VIRY.CZ

Len tak som si prezrel log a čo som si všimol je, že

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 30312]
- žiadny SAMSUNG som nemal, neviem, čo to tam robí. Mal som tu síce nejaké programy na opravu smartfónu ale už sú zmazané.

R3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\program files\DU Meter\DUMETR32.SYS [x]
- program DUMeter som už odinštaloval dávno.

Zatiaľ ďakujem za trpezlivosť a pomoc

CarrioSs píše:R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 30312]
- žiadny SAMSUNG som nemal, neviem, čo to tam robí. Mal som tu síce nejaké programy na opravu smartfónu ale už sú zmazané.

Je to nejaky USB Driver http://translate.google.cz/translate?hl ... nnel%3Drcs
Nemel by delat potize, ale jestli to chcete odstranit....

CarrioSs píše:R3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\program files\DU Meter\DUMETR32.SYS [x]
- program DUMeter som už odinštaloval dávno.

To vyhodime pri konecnem vymazu.

Dejte novy log z RSIT

S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
- v tomto logu z RSIT, toto som tiež odinštaloval dávnejšie, alebo som to po nainštalovaní tohto OS už vôbec nemal (program Hamachi, ak je to k nemu)

Tu je celý log z RSIT. Teraz bol RSIT celkom rýchly na to, ako pomaly vypľul prvý log.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Andrej at 2014-04-19 14:11:55
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 272 GB (78%) free of 350 GB
Total RAM: 3071 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:12:05, on 19. 4. 2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Sticky Password\stpass.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\MediaMonkey\MediaMonkey (non-skinned).exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
C:\Users\Andrej\Desktop\RSIT.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Andrej.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [StickyPassword] "C:\Program Files\Sticky Password\stpass.exe" /autorunned
O4 - Startup: MediaMonkey.lnk = C:\Program Files\MediaMonkey\MediaMonkey.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 5862 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\g44kf4fq.default-1384441063421

prefs.js - "browser.startup.homepage" - "http://www.google.sk/"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.182 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.51.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\MsiExec.exe\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-12-18 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-12-18 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DDA57003-0068-4ed2-9D32-4D1EC707D94D}]
Microsoft Web Test Recorder 10.0 Helper - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2010-03-19 61360]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2013-09-12 5110672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"StickyPassword"=C:\Program Files\Sticky Password\stpass.exe [2014-01-20 8145208]

C:\Users\Andrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MediaMonkey.lnk - C:\Program Files\MediaMonkey\MediaMonkey.exe
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SynchronousMachineGroupPolicy"=1
"SynchronousUserGroupPolicy"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"VIDC.XFR1"=xfcodec.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"VIDC.FPS1"=frapsvid.dll
"wave9"=wdmaud.drv
"mixer9"=wdmaud.drv
"midi9"=wdmaud.drv
"VIDC.LAGS"=lagarith.dll
"VIDC.X264"=x264vfw.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.FFDS"=ff_vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.l3codecp"=l3codecp.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.txt - open - "C:\Program Files\PSPad editor\PSPad.exe" "%1"

======List of files/folders created in the last 1 month======

2014-04-19 12:36:38 ----A---- C:\ComboFix.txt
2014-04-19 12:33:19 ----D---- C:\$RECYCLE.BIN
2014-04-19 12:31:33 ----D---- C:\Windows\temp
2014-04-18 20:27:40 ----A---- C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-04-18 20:27:39 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-04-18 20:27:39 ----A---- C:\Windows\system32\drivers\TsUsbFlt.sys
2014-04-18 20:27:38 ----A---- C:\Windows\system32\wksprtPS.dll
2014-04-18 20:27:38 ----A---- C:\Windows\system32\wksprt.exe
2014-04-18 20:27:38 ----A---- C:\Windows\system32\TSWbPrxy.exe
2014-04-18 20:27:38 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-04-18 20:27:38 ----A---- C:\Windows\system32\tsgqec.dll
2014-04-18 20:27:38 ----A---- C:\Windows\system32\rdvidcrl.dll
2014-04-18 20:27:38 ----A---- C:\Windows\system32\mstscax.dll
2014-04-18 20:27:38 ----A---- C:\Windows\system32\mstsc.exe
2014-04-18 20:27:38 ----A---- C:\Windows\system32\MsRdpWebAccess.dll
2014-04-18 20:26:46 ----A---- C:\Windows\system32\nvStreaming.exe
2014-04-18 20:23:12 ----A---- C:\Windows\system32\vbscript.dll
2014-04-18 20:23:11 ----A---- C:\Windows\system32\ieui.dll
2014-04-18 20:23:06 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-04-18 20:23:06 ----A---- C:\Windows\system32\ieapfltr.dll
2014-04-18 20:23:05 ----A---- C:\Windows\system32\msrating.dll
2014-04-18 20:23:05 ----A---- C:\Windows\system32\msfeeds.dll
2014-04-18 20:23:05 ----A---- C:\Windows\system32\jsproxy.dll
2014-04-18 20:23:03 ----A---- C:\Windows\system32\ie4uinit.exe
2014-04-18 20:23:03 ----A---- C:\Windows\system32\dxtrans.dll
2014-04-18 20:23:03 ----A---- C:\Windows\system32\dxtmsft.dll
2014-04-18 20:23:02 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-18 20:23:02 ----A---- C:\Windows\system32\ieUnatt.exe
2014-04-18 20:23:02 ----A---- C:\Windows\system32\iesetup.dll
2014-04-18 20:23:02 ----A---- C:\Windows\system32\iernonce.dll
2014-04-18 20:23:01 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-18 20:23:01 ----A---- C:\Windows\system32\jscript9diag.dll
2014-04-18 20:23:01 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-04-18 20:23:01 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-04-18 20:22:58 ----A---- C:\Windows\system32\iertutil.dll
2014-04-18 20:22:57 ----A---- C:\Windows\system32\wininet.dll
2014-04-18 20:22:57 ----A---- C:\Windows\system32\urlmon.dll
2014-04-18 20:22:56 ----A---- C:\Windows\system32\ieframe.dll
2014-04-18 20:22:55 ----A---- C:\Windows\system32\mshtml.dll
2014-04-18 20:22:55 ----A---- C:\Windows\system32\jscript9.dll
2014-04-18 20:17:26 ----A---- C:\Windows\system32\TSWorkspace.dll
2014-04-18 19:49:02 ----A---- C:\Windows\zip.exe
2014-04-18 19:49:02 ----A---- C:\Windows\SWSC.exe
2014-04-18 19:49:02 ----A---- C:\Windows\SWREG.exe
2014-04-18 19:49:02 ----A---- C:\Windows\sed.exe
2014-04-18 19:49:02 ----A---- C:\Windows\PEV.exe
2014-04-18 19:49:02 ----A---- C:\Windows\NIRCMD.exe
2014-04-18 19:49:02 ----A---- C:\Windows\MBR.exe
2014-04-18 19:49:02 ----A---- C:\Windows\grep.exe
2014-04-18 19:48:52 ----D---- C:\Qoobox
2014-04-18 19:48:23 ----D---- C:\Windows\erdnt
2014-04-15 17:54:19 ----A---- C:\Windows\system32\drivers\mbam.sys
2014-04-15 17:54:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2014-04-14 16:52:13 ----D---- C:\AdwCleaner
2014-04-13 22:27:05 ----D---- C:\Program Files\trend micro
2014-04-13 22:27:04 ----D---- C:\rsit
2014-04-12 15:24:08 ----D---- C:\Windows\ERUNT
2014-04-09 16:37:52 ----A---- C:\Windows\system32\kernel32.dll
2014-04-09 16:37:49 ----A---- C:\Windows\system32\drivers\ntfs.sys
2014-04-09 16:37:43 ----A---- C:\Windows\system32\iologmsg.dll
2014-04-09 16:37:43 ----A---- C:\Windows\system32\drivers\storport.sys
2014-04-09 16:37:43 ----A---- C:\Windows\system32\drivers\msiscsi.sys
2014-04-09 16:37:43 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2014-04-04 13:18:45 ----A---- C:\Windows\zoek-delete.exe
2014-04-03 17:55:31 ----D---- C:\Program Files\Common Files\Java
2014-04-03 17:55:28 ----A---- C:\Windows\system32\javaws.exe
2014-04-03 17:55:23 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
2014-04-03 17:55:23 ----A---- C:\Windows\system32\javaw.exe
2014-04-03 17:55:23 ----A---- C:\Windows\system32\java.exe
2014-03-29 17:37:27 ----D---- C:\Program Files\Mozilla Firefox
2014-03-27 20:35:29 ----D---- C:\Program Files\Google
2014-03-23 20:55:30 ----D---- C:\Users\Andrej\AppData\Roaming\Autodesk
2014-03-23 20:55:30 ----D---- C:\ProgramData\Autodesk
2014-03-21 23:25:42 ----A---- C:\Windows\BALTIE.INI
2014-03-20 23:03:42 ----A---- C:\Windows\system32\nvopencl.dll
2014-03-20 23:03:42 ----A---- C:\Windows\system32\nvoglv32.dll
2014-03-20 23:03:42 ----A---- C:\Windows\system32\nvoglshim32.dll
2014-03-20 23:03:40 ----A---- C:\Windows\system32\nvinit.dll
2014-03-20 23:03:40 ----A---- C:\Windows\system32\NvIFR.dll
2014-03-20 23:03:40 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2014-03-20 23:03:38 ----A---- C:\Windows\system32\NvFBC.dll
2014-03-20 23:03:38 ----A---- C:\Windows\system32\nvdispgenco3233523.dll
2014-03-20 23:03:36 ----A---- C:\Windows\system32\nvdispco3233523.dll
2014-03-20 23:03:36 ----A---- C:\Windows\system32\nvd3dum.dll
2014-03-20 23:03:36 ----A---- C:\Windows\system32\nvcuvid.dll
2014-03-20 23:03:36 ----A---- C:\Windows\system32\nvcuvenc.dll
2014-03-20 23:03:36 ----A---- C:\Windows\system32\nvcuda.dll
2014-03-20 23:03:20 ----A---- C:\Windows\system32\nvcompiler.dll

