VIRY.CZ

Znovu spustte RogueKiller jako spravce (pokud jste ho jeste nezavrel/a, rovnou kliknete na napis Smazat)
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Smazat.
Pak kliknete na napis Zprava a objevi se log. Ten mi sem vlozte.
Pak kliknete na napis Oprava Host a Zprava.
Objevi se dalsi log. I ten mi sem vlozte.

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operačný systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spustené v : Normálny režim
Užívateľ : michalla [Práva Správcu]
Režim : Odebrať -- Dátum : 05/28/2014 18:09:16
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy : 0 ¤¤¤

¤¤¤ Záznamy Registrov : 6 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NAHRADENÉ (2)
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> NAHRADENÉ (1)
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> NAHRADENÉ (2)
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> NAHRADENÉ (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRADENÉ (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRADENÉ (0)

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spustenie položky : 0 ¤¤¤

¤