar\Inbox.exe /STARTUP []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2011-03-04 2741616]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe /WinStart []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
C:\Windows\Samsung\PanelMgr\SSMMgr.exe [2010-10-28 618496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefault]
C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [2011-06-27 42808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-07-05 336384]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"3200 Scan2PC"=C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe [2010-05-18 1989120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"=C:\Windows\SysWow64\EZUPBH~1.DLL [2011-08-07 52920]
"UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"= []
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0
"DisableChangePassword"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"HideFastUserSwitching"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"EnableShellExecuteHooks"=1
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"midi2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2014-02-16 14:02:38 ----SHD---- C:\$RECYCLE.BIN
2014-02-16 14:02:34 ----D---- C:\Windows\temp
2014-02-16 14:02:32 ----A---- C:\ComboFix.txt
2014-02-15 18:05:48 ----A---- C:\Windows\zip.exe
2014-02-15 18:05:48 ----A---- C:\Windows\SWSC.exe
2014-02-15 18:05:48 ----A---- C:\Windows\SWREG.exe
2014-02-15 18:05:48 ----A---- C:\Windows\sed.exe
2014-02-15 18:05:48 ----A---- C:\Windows\PEV.exe
2014-02-15 18:05:48 ----A---- C:\Windows\NIRCMD.exe
2014-02-15 18:05:48 ----A---- C:\Windows\MBR.exe
2014-02-15 18:05:48 ----A---- C:\Windows\grep.exe
2014-02-15 17:57:59 ----D---- C:\Qoobox
2014-02-15 17:57:29 ----D---- C:\Windows\erdnt
2014-02-14 18:32:55 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-02-12 12:42:39 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-02-12 12:42:39 ----A---- C:\Windows\system32\vbscript.dll
2014-02-12 12:41:01 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-02-12 12:41:01 ----A---- C:\Windows\system32\msrating.dll
2014-02-12 12:41:00 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-02-12 12:41:00 ----A---- C:\Windows\system32\ieui.dll
2014-02-12 12:40:59 ----A---- C:\Windows\system32\iernonce.dll
2014-02-12 12:40:59 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 12:40:59 ----A---- C:\Windows\system32\ie4uinit.exe
2014-02-12 12:40:58 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-02-12 12:40:58 ----A---- C:\Windows\system32\msfeeds.dll
2014-02-12 12:40:58 ----A---- C:\Windows\system32\jsproxy.dll
2014-02-12 12:40:57 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-02-12 12:40:57 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-02-12 12:40:57 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-02-12 12:40:57 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-02-12 12:40:57 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-02-12 12:40:57 ----A---- C:\Windows\system32\ieUnatt.exe
2014-02-12 12:40:57 ----A---- C:\Windows\system32\iesetup.dll
2014-02-12 12:40:57 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-02-12 12:40:57 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-02-12 12:40:55 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-02-12 12:40:55 ----A---- C:\Windows\system32\mshtml.dll
2014-02-12 12:40:54 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-02-12 12:40:54 ----A---- C:\Windows\system32\jscript9diag.dll
2014-02-12 12:40:54 ----A---- C:\Windows\system32\ieapfltr.dll
2014-02-12 12:40:53 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-02-12 12:40:53 ----A---- C:\Windows\system32\iertutil.dll
2014-02-12 12:40:52 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-02-12 12:40:52 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-02-12 12:40:52 ----A---- C:\Windows\system32\wininet.dll
2014-02-12 12:40:52 ----A---- C:\Windows\system32\urlmon.dll
2014-02-12 12:40:50 ----A---- C:\Windows\system32\ieframe.dll
2014-02-12 12:40:49 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-02-12 12:40:47 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-02-12 12:40:46 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-02-12 12:40:46 ----A---- C:\Windows\system32\jscript9.dll
2014-02-12 11:26:52 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2014-02-12 11:26:52 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2014-02-12 11:26:52 ----A---- C:\Windows\system32\msxml3r.dll
2014-02-12 11:26:52 ----A---- C:\Windows\system32\msxml3.dll
2014-02-12 11:26:43 ----A---- C:\Windows\SYSWOW64\secproc_isv.dll
2014-02-12 11:26:43 ----A---- C:\Windows\SYSWOW64\RMActivate_ssp_isv.exe
2014-02-12 11:26:43 ----A---- C:\Windows\SYSWOW64\RMActivate_ssp.exe
2014-02-12 11:26:43 ----A---- C:\Windows\SYSWOW64\RMActivate_isv.exe
2014-02-12 11:26:43 ----A---- C:\Windows\SYSWOW64\RMActivate.exe
2014-02-12 11:26:43 ----A---- C:\Windows\system32\secproc_isv.dll
2014-02-12 11:26:43 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 11:26:43 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 11:26:43 ----A---- C:\Windows\system32\RMActivate_isv.exe
2014-02-12 11:26:43 ----A---- C:\Windows\system32\RMActivate.exe
2014-02-12 11:26:42 ----A---- C:\Windows\SYSWOW64\secproc_ssp_isv.dll
2014-02-12 11:26:42 ----A---- C:\Windows\SYSWOW64\secproc_ssp.dll
2014-02-12 11:26:42 ----A---- C:\Windows\SYSWOW64\secproc.dll
2014-02-12 11:26:42 ----A---- C:\Windows\SYSWOW64\msdrm.dll
2014-02-12 11:26:42 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 11:26:42 ----A---- C:\Windows\system32\secproc_ssp.dll
2014-02-12 11:26:42 ----A---- C:\Windows\system32\secproc.dll
2014-02-12 11:26:42 ----A---- C:\Windows\system32\msdrm.dll
2014-02-12 11:26:40 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll
2014-02-12 11:26:39 ----A---- C:\Windows\SYSWOW64\d2d1.dll
2014-02-12 11:26:39 ----A---- C:\Windows\system32\d3d10warp.dll
2014-02-12 11:26:39 ----A---- C:\Windows\system32\d2d1.dll
2014-02-11 23:19:06 ----D---- C:\Users\Keramont\AppData\Roaming\steamvr
2014-02-07 23:07:28 ----D---- C:\Users\Keramont\AppData\Roaming\Malwarebytes
2014-02-07 23:07:14 ----D---- C:\ProgramData\Malwarebytes
2014-02-07 23:07:11 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-07 23:07:11 ----A---- C:\Windows\system32\drivers\mbam.sys
2014-02-07 16:04:41 ----D---- C:\rsit
2014-02-07 16:04:41 ----D---- C:\Program Files\trend micro
2014-02-02 14:10:48 ----D---- C:\The KMPlayer
2014-02-02 01:19:11 ----D---- C:\Program Files (x86)\Google
2014-02-01 21:07:33 ----D---- C:\AdwCleaner
2014-02-01 18:29:18 ----D---- C:\Program Files (x86)\Steam
2014-02-01 18:28:41 ----D---- C:\Program Files\CCleaner
2014-02-01 17:12:23 ----SHD---- C:\Windows\SYSWOW64\AI_RecycleBin
2014-02-01 17:12:21 ----D---- C:\Program Files (x86)\Reason