======List of files/folders modified in the last 1 month======

2014-04-19 14:12:05 ----D---- C:\Windows\Prefetch
2014-04-19 14:10:06 ----D---- C:\Users\Andrej\AppData\Roaming\MediaMonkey
2014-04-19 13:27:27 ----D---- C:\Windows\system32\config
2014-04-19 12:36:59 ----D---- C:\Windows\System32
2014-04-19 12:36:59 ----D---- C:\Windows\inf
2014-04-19 12:36:59 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-04-19 12:36:42 ----D---- C:\Windows\system32\drivers
2014-04-19 12:33:20 ----D---- C:\Windows
2014-04-19 12:33:20 ----A---- C:\Windows\system.ini
2014-04-19 12:33:15 ----D---- C:\Windows\system32\drivers\etc
2014-04-19 12:32:43 ----D---- C:\ProgramData\NVIDIA
2014-04-19 12:28:33 ----D---- C:\Windows\AppPatch
2014-04-19 12:28:32 ----D---- C:\Program Files\Common Files
2014-04-19 12:21:16 ----D---- C:\Users\Andrej\AppData\Roaming\Xfire
2014-04-19 12:18:37 ----D---- C:\Windows\system32\catroot
2014-04-19 12:18:36 ----D---- C:\Windows\system32\catroot2
2014-04-19 12:18:35 ----D---- C:\Windows\winsxs
2014-04-18 20:29:27 ----D---- C:\Windows\system32\sk-SK
2014-04-18 20:29:27 ----D---- C:\Windows\system32\en-US
2014-04-18 20:29:27 ----D---- C:\Windows\system32\drivers\en-US
2014-04-18 20:29:26 ----D---- C:\Windows\system32\DriverStore
2014-04-18 20:29:26 ----D---- C:\Windows\PolicyDefinitions
2014-04-18 20:29:26 ----D---- C:\Program Files\Internet Explorer
2014-04-18 20:26:54 ----D---- C:\Program Files\NVIDIA Corporation
2014-04-18 20:22:42 ----SHD---- C:\System Volume Information
2014-04-18 20:09:40 ----D---- C:\Windows\Tasks
2014-04-18 19:59:07 ----D---- C:\ProgramData
2014-04-18 19:46:20 ----D---- C:\Users\Andrej\AppData\Roaming\TS3Client
2014-04-17 17:27:48 ----D---- C:\Users\Andrej\AppData\Roaming\Skype
2014-04-15 17:54:18 ----D---- C:\Program Files
2014-04-13 22:59:02 ----D---- C:\Windows\system32\Tasks
2014-04-13 21:00:02 ----D---- C:\Windows\system32\LogFiles
2014-04-13 01:18:42 ----D---- C:\Windows\Minidump
2014-04-12 17:33:51 ----D---- C:\Windows\rescache
2014-04-11 19:08:30 ----D---- C:\Windows\SoftwareDistribution
2014-04-11 19:07:59 ----D---- C:\Program Files\Steam
2014-04-11 17:37:35 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2014-04-10 11:16:59 ----D---- C:\Windows\debug
2014-04-09 16:41:03 ----D---- C:\Windows\system32\MRT
2014-04-09 16:38:53 ----A---- C:\Windows\system32\MRT.exe
2014-04-08 21:03:17 ----D---- C:\Windows\system32\NDF
2014-04-08 16:52:28 ----D---- C:\Program Files\MediaMonkey
2014-04-05 13:36:39 ----HD---- C:\Program Files\InstallShield Installation Information
2014-04-04 13:21:58 ----RSD---- C:\Windows\Media
2014-04-04 13:05:03 ----D---- C:\Program Files\Adobe
2014-04-03 17:55:40 ----D---- C:\ProgramData\Oracle
2014-04-03 17:55:32 ----SHD---- C:\Windows\Installer
2014-04-03 17:55:23 ----D---- C:\Program Files\Java
2014-04-03 17:02:32 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2014-04-01 19:10:40 ----D---- C:\ProgramData\Xfire
2014-03-31 11:21:10 ----D---- C:\Windows\system32\FxsTmp
2014-03-31 09:35:10 ----N---- C:\Windows\system32\MpSigStub.exe
2014-03-27 15:02:44 ----D---- C:\Windows\Logs
2014-03-26 18:33:23 ----D---- C:\Windows\system32\directx
2014-03-26 18:31:52 ----D---- C:\Riot Games
2014-03-26 14:11:12 ----D---- C:\Windows\Registration
2014-03-23 20:56:12 ----RD---- C:\Users
2014-03-23 20:43:12 ----D---- C:\ProgramData\Ubisoft
2014-03-23 20:37:27 ----D---- C:\Program Files\Microsoft SDKs
2014-03-23 16:45:36 ----D---- C:\Program Files\Common Files\Adobe
2014-03-23 16:45:06 ----D---- C:\ProgramData\Adobe
2014-03-23 16:44:34 ----D---- C:\Users\Andrej\AppData\Roaming\Adobe
2014-03-20 23:03:50 ----A---- C:\Windows\system32\OpenCL.dll
2014-03-20 23:03:48 ----A---- C:\Windows\system32\nvwgf2um.dll
2014-03-20 23:03:46 ----A---- C:\Windows\system32\nvumdshim.dll
2014-03-20 23:03:18 ----A---- C:\Windows\system32\nvapi.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2013-09-17 49240]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2014-01-29 436792]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2013-09-17 188808]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2013-09-17 134248]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2013-09-17 37416]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2013-09-17 174400]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2011-12-13 3921448]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2013-04-04 22856]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2013-09-17 161056]
R3 NVNET;NVIDIA nForce 10/100 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmf6232.sys [2010-08-12 298216]
S3 a10rp3up;a10rp3up; C:\Windows\system32\drivers\a10rp3up.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys [2011-05-13 30312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver; \??\C:\Program Files\DU Meter\DUMETR32.SYS []
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2013-07-11 14656]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
S3 mbr;mbr; \??\C:\Users\Andrej\AppData\Local\Temp\mbr.sys []
S3 msvad_simple;SoliCall; C:\Windows\system32\solicall.sys [2010-10-30 36568]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-14 347264]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 14848]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-05-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2011-05-13 114280]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 36352]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 VSPerfDrv100;Performance Tools Driver 10.0; \??\C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2009-12-08 48128]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
S4 RsFx0103;RsFx0103 Driver; C:\Windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2013-09-12 1337752]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2014-03-04 663896]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-03-04 411936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S3 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-11 257712]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-03-06 108032]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-07-03 1887520]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2014-01-27 571816]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-07-11 1343400]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

A MBAM jste odinstaloval? Taky tam porad vidim jeho stopy.

Jeste jeden sken a budem mazat.

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

Idem na to. V tom návode by ste to mali dať aj anglicky, najprv som hladal, čo presne mám označiť. (Scan All users, LOP Check, Purity Check, Run Scan)

MBAM odinštalujem, až po čistení. Samozrejme, je to dobrá vec na hľadanie vírusov.

EDIT: nechal som to spustené, hľadalo to asi tak 10-15 minút, potom to napísalo chybu, že nemôže vytvoriť CMD na ploche a zaseklo sa (procesor nepracoval, ani program... v spodnej lište sa už žiadne kontrolované súbory nemenili). Tak teraz čo?

CarrioSs píše:Idem na to. V tom návode by ste to mali dať aj anglicky, najprv som hladal, čo presne mám označiť. (Scan All users, LOP Check, Purity Check, Run Scan)

No ono to byva vetsinou cesky. Navic to neni zas tak tezke prelozit

CarrioSs píše:MBAM odinštalujem, až po čistení. Samozrejme, je to dobrá vec na hľadanie vírusov.

Muzete si ho i nechat, protoze nemate zapnuty stit. Ja se jen ptal, protoze nekdy i po odinstalaci zustane neco viset.

CarrioSs píše:EDIT: nechal som to spustené, hľadalo to asi tak 10-15 minút, potom to napísalo chybu, že nemôže vytvoriť CMD na ploche a zaseklo sa (procesor nepracoval, ani program... v spodnej lište sa už žiadne kontrolované súbory nemenili). Tak teraz čo?

Obcas se to stane, ze OTL tuhle chybku vyhodi

Spustte ho podle stejneho navodu jeste jednou, ale s timto upravenym skriptem

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

OTL logfile created on: 19. 4. 2014 21:55:44 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andrej\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

3,00 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 60,49% Memory free
6,00 Gb Paging File | 4,69 Gb Available in Paging File | 78,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 341,80 Gb Total Space | 266,36 Gb Free Space | 77,93% Space Free | Partition Type: NTFS
Drive D: | 908,97 Gb Total Space | 348,51 Gb Free Space | 38,34% Space Free | Partition Type: NTFS
Drive E: | 146,38 Gb Total Space | 146,29 Gb Free Space | 99,94% Space Free | Partition Type: NTFS

Computer Name: CHLAPCI-PC | User Name: Andrej | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/04/19 18:23:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andrej\Desktop\OTL.exe
PRC - [2014/03/29 17:37:35 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/03/04 14:34:44 | 000,943,048 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2014/03/04 13:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2014/01/20 15:14:30 | 008,145,208 | ---- | M] (Lamantine Software a.s.) -- C:\Program Files\Sticky Password\stpass.exe
PRC - [2013/09/12 13:06:22 | 001,337,752 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2013/09/12 13:06:06 | 005,110,672 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2013/07/15 18:28:43 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/21 06:10:10 | 003,560,832 | ---- | M] (Xfire Inc.) -- C:\Program Files\Xfire\Xfire.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2014/03/29 17:37:34 | 003,642,480 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2009/11/16 20:31:58 | 000,069,632 | ---- | M] () -- C:\Program Files\PSPad editor\PSPadShell.dll
MOD - [2009/08/16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

========== Services (SafeList) ==========

SRV - [2014/04/11 17:37:35 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/06 09:38:10 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/03/04 13:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014/01/27 21:02:50 | 000,571,816 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/12/21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/12 13:06:22 | 001,337,752 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2013/07/11 17:43:33 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013/07/03 23:32:38 | 001,887,520 | ---- | M] (NVIDIA Corporation) [On_Demand | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/05/27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2009/12/23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [On_Demand | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/07/14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\DU Meter\DUMETR32.SYS -- (DUMeterDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a2t8pqm8)
DRV - [2014/03/20 23:03:40 | 010,523,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2014/01/29 22:08:22 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2013/10/02 02:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2013/09/17 22:23:16 | 000,161,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2013/09/17 16:17:38 | 000,188,808 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2013/09/17 16:17:38 | 000,174,400 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2013/09/17 16:17:38 | 000,134,248 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2013/09/17 16:17:38 | 000,049,240 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2013/09/17 16:17:38 | 000,037,416 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV - [2013/07/11 16:38:25 | 000,014,656 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2011/05/13 04:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/05/13 04:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011/05/13 04:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011/05/13 04:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2011/05/13 04:21:04 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/11/20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/30 20:07:22 | 000,036,568 | ---- | M] (SoliCall) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\solicall.sys -- (msvad_simple)
DRV - [2010/08/12 12:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2009/12/08 22:24:26 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys -- (VSPerfDrv100)
DRV - [2009/07/14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/03/30 04:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-192481753-2911135653-3265923069-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 47 A1 B5 F8 FB CE 01 [binary data]
IE - HKU\S-1-5-21-192481753-2911135653-3265923069-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-192481753-2911135653-3265923069-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE11SR
IE - HKU\S-1-5-21-192481753-2911135653-3265923069-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... {startPage}
IE - HKU\S-1-5-21-192481753-2911135653-3265923069-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-192481753-2911135653-3265923069-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.sk/"
FF - prefs.js..extensions.enabledAddons: %7B54affe52-8223-453b-be1e-2fe2e250045c%7D:6.0.15.470
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\MsiExec.exe\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@stickypassword.com/Sticky Password: C:\Program Files\Sticky Password\npspAutofill.dll (Lamantine Software a.s.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013/12/23 11:49:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{54affe52-8223-453b-be1e-2fe2e250045c}: C:\Users\Andrej\AppData\Roaming\Lamantine\Sticky Password\spAutofill [2014/01/23 12:56:50 | 000,000,000 | ---D | M]

[2013/07/11 16:56:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrej\AppData\Roaming\mozilla\Extensions
[2014/03/21 19:44:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrej\AppData\Roaming\mozilla\Firefox\Profiles\g44kf4fq.default-1384441063421\extensions
[2014/02/26 21:13:52 | 000,957,290 | ---- | M] () (No name found) -- C:\Users\Andrej\AppData\Roaming\mozilla\firefox\profiles\g44kf4fq.default-1384441063421\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/03/29 17:37:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/03/29 17:37:35 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/01/23 12:56:50 | 000,000,000 | ---D | M] (Sticky Password Autofill Engine) -- C:\USERS\ANDREJ\APPDATA\ROAMING\LAMANTINE\STICKY PASSWORD\SPAUTOFILL

O1 HOSTS File: ([2014/04/19 12:33:15 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKU\S-1-5-21-192481753-2911135653-3265923069-1001..\Run: [StickyPassword] C:\Program Files\Sticky Password\stpass.exe (Lamantine Software a.s.)
O4 - Startup: C:\Users\Andrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MediaMonkey.lnk = C:\Program Files\MediaMonkey\MediaMonkey.exe (Ventis Media Inc.)
O4 - Startup: C:\Users\Andrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-192481753-2911135653-3265923069-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-192481753-2911135653-3265923069-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-192481753-2911135653-3265923069-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-192481753-2911135653-3265923069-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Google Search
O7 - HKU\S-1-5-21-192481753-2911135653-3265923069-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://www.google.com/search?q=%w
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7FC3EC2-2AE5-4147-A171-4CF9C8DEAED1}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (??????????)
O34 - HKLM BootExecute: (??)
O34 - HKLM BootExecute: (????????)
O34 - HKLM BootExecute: (?$)
O34 - HKLM BootExecute: ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.LAGS - C:\Windows\System32\lagarith.dll ( )
Drivers32: VIDC.X264 - C:\Windows\System32\x264vfw.dll (x264vfw project)
Drivers32: VIDC.XFR1 - C:\Windows\System32\xfcodec.dll ()
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2014/04/19 18:23:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Andrej\Desktop\OTL.exe
[2014/04/19 12:33:19 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2014/04/19 12:31:33 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/04/18 20:27:40 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2014/04/18 20:27:39 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2014/04/18 20:27:39 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2014/04/18 20:27:38 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdvidcrl.dll
[2014/04/18 20:27:38 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2014/04/18 20:27:38 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe
[2014/04/18 20:27:38 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2014/04/18 20:27:38 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll
[2014/04/18 20:27:38 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll
[2014/04/18 20:27:38 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2014/04/18 20:26:46 | 000,599,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvStreaming.exe
[2014/04/18 20:23:11 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/04/18 20:23:08 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/04/18 20:23:06 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/04/18 20:23:06 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014/04/18 20:23:05 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/04/18 20:23:05 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/04/18 20:23:05 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/04/18 20:23:03 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/04/18 20:23:03 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/04/18 20:23:03 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/04/18 20:23:02 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/04/18 20:23:02 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/04/18 20:23:02 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/04/18 20:23:02 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2014/04/18 20:23:01 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014/04/18 20:23:01 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014/04/18 20:23:01 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014/04/18 20:23:01 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014/04/18 20:22:57 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/04/18 20:22:55 | 004,254,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/04/18 20:17:26 | 000,792,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWorkspace.dll
[2014/04/18 19:59:36 | 000,000,000 | ---D | C] -- C:\Users\Andrej\AppData\Local\temp
[2014/04/18 19:49:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/04/18 19:49:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/04/18 19:49:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/04/18 19:48:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/04/18 19:48:23 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/04/17 13:45:54 | 000,000,000 | ---D | C] -- C:\Users\Andrej\AppData\Local\VirtualStore
[2014/04/16 14:03:16 | 000,000,000 | ---D | C] -- C:\Users\Andrej\Desktop\RK_Quarantine
[2014/04/15 17:54:19 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/04/15 17:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/04/14 16:52:13 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/13 22:27:05 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014/04/13 22:27:04 | 000,000,000 | ---D | C] -- C:\rsit
[2014/04/12 15:24:08 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/04/09 16:37:43 | 000,149,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2014/04/09 16:37:43 | 000,027,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2014/04/09 16:37:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iologmsg.dll
[2014/04/03 17:55:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014/04/03 17:55:28 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2014/04/03 17:55:23 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2014/04/03 17:55:23 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2014/04/03 17:55:23 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2014/04/03 17:55:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/03/29 17:37:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/03/27 20:35:29 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2014/03/26 13:26:05 | 000,000,000 | ---D | C] -- C:\Users\Andrej\Documents\DeadIsland
[2014/03/25 19:20:22 | 000,000,000 | ---D | C] -- C:\Users\Andrej\AppData\Local\CrashDumps
[2014/03/23 20:55:30 | 000,000,000 | ---D | C] -- C:\Users\Andrej\AppData\Roaming\Autodesk
[2014/03/23 20:55:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2014/03/20 23:03:42 | 023,716,640 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2014/03/20 23:03:42 | 009,690,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll
[2014/03/20 23:03:42 | 000,305,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglshim32.dll
[2014/03/20 23:03:40 | 010,523,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2014/03/20 23:03:40 | 000,865,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvIFR.dll
[2014/03/20 23:03:40 | 000,148,016 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvinit.dll
[2014/03/20 23:03:38 | 000,894,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3233523.dll
[2014/03/20 23:03:38 | 000,847,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvFBC.dll
[2014/03/20 23:03:36 | 014,709,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2014/03/20 23:03:36 | 009,728,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2014/03/20 23:03:36 | 002,956,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2014/03/20 23:03:36 | 002,411,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2014/03/20 23:03:36 | 001,049,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3233523.dll
[2014/03/20 23:03:20 | 017,559,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2013/10/20 16:23:49 | 004,216,840 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\vcredist.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/04/19 21:57:50 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014/04/19 21:36:03 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/19 21:36:03 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/19 21:32:58 | 000,727,694 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/04/19 21:32:58 | 000,152,404 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/04/19 21:28:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/19 18:23:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andrej\Desktop\OTL.exe
[2014/04/19 12:33:15 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014/04/16 14:02:41 | 003,972,608 | ---- | M] () -- C:\Users\Andrej\Desktop\RogueKiller.exe
[2014/04/15 17:54:22 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/11 19:05:30 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/11 17:37:35 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/04/11 17:37:35 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/04/09 16:31:56 | 000,007,599 | ---- | M] () -- C:\Users\Andrej\AppData\Local\Resmon.ResmonCfg
[2014/04/08 16:52:27 | 000,000,961 | ---- | M] () -- C:\Users\Public\Desktop\MediaMonkey.lnk
[2014/04/05 15:24:30 | 000,054,177 | ---- | M] () -- C:\Users\Andrej\dsp_stereo_tool.ini
[2014/04/04 13:05:51 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
[2014/03/31 09:35:10 | 000,231,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2014/03/26 14:12:37 | 000,001,294 | ---- | M] () -- C:\Users\Andrej\Desktop\Computer Management.lnk
[2014/03/21 23:25:42 | 000,000,785 | ---- | M] () -- C:\Windows\BALTIE.INI
[2014/03/20 23:03:50 | 000,053,024 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2014/03/20 23:03:48 | 015,783,992 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2014/03/20 23:03:46 | 000,832,936 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvumdshim.dll
[2014/03/20 23:03:42 | 023,716,640 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2014/03/20 23:03:42 | 009,690,424 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll
[2014/03/20 23:03:42 | 000,305,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglshim32.dll
[2014/03/20 23:03:40 | 010,523,480 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2014/03/20 23:03:40 | 000,865,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\NvIFR.dll
[2014/03/20 23:03:40 | 000,148,016 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvinit.dll
[2014/03/20 23:03:40 | 000,019,204 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2014/03/20 23:03:38 | 000,894,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3233523.dll
[2014/03/20 23:03:38 | 000,847,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\NvFBC.dll
[2014/03/20 23:03:36 | 014,709,720 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2014/03/20 23:03:36 | 009,728,064 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2014/03/20 23:03:36 | 002,956,632 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2014/03/20 23:03:36 | 002,411,976 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2014/03/20 23:03:36 | 001,049,888 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3233523.dll
[2014/03/20 23:03:20 | 017,559,384 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2014/03/20 23:03:18 | 002,715,264 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/04/19 18:30:02 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014/04/18 19:49:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/04/18 19:49:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/04/18 19:49:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/04/18 19:49:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/04/18 19:49:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/04/16 14:02:38 | 003,972,608 | ---- | C] () -- C:\Users\Andrej\Desktop\RogueKiller.exe
[2014/04/15 17:54:22 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/05 15:08:37 | 000,054,177 | ---- | C] () -- C:\Users\Andrej\dsp_stereo_tool.ini
[2014/04/04 13:18:45 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2014/03/26 14:12:37 | 000,001,294 | ---- | C] () -- C:\Users\Andrej\Desktop\Computer Management.lnk
[2014/03/21 23:25:42 | 000,000,785 | ---- | C] () -- C:\Windows\BALTIE.INI
[2014/02/20 12:54:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2014/02/20 12:54:23 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2014/02/20 12:54:23 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2014/02/20 12:54:20 | 000,218,200 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2014/02/20 12:54:15 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2014/01/23 11:26:51 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2013/12/18 17:37:04 | 000,000,024 | -HS- | C] () -- C:\Users\Andrej\AppData\Roaming\System5908ConfigCollection.dat
[2013/08/12 10:05:24 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI
[2013/07/31 08:31:08 | 000,000,438 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/07/18 12:05:55 | 000,000,078 | ---- | C] () -- C:\Windows\System32\rmconfig.ini
[2013/07/16 13:56:58 | 000,000,006 | -H-- | C] () -- C:\Users\Andrej\.zs
[2013/07/15 16:59:33 | 003,649,185 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2013/07/14 13:44:43 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2013/07/14 13:11:59 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2013/07/11 19:52:48 | 000,200,468 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2013/07/11 17:48:47 | 000,007,599 | ---- | C] () -- C:\Users\Andrej\AppData\Local\Resmon.ResmonCfg
[2013/03/21 06:10:16 | 000,042,880 | ---- | C] () -- C:\Windows\System32\xfcodec.dll