======List of files/folders modified in the last 1 month======

2014-02-26 22:29:53 ----D---- C:\Windows\Prefetch
2014-02-26 21:27:27 ----SHD---- C:\System Volume Information
2014-02-26 21:25:29 ----D---- C:\Users\Keramont\AppData\Roaming\uTorrent
2014-02-26 21:24:11 ----D---- C:\Windows\system32\config
2014-02-23 12:41:03 ----D---- C:\Windows\System32
2014-02-23 12:41:03 ----D---- C:\Windows\inf
2014-02-23 12:41:03 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-02-22 13:28:30 ----D---- C:\Windows\Minidump
2014-02-22 13:26:15 ----D---- C:\Windows\LiveKernelReports
2014-02-21 22:02:29 ----D---- C:\Windows\SysWOW64
2014-02-21 22:02:25 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-02-17 10:27:18 ----D---- C:\Windows\system32\MRT
2014-02-17 10:24:38 ----D---- C:\Windows\debug
2014-02-17 10:24:33 ----A---- C:\Windows\system32\MRT.exe
2014-02-16 14:02:36 ----D---- C:\Windows\system32\drivers
2014-02-16 14:02:34 ----D---- C:\Windows
2014-02-16 13:57:17 ----A---- C:\Windows\system.ini
2014-02-16 13:57:00 ----D---- C:\Windows\system32\drivers\etc
2014-02-16 13:51:42 ----D---- C:\Windows\SYSWOW64\drivers
2014-02-16 13:51:42 ----D---- C:\Windows\AppPatch
2014-02-16 13:51:41 ----D---- C:\Program Files (x86)\Common Files
2014-02-15 18:15:23 ----D---- C:\ProgramData
2014-02-15 18:15:22 ----D---- C:\Program Files\IMPI
2014-02-15 17:44:11 ----D---- C:\Windows\Logs
2014-02-14 20:25:04 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-14 20:25:03 ----D---- C:\Program Files (x86)
2014-02-14 12:19:27 ----D---- C:\Windows\rescache
2014-02-14 11:33:04 ----RSD---- C:\Windows\assembly
2014-02-14 11:33:04 ----D---- C:\Windows\Microsoft.NET
2014-02-14 10:30:33 ----D---- C:\Windows\winsxs
2014-02-13 23:30:47 ----SHD---- C:\Windows\Installer
2014-02-13 23:30:26 ----D---- C:\ProgramData\Microsoft Help
2014-02-13 21:03:41 ----D---- C:\Windows\SYSWOW64\sk-SK
2014-02-13 21:03:40 ----D---- C:\Windows\system32\sk-SK
2014-02-13 21:03:17 ----D---- C:\Windows\system32\catroot
2014-02-12 15:57:02 ----D---- C:\Program Files (x86)\Internet Explorer
2014-02-12 15:57:01 ----D---- C:\Program Files\Internet Explorer
2014-02-12 12:45:43 ----A---- C:\Windows\win.ini
2014-02-12 12:43:26 ----D---- C:\Windows\system32\catroot2
2014-02-11 22:34:41 ----D---- C:\Users\Keramont\AppData\Roaming\vlc
2014-02-08 16:47:31 ----D---- C:\Windows\Tasks
2014-02-08 16:47:31 ----D---- C:\Windows\system32\Tasks
2014-02-08 11:20:07 ----D---- C:\ProgramData\Wincert
2014-02-07 16:04:41 ----RD---- C:\Program Files
2014-02-07 15:46:25 ----D---- C:\Users\Keramont\AppData\Roaming\DAEMON Tools Lite
2014-02-07 15:40:42 ----D---- C:\Windows\Panther
2014-02-07 15:40:42 ----D---- C:\Windows\ModemLogs
2014-02-06 19:27:26 ----D---- C:\Users\Keramont\AppData\Roaming\Skype
2014-02-05 20:48:17 ----SD---- C:\Users\Keramont\AppData\Roaming\Microsoft
2014-02-02 11:13:33 ----D---- C:\Program Files (x86)\MarkAny
2014-02-01 21:42:29 ----D---- C:\Users\Keramont\AppData\Roaming\Samsung
2014-02-01 21:42:29 ----D---- C:\Program Files (x86)\Samsung
2014-02-01 21:42:26 ----D---- C:\Windows\system32\DriverStore
2014-02-01 21:40:50 ----D---- C:\ProgramData\Samsung
2014-02-01 21:40:49 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-02-01 21:30:12 ----D---- C:\Program Files (x86)\PC Connectivity Solution
2014-02-01 21:30:09 ----DC---- C:\Windows\system32\DRVSTORE
2014-02-01 21:27:14 ----D---- C:\Program Files (x86)\Nero
2014-02-01 21:25:42 ----D---- C:\ProgramData\Nero
2014-02-01 18:37:58 ----D---- C:\Program Files (x86)\SystemRequirementsLab
2014-02-01 17:36:47 ----SD---- C:\ProgramData\Microsoft
2014-02-01 17:36:47 ----D---- C:\Program Files (x86)\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys [2011-04-16 79488]
R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys [2011-04-16 40064]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2012-07-03 198944]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2013-03-02 834544]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\N360x64\1501000.012\SYMDS64.SYS [2013-09-10 493656]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\N360x64\1501000.012\SYMEFA64.SYS [2013-09-27 1147480]
R1 BHDrvx64;BHDrvx64; \??\C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [2013-12-18 1526488]
R1 ccSet_N360;N360 Settings Manager; C:\Windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys [2013-09-26 162392]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-07 283200]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2013-11-22 484952]
R1 IDSVia64;IDSVia64; \??\C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140225.001\IDSvia64.sys [2014-01-28 521944]
R1 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\N360x64\1501000.012\SRTSP64.SYS [2013-09-27 858200]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS [2013-09-10 36952]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS [2013-09-27 264280]
R1 SymNetS;Symantec Network Security WFP Driver; C:\Windows\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS [2013-09-26 590936]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2009-11-17 11576]
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-07-06 9359872]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-07-06 309760]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-04-21 2727424]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
R3 BTATH_BUS;Atheros Bluetooth Bus; C:\Windows\system32\DRIVERS\btath_bus.sys [2011-06-14 30368]
R3 clwvd;CyberLink WebCam Virtual Driver; C:\Windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-22 137648]
R3 NAVENG;NAVENG; \??\C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140226.001\ENG64.SYS [2014-02-06 126040]
R3 NAVEX15;NAVEX15; \??\C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140226.001\EX64.SYS [2014-02-06 2099288]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver; C:\Windows\system32\DRIVERS\RtsPStor.sys [2011-01-13 333928]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-11-30 412264]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10322; C:\Windows\system32\DRIVERS\stwrt64.sys [2010-12-17 520192]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2013-11-17 177752]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-06-10 1451056]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2010-12-16 47232]
S2 DgiVecp;DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys []
S3 AthBTPort;Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2011-06-14 36000]
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2009-06-10 1311232]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2011-06-14 330400]
S3 btath_avdt;Atheros Bluetooth AVDT Service; C:\Windows\system32\drivers\btath_avdt.sys [2011-06-14 110240]
S3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\Windows\system32\DRIVERS\btath_hcrp.sys [2011-06-14 167072]
S3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2011-06-14 68256]
S3 BTATH_RCP;Bluetooth AVRCP Device; C:\Windows\system32\DRIVERS\btath_rcp.sys [2011-06-14 280992]
S3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2011-06-14 496800]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [2010-05-01 20568]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys []
S3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys []
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys []
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver; C:\Windows\system32\DRIVERS\silabenm.sys [2011-08-08 27336]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver; C:\Windows\system32\DRIVERS\silabser.sys [2011-08-08 70656]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 taphss6;Anchorfree HSS VPN Adapter; C:\Windows\system32\DRIVERS\taphss6.sys [2013-04-24 42184]
S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [2010-05-01 16392]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-18 65432]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-07-06 204288]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-05 365568]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-06-14 138400]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2011-06-14 97952]
R2 ezSharedSvc;Easybits Services for Windows; C:\Windows\syswow64\ezSharedSvcHost.exe [2010-04-23 514232]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 HPClientSvc;HP Client Services; C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-03-14 197504]
R2 HPWMISVC;HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-04-08 26680]
R2 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-01-14 1751656]
R2 IMPI Updater;IMPI Updater; C:\Program Files\IMPI\ExtensionUpdaterService.exe [2013-02-05 185856]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2011-03-04 73728]
R2 N360;Norton 360; C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe [2013-10-08 264360]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10122; C:\Program Files\IDT\WDM\STacSV64.exe [2010-12-17 276992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-02 116648]
S2 SafetyNutManager;SafetyNut Manager; C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe []
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21 257928]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-02 116648]
S3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2012-03-14 994176]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-02-06 111616]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-02-14 118896]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-01-27 571816]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-07-06 1255736]
S4 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service; C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2007-02-22 2217416]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Re: Prosím o kontrolu, (NTB z druhej ruky)

Napsal: 26 úno 2014 22:57
od godfather13
Log z OTL: OTL.txt

Bohužial som log vypol a nevedel som ho nájsť... tu je Log z druhého scanu:
1.časť
OTL logfile created on: 26.2.2014 22:34:33 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Keramont\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000405 | Country: Slovensko | Language: SKY | Date Format: d. M. yyyy

5,48 Gb Total Physical Memory | 3,45 Gb Available Physical Memory | 62,93% Memory free
5,97 Gb Paging File | 3,99 Gb Available in Paging File | 66,96% Paging File free
Paging file location(s): c:\pagefile.sys 500 1000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 71,90 Gb Total Space | 8,17 Gb Free Space | 11,37% Space Free | Partition Type: NTFS
Drive E: | 3,96 Gb Total Space | 1,10 Gb Free Space | 27,79% Space Free | Partition Type: FAT32
Drive G: | 304,86 Gb Total Space | 164,72 Gb Free Space | 54,03% Space Free | Partition Type: NTFS
Drive H: | 301,18 Gb Total Space | 236,88 Gb Free Space | 78,65% Space Free | Partition Type: NTFS

Computer Name: METRO-HP | User Name: Keramont | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014.02.18 22:29:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Keramont\Desktop\OTL.exe
PRC - [2014.02.14 18:33:03 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.12.18 10:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.10.08 13:05:13 | 000,264,360 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
PRC - [2013.02.05 16:50:10 | 000,185,856 | ---- | M] () -- C:\Program Files\IMPI\ExtensionUpdaterService.exe
PRC - [2012.03.14 09:28:28 | 000,197,504 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011.06.15 16:58:28 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011.06.14 16:19:42 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011.04.08 11:01:16 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011.01.14 03:27:26 | 001,751,656 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
PRC - [2010.05.18 07:46:01 | 001,989,120 | ---- | M] () -- C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
PRC - [2010.04.23 11:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010.04.23 11:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe


========== Modules (No Company Name) ==========

MOD - [2014.02.14 18:33:03 | 003,578,992 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.09.05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010.05.18 07:46:01 | 001,989,120 | ---- | M] () -- C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
MOD - [2009.11.19 13:10:25 | 001,384,520 | ---- | M] () -- C:\Windows\twain_32\Samsung\SCX3200\SSOle.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014.02.06 11:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013.05.27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013.02.05 16:50:10 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\IMPI\ExtensionUpdaterService.exe -- (IMPI Updater)
SRV:64bit: - [2011.07.06 08:08:26 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.07.05 10:27:04 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010.12.17 12:41:36 | 000,276,992 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010.10.11 01:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014.02.21 22:02:27 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.02.14 18:33:03 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014.01.27 20:02:50 | 000,571,816 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.12.18 10:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.10.08 13:05:13 | 000,264,360 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe -- (N360)
SRV - [2012.03.14 09:28:28 | 000,197,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011.06.21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011.06.14 16:19:42 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011.06.14 16:18:06 | 000,097,952 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011.04.08 11:01:16 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011.01.14 03:27:26 | 001,751,656 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010.10.12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.02.22 18:53:16 | 002,217,416 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe -- (AcronisOSSReinstallSvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.11.17 12:17:50 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013.09.27 04:18:30 | 001,147,480 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2013.09.27 03:45:56 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2013.09.27 03:26:03 | 000,858,200 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013.09.26 04:28:00 | 000,590,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\symnets.sys -- (SymNetS)
DRV:64bit: - [2013.09.26 03:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\ccSetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013.09.10 03:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymDS64.sys -- (SymDS)
DRV:64bit: - [2013.09.10 02:49:49 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013.04.24 20:28:08 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013.03.02 12:25:29 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012.07.07 12:27:29 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.07.03 11:42:30 | 000,198,944 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.08.08 09:45:30 | 000,070,656 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\silabser.sys -- (silabser)
DRV:64bit: - [2011.08.08 09:45:30 | 000,027,336 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\silabenm.sys -- (silabenm)
DRV:64bit: - [2011.08.08 00:16:01 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.08.08 00:16:01 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.07.06 08:50:28 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.07.06 07:32:20 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.06.14 16:18:32 | 000,496,800 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011.06.14 16:18:32 | 000,280,992 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011.06.14 16:18:30 | 000,167,072 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011.06.14 16:18:30 | 000,068,256 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011.06.14 16:18:30 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011.06.14 16:18:30 | 000,030,368 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011.06.14 16:18:28 | 000,330,400 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011.06.14 16:18:28 | 000,110,240 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2011.06.10 03:19:54 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.04.21 19:17:10 | 002,727,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.04.16 11:37:50 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011.04.16 11:37:50 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011.01.13 01:10:44 | 000,333,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010.12.17 12:41:36 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010.12.16 20:06:46 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010.11.30 23:02:54 | 000,412,264 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.17 17:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.07.28 08:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010.05.01 07:51:28 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.05.01 07:51:14 | 000,020,568 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2010.02.18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.11.17 01:16:43 | 000,011,576 | R--- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014.02.06 11:02:32 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140226.001\ex64.sys -- (NAVEX15)
DRV - [2014.02.06 11:02:32 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140226.001\eng64.sys -- (NAVENG)
DRV - [2014.01.28 21:33:34 | 000,521,944 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140225.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013.12.18 01:32:10 | 001,526,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013.11.22 20:14:14 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013.11.22 20:14:14 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010.05.01 07:51:28 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009.10.28 06:09:33 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... -SearchBox
IE:64bit: - HKLM\..\SearchScopes\{AC13CD5A-A2FF-4831-89E5-2D751C88BDA2}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_i ... earchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{AC13CD5A-A2FF-4831-89E5-2D751C88BDA2}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_i ... earchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1200702374-1131186070-1473926133-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.sk/
IE - HKU\S-1-5-21-1200702374-1131186070-1473926133-1002\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1200702374-1131186070-1473926133-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... -SearchBox
IE - HKU\S-1-5-21-1200702374-1131186070-1473926133-1002\..\SearchScopes\{AC13CD5A-A2FF-4831-89E5-2D751C88BDA2}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_i ... earchTerms}
IE - HKU\S-1-5-21-1200702374-1131186070-1473926133-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Keramont\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{17E113E6-CD0E-4045-B154-65F0E57959EF}: C:\PROGRAM FILES\IMPI\FIREFOX [2013.03.02 15:55:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{17E113E6-CD0E-4045-B154-65F0E57959EF}: C:\Program Files\IMPI\Firefox [2013.03.02 15:55:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2014.02.26 21:10:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013.11.17 12:26:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2014.02.01 17:16:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keramont\AppData\Roaming\mozilla\Extensions
[2013.12.16 23:07:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keramont\AppData\Roaming\mozilla\Firefox\C\Users\Keramont\AppData\Roaming\Mozilla\Profiles\f1e7uxgr.KERAMONT\extensions
[2013.12.16 23:07:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keramont\AppData\Roaming\mozilla\Firefox\C\Users\Keramont\AppData\Roaming\Mozilla\Profiles\f1e7uxgr.KERAMONT\extensions\{9572F96B-8DD3-0D00-CE9F-956955F73C86}
[2013.05.26 13:18:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keramont\AppData\Roaming\mozilla\Firefox\C\Users\Keramont\AppData\Roaming\Mozilla\Profiles\f1e7uxgr.KERAMONT\extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}
[2014.02.26 21:16:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keramont\AppData\Roaming\mozilla\Firefox\Profiles\8ra28ait.Tomáš\extensions
[2013.03.25 07:29:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keramont\AppData\Roaming\mozilla\Firefox\Profiles\Keramont\AppData\Roaming\Mozilla\Profiles\f1e7uxgr.KERAMONT\extensions
[2014.02.01 17:17:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keramont\AppData\Roaming\mozilla\Profiles\f1e7uxgr.KERAMONT\extensions
[2014.01.28 21:14:43 | 000,000,000 | ---D | M] (Lišta Centrum.cz) -- C:\Users\Keramont\AppData\Roaming\mozilla\Profiles\f1e7uxgr.KERAMONT\extensions\toolbar@centrumholdings.com
[2014.02.26 21:16:44 | 000,957,290 | ---- | M] () (No name found) -- C:\Users\Keramont\AppData\Roaming\mozilla\firefox\profiles\8ra28ait.Tomáš\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014.02.14 18:32:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014.02.14 18:33:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: Dokumenty Google = C:\Users\Keramont\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Disk Google = C:\Users\Keramont\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Keramont\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Vyhledávání Google = C:\Users\Keramont\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Norton Identity Protection = C:\Users\Keramont\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.4.11_0\
CHR - Extension: Peněženka Google = C:\Users\Keramont\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Keramont\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2014.02.16 13:57:00 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (IMPI) - {17E113E6-CD0E-4045-B154-65F0E57959EF} - C:\Program Files\IMPI\Extension32.dll File not found
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
O2 - BHO: (no name) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No CLSID value found.
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\IPS\ipsbho.dll (Symantec Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [3200 Scan2PC] C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe ()
O4 - HKU\S-1-5-21-1200702374-1131186070-1473926133-1002..\Run: [uTorrent] C:\Users\Keramont\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1200702374-1131186070-1473926133-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1200702374-1131186070-1473926133-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1200702374-1131186070-1473926133-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1200702374-1131186070-1473926133-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-1200702374-1131186070-1473926133-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 147.175.167.251 147.175.189.200
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37C87C63-6CE5-46CB-8CCB-22E1611E0999}: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74820A10-E001-4B40-904A-623F62A5144F}: DhcpNameServer = 195.34.133.21 212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9686DD36-2123-4FE8-8EE9-91BC8FEDC82E}: DhcpNameServer = 147.175.167.251 147.175.189.200
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O28 - HKLM ShellExecuteHooks: UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2014.02.19 23:05:38 | 000,000,000 | ---D | C] -- C:\Users\Keramont\Desktop\MECHANIKA
[2014.02.19 22:06:37 | 000,000,000 | R--D | C] -- C:\Users\Keramont\Desktop\WINRAM-
[2014.02.18 22:30:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Keramont\Desktop\OTL.exe
[2014.02.16 14:02:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014.02.16 14:02:34 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014.02.15 18:05:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014.02.15 18:05:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014.02.15 18:05:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014.02.15 17:57:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014.02.15 17:57:29 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014.02.15 17:54:16 | 005,183,211 | R--- | C] (Swearware) -- C:\Users\Keramont\Desktop\ComboFix.exe
[2014.02.14 18:32:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014.02.14 17:18:59 | 000,000,000 | ---D | C] -- C:\Users\Keramont\AppData\Local\EdgeOfReality
[2014.02.12 12:42:39 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014.02.12 12:41:01 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014.02.12 12:41:01 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014.02.12 12:41:00 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014.02.12 12:41:00 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014.02.12 12:40:59 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014.02.12 12:40:59 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014.02.12 12:40:59 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014.02.12 12:40:58 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014.02.12 12:40:57 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014.02.12 12:40:57 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014.02.12 12:40:57 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014.02.12 12:40:57 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014.02.12 12:40:57 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014.02.12 12:40:57 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014.02.12 12:40:57 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014.02.12 12:40:57 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014.02.12 12:40:55 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014.02.12 12:40:54 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014.02.12 12:40:54 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014.02.12 12:40:54 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014.02.12 12:40:51 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014.02.12 12:40:51 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014.02.12 12:40:46 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014.02.12 11:26:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014.02.12 11:26:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014.02.12 11:26:43 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2014.02.12 11:26:43 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2014.02.12 11:26:43 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2014.02.12 11:26:43 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2014.02.12 11:26:43 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2014.02.12 11:26:43 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2014.02.12 11:26:43 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2014.02.12 11:26:43 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2014.02.12 11:26:43 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2014.02.12 11:26:43 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2014.02.12 11:26:42 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2014.02.12 11:26:42 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2014.02.12 11:26:42 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2014.02.12 11:26:42 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2014.02.12 11:26:42 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2014.02.12 11:26:42 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2014.02.12 11:26:42 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2014.02.12 11:26:39 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014.02.12 11:26:39 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014.02.11 23:19:06 | 000,000,000 | ---D | C] -- C:\Users\Keramont\AppData\Roaming\steamvr
[2014.02.08 14:06:03 | 000,000,000 | ---D | C] -- C:\Users\Keramont\Desktop\RK_Quarantine
[2014.02.07 23:07:28 | 000,000,000 | ---D | C] -- C:\Users\Keramont\AppData\Roaming\Malwarebytes
[2014.02.07 23:07:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014.02.07 23:07:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014.02.07 23:07:11 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014.02.07 23:07:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014.02.07 21:30:17 | 000,000,000 | ---D | C] -- C:\Users\Keramont\Desktop\CrystalDiskInfo5_0_0
[2014.02.07 16:04:41 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014.02.07 16:04:41 | 000,000,000 | ---D | C] -- C:\rsit
[2014.02.02 22:20:25 | 000,000,000 | R--D | C] -- C:\Users\Keramont\Desktop\SOFT
[2014.02.02 14:11:13 | 000,000,000 | ---D | C] -- C:\Users\Keramont\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
[2014.02.02 14:10:48 | 000,000,000 | ---D | C] -- C:\The KMPlayer
[2014.02.02 12:24:30 | 000,000,000 | ---D | C] -- C:\Users\Keramont\AppData\Local\{0393131A-19B8-4E42-9179-DCFAB8D67712}
[2014.02.02 01:20:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014.02.02 01:19:11 | 000,000,000 | ---D | C] -- C:\Users\Keramont\AppData\Local\Google
[2014.02.02 01:19:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014.02.01 21:07:33 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.02.01 18:43:09 | 000,000,000 | ---D | C] -- C:\Users\Keramont\AppData\Local\Ubisoft
[2014.02.01 18:35:43 | 000,000,000 | ---D | C] -- C:\Users\Keramont\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2014.02.01 18:29:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2014.02.01 18:29:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2014.02.01 18:29:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2014.02.01 18:28:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014.02.01 18:28:41 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014.02.01 17:12:23 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2014.02.01 17:12:21 | 000,000,000 | ---D | C] -- C:\Users\Keramont\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Should I Remove It
[2014.02.01 17:12:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reason

========== Files - Modified Within 30 Days ==========

[2014.02.26 22:36:25 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014.02.26 22:34:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.02.26 22:02:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.02.26 21:34:05 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.02.26 21:18:16 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.02.26 21:18:16 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.02.26 21:09:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.02.26 21:09:36 | 117,628,927 | -HS- | M] () -- C:\hiberfil.sys
[2014.02.23 12:41:03 | 000,688,402 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.02.23 12:41:03 | 000,152,728 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.02.23 12:41:03 | 000,006,394 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.02.21 22:02:25 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014.02.21 22:02:25 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014.02.18 22:29:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Keramont\Desktop\OTL.exe
[2014.02.16 13:57:00 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014.02.15 16:35:18 | 005,183,211 | R--- | M] (Swearware) -- C:\Users\Keramont\Desktop\ComboFix.exe
[2014.02.11 20:51:04 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKeramont.job
[2014.02.11 19:04:10 | 000,096,440 | ---- | M] () -- C:\Users\Keramont\Desktop\rozvrh.pdf
[2014.02.09 14:13:05 | 000,073,819 | ---- | M] () -- C:\Users\Keramont\Desktop\267949_1872483543612_2563168_n.jpg
[2014.02.09 14:11:22 | 000,155,132 | ---- | M] () -- C:\Users\Keramont\Desktop\264624_1872477143452_3687824_n.jpg
[2014.02.08 17:10:39 | 000,228,127 | ---- | M] () -- C:\Users\Keramont\Desktop\r.jpg
[2014.02.08 17:06:14 | 000,084,757 | ---- | M] () -- C:\Users\Keramont\Desktop\AJ.jpg
[2014.02.08 14:55:12 | 000,022,503 | ---- | M] () -- C:\Users\Keramont\Desktop\foto.pl
[2014.02.08 14:52:20 | 000,009,708 | ---- | M] () -- C:\Users\Keramont\Desktop\foto.pl.jpg
[2014.02.08 14:05:11 | 003,809,792 | ---- | M] () -- C:\Users\Keramont\Desktop\RogueKiller.exe
[2014.02.07 23:07:15 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014.02.07 21:28:25 | 001,166,132 | ---- | M] () -- C:\Users\Keramont\Desktop\adwcleaner.exe
[2014.02.07 16:01:17 | 000,047,760 | ---- | M] () -- C:\Users\Keramont\Documents\cc_20140207_160113.reg
[2014.02.07 16:00:38 | 000,461,844 | ---- | M] () -- C:\Users\Keramont\Documents\cc_20140207_160026.reg
[2014.02.06 12:30:12 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014.02.06 12:07:39 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014.02.06 12:06:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014.02.06 11:56:03 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014.02.06 11:52:11 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014.02.06 11:49:03 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014.02.06 11:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014.02.06 11:48:11 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014.02.06 11:32:49 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014.02.06 11:17:15 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014.02.06 11:11:37 | 005,768,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014.02.06 11:01:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014.02.06 11:00:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014.02.06 10:57:13 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014.02.06 10:52:21 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014.02.06 10:50:32 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014.02.06 10:49:22 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014.02.06 10:47:22 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014.02.06 10:46:27 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014.02.06 10:25:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014.02.06 10:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014.02.06 09:40:06 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014.02.06 09:34:31 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014.02.03 16:37:02 | 000,000,667 | ---- | M] () -- C:\Users\Keramont\Desktop\DOWNLOAD.lnk
[2014.02.01 18:35:43 | 000,000,222 | ---- | M] () -- C:\Users\Keramont\Desktop\Might & Magic Duel of Champions.url
[2014.02.01 18:29:18 | 000,000,933 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk

Re: Prosím o kontrolu, (NTB z druhej ruky)

Napsal: 26 úno 2014 22:58
od godfather13
Druhá časť logu:

========== Files Created - No Company Name ==========

[2014.02.18 22:34:44 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014.02.15 18:05:48 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014.02.15 18:05:48 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014.02.15 18:05:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014.02.15 18:05:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014.02.15 18:05:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014.02.11 19:04:05 | 000,096,440 | ---- | C] () -- C:\Users\Keramont\Desktop\rozvrh.pdf
[2014.02.09 14:13:05 | 000,073,819 | ---- | C] () -- C:\Users\Keramont\Desktop\267949_1872483543612_2563168_n.jpg
[2014.02.09 14:11:22 | 000,155,132 | ---- | C] () -- C:\Users\Keramont\Desktop\264624_1872477143452_3687824_n.jpg
[2014.02.08 17:10:39 | 000,228,127 | ---- | C] () -- C:\Users\Keramont\Desktop\r.jpg
[2014.02.08 17:06:14 | 000,084,757 | ---- | C] () -- C:\Users\Keramont\Desktop\AJ.jpg
[2014.02.08 14:55:12 | 000,022,503 | ---- | C] () -- C:\Users\Keramont\Desktop\foto.pl
[2014.02.08 14:52:20 | 000,009,708 | ---- | C] () -- C:\Users\Keramont\Desktop\foto.pl.jpg
[2014.02.08 14:05:27 | 003,809,792 | ---- | C] () -- C:\Users\Keramont\Desktop\RogueKiller.exe
[2014.02.07 23:07:15 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014.02.07 21:29:30 | 001,166,132 | ---- | C] () -- C:\Users\Keramont\Desktop\adwcleaner.exe
[2014.02.07 16:01:15 | 000,047,760 | ---- | C] () -- C:\Users\Keramont\Documents\cc_20140207_160113.reg
[2014.02.07 16:00:30 | 000,461,844 | ---- | C] () -- C:\Users\Keramont\Documents\cc_20140207_160026.reg
[2014.02.03 16:37:02 | 000,000,667 | ---- | C] () -- C:\Users\Keramont\Desktop\DOWNLOAD.lnk
[2014.02.02 01:19:18 | 000,000,940 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.02.02 01:19:13 | 000,000,936 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.02.01 18:35:43 | 000,000,222 | ---- | C] () -- C:\Users\Keramont\Desktop\Might & Magic Duel of Champions.url
[2014.02.01 18:29:18 | 000,000,933 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2013.06.11 22:30:29 | 000,000,152 | ---- | C] () -- C:\ProgramData\ir2of7.reg
[2012.07.06 13:36:35 | 000,485,240 | ---- | C] () -- C:\Windows\ssndii.exe
[2012.07.06 13:36:06 | 000,116,600 | ---- | C] () -- C:\Windows\Wiainst.exe
[2012.07.03 17:05:15 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2012.07.03 17:05:01 | 000,008,855 | ---- | C] () -- C:\Windows\mozver.dat

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.12.17 20:39:07 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\AnvSoft
[2013.06.20 14:45:23 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\BSplayer
[2014.02.07 15:46:25 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\DAEMON Tools Lite
[2013.06.20 14:46:37 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\EurekaLog
[2013.03.23 14:35:53 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\GHISLER
[2012.07.04 18:26:26 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\IDT
[2013.01.27 18:54:10 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\Opera
[2012.08.31 17:10:56 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\PC Suite
[2012.07.06 13:24:16 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\PDF Writer
[2014.02.01 21:42:29 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\Samsung
[2014.02.11 23:19:06 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\steamvr
[2012.07.03 11:39:13 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\Synaptics
[2012.07.06 14:01:52 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\TeamViewer
[2012.10.02 19:04:54 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\TuneUp Software
[2013.09.13 16:46:36 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\Unity
[2013.06.20 14:16:02 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\URSoft
[2014.02.26 21:25:29 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\uTorrent
[2012.09.16 16:11:10 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\Windows Live Writer
[2013.03.14 18:36:22 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\_MDLogs

========== Purity Check ==========



========== Custom Scans ==========

< >
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,552 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.07.04 15:24:28 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.07.08 21:43:32 | 000,000,344 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForKeramont.job
[2014.02.02 01:19:13 | 000,000,936 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2014.02.02 01:19:18 | 000,000,940 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< >