========== ZeroAccess Check ==========

[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/03/23 20:55:30 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Autodesk
[2013/12/23 11:51:24 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\ESET
[2013/07/11 17:52:45 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\GHISLER
[2013/07/11 16:44:39 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Lamantine
[2013/07/11 18:32:54 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\LolClient
[2013/11/27 17:55:17 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\LolClientID1
[2014/04/19 21:52:26 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\MediaMonkey
[2014/02/20 12:55:15 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\MPC-HC
[2014/04/19 18:19:43 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\TS3Client
[2013/12/23 17:46:00 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\ESET
[2013/10/24 22:42:43 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\GlarySoft
[2013/07/11 21:14:38 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Lamantine
[2013/07/11 21:24:16 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\LolClient
[2013/12/12 21:18:39 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\MediaMonkey
[2014/03/11 20:57:20 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\TS3Client
[2014/02/02 14:53:00 | 000,000,000 | ---D | M] -- C:\Users\Lukáš\AppData\Roaming\Ubisoft

========== Purity Check ==========

========== Custom Scans ==========

< >
[2009/07/14 06:53:46 | 000,032,522 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2013/12/20 14:04:10 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< >

< MD5 for: ATAPI.SYS >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\erdnt\cache\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_a5025d31bee4647c\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_df26d4d57fdef5b0\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_dfc9143c98e9a6c4\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2010/11/20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe
[2010/11/20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2009/07/14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
[2010/11/20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010/11/20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010/11/20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\erdnt\cache\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: HAL.DLL >
[2010/11/20 14:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\System32\hal.dll
[2010/11/20 14:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll
[2009/07/14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll

< MD5 for: SCECLI.DLL >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: TCPIP.SYS >
[2011/04/25 06:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2011/04/25 06:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009/07/14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2013/01/03 07:01:49 | 001,303,912 | ---- | M] (Microsoft Corporation) MD5=34AE5CC0C7417AB701C2AA8A7BC75417 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21415_none_b3c99dece09ecc3b\tcpip.sys
[2010/11/20 14:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2013/01/04 06:56:23 | 001,308,504 | ---- | M] (Microsoft Corporation) MD5=4A95845C5F33A4DDEB6AEF6367FB6520 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_b5becc06ddb98192\tcpip.sys
[2013/07/06 07:05:35 | 001,293,760 | ---- | M] (Microsoft Corporation) MD5=4E8B9BE71B807B3BAEDB7F4243F85E3C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_b52f2f65c4a146e5\tcpip.sys
[2013/07/06 06:57:37 | 001,309,120 | ---- | M] (Microsoft Corporation) MD5=528F7CC60391DD0FAB0344F32F051FDF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_b5721e2eddf328f9\tcpip.sys
[2013/05/08 08:15:22 | 001,309,032 | ---- | M] (Microsoft Corporation) MD5=6088D01FAD49729EA0A5A3D9B9BA8B84 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22319_none_b5b3fe00ddc19aaa\tcpip.sys
[2013/09/07 04:06:48 | 001,309,120 | ---- | M] (Microsoft Corporation) MD5=6C4F3D92764FFA22D28061A4D9235446 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_b58e8eb0ddde6cf1\tcpip.sys
[2011/04/25 08:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2013/01/03 07:05:20 | 001,293,672 | ---- | M] (Microsoft Corporation) MD5=7C0507D2391AF5933600CBCED799F277 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_b502eb9fc4c2a304\tcpip.sys
[2011/04/25 06:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2013/01/04 06:55:21 | 001,287,528 | ---- | M] (Microsoft Corporation) MD5=BBCEAEFF1FD72A026F827CBB2F4AA8AD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.17206_none_b34bcf71c7782cb0\tcpip.sys
[2013/09/08 04:07:12 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=CA59F7C570AF70BC174F477CFE2D9EE3 -- C:\Windows\erdnt\cache\tcpip.sys
[2013/09/08 04:07:12 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=CA59F7C570AF70BC174F477CFE2D9EE3 -- C:\Windows\System32\drivers\tcpip.sys
[2013/09/08 04:07:12 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=CA59F7C570AF70BC174F477CFE2D9EE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_b4fa2013c4c8ebf1\tcpip.sys
[2013/05/08 07:38:00 | 001,293,672 | ---- | M] (Microsoft Corporation) MD5=D32FDAC73FCD76B85389C39BC1087F2A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18148_none_b508ef41c4bd3835\tcpip.sys
[2012/10/03 18:44:01 | 001,308,040 | ---- | M] (Microsoft Corporation) MD5=D490DD0A91B4EAC3B4EE08D11EE37C31 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_b5a428d6ddce3d9a\tcpip.sys
[2013/11/26 13:07:37 | 001,309,632 | ---- | M] (Microsoft Corporation) MD5=DC08335B30D83FB61E9EFE6FDD09D40D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22525_none_b5a530b8ddcd4b8d\tcpip.sys
[2012/10/03 18:58:30 | 001,293,680 | ---- | M] (Microsoft Corporation) MD5=E23A56F843E2AEBBB209D0ACCA73C640 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_b4ef7439c4d0da52\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\erdnt\cache\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< >

< %systemroot%*.* /U /s >
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[9 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[2 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2014/03/23 16:44:34 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Adobe
[2013/12/27 00:11:40 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Ahead
[2014/03/23 20:55:30 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Autodesk
[2013/12/23 11:51:24 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\ESET
[2013/10/02 15:53:40 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\FLEXnet
[2013/07/11 17:52:45 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\GHISLER
[2013/07/11 16:18:36 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Identities
[2013/07/11 16:44:39 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Lamantine
[2013/07/11 18:32:54 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\LolClient
[2013/11/27 17:55:17 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\LolClientID1
[2013/07/11 18:32:52 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Macromedia
[2013/12/26 23:49:07 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Malwarebytes
[2009/07/14 09:50:31 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Media Center Programs
[2014/02/20 13:55:16 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Media Player Classic
[2014/04/19 21:52:26 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\MediaMonkey
[2014/02/02 15:10:52 | 000,000,000 | --SD | M] -- C:\Users\Andrej\AppData\Roaming\Microsoft
[2013/12/09 20:23:31 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Microsoft Corporation
[2014/01/13 14:52:56 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Microsoft FxCop
[2013/07/11 16:56:14 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Mozilla
[2014/02/20 12:55:15 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\MPC-HC
[2013/10/15 18:34:01 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Nero
[2013/08/20 22:39:12 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\NVIDIA
[2013/11/02 12:39:08 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\PSpad
[2014/04/17 17:27:48 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Skype
[2014/04/19 18:19:43 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\TS3Client
[2013/07/11 16:42:28 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\WinRAR
[2014/04/19 17:36:08 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Xfire

< %APPDATA%\*.exe /s >
[2014/02/18 19:31:00 | 000,158,000 | ---- | M] () -- C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\g44kf4fq.default-1384441063421\FlashGot.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2013/11/11 23:53:47 | 000,116,736 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\iepeers.dll

< %systemroot%\Tasks\*.job >
[2014/04/11 19:05:30 | 000,000,830 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2014/01/29 22:08:22 | 000,436,792 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >
[2013/11/11 23:53:47 | 000,116,736 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\iepeers.dll

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2014/04/19 21:36:03 | 000,015,168 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/19 21:36:03 | 000,015,168 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/19 21:32:58 | 000,152,404 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2014/04/19 21:32:58 | 000,727,694 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2014/04/19 21:32:58 | 000,888,532 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI

< %SYSTEMDRIVE%\*.exe >

< >

< *crack* /s >

< *keygen* /s >

< *AntiWPA* /s >

< *loader* /s >
[2006/11/09 23:31:32 | 000,163,840 | ---- | M] () -- \Program Files\Common Files\Ahead\Lib\NeGuideStoreLoader.dll
[2006/10/26 13:40:34 | 000,057,344 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006/10/26 13:40:34 | 000,005,120 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2010/03/19 00:21:56 | 000,063,312 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader80.dll
[2010/03/18 01:17:14 | 000,004,096 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader80.tlb
[2009/11/08 22:01:54 | 000,249,672 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll
[2009/11/08 22:01:54 | 000,018,248 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2010/03/19 00:21:56 | 000,063,312 | ---- | M] () -- \Program Files\Microsoft Visual Studio 10.0\Common7\IDE\coloader80.dll
[2010/03/18 02:57:18 | 000,001,373 | ---- | M] () -- \Program Files\Microsoft Visual Studio 10.0\Common7\IDE\coloader80.dll.manifest
[2010/03/18 01:17:14 | 000,004,096 | ---- | M] () -- \Program Files\Microsoft Visual Studio 10.0\Common7\IDE\coloader80.tlb
[2009/08/31 05:51:22 | 000,001,648 | ---- | M] () -- \Program Files\Microsoft Visual Studio 10.0\VC\atlmfc\include\afxribboninfoloader.h
[2009/08/31 05:51:22 | 000,004,525 | ---- | M] () -- \Program Files\Microsoft Visual Studio 10.0\VC\atlmfc\src\mfc\afxribboninfoloader.cpp
[2013/05/16 16:41:22 | 001,152,288 | ---- | M] () -- \Program Files\NVIDIA Corporation\Installer2\Display.GFExperience.{2F3BB0A2-C7B1-4812-8CA8-06BBDCAE2E2A}\ExtensionLoader.dll
[2013/07/03 23:36:01 | 001,152,288 | ---- | M] () -- \Program Files\NVIDIA Corporation\Installer2\Display.GFExperience.{616DE1D6-BDC4-41FE-9CF2-9CE320FEF9D4}\ExtensionLoader.dll
[2013/07/03 23:36:01 | 001,152,288 | ---- | M] () -- \Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\ExtensionLoader.dll
[2013/06/04 10:57:24 | 000,057,224 | ---- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2013/06/04 10:57:24 | 000,083,848 | ---- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader.dll
[2013/10/23 22:07:40 | 000,007,825 | ---- | M] () -- \Program Files\Steam\remoteui\static\libs\images\ajax-loader.gif
[2013/12/19 23:44:23 | 000,169,384 | ---- | M] () -- \Program Files\Steam\steamapps\common\Half-Life\cstrike\models\qloader.mdl
[2013/12/25 16:24:36 | 000,352,548 | ---- | M] () -- \Program Files\Steam\steamapps\common\Half-Life\valve\models\loader.mdl
[2013/12/25 16:26:37 | 000,012,764 | ---- | M] () -- \Program Files\Steam\steamapps\common\Half-Life\valve\sound\ambience\loader_hydra1.wav
[2013/12/25 16:26:37 | 000,012,164 | ---- | M] () -- \Program Files\Steam\steamapps\common\Half-Life\valve\sound\ambience\loader_step1.wav
[2009/06/02 01:16:57 | 000,114,688 | ---- | M] () -- \Program Files\WinRAR\RarExtLoader.exe
[2012/02/16 14:44:38 | 000,000,404 | ---- | M] () -- \Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.80\deploy\assets\storeImages\layout\small_loader.gif
[2014/04/13 20:17:55 | 000,005,708 | ---- | M] () -- \Users\Andrej\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AO7A0R6G\queryLoader[1].js
[2014/04/17 13:02:42 | 000,005,708 | ---- | M] () -- \Users\Andrej\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AO7A0R6G\queryLoader[2].js
[2014/04/17 13:02:41 | 000,000,374 | ---- | M] () -- \Users\Andrej\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E1A2XPFQ\queryLoader[1].css
[2014/04/13 20:17:51 | 000,000,374 | ---- | M] () -- \Users\Andrej\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHHEPCA7\queryLoader[1].css
[2014/04/17 14:52:53 | 000,000,374 | ---- | M] () -- \Users\Andrej\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HP50L0GT\queryLoader[1].css
[2014/04/17 14:52:54 | 000,005,708 | ---- | M] () -- \Users\Andrej\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HP50L0GT\queryLoader[1].js
[2013/11/11 15:39:40 | 000,072,638 | ---- | M] () -- \Users\Andrej\AppData\Local\Skype\Apps\login\images\loader.gif
[2013/11/11 15:39:40 | 000,003,032 | ---- | M] () -- \Users\Andrej\AppData\Local\Skype\Apps\login\images\loader.png
[2013/11/11 15:39:40 | 000,006,012 | ---- | M] () -- \Users\Andrej\AppData\Local\Skype\Apps\login\images\normal\loader_15fps.gif
[2013/11/11 15:39:40 | 000,021,956 | ---- | M] () -- \Users\Andrej\AppData\Local\Skype\Apps\login\images\normal\loader_30fps.gif
[2013/11/11 15:39:40 | 000,009,772 | ---- | M] () -- \Users\Andrej\AppData\Local\Skype\Apps\login\images\retina\loader@2x.png
[2014/04/07 22:30:38 | 000,112,122 | ---- | M] () -- \Users\Lukáš\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2S78T47O\AdLoader-7b473315d0084c71df83cdee72aab144.min[1].js
[2014/04/07 22:30:38 | 000,001,870 | ---- | M] () -- \Users\Lukáš\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRW7J51N\AdLoader[1].htm
[2013/11/11 15:39:40 | 000,072,638 | ---- | M] () -- \Users\Lukáš\AppData\Local\Skype\Apps\login\images\loader.gif
[2013/11/11 15:39:40 | 000,003,032 | ---- | M] () -- \Users\Lukáš\AppData\Local\Skype\Apps\login\images\loader.png
[2013/11/11 15:39:40 | 000,006,012 | ---- | M] () -- \Users\Lukáš\AppData\Local\Skype\Apps\login\images\normal\loader_15fps.gif
[2013/11/11 15:39:40 | 000,021,956 | ---- | M] () -- \Users\Lukáš\AppData\Local\Skype\Apps\login\images\normal\loader_30fps.gif
[2013/11/11 15:39:40 | 000,009,772 | ---- | M] () -- \Users\Lukáš\AppData\Local\Skype\Apps\login\images\retina\loader@2x.png
[2014/01/28 21:08:30 | 000,001,907 | ---- | M] () -- \Users\Lukáš\Desktop\JDownloader.lnk
[2013/09/24 10:15:18 | 000,082,784 | ---- | M] () -- \Windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
[2013/08/02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009/07/14 06:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2009/07/14 09:42:17 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009/07/14 09:42:17 | 000,033,344 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winload.exe.mui_3bc5b827
[2009/07/14 09:42:17 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winresume.exe.mui_ff8b5358
[2013/07/14 13:42:34 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2013/07/14 13:42:34 | 000,508,904 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winload.exe_75835076
[2013/07/14 13:42:34 | 000,442,720 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winresume.exe_85cd1215
[2009/07/14 04:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009/07/14 04:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2009/07/14 09:41:36 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009/07/14 03:47:46 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009/08/19 09:38:48 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2009/08/19 09:21:21 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20509_none_5be12f8ee6d3987e.manifest
[2010/11/20 05:02:40 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2009/07/14 03:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009/07/14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 18:45:38 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17135_none_0abe3b21dcfb1c4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 06:56:23 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17179_none_0a96fc99dd17f16b\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/04 06:43:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17206_none_0adfad15dce1def6\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 18:48:05 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21335_none_0b47d9d2f618b93c\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 06:44:10 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21386_none_0b12ca80f6405e48\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/04 06:39:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21416_none_0b5e7bdaf60797d8\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 18:40:37 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_0c845227da39a5ef\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 06:45:15 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 18:29:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_0d3906c4f3370937\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 06:46:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_0d04f7bcf35dc79a\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/04 06:43:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22209_none_0d52a9aaf32333d8\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/02 07:53:29 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_0d3fdb3af3327f5f\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/03/04 12:35:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22616_none_0d44e078f32df860\api-ms-win-core-libraryloader-l1-1-0.dll