< MD5 for: ATAPI.SYS >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010.11.21 04:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010.11.21 04:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2010.11.21 04:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010.11.21 04:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2010.11.21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010.11.21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010.11.21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2011.08.08 00:13:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.08.08 00:13:09 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011.08.08 00:13:09 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.08.08 00:13:09 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.08.08 00:13:09 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.08.08 00:13:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.08.08 00:13:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: HAL.DLL >
[2010.11.21 04:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\SysNative\hal.dll
[2010.11.21 04:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll

< MD5 for: SCECLI.DLL >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache86\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\erdnt\cache64\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SVCHOST.EXE >
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2012.10.03 18:56:54 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[2013.05.08 07:14:42 | 001,900,392 | ---- | M] (Microsoft Corporation) MD5=3E94650745D4DAB67E161F5F32CEA597 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22319_none_11d29984961f0be0\tcpip.sys
[2013.09.08 03:30:37 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\erdnt\cache64\tcpip.sys
[2013.09.08 03:30:37 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\SysNative\drivers\tcpip.sys
[2013.09.08 03:30:37 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_1118bb977d265d27\tcpip.sys
[2010.11.21 04:24:08 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2013.09.07 03:27:48 | 001,896,896 | ---- | M] (Microsoft Corporation) MD5=75F9106B74585D38C8FF6BB5CAD262D7 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_11ad2a34963bde27\tcpip.sys
[2012.08.22 19:06:13 | 001,901,936 | ---- | M] (Microsoft Corporation) MD5=7880A26B7D3B96FDA8EFD9F985036B1D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_117a13de9661c145\tcpip.sys
[2012.03.30 11:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2011.09.15 10:37:03 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2013.05.08 07:39:01 | 001,910,632 | ---- | M] (Microsoft Corporation) MD5=9849EA3843A2ADBDD1497E97A85D8CAE -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18148_none_11278ac57d1aa96b\tcpip.sys
[2012.03.30 12:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2013.07.06 06:20:38 | 001,900,992 | ---- | M] (Microsoft Corporation) MD5=B27F13153343BC37A27EAE01634D94E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_1190b9b296509a2f\tcpip.sys
[2013.01.03 07:00:54 | 001,913,192 | ---- | M] (Microsoft Corporation) MD5=B62A953F2BF3922C8764A29C34A22899 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_112187237d20143a\tcpip.sys
[2011.09.15 10:37:03 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2013.01.04 06:47:43 | 001,901,416 | ---- | M] (Microsoft Corporation) MD5=B8C1AAC0523E1C33AEB0EF7572144BA2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_11dd678a9616f2c8\tcpip.sys
[2011.08.08 00:13:25 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=CB6A53EF141CC3DA32DA54F7E75D301B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21687_none_118505f696597a9d\tcpip.sys
[2012.10.03 18:44:29 | 001,902,472 | ---- | M] (Microsoft Corporation) MD5=D5707FC2300AA5B04B7BFE86D40C0133 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys
[2013.07.06 07:03:53 | 001,910,208 | ---- | M] (Microsoft Corporation) MD5=DB74544B75566C974815E79A62433F29 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_114dcae97cfeb81b\tcpip.sys
[2011.08.08 00:13:25 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=DC08410DB2D0CC542DACAC7A90E6CB7A -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17582_none_10f667b97d405c20\tcpip.sys
[2013.11.26 12:34:34 | 001,897,408 | ---- | M] (Microsoft Corporation) MD5=F55B41AA6114568AC558ADBABDA85620 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22525_none_11c3cc3c962abcc3\tcpip.sys
[2012.08.22 19:12:50 | 001,913,200 | ---- | M] (Microsoft Corporation) MD5=F782CAD3CEDBB3F9FFE3BF2775D92DDC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_113380f37d117668\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< >

< %systemroot%*.* /U /s >
[5 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[4 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[3 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\b036952dd59f1df01327b63a2db9ca0a\*.tmp files -> C:\Windows\SoftwareDistribution\Download\b036952dd59f1df01327b63a2db9ca0a\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2012.07.08 11:56:50 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\Adobe
[2012.10.06 09:21:27 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\Ahead
[2013.12.17 20:39:07 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\AnvSoft
[2012.08.30 15:35:10 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\Atheros
[2012.07.03 11:40:14 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\ATI
[2013.06.20 14:45:23 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\BSplayer
[2012.07.03 17:06:57 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\CyberLink
[2014.02.07 15:46:25 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\DAEMON Tools Lite
[2013.10.01 19:47:01 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\dvdcss
[2013.06.20 14:46:37 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\EurekaLog
[2013.03.23 14:35:53 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\GHISLER
[2012.07.08 21:41:57 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\Hewlett-Packard
[2012.07.08 21:42:17 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\hpqLog
[2012.07.03 11:38:48 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\Identities
[2012.07.04 18:26:26 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\IDT
[2012.07.06 13:36:37 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\InstallShield
[2012.07.03 16:43:16 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\Macromedia
[2014.02.07 23:07:28 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\Malwarebytes
[2011.09.15 10:33:34 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\Media Center Programs
[2014.02.05 20:48:17 | 000,000,000 | --SD | M] -- C:\Users\Keramont\AppData\Roaming\Microsoft
[2013.02.11 21:13:02 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\Mozilla
[2013.11.20 15:31:41 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\NCH Software
[2012.10.07 17:49:57 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\Nero
[2013.01.27 18:54:10 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\Opera
[2012.08.31 17:10:56 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\PC Suite
[2012.07.06 13:24:16 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\PDF Writer
[2014.02.01 21:42:29 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\Samsung
[2014.02.06 19:27:26 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\Skype
[2014.02.11 23:19:06 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\steamvr
[2012.07.03 11:39:13 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\Synaptics
[2012.07.03 17:05:15 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\Talkback
[2012.07.06 14:01:52 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\TeamViewer
[2012.10.02 19:04:54 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\TuneUp Software
[2013.09.13 16:46:36 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\Unity
[2013.06.20 14:16:02 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\URSoft
[2014.02.26 21:25:29 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\uTorrent
[2014.02.11 22:34:41 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\vlc
[2012.09.16 16:11:10 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\Windows Live Writer
[2012.07.07 16:53:46 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\WinRAR
[2013.03.14 18:36:22 | 000,000,000 | ---D | M] -- C:\Users\Keramont\AppData\Roaming\_MDLogs

< %APPDATA%\*.exe /s >
[2009.08.11 20:21:26 | 000,087,552 | ---- | M] () -- C:\Users\Keramont\AppData\Roaming\BSplayer\AC3 Filter\ac3config.exe
[2009.08.11 20:21:30 | 000,090,112 | ---- | M] () -- C:\Users\Keramont\AppData\Roaming\BSplayer\AC3 Filter\spdif_test.exe
[2010.03.22 13:52:04 | 000,697,690 | ---- | M] () -- C:\Users\Keramont\AppData\Roaming\BSplayer\AC3 Filter\unins000.exe
[2012.10.11 08:01:20 | 001,175,371 | ---- | M] () -- C:\Users\Keramont\AppData\Roaming\BSplayer\FFDShow\unins000.exe
[2010.08.14 09:42:54 | 000,113,152 | ---- | M] () -- C:\Users\Keramont\AppData\Roaming\BSplayer\Haali media splitter\dsmux.exe
[2010.08.14 09:45:10 | 000,358,400 | ---- | M] () -- C:\Users\Keramont\AppData\Roaming\BSplayer\Haali media splitter\gdsmux.exe
[2010.08.14 09:42:06 | 000,137,728 | ---- | M] () -- C:\Users\Keramont\AppData\Roaming\BSplayer\Haali media splitter\mkv2vfr.exe
[2010.09.30 14:30:22 | 000,042,305 | ---- | M] () -- C:\Users\Keramont\AppData\Roaming\BSplayer\Haali media splitter\uninstall.exe
[2014.02.01 17:12:21 | 000,017,542 | R--- | M] () -- C:\Users\Keramont\AppData\Roaming\Microsoft\Installer\{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}\ShouldIRemoveIt.exe
[2014.02.01 17:12:21 | 000,014,534 | R--- | M] () -- C:\Users\Keramont\AppData\Roaming\Microsoft\Installer\{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}\SystemFoldermsiexec.exe
[2011.06.28 06:32:22 | 081,122,288 | ---- | M] (Samsung Electronics Co., Ltd. ) -- C:\Users\Keramont\AppData\Roaming\Microsoft\Windows\Templates\SamsungKiesSetup.exe
[2013.05.26 13:18:00 | 001,043,536 | ---- | M] (BitTorrent Inc.) -- C:\Users\Keramont\AppData\Roaming\uTorrent\uTorrent.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2014.02.26 22:02:02 | 000,000,830 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2014.02.26 21:34:05 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2014.02.26 22:34:00 | 000,000,940 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2014.02.11 20:51:04 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\HPCeeScheduleForKeramont.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >

< %SYSTEMDRIVE%\*.exe >

< >

< *crack* /s >

< *keygen* /s >

< *AntiWPA* /s >

< *loader* /s >
[2013.08.19 21:28:54 | 000,006,820 | ---- | M] () -- \AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\SafetyNut\SRTOOL~1\IE\chrome\skin\lib\panels\images\ajax-loader.gif.vir
[2013.11.22 15:02:12 | 000,257,536 | ---- | M] () -- \Program Files (x86)\AnvSoft\Any Video Converter\avcdownloader.dll
[2013.09.17 10:35:38 | 000,005,932 | ---- | M] () -- \Program Files (x86)\AnvSoft\Any Video Converter\plugins\loader.avsi
[2013.03.09 08:17:04 | 000,268,440 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll
[2013.03.09 08:17:04 | 000,019,080 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2010.08.23 09:07:00 | 000,053,248 | ---- | M] () -- \Program Files (x86)\CyberLink\YouCam\Koan\pyloader.dll
[2011.06.15 16:58:26 | 000,015,118 | ---- | M] () -- \Program Files (x86)\CyberLink\YouCam\subsys\Uploader\PyUploader.kc
[2011.06.15 16:58:26 | 000,175,200 | ---- | M] () -- \Program Files (x86)\CyberLink\YouCam\subsys\Uploader\_PyUploader.pyd
[2010.09.08 14:53:28 | 000,167,720 | ---- | M] () -- \Program Files (x86)\CyberLink\YouCam\subsys\YouCam\CES_3DLoaderC3S.dll
[2010.09.08 14:53:28 | 002,525,480 | ---- | M] () -- \Program Files (x86)\CyberLink\YouCam\subsys\YouCam\CES_3DLoaderFBX.dll
[2011.06.27 16:08:58 | 000,053,248 | ---- | M] () -- \Program Files (x86)\Hewlett-Packard\HP Setup\ContentDownloader.exe
[2011.02.23 17:12:16 | 000,005,974 | ---- | M] () -- \Program Files (x86)\Hewlett-Packard\HP Setup\ContentDownloader.exe.config
[2010.10.15 16:58:50 | 000,001,012 | ---- | M] () -- \Program Files (x86)\HP Games\onplay\downloader_bg_400.gif
[2013.03.25 07:38:27 | 000,007,697 | ---- | M] () -- \Program Files (x86)\Java\jdk1.6.0\demo\jvmti\hprof\src\hprof_loader.c
[2013.03.25 07:38:27 | 000,002,173 | ---- | M] () -- \Program Files (x86)\Java\jdk1.6.0\demo\jvmti\hprof\src\hprof_loader.h
[2011.10.08 01:34:22 | 000,008,787 | ---- | M] () -- \Program Files (x86)\Rockstar Games\Social Club\UI\images\loaderLargeBlue.gif
[2011.10.08 01:34:22 | 000,008,787 | ---- | M] () -- \Program Files (x86)\Rockstar Games\Social Club\UI\images\loaderLargeGrey.gif
[2011.10.08 01:34:22 | 000,001,737 | ---- | M] () -- \Program Files (x86)\Rockstar Games\Social Club\UI\images\loaderSmallBlue.gif
[2011.10.08 01:34:22 | 000,001,737 | ---- | M] () -- \Program Files (x86)\Rockstar Games\Social Club\UI\images\loaderSmallGold.gif
[2013.10.23 21:07:40 | 000,007,825 | ---- | M] () -- \Program Files (x86)\Steam\remoteui\static\libs\images\ajax-loader.gif
[2011.03.01 19:52:02 | 000,411,888 | ---- | M] () -- \Program Files (x86)\WildTangent Games\App\WTDownloader.exe
[2010.11.03 22:17:00 | 000,002,193 | ---- | M] () -- \Program Files (x86)\WildTangent Games\App\UI\GamePlay_Loader.html
[2011.02.16 20:02:14 | 000,009,072 | ---- | M] () -- \Program Files (x86)\WildTangent Games\App\UI\Scripts\gameplay_loader.js
[2010.11.03 22:17:00 | 000,002,355 | ---- | M] () -- \Program Files (x86)\WildTangent Games\App\UI\Skins\default\gameplay_loader.css
[2013.03.09 08:52:18 | 000,364,168 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll
[2013.03.09 08:52:18 | 000,019,080 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2013.03.25 07:50:06 | 000,000,948 | ---- | M] () -- \Program Files\Java\jdk1.7.0_17\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-loaders.xml
[2013.03.25 07:50:06 | 000,000,411 | ---- | M] () -- \Program Files\Java\jdk1.7.0_17\lib\visualvm\platform\config\Modules\org-openide-loaders.xml
[2013.03.25 07:50:07 | 001,170,520 | ---- | M] () -- \Program Files\Java\jdk1.7.0_17\lib\visualvm\platform\modules\org-openide-loaders.jar
[2013.03.25 07:50:06 | 000,006,244 | ---- | M] () -- \Program Files\Java\jdk1.7.0_17\lib\visualvm\platform\modules\locale\org-openide-loaders_ja.jar
[2013.03.25 07:50:06 | 000,005,873 | ---- | M] () -- \Program Files\Java\jdk1.7.0_17\lib\visualvm\platform\modules\locale\org-openide-loaders_zh_CN.jar
[2013.03.25 07:50:07 | 000,000,457 | ---- | M] () -- \Program Files\Java\jdk1.7.0_17\lib\visualvm\platform\update_tracking\org-openide-loaders.xml
[2012.06.09 18:19:37 | 000,055,296 | ---- | M] () -- \Program Files\WinRAR\Formats\ace32loader.exe
[2012.06.18 12:39:40 | 000,072,638 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.gif
[2012.06.18 12:39:40 | 000,003,032 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.png
[2008.02.25 07:05:22 | 000,856,064 | ---- | M] () -- \The KMPlayer\ImLoader.dll
[2012.06.18 12:39:40 | 000,072,638 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.gif
[2012.06.18 12:39:40 | 000,003,032 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.png
[2012.07.07 12:27:50 | 000,057,728 | ---- | M] () -- \Users\Keramont\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\dt_dadget_loader.png
[2012.07.07 12:27:50 | 000,057,728 | ---- | M] () -- \Users\Keramont\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\dt_dadget_loader.png
[2012.07.07 12:27:50 | 000,057,728 | ---- | M] () -- \Users\Keramont\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\dt_dadget_loader.png
[2012.07.07 12:27:50 | 000,057,728 | ---- | M] () -- \Users\Keramont\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin3\dt_dadget_loader.png
[2012.07.07 12:27:51 | 000,057,728 | ---- | M] () -- \Users\Keramont\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin4\dt_dadget_loader.png
[2012.07.07 12:27:51 | 000,061,770 | ---- | M] () -- \Users\Keramont\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin5\dt_dadget_loader.png
[2012.07.07 12:27:51 | 000,061,770 | ---- | M] () -- \Users\Keramont\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin6\dt_dadget_loader.png
[2010.03.24 19:35:48 | 000,018,264 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109A20000000100000000F01FEC\14.0.4763\FL_VSTOLoaderUI_dll_amd64_ln.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25
[2010.03.24 19:12:34 | 000,018,264 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109A20000000100000000F01FEC\14.0.4763\FL_VSTOLoaderUI_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25
[2010.10.07 03:36:40 | 000,018,264 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109A20000000100000000F01FEC\14.0.4763\FL_VSTOLoaderUI_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8.923C1899_09AE_418B_B39D_A7A9EB6A7951
[2010.03.24 19:35:48 | 000,370,512 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109A20000000100000000F01FEC\14.0.4763\VSTOLoader_dll_amd64.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25
[2010.03.24 19:12:34 | 000,249,680 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109A20000000100000000F01FEC\14.0.4763\VSTOLoader_dll_x86.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25
[2010.10.07 03:36:40 | 000,265,552 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109A20000000100000000F01FEC\14.0.4763\VSTOLoader_dll_x86.3643236F_FC70_11D3_A536_0090278A1BB8.923C1899_09AE_418B_B39D_A7A9EB6A7951
[2013.03.09 08:17:04 | 000,019,080 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109A20000000100000000F01FEC\14.0.7015\FL_VSTOLoaderUI_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25
[2013.03.09 08:17:04 | 000,268,440 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109A20000000100000000F01FEC\14.0.7015\VSTOLoader_dll_x86.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25
[2013.08.02 02:48:15 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2011.02.02 14:31:20 | 000,012,532 | ---- | M] () -- \Windows\System32\Adobe\Shockwave 11\shockwave_Projector_Loader.dcr
[2013.08.02 02:48:15 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2011.02.02 14:31:20 | 000,012,532 | ---- | M] () -- \Windows\SysWOW64\Adobe\Shockwave 11\shockwave_Projector_Loader.dcr
[2009.07.14 02:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009.07.14 02:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:21:03 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.20 19:38:32 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17932_none_68c05c919281774d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:38:48 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_68a2edab92971725\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:38:44 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 03:12:19 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:12:44 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_691eb3faabbf8f66\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.20 19:09:47 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22091_none_6907efc6abd0db81\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:35:00 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_6957a248ab947a6d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:39:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_69239340abbb38d0\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 06:32:07 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22209_none_6971452eab80a50e\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.07.08 06:11:20 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22379_none_692597a0abb965cc\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 07:20:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_695e76beab8ff095\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.29 03:18:31 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22436_none_694dd858ab9ba72a\api-ms-win-core-libraryloader-l1-1-0.dll
[2010.11.21 08:06:45 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a.manifest
[2010.11.21 08:06:45 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winload.efi.mui_35ee487d
[2010.11.21 08:06:45 | 000,033,344 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winload.exe.mui_3bc5b827
[2010.11.21 08:06:45 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winresume.efi.mui_f412814e
[2010.11.21 08:06:45 | 000,029,760 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winresume.exe.mui_ff8b5358
[2011.08.08 00:10:02 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2011.08.08 00:10:02 | 000,642,944 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.efi_75834aa0
[2011.08.08 00:10:02 | 000,605,552 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.exe_75835076
[2011.08.08 00:10:02 | 000,566,208 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.efi_85cd069f
[2011.08.08 00:10:02 | 000,518,672 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.exe_85cd1215
[2009.07.14 03:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 03:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2010.11.21 08:05:43 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a.manifest
[2010.11.21 04:16:35 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89.manifest
[2011.08.08 00:09:58 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2011.08.08 00:09:58 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e.manifest
[2009.07.14 03:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 05:15:45 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.20 18:32:13 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17932_none_0ca1c10dda240617\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 17:40:37 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_0c845227da39a5ef\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 05:45:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 02:48:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 05:36:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_0d001876f3621e30\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.20 18:23:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22091_none_0ce95442f3736a4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 17:29:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_0d3906c4f3370937\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 05:46:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_0d04f7bcf35dc79a\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 05:43:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22209_none_0d52a9aaf32333d8\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.07.08 05:59:24 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22379_none_0d06fc1cf35bf496\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 06:53:29 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_0d3fdb3af3327f5f\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.29 02:54:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22436_none_0d2f3cd4f33e35f4\api-ms-win-core-libraryloader-l1-1-0.dll

< *minodlogin* /s >

< *tnod* /s >

< *AutoKMS* /s >

< *activator* /s >
[2007.02.22 17:54:12 | 000,052,354 | ---- | M] () -- \Program Files (x86)\Acronis\Acronis Disk Director\oss_activator.config

< *serial* /s >
[2013.03.25 07:38:15 | 000,025,600 | ---- | M] () -- \Program Files (x86)\Java\jdk1.6.0\bin\serialver.exe
[2013.09.13 00:53:56 | 000,434,368 | ---- | M] () -- \Program Files (x86)\Microsoft Silverlight\5.1.20913.0\System.Runtime.Serialization.dll
[2013.10.11 18:51:12 | 001,164,288 | ---- | M] () -- \Program Files (x86)\Microsoft Silverlight\5.1.20913.0\System.Runtime.Serialization.ni.dll
[2012.10.05 11:53:23 | 000,970,752 | ---- | M] () -- \Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2014.02.08 01:33:49 | 000,712,704 | ---- | M] () -- \Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\dmserializers.dll
[2010.04.14 17:20:46 | 000,415,592 | ---- | M] () -- \Program Files (x86)\Windows Live\Mesh\System.Runtime.Serialization.dll
[2010.04.14 17:20:46 | 000,141,168 | ---- | M] () -- \Program Files (x86)\Windows Live\Mesh\System.Runtime.Serialization.Json.dll
[2010.04.14 17:20:46 | 000,321,376 | ---- | M] () -- \Program Files (x86)\Windows Live\Mesh\System.Xml.Serialization.dll
[2013.03.25 07:50:01 | 000,015,232 | ---- | M] () -- \Program Files\Java\jdk1.7.0_17\bin\serialver.exe
[2013.09.13 01:23:44 | 000,434,368 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.1.20913.0\System.Runtime.Serialization.dll
[2013.10.11 18:51:53 | 001,546,240 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.1.20913.0\System.Runtime.Serialization.ni.dll
[2012.10.05 11:52:37 | 000,847,872 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2009.06.10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2012.10.05 11:53:23 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2014.02.14 10:37:38 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\553e7bfc9cac5e4feaa83d8ee1e187bd\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.02.14 10:43:48 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f177ea74036d5fdc6c6b9c967dc877cf\System.Runtime.Serialization.ni.dll
[2014.02.14 10:33:19 | 000,396,288 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\8653acb87b4a219a84e4ce58df35e62a\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.02.14 11:19:16 | 003,073,536 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\b73fbf8a2db2192752ad2b13744a393b\System.Runtime.Serialization.ni.dll
[2014.02.14 10:56:28 | 000,311,296 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\046c2851963b30d0e14194051c03de33\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.02.14 10:57:12 | 002,659,328 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\be0a1bb51a0d8fb41140c8111ed56d19\System.Runtime.Serialization.ni.dll
[2014.02.14 11:01:41 | 000,009,216 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\bc1a3b2de28e513e09fe7322c122144f\System.Xml.Serialization.ni.dll
[2014.02.14 11:26:32 | 000,376,832 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\a6d5113221e92b37937dfa2725f37bf4\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.02.14 11:24:21 | 003,425,792 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\af2a6a583c4d46286e1454717cf4a0a8\System.Runtime.Serialization.ni.dll
[2014.02.14 11:32:40 | 000,010,240 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Serializ#\3655ae42bc2ca97104be3466dc2d33cc\System.Xml.Serialization.ni.dll
[2010.03.18 12:16:28 | 001,026,936 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.Runtime.Serialization.dll.amd64
[2010.03.18 12:16:28 | 001,026,936 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.Runtime.Serialization.dll.x86
[2014.02.13 23:25:00 | 000,122,264 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2014.02.13 23:24:56 | 001,039,040 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2014.02.13 23:25:12 | 000,011,120 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
[2009.06.10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2012.10.05 11:53:24 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2013.09.11 05:06:54 | 001,039,040 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2010.03.18 12:16:28 | 000,122,264 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2011.04.06 15:48:20 | 000,011,120 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll
[2009.06.10 21:40:06 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2012.10.05 11:52:38 | 000,847,872 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2013.09.11 05:06:54 | 001,039,040 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.dll
[2010.03.18 12:16:28 | 000,122,264 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2011.04.06 15:48:20 | 000,011,120 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.Serialization.dll
[2009.07.14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2009.07.14 01:00:40 | 000,094,208 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_amd64_neutral_fdcfb86ce78678d1\serial.sys
[2009.06.10 21:37:50 | 000,038,400 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_amd64_neutral_6fb75ea318f84fe5\grserial.sys
[2011.08.08 00:01:17 | 000,005,120 | ---- | M] () -- \Windows\System32\sk-SK\serialui.dll.mui
[2009.07.14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\SysWOW64\serialui.dll
[2011.08.08 00:01:17 | 000,005,120 | ---- | M] () -- \Windows\SysWOW64\sk-SK\serialui.dll.mui
[2011.08.08 00:01:15 | 000,005,120 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_sk-sk_d5f23af62a751552\serialui.dll.mui
[2009.07.14 02:41:54 | 000,017,920 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360\serialui.dll
[2010.11.21 08:06:21 | 000,010,240 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_64015f894ce7c72a\serial.sys.mui
[2009.07.14 01:00:40 | 000,094,208 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_548ca258d20f4ada\serial.sys
[2009.06.10 21:40:06 | 000,131,072 | ---- | M] () -- \Windows\winsxs\amd64_netfx-system.runtim..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_a9d1bee515273f56\System.Runtime.Serialization.Formatters.Soap.dll
[2009.06.10 21:37:50 | 000,038,400 | ---- | M] () -- \Windows\winsxs\amd64_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_ce9ed3064deed3aa\grserial.sys
[2010.11.21 04:24:53 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17514_none_5918bfde74e3f722\System.Runtime.Serialization.dll
[2012.10.05 11:52:38 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17966_none_591d933074dfaa5b\System.Runtime.Serialization.dll
[2012.10.05 11:56:11 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.22126_none_424bee728e8a9f53\System.Runtime.Serialization.dll
[2010.11.21 04:24:53 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_93efcca8c8dbf1bb\System.Runtime.Serialization.dll
[2012.10.05 11:52:37 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_93f49ffac8d7a4f4\System.Runtime.Serialization.dll
[2012.10.05 11:56:11 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_7d22fb3ce28299ec\System.Runtime.Serialization.dll
[2011.08.08 00:10:02 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8.manifest
[2011.08.08 00:10:02 | 000,017,792 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8_kdcom.dll_db5e7744
[2011.08.08 00:01:46 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_sk-sk_d5f23af62a751552_serialui.dll.mui_7d29d2a3
[2009.07.14 03:57:29 | 000,017,920 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360_serialui.dll_bea29328
[2011.08.08 00:01:46 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_sk-sk_79d39f727217a41c_serialui.dll.mui_7d29d2a3
[2009.07.14 03:58:37 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a_serialui.dll_bea29328
[2009.07.14 03:15:17 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_6daa7ec5c65bf5bc.manifest
[2011.08.08 00:09:58 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8.manifest
[2011.08.08 00:09:58 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.21655_none_703aeff2dc87a23b.manifest
[2009.07.14 03:11:30 | 000,000,868 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.1.7600.16385_none_88b1c48f2026fe3f.manifest
[2010.11.21 04:17:50 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17514_none_5918bfde74e3f722.manifest
[2012.10.05 19:18:30 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17966_none_591d933074dfaa5b.manifest
[2012.10.05 19:10:31 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.22126_none_424bee728e8a9f53.manifest
[2010.11.21 04:17:50 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_93efcca8c8dbf1bb.manifest
[2012.10.05 19:19:07 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_93f49ffac8d7a4f4.manifest
[2012.10.05 19:11:10 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_7d22fb3ce28299ec.manifest
[2010.11.21 04:17:50 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c.manifest
[2012.10.05 18:15:39 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17966_none_a683f56a74d63285.manifest
[2012.10.05 18:17:50 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22126_none_8fb250ac8e81277d.manifest
[2010.11.21 08:05:51 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_en-us_8f71d563bf7aa3c2.manifest
[2012.10.05 19:09:41 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17966_en-us_8f4bb639bfcd9db1.manifest
[2012.10.05 18:57:17 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22126_en-us_787a117bd97892a9.manifest
[2010.11.21 04:17:50 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f.manifest
[2012.10.05 18:15:03 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17966_none_d6c72b049c7d33b8.manifest
[2012.10.05 18:17:15 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22126_none_bff58646b62828b0.manifest
[2010.11.21 04:18:20 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1.manifest
[2012.10.05 18:19:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_dba1d6d1dd53cdfa.manifest
[2012.10.05 18:22:10 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_c4d03213f6fec2f2.manifest
[2009.06.10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll
[2010.11.21 04:24:53 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c\System.Runtime.Serialization.dll
[2012.10.05 11:53:24 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17966_none_a683f56a74d63285\System.Runtime.Serialization.dll
[2012.10.05 11:56:07 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22126_none_8fb250ac8e81277d\System.Runtime.Serialization.dll
[2010.11.21 04:24:53 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f\System.Runtime.Serialization.dll
[2012.10.05 11:53:23 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17966_none_d6c72b049c7d33b8\System.Runtime.Serialization.dll
[2012.10.05 11:56:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22126_none_bff58646b62828b0\System.Runtime.Serialization.dll
[2011.08.08 00:01:17 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_sk-sk_79d39f727217a41c\serialui.dll.mui
[2009.07.14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a\serialui.dll
[2010.11.21 04:25:11 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1\System.Runtime.Serialization.dll
[2012.10.05 11:53:23 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_dba1d6d1dd53cdfa\System.Runtime.Serialization.dll
[2012.10.05 11:56:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_c4d03213f6fec2f2\System.Runtime.Serialization.dll