< *minodlogin* /s >

< *tnod* /s >

< *AutoKMS* /s >

< *activator* /s >

< *serial* /s >
[2009/08/17 22:34:48 | 000,415,592 | ---- | M] () -- \Program Files\Microsoft Silverlight\3.0.40818.0\System.Runtime.Serialization.dll
[2009/08/17 23:09:06 | 000,067,480 | ---- | M] () -- \Program Files\Microsoft Silverlight\3.0.40818.0\de\System.Runtime.Serialization.debug.resources.dll
[2009/08/17 23:09:06 | 000,063,384 | ---- | M] () -- \Program Files\Microsoft Silverlight\3.0.40818.0\en-us\System.Runtime.Serialization.debug.resources.dll
[2009/08/17 23:09:06 | 000,067,480 | ---- | M] () -- \Program Files\Microsoft Silverlight\3.0.40818.0\es\System.Runtime.Serialization.debug.resources.dll
[2009/08/17 23:09:06 | 000,067,464 | ---- | M] () -- \Program Files\Microsoft Silverlight\3.0.40818.0\fr\System.Runtime.Serialization.debug.resources.dll
[2009/08/17 23:09:06 | 000,063,384 | ---- | M] () -- \Program Files\Microsoft Silverlight\3.0.40818.0\it\System.Runtime.Serialization.debug.resources.dll
[2009/08/17 23:09:06 | 000,075,672 | ---- | M] () -- \Program Files\Microsoft Silverlight\3.0.40818.0\ja\System.Runtime.Serialization.debug.resources.dll
[2009/08/17 23:09:06 | 000,067,480 | ---- | M] () -- \Program Files\Microsoft Silverlight\3.0.40818.0\ko\System.Runtime.Serialization.debug.resources.dll
[2009/08/17 23:09:06 | 000,059,288 | ---- | M] () -- \Program Files\Microsoft Silverlight\3.0.40818.0\zh-Hans\System.Runtime.Serialization.debug.resources.dll
[2009/08/17 23:09:06 | 000,059,288 | ---- | M] () -- \Program Files\Microsoft Silverlight\3.0.40818.0\zh-Hant\System.Runtime.Serialization.debug.resources.dll
[2009/09/30 21:16:22 | 000,000,602 | ---- | M] () -- \Program Files\Microsoft Visual Studio 10.0\VB\Snippets\1033\other\connectivity\EnumerateSerialPorts.snippet
[2009/09/30 21:16:22 | 000,001,173 | ---- | M] () -- \Program Files\Microsoft Visual Studio 10.0\VB\Snippets\1033\other\connectivity\ReadDatafromaSerialPort.snippet
[2009/09/30 21:16:22 | 000,001,498 | ---- | M] () -- \Program Files\Microsoft Visual Studio 10.0\VB\Snippets\1033\other\connectivity\UseaSerialPorttoDialaPhoneNumber.snippet
[2010/03/18 20:31:26 | 000,370,552 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\.NETFramework\v3.5\Profile\Client\System.Runtime.Serialization.dll
[2010/03/18 20:31:26 | 000,042,904 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\.NETFramework\v3.5\Profile\Client\System.Runtime.Serialization.Formatters.Soap.dll
[2009/08/31 04:48:08 | 000,009,272 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\.NETFramework\v3.5\Profile\Client\System.Runtime.Serialization.Formatters.Soap.xml
[2009/08/31 04:48:08 | 000,285,032 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\.NETFramework\v3.5\Profile\Client\System.Runtime.Serialization.xml
[2010/03/18 20:31:26 | 000,429,432 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.0\System.Runtime.Serialization.dll
[2010/03/18 20:31:26 | 000,032,664 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.0\System.Runtime.Serialization.Formatters.Soap.dll
[2009/10/22 20:47:54 | 000,007,862 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.0\System.Runtime.Serialization.Formatters.Soap.xml
[2010/01/10 23:09:56 | 000,332,539 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.0\System.Runtime.Serialization.xml
[2010/03/18 20:31:26 | 000,429,432 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.0\Profile\Client\System.Runtime.Serialization.dll
[2010/03/18 20:31:26 | 000,032,664 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.0\Profile\Client\System.Runtime.Serialization.Formatters.Soap.dll
[2009/10/22 20:47:54 | 000,007,862 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.0\Profile\Client\System.Runtime.Serialization.Formatters.Soap.xml
[2010/01/10 23:09:56 | 000,332,539 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.0\Profile\Client\System.Runtime.Serialization.xml
[2012/10/05 12:53:23 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2009/08/31 04:48:08 | 000,285,032 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\en\System.Runtime.Serialization.xml
[2013/07/27 13:55:57 | 000,712,704 | ---- | M] () -- \Program Files\Steam\steamapps\common\Counter-Strike Source\bin\dmserializers.dll
[2009/06/10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2012/10/05 12:53:23 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2014/02/13 00:45:53 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\553e7bfc9cac5e4feaa83d8ee1e187bd\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014/02/13 00:51:00 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f177ea74036d5fdc6c6b9c967dc877cf\System.Runtime.Serialization.ni.dll
[2014/02/13 00:47:30 | 000,309,760 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#\abb3fbf787b74b7d2513a8c409b5ef74\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014/02/13 00:47:30 | 000,000,580 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#\abb3fbf787b74b7d2513a8c409b5ef74\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux
[2014/02/13 00:47:55 | 002,825,216 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
[2014/02/13 00:47:55 | 000,001,308 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll.aux
[2014/02/13 13:18:30 | 000,026,624 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.84e525b7#\94ce7a3b39b335283a0087f9964e9099\System.Xml.Serialization.ni.dll
[2014/02/13 13:18:30 | 000,000,376 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.84e525b7#\94ce7a3b39b335283a0087f9964e9099\System.Xml.Serialization.ni.dll.aux
[2013/09/11 23:33:38 | 000,133,344 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2013/09/11 22:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Json\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Json.dll
[2013/09/11 22:21:54 | 000,022,208 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Primitives.dll
[2013/09/11 22:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Xml\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Xml.dll
[2013/09/11 23:33:38 | 001,052,320 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2013/09/11 22:21:54 | 000,036,480 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
[2013/09/11 22:21:54 | 000,022,656 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.XmlSerializer\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Xml.XmlSerializer.dll
[2009/06/10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2009/08/31 04:48:08 | 000,009,272 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\en\System.Runtime.Serialization.Formatters.Soap.xml
[2012/10/05 12:53:24 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2013/09/11 23:33:38 | 001,052,320 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2013/09/11 23:33:38 | 000,133,344 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2013/09/11 22:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Json.dll
[2013/09/11 22:21:54 | 000,022,208 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Primitives.dll
[2013/09/11 22:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Xml.dll
[2013/09/11 22:21:54 | 000,036,480 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll
[2013/09/11 22:21:54 | 000,022,656 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.XmlSerializer.dll
[2009/07/14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2009/07/14 01:45:33 | 000,083,456 | ---- | M] () -- \Windows\System32\drivers\serial.sys
[2009/07/14 09:42:06 | 000,010,240 | ---- | M] () -- \Windows\System32\drivers\en-US\serial.sys.mui
[2009/07/14 00:13:45 | 001,068,032 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\mdmmotsm.inf_x86_neutral_c1415d9789c54b89\smserial.sys
[2009/07/14 01:45:33 | 000,083,456 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_x86_neutral_c1a802e06677f73f\serial.sys
[2009/07/14 00:09:18 | 000,031,232 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_x86_neutral_63e72c669d043f14\grserial.sys
[2009/07/14 09:42:02 | 000,005,120 | ---- | M] () -- \Windows\System32\sk-SK\serialui.dll.mui
[2009/07/14 04:18:03 | 000,002,762 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486.manifest
[2009/07/14 04:18:03 | 000,015,952 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486_kdcom.dll_db5e7744
[2009/07/14 09:42:18 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_sk-sk_79d39f727217a41c_serialui.dll.mui_7d29d2a3
[2009/07/14 04:18:51 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a_serialui.dll_bea29328
[2009/07/14 03:52:33 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896.manifest
[2012/10/06 20:07:20 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.17136_none_a6a4fe887487d009.manifest
[2012/10/06 20:58:54 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.21337_none_8fd740dc8e2f4a01.manifest
[2010/11/20 05:06:16 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c.manifest
[2012/10/05 19:15:39 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17966_none_a683f56a74d63285.manifest
[2012/10/05 19:17:50 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22126_none_8fb250ac8e81277d.manifest
[2009/07/14 09:41:44 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_en-us_8f71d563bf7aa3c2.manifest
[2012/10/06 19:14:05 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.17136_en-us_8f6cbf57bf7f3b35.manifest
[2012/10/06 19:18:21 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.21337_en-us_789f01abd926b52d.manifest
[2012/10/05 19:12:04 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17966_en-us_8f4bb639bfcd9db1.manifest
[2012/10/05 19:12:20 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22126_en-us_787a117bd97892a9.manifest
[2009/07/14 03:51:52 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9.manifest
[2012/10/06 20:11:48 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.17136_none_d6e834229c2ed13c.manifest
[2012/10/06 21:03:01 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.21337_none_c01a7676b5d64b34.manifest
[2010/11/20 05:05:38 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f.manifest
[2012/10/05 19:15:03 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17966_none_d6c72b049c7d33b8.manifest
[2012/10/05 19:17:15 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22126_none_bff58646b62828b0.manifest
[2009/07/14 03:49:26 | 000,002,762 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486.manifest
[2009/07/14 03:45:27 | 000,000,866 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.1.7600.16385_none_2c93290b67c98d09.manifest
[2009/07/14 03:57:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b.manifest
[2012/10/06 20:09:38 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.17136_none_dbc2dfefdd056b7e.manifest
[2012/10/06 21:00:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.21337_none_c4f52243f6ace576.manifest
[2010/11/20 05:10:46 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1.manifest
[2012/10/05 19:19:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_dba1d6d1dd53cdfa.manifest
[2012/10/05 19:22:10 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_c4d03213f6fec2f2.manifest
[2009/06/10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll
[2009/06/10 23:14:06 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896\System.Runtime.Serialization.dll
[2012/10/06 12:54:26 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.17136_none_a6a4fe887487d009\System.Runtime.Serialization.dll
[2012/10/06 12:57:06 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.21337_none_8fd740dc8e2f4a01\System.Runtime.Serialization.dll
[2010/11/05 03:52:39 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c\System.Runtime.Serialization.dll
[2012/10/05 12:53:24 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17966_none_a683f56a74d63285\System.Runtime.Serialization.dll
[2012/10/06 12:57:06 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22126_none_8fb250ac8e81277d\System.Runtime.Serialization.dll
[2009/06/10 23:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9\System.Runtime.Serialization.dll
[2012/10/06 12:54:25 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.17136_none_d6e834229c2ed13c\System.Runtime.Serialization.dll
[2012/10/06 12:57:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.21337_none_c01a7676b5d64b34\System.Runtime.Serialization.dll
[2010/11/05 03:52:27 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f\System.Runtime.Serialization.dll
[2012/10/05 12:53:23 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17966_none_d6c72b049c7d33b8\System.Runtime.Serialization.dll
[2012/10/06 12:57:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22126_none_bff58646b62828b0\System.Runtime.Serialization.dll
[2009/07/14 00:13:45 | 001,068,032 | ---- | M] () -- \Windows\winsxs\x86_mdmmotsm.inf_31bf3856ad364e35_6.1.7600.16385_none_7a97936f8a972896\smserial.sys
[2009/07/14 09:42:02 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_sk-sk_79d39f727217a41c\serialui.dll.mui
[2009/07/14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a\serialui.dll
[2009/07/14 09:42:06 | 000,010,240 | ---- | M] () -- \Windows\winsxs\x86_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_07e2c405948a55f4\serial.sys.mui
[2009/07/14 01:45:33 | 000,083,456 | ---- | M] () -- \Windows\winsxs\x86_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_f86e06d519b1d9a4\serial.sys
[2009/07/14 00:09:18 | 000,031,232 | ---- | M] () -- \Windows\winsxs\x86_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_7280378295916274\grserial.sys
[2009/06/10 23:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b\System.Runtime.Serialization.dll
[2012/10/06 12:54:25 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.17136_none_dbc2dfefdd056b7e\System.Runtime.Serialization.dll
[2012/10/06 12:57:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.21337_none_c4f52243f6ace576\System.Runtime.Serialization.dll
[2010/11/05 03:52:27 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1\System.Runtime.Serialization.dll
[2012/10/05 12:53:23 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_dba1d6d1dd53cdfa\System.Runtime.Serialization.dll
[2012/10/06 12:57:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_c4d03213f6fec2f2\System.Runtime.Serialization.dll

< *w7lxe* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 6312 bytes -> C:\Windows\PLA\System\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh
@Alternate Data Stream - 6144 bytes -> C:\Windows\Cursors\arrow_n.cur:NEDTA.DAT
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:0FF263E8

< End of report >

OTL Extras logfile created on: 19. 4. 2014 21:55:44 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andrej\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

3,00 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 60,49% Memory free
6,00 Gb Paging File | 4,69 Gb Available in Paging File | 78,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 341,80 Gb Total Space | 266,36 Gb Free Space | 77,93% Space Free | Partition Type: NTFS
Drive D: | 908,97 Gb Total Space | 348,51 Gb Free Space | 38,34% Space Free | Partition Type: NTFS
Drive E: | 146,38 Gb Total Space | 146,29 Gb Free Space | 99,94% Space Free | Partition Type: NTFS

Computer Name: CHLAPCI-PC | User Name: Andrej | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-192481753-2911135653-3265923069-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.reg [@ = regfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- C:\Windows\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{001E12D3-CFDF-445C-8022-1A05DB4D58E1}" = lport=138 | protocol=17 | dir=in | app=system |
"{07971212-DFB0-4900-A738-D14BB41FE1C9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{083A3746-65F2-4DB9-87B1-5A782D1DFC76}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{09CD03CE-5915-492E-82C3-E7FD165A21B1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{12A9189A-52F5-4133-9B70-FE5481943AC2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1AEDCF48-6744-4136-BC5F-7BD4466047DF}" = lport=139 | protocol=6 | dir=in | app=system |
"{25950FB5-004A-49DE-AA4B-5D1C46EECC71}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3A85A5D0-DA82-4573-BDA2-7B40C5B328F4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{45C57FEB-DF82-495D-8067-13F38721E5E0}" = rport=139 | protocol=6 | dir=out | app=system |
"{46A90500-6793-460D-8DCB-DF8338DCACFE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{51605548-4EED-4A07-9A38-B54E482862CE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{65C532BF-21AB-4BE3-B5A5-14594DA13AB9}" = lport=30033 | protocol=6 | dir=in | name=teamspeak server tcp |
"{6774BDC3-E23E-4A97-AB06-9E0DA338840B}" = rport=137 | protocol=17 | dir=out | app=system |
"{728E499E-4D2D-4782-A35C-35F753171629}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7CBF7608-73B6-4C63-925A-A5834F046F84}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7DCD96AD-E163-43A1-B1BD-FA6C4F680EBB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{822846ED-4327-40BA-ADEB-6C0CB86F13A6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{87D5AE76-6876-4BC6-8DF0-1E826CE3C954}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8DBEF929-1D5E-4410-8953-1E2EAF0DFB4A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{9FD81C22-AFC9-43EA-9085-C1A7BF230A06}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{A3DF7E48-C493-4F33-A9A8-8CF51C2CED47}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A9A8D53F-B6B4-433B-B2BB-20AFB1C58076}" = lport=445 | protocol=6 | dir=in | app=system |
"{AAB19FD3-0BF1-419E-8272-AEBEE2977D49}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AD454A72-44B7-4398-8694-4E679690C403}" = lport=137 | protocol=17 | dir=in | app=system |
"{B0461530-5F78-4F70-8D25-B06F01F9153A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B4EC05AE-2531-4EE1-A2D1-7E3A5FDF9D54}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C80C9F0B-C813-4759-9F84-D1167DEBB1DA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D1A70245-A5AC-406A-AD54-9FB663A6F1D1}" = rport=445 | protocol=6 | dir=out | app=system |
"{D86189BA-E99B-46F9-B054-9B58F99927BF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DDB29E9B-0029-4C55-901F-55D38732150B}" = rport=138 | protocol=17 | dir=out | app=system |
"{E57E3B2F-ED8C-4CE7-BE10-08786AD671C7}" = lport=51001 | protocol=6 | dir=in | name=dragon smart phone server |
"{F04E2AFC-0080-4C74-B224-45C6AADD3ADB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F43681C0-8682-4A14-AA7A-D381C7A255B1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F52F7809-D8DA-47C0-9C1B-F3E17B95D366}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FD3A1EF1-C32A-4E4B-8C63-F75A82D270B1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0025F93D-B05E-4DF2-BD62-B542042ACB7F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{03BEBA40-D71D-4839-9D28-6689691171F9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\counter-strike source\hl2.exe |
"{05ADC864-3E40-4C7F-8E05-0F174E801F3C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\counter-strike source\hl2.exe |
"{07CF6DC3-8024-4F65-A8D6-2F21207E323B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0D49D1A4-072A-499A-84AD-DC89DBBE1FAF}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{0EEE7034-DB8B-4D2B-B64A-76CDB0E08AFA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{13AAC5E7-F533-49E8-AFCD-8EA819A5ED2B}" = protocol=6 | dir=in | app=c:\program files\hearthstone\hearthstone.exe |
"{14C341FE-D419-4115-AA42-688CF641794C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{18FCDDEC-07C8-435C-9941-5FA3F31AEF39}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2417\agent.exe |
"{1931D1DA-4D39-4393-BC17-D943A2BBE198}" = protocol=17 | dir=in | app=c:\program files\hearthstone\hearthstone.exe |
"{19F48B02-FDAF-4EB4-921E-01000448216A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1ABCFA2D-1A18-4119-A9EF-769AFCC890E5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1BB647AB-F96D-4D46-97A7-DA905CA87584}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"{2067F392-5050-42FE-935C-309BBF24EC52}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{24A5A5B3-445A-4A8F-8441-E415CB6A2BAE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{2E80AB37-3E07-496D-BB08-1840D769BDE9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\half-life\hl.exe |
"{2F35A462-7A1E-44BB-A079-801EA5D06FF5}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{3372A7BC-A79B-47FB-8344-E7162B255496}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2328\agent.exe |
"{351B0088-7924-4091-9143-85E4BDDF254B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{367DAF5F-A3B5-4091-9ADD-BB2BB4EC66B0}" = protocol=17 | dir=in | name=teamspeak server udp |
"{36930016-73AD-4368-9044-3B82C99F89AA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{37FDAA7F-463B-4B4C-8080-997271B9A757}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3A8B4C51-2337-4147-BDAC-B659D90E6A6C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3BB6A5CB-E303-4FED-ACB3-A74C58F67E4F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{3EE9EE10-E2D9-4554-B997-FE83CC07FE6B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4140B85F-EB93-4AB6-B5FA-07190EE6FA08}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{43D376EE-4EB0-4E6F-A722-1AAB3D328F96}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{457D3B38-AC3F-401C-8500-9075E5FDCC02}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2514\agent.exe |
"{499A1E7F-976B-421C-B11C-88C6D36A981D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\counter-strike source\hl2.exe |
"{4FCD8DB3-7FEA-40B3-B510-A33CBD4858EA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\half-life\hl.exe |
"{5301CA50-7DB9-4E18-9F9E-250BECCFC894}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\half-life\hl.exe |
"{551E9786-8E3C-4782-9093-F9E4E48C8FED}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5557AE16-7DF2-426B-B0D6-C8E54F19261A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{55901C4F-9064-4714-9357-54F70945678D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{55DE0E1C-C27E-4E61-B1B0-41452A13DB25}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5697A94F-3F15-416B-8A7E-D34216906D2C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{592440CB-B4B4-45B7-8D6F-6832E3A19A9E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5983504D-92BD-418B-815C-866BBED47FDC}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dead island\deadislandgame.exe |
"{59E4053D-7E23-4822-9426-F29402F2CA1E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{5A512EBE-1C04-4D4D-BDD0-D1737A9676D3}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{5E9CE820-5192-40B6-9BF0-7791F558E919}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{607D4439-2196-4194-99DA-93DF1362554E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\half-life\hl.exe |
"{63494CFF-B7D7-4230-BB95-AD716B480637}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"{64C0B94B-31A4-4C47-94F5-89FDA25A8529}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\counter-strike source\hl2.exe |
"{7247E2E4-C348-424E-A155-1D6C5AAF057D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{72CDD851-0194-4B2E-A4D9-02139E9A5E44}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\half-life\hl.exe |
"{7904283B-BEC8-40E8-84E5-9A8CBE1338B6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{79D70B8D-5405-4D3E-BA34-D5511D923CB5}" = protocol=17 | dir=in | app=c:\program files\battle.net\battle.net.exe |
"{7FCB2EC6-F8C7-441F-B4A8-15EDC76B7E58}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\half-life\hl.exe |
"{7FF5CDE3-6A9F-4A77-A271-0A4F08BCD860}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{87DF3EE4-F895-4C5A-8B88-0C18756E5A0E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8938B4F8-3EC0-4A36-99EC-1B82340E9ACC}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dead island\deadislandgame.exe |
"{8945FE9E-CB6A-4BA1-A12B-317CB2A58571}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8AD1E231-3479-4E0C-88E4-DCFC019493F3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8CC874FC-C412-45DB-BF95-1B8919FF535F}" = protocol=6 | dir=in | app=c:\program files\battle.net\battle.net.exe |
"{91752B53-6BAD-4704-9048-E694E445AF10}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{98203385-CA4D-4CC5-8639-0889CA7C39EB}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\counter-strike source\hl2.exe |
"{9AAA085A-72F9-4ED5-8078-25AD880C2852}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9C1303F4-684C-4795-980A-18461B3BC8FE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AA8A1D77-4578-472A-B310-281DCB0D335E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\half-life\hl.exe |
"{ABC4EA10-B710-41A3-BE4A-89A970611DFB}" = protocol=6 | dir=out | app=system |
"{AD39FB02-2E9A-4158-8ACD-44B27A7A8EE7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B46773EE-4EEF-442B-ACC2-59702AEC24FA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B49703D7-CFAC-4CA1-8DDA-9E879D6A1A1F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{B71B79FF-A89D-42B0-A54C-C973597179EA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B7241F02-BBCD-401A-91A6-145793DDEDC5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B9BF9F15-D267-4924-A274-944A47BCCF60}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BA2B37D3-7447-415D-B86A-A37AD385B381}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2514\agent.exe |
"{BCFFC976-F46B-4EAC-B264-B6ABBAFF99C5}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2753\agent.exe |
"{C38581DD-4B71-480C-8FB0-8684D1AE02B8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{C3A7C0B6-A29F-4EB7-89FE-E999EC004759}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C3C73CF9-2FD9-4A6F-AC97-B840D97E3078}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"{C4A8A79F-DE8D-44B3-9249-F3A8147CBB44}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"{C4EAFC19-6817-4C95-9FF9-6D89B7186A13}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C5281746-F64D-4BD4-B1C2-E121C2ACC5BB}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\counter-strike source\hl2.exe |
"{C5DAA2D4-C478-4D6F-9E5F-A0A47854ACAC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C9AAD5E4-9AD4-4E80-AF7C-600F3FD13E14}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{CE6A75E1-26D1-40DD-B7E7-89D29177E448}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D01DB880-3604-442D-A57E-11FE6646C4F3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2417\agent.exe |
"{D0242638-6907-482D-9517-C7429BC75F00}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D0DFBA28-9030-4FA4-A9F4-E941C3F96613}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{D2CA849B-2FEA-442F-84CD-FD46531CC310}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{D2D967D2-703A-46DC-8D63-843F6CAE553E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2753\agent.exe |
"{DA365A93-DC93-48A2-95AF-2D229BA45D5A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{DB2317BF-133E-4F7F-8A30-BE62D477DBF4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DBFFA18E-D998-4129-9CBA-732EDA3484CF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\half-life\hl.exe |
"{E1324959-7B25-4B7E-AFCB-A19CE974F35F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dead island\deadislandgame.exe |
"{EAAEC1FE-8A9B-4732-906C-79C7C1C85110}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EC9CA24E-2E3F-4EE7-8CD1-FEC8DA14E4C6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{EF5662F1-6A96-4348-AA91-6B67B7B42D00}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{F14A658E-F293-4CA5-A818-08B6BEFE5A8E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{F5055223-B989-4ADD-B08E-10C429EF0A11}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2328\agent.exe |
"{F7769544-959B-4FF1-8D20-366FE042ED54}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F9FD6363-03C7-4EB0-8EE6-729A9A26509B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FB93E4FF-CFBB-48FD-8325-3742612D41FF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{FDB353DD-3A2F-4535-8778-8DE7DFD5AD99}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dead island\deadislandgame.exe |
"TCP Query User{1D422DF1-3B50-4446-BABC-79151CCA91FF}C:\program files\total commander\totalcmd.exe" = protocol=6 | dir=in | app=c:\program files\total commander\totalcmd.exe |
"TCP Query User{28CF8BF8-1D69-4714-B720-7A546E59EAC1}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{65CCCFB7-F038-429E-B6D7-0459B13D3DD3}C:\program files\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"TCP Query User{9EB315E2-20F8-4C6A-9B5E-7E8C9E6E7118}C:\program files\mediamonkey\mediamonkey (non-skinned).exe" = protocol=6 | dir=in | app=c:\program files\mediamonkey\mediamonkey (non-skinned).exe |
"TCP Query User{A4E3EBF6-E256-4B8B-A938-E6EEFE7F8F7B}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{012969CA-B539-4BD4-ADDD-FB581A6870B4}C:\program files\total commander\totalcmd.exe" = protocol=17 | dir=in | app=c:\program files\total commander\totalcmd.exe |
"UDP Query User{2B603C0E-A689-45EC-9F72-ED618C210BC6}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{464473D1-2DF4-42E1-9428-95D57F95AAFC}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{6CEAAE34-AB41-4B6B-8DC6-CC0BA15DD15E}C:\program files\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"UDP Query User{F450F2B1-0E73-4074-AFCB-6354733FB5E0}C:\program files\mediamonkey\mediamonkey (non-skinned).exe" = protocol=17 | dir=in | app=c:\program files\mediamonkey\mediamonkey (non-skinned).exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07F2B08D-049C-43BA-8520-830C124DDAC9}" = Windows 7 Manager
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{170DE2A7-4768-370C-9671-D8D17826EFBF}" = Microsoft Visual Studio 2010 Performance Collection Tools - ENU
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 51
"{3BB19A2B-B9C5-3872-8FDF-3047CC9F9841}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4908C75E-E5E2-43F7-B1DF-023CBA831051}" = Nero 7 Ultra Edition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6ED37A91-7710-3183-BE50-AB043FF6689E}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.13
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90120000-0015-041B-0000-0000000FF1CE}" = Microsoft Office Access MUI (Slovak) 2007
"{90120000-0016-041B-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Slovak) 2007
"{90120000-0018-041B-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Slovak) 2007
"{90120000-0019-041B-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Slovak) 2007
"{90120000-001A-041B-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Slovak) 2007
"{90120000-001B-041B-0000-0000000FF1CE}" = Microsoft Office Word MUI (Slovak) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040E-0000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-041B-0000-0000000FF1CE}" = Microsoft Office Proofing (Slovak) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-041B-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Slovak) 2007
"{90120000-006E-041B-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Slovak) 2007
"{90120000-00A1-041B-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Slovak) 2007
"{90120000-00BA-041B-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Slovak) 2007
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97CE8B73-AA5A-4987-A1BE-50DD1A187478}" = Microsoft Sync Framework SDK v1.0 SP1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1029-7B44-AB0000000001}" = Adobe Reader XI (11.0.06) - Czech
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Ovládač 3D Vision 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafický ovládač 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.5.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision radič ovládača 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Softvér systému s podporou technológie PhysX 9.13.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizácie NVIDIA 10.4.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B52ACD93-EC14-4DC7-A95F-10B0F4BA4A42}" = ESET Smart Security
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU
"{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler
"{C6DD625F-4B61-4561-8286-87CA0275CEA1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86)
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F990B526-8F7C-46E0-B1F1-6C893A8B478F}" = Microsoft Sync Framework Services v1.0 SP1 (x86)
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"CCleaner" = CCleaner
"Cg Toolkit_is1" = NVIDIA Cg Toolkit 3.1 April 2012
"ENTERPRISE" = Microsoft Office Enterprise 2007
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 10.3.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verzia 1.75.0.1300
"MediaMonkey_is1" = MediaMonkey 4.1
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Mozilla Firefox 28.0 (x86 sk)" = Mozilla Firefox 28.0 (x86 sk)
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PSPad editor_is1" = PSPad editor
"Steam App 10" = Counter-Strike
"Steam App 240" = Counter-Strike: Source
"Steam App 620" = Portal 2
"Sticky Password_is1" = Sticky Password 6.0.15.470
"Take It Easy" = Take It Easy
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Totalcmd" = Total Commander (Remove or Repair)
"WinRAR archiver" = WinRAR archiver
"Xfire" = Xfire

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 18. 4. 2014 14:53:32 | Computer Name = Chlapci-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 18. 4. 2014 14:53:32 | Computer Name = Chlapci-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 19. 4. 2014 6:20:35 | Computer Name = Chlapci-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 19. 4. 2014 6:20:35 | Computer Name = Chlapci-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 19. 4. 2014 6:36:59 | Computer Name = Chlapci-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 19. 4. 2014 6:36:59 | Computer Name = Chlapci-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 19. 4. 2014 7:46:19 | Computer Name = Chlapci-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Microsoft
Visual Studio 10.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe". Dependent Assembly
Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 19. 4. 2014 7:46:20 | Computer Name = Chlapci-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Microsoft
Visual Studio 10.0\Common7\IDE\Remote Debugger\ia64\msvsmon.exe". Dependent Assembly
Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 19. 4. 2014 15:32:58 | Computer Name = Chlapci-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 19. 4. 2014 15:32:58 | Computer Name = Chlapci-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

[ System Events ]
Error - 16. 4. 2014 15:39:55 | Computer Name = Chlapci-PC | Source = DCOM | ID = 10010
Description =

Error - 17. 4. 2014 6:13:39 | Computer Name = Chlapci-PC | Source = Service Control Manager | ID = 7038
Description = Službe PolicyAgent sa nepodarilo s aktuálne nakonfigurovaným heslom
prihlásiť ako NT Authority\NetworkService kvôli nasledujúcej chybe: %%1352 Ak chcete
zabezpečiť správne nakonfigurovanie služby, použite modul Služby konzoly MMC (Microsoft
Management Console).

Error - 17. 4. 2014 6:13:39 | Computer Name = Chlapci-PC | Source = Service Control Manager | ID = 7000
Description = Spustenie služby IPsec Policy Agent zlyhalo kvôli nasledujúcej chybe:
%%1069

Error - 18. 4. 2014 13:51:32 | Computer Name = Chlapci-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označená ako interaktívna služba. Systém
je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne
nebude pracovať správne.

Error - 18. 4. 2014 13:56:35 | Computer Name = Chlapci-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označená ako interaktívna služba. Systém
je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne
nebude pracovať správne.

Error - 18. 4. 2014 14:04:32 | Computer Name = Chlapci-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 19:59:15 on ?18. ?4. ?2014 was unexpected.

Error - 18. 4. 2014 14:33:05 | Computer Name = Chlapci-PC | Source = DCOM | ID = 10010
Description =

Error - 19. 4. 2014 6:23:15 | Computer Name = Chlapci-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označená ako interaktívna služba. Systém
je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne
nebude pracovať správne.

Error - 19. 4. 2014 6:28:23 | Computer Name = Chlapci-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označená ako interaktívna služba. Systém
je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne
nebude pracovať správne.

Error - 19. 4. 2014 6:32:43 | Computer Name = Chlapci-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:31:34 on ?19. ?4. ?2014 was unexpected.

< End of report >

Vypnete antivir, at nebrani programu v praci.

Znovu spustte OTL jako spravce
Do spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[Purity]
[CreateRestorePoint]

:services
DUMeterDrv
AdobeARMservice
AdobeFlashPlayerUpdateSvc

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\Windows\tasks\Adobe Flash Player Updater.job

:otl
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-192481753-2911135653-3265923069-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-192481753-2911135653-3265923069-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[9 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[2 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
@Alternate Data Stream - 6312 bytes -> C:\Windows\PLA\System\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh
@Alternate Data Stream - 6144 bytes -> C:\Windows\Cursors\arrow_n.cur:NEDTA.DAT
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:0FF263E8

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Andrej
->Temp folder emptied: 56714 bytes
->Temporary Internet Files folder emptied: 26403356 bytes
->Java cache emptied: 2058685 bytes
->FireFox cache emptied: 389918662 bytes
->Flash cache emptied: 3417 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Lukáš
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4639639 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 391158588 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 5399 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 6123838 bytes

Total Files Cleaned = 783,00 mb

[EMPTYFLASH]

User: All Users

User: Andrej
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Lukáš
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point
========== SERVICES/DRIVERS ==========
Service DUMeterDrv stopped successfully!
Service DUMeterDrv deleted successfully!
Service AdobeARMservice stopped successfully!
Service AdobeARMservice deleted successfully!
Service AdobeFlashPlayerUpdateSvc stopped successfully!
Service AdobeFlashPlayerUpdateSvc deleted successfully!
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
C:\Windows\tasks\Adobe Flash Player Updater.job moved successfully.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_USERS\S-1-5-21-192481753-2911135653-3265923069-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-192481753-2911135653-3265923069-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP178C.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2996.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4F87.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5E64.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP782B.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8545.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC023.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE13F.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF20D.tmp folder deleted successfully.
C:\Windows\Installer\MSIC44D.tmp- folder deleted successfully.
C:\Windows\Installer\MSICED9.tmp- folder deleted successfully.
ADS C:\Windows\PLA\System\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh deleted successfully.
ADS C:\Windows\Cursors\arrow_n.cur:NEDTA.DAT deleted successfully.
ADS C:\ProgramData\TEMP:0FF263E8 deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 04192014_232456

Files\Folders moved on Reboot...
File\Folder C:\Users\Andrej\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-21163 not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

Prejmenujte ComboFix na Uninstall a spustte ho. CF by se mel odinstalovat.

vyosek píše: T-Cleaner http://tharifas.sweb.cz/T-Cleaner.exe
Stahnete a spustte

Pro potvrzeni volby mackejte A, Enter

Po pouziti utilitu smazte

Antiviry mohou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

Stahnete OTC http://oldtimer.geekstogo.com/OTC.exe , ulozte a spustte.
Kliknete na napis CleanUp a pote OK - Po uklidu dojde k restartu pc.

Stahnete TFC http://oldtimer.geekstogo.com/TFC.exe , ulozte a spustte
Kliknete na START a pote OK - Po uklidu dojde k restartu pc.
Po pouziti muzete programek smazat

Stahnete Ccleaner http://www.piriform.com/ccleaner/download/slim a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!

Defragmentujte disk(y)
Stahnete program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.

Pak napiste, jak je na tom pc.

ComboFix odinštalovaný. Najprv som si myslel, že to ide znovu kontrolovať a mazať, ale nakoniec to skončila iba oznamom že sa zmazal.

T-Cleaner som spustil a použil, ako ste napísali, OTC vyčistil tiež niečo v PC, TFC tak isto.

CCleaner mám nainštalovaný, tak ním prečistím PC zajtra, ako budem môcť.

Na defragmentáciu mám program Perfect Disc, ten v priebehu týždňa tiež nainštalujem a spustím. Má jednu funkciu, IntelWrite (v PC je spustený a pri kopírovaní, presúvaní atď. zapisuje súbory na harddisk "inteligentne" tak, že sa súbory nefragmentujú, alebo len málo fragmentujú.) Čo si myslíte vy, o koľko to spomaľuje PC pri takejto spustenej funkcií. Oplatí sa to vôbec, či bude lepšie ak si program po defragmentovaní odinštalujem?

Zatiaľ ďakujem, PC sa zdá byť rýchlejší ako ho pomaly čistíme, dokonca aj Mozilla Firefox je teraz po štarte svižnejšia. Na dnes teda dobrú noc

Perfect Disc jsem nikdy nezkousel, takze nevim, jak funguje, ani jestli to zpomaluje. Ale nejaky vliv to asi ma. Odinstalovavat to asi neni potreba, jen by stacilo vypnout tu funkci. Nebo treba zkusit chvili pracovat s a pak chvili bez.

11.5.

http://forum.viry.cz/viewtopic.php?f=12&t=123975

VIRY.CZ

Procesor často pracuje aj pri odskočení od PC

Re: Procesor často pracuje aj pri odskočení od PC

Re: Procesor často pracuje aj pri odskočení od PC

Re: Procesor často pracuje aj pri odskočení od PC

Re: Procesor často pracuje aj pri odskočení od PC

Re: Procesor často pracuje aj pri odskočení od PC

Re: Procesor často pracuje aj pri odskočení od PC

Re: Procesor často pracuje aj pri odskočení od PC

Re: Procesor často pracuje aj pri odskočení od PC

Re: Procesor často pracuje aj pri odskočení od PC

Re: Procesor často pracuje aj pri odskočení od PC

Re: Procesor často pracuje aj pri odskočení od PC

Re: Procesor často pracuje aj pri odskočení od PC

Re: Procesor často pracuje aj pri odskočení od PC