< *w7lxe* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 6144 bytes -> C:\Windows\Cursors\arrow_n.cur:NEDTA.DAT
@Alternate Data Stream - 178 bytes -> C:\ProgramData\Temp:1CE11B51

< End of report >

Re: Prosím o kontrolu, (NTB z druhej ruky)

Napsal: 27 úno 2014 12:43
od Márty84
:!: Vypnete antivir, at nebrani programu v praci.
:arrow: Znovu spustte OTL jako spravce
Do spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[Purity]
[CreateRestorePoint]

:services
AdobeARMservice
IMPI Updater
gupdate
AdobeFlashPlayerUpdateSvc
gupdatem

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\HPCeeScheduleForKeramont.job

:otl
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{AC13CD5A-A2FF-4831-89E5-2D751C88BDA2}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{AC13CD5A-A2FF-4831-89E5-2D751C88BDA2}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
IE - HKU\S-1-5-21-1200702374-1131186070-1473926133-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1200702374-1131186070-1473926133-1002\..\SearchScopes\{AC13CD5A-A2FF-4831-89E5-2D751C88BDA2}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{17E113E6-CD0E-4045-B154-65F0E57959EF}: C:\PROGRAM FILES\IMPI\FIREFOX [2013.03.02 15:55:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{17E113E6-CD0E-4045-B154-65F0E57959EF}: C:\Program Files\IMPI\Firefox [2013.03.02 15:55:21 | 000,000,000 | ---D | M]
[2013.12.16 23:07:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keramont\AppData\Roaming\mozilla\Firefox\C\Users\Keramont\AppData\Roaming\Mozilla\Profiles\f1e7uxgr.KERAMONT\extensions\{9572F96B-8DD3-0D00-CE9F-956955F73C86}
[2013.05.26 13:18:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keramont\AppData\Roaming\mozilla\Firefox\C\Users\Keramont\AppData\Roaming\Mozilla\Profiles\f1e7uxgr.KERAMONT\extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}
O2 - BHO: (IMPI) - {17E113E6-CD0E-4045-B154-65F0E57959EF} - C:\Program Files\IMPI\Extension32.dll File not found
O2 - BHO: (no name) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - Reg Error: Key error. File not found
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[5 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[4 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[3 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\b036952dd59f1df01327b63a2db9ca0a\*.tmp files -> C:\Windows\SoftwareDistribution\Download\b036952dd59f1df01327b63a2db9ca0a\*.tmp -> ]
@Alternate Data Stream - 6144 bytes -> C:\Windows\Cursors\arrow_n.cur:NEDTA.DAT
@Alternate Data Stream - 178 bytes -> C:\ProgramData\Temp:1CE11B51

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17E113E6-CD0E-4045-B154-65F0E57959EF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] /64
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] /64
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync] /64
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAMNGR] /64
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InboxToolbar] /64
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] /64
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent] /64
Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

Re: Prosím o kontrolu, (NTB z druhej ruky)

Napsal: 27 úno 2014 13:43
od godfather13
Log z OTL:

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Keramont
->Temp folder emptied: 1455 bytes
->Temporary Internet Files folder emptied: 9018341 bytes
->Java cache emptied: 138740 bytes
->FireFox cache emptied: 380945082 bytes
->Google Chrome cache emptied: 46754593 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 9507 bytes

User: Metro
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 22428 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 153514 bytes
RecycleBin emptied: 14756 bytes

Total Files Cleaned = 417,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Keramont
->Flash cache emptied: 0 bytes

User: Metro

User: Public

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point
========== SERVICES/DRIVERS ==========
Service AdobeARMservice stopped successfully!
Service AdobeARMservice deleted successfully!
Service IMPI Updater stopped successfully!
Service IMPI Updater deleted successfully!
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service AdobeFlashPlayerUpdateSvc stopped successfully!
Service AdobeFlashPlayerUpdateSvc deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
C:\Windows\tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\tasks\HPCeeScheduleForKeramont.job moved successfully.
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AC13CD5A-A2FF-4831-89E5-2D751C88BDA2}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC13CD5A-A2FF-4831-89E5-2D751C88BDA2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AC13CD5A-A2FF-4831-89E5-2D751C88BDA2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC13CD5A-A2FF-4831-89E5-2D751C88BDA2}\ not found.
Registry key HKEY_USERS\S-1-5-21-1200702374-1131186070-1473926133-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1200702374-1131186070-1473926133-1002\Software\Microsoft\Internet Explorer\SearchScopes\{AC13CD5A-A2FF-4831-89E5-2D751C88BDA2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC13CD5A-A2FF-4831-89E5-2D751C88BDA2}\ not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{17E113E6-CD0E-4045-B154-65F0E57959EF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17E113E6-CD0E-4045-B154-65F0E57959EF}\ deleted successfully.
C:\Program Files\IMPI\Firefox\defaults\preferences folder moved successfully.
C:\Program Files\IMPI\Firefox\defaults folder moved successfully.
C:\Program Files\IMPI\Firefox\chrome\skin folder moved successfully.
C:\Program Files\IMPI\Firefox\chrome\locale\en-US folder moved successfully.
C:\Program Files\IMPI\Firefox\chrome\locale folder moved successfully.
C:\Program Files\IMPI\Firefox\chrome\content\resources folder moved successfully.
C:\Program Files\IMPI\Firefox\chrome\content\libraries folder moved successfully.
C:\Program Files\IMPI\Firefox\chrome\content folder moved successfully.
C:\Program Files\IMPI\Firefox\chrome folder moved successfully.
C:\Program Files\IMPI\Firefox folder moved successfully.
C:\Users\Keramont\AppData\Roaming\mozilla\Firefox\C\Users\Keramont\AppData\Roaming\Mozilla\Profiles\f1e7uxgr.KERAMONT\extensions\{9572F96B-8DD3-0D00-CE9F-956955F73C86} folder moved successfully.
C:\Users\Keramont\AppData\Roaming\mozilla\Firefox\C\Users\Keramont\AppData\Roaming\Mozilla\Profiles\f1e7uxgr.KERAMONT\extensions\{96f454ea-9d38-474f-b504-56193e00c1a5} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17E113E6-CD0E-4045-B154-65F0E57959EF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17E113E6-CD0E-4045-B154-65F0E57959EF}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}\ not found.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2403.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6631.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E22.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE475.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF334.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP962.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP9849.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPB183.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPF9C9.tmp folder deleted successfully.
C:\Windows\Installer\MSI4F42.tmp deleted successfully.
C:\Windows\Installer\MSIC9F7.tmp deleted successfully.
C:\Windows\Installer\MSIEBEA.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\b036952dd59f1df01327b63a2db9ca0a\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\b036952dd59f1df01327b63a2db9ca0a\$dpx$.tmp folder deleted successfully.
ADS C:\Windows\Cursors\arrow_n.cur:NEDTA.DAT deleted successfully.
ADS C:\ProgramData\Temp:1CE11B51 deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17E113E6-CD0E-4045-B154-65F0E57959EF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17E113E6-CD0E-4045-B154-65F0E57959EF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAMNGR\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InboxToolbar\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent\ deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 02272014_133508

Files\Folders moved on Reboot...
C:\Users\Keramont\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Keramont\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Re: Prosím o kontrolu, (NTB z druhej ruky)

Napsal: 27 úno 2014 14:00
od Márty84
:!: Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

:arrow: Prejmenujte ComboFix na Uninstall a spustte ho. CF by se mel odinstalovat.

:arrow:
vyosek píše: :arrow: T-Cleaner http://tharifas.sweb.cz/T-Cleaner.exe
  • Stahnete a spustte
  • Pro potvrzeni volby mackejte A, Enter
  • Po pouziti utilitu smazte
  • Antiviry mohou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
:arrow: Stahnete OTC http://oldtimer.geekstogo.com/OTC.exe , ulozte a spustte.
Kliknete na napis CleanUp a pote OK - Po uklidu dojde k restartu pc.

:arrow: Stahnete TFC http://oldtimer.geekstogo.com/TFC.exe , ulozte a spustte
Kliknete na START a pote OK - Po uklidu dojde k restartu pc.
Po pouziti muzete programek smazat

:arrow: Stahnete Ccleaner http://www.piriform.com/ccleaner/download/slim a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!

:arrow: Defragmentujte disk(y)
Stahnete program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




:arrow: Pak napiste, jak je na tom pc.
Všechny časy jsou v UTC+01:00
Stránka 2 z 3

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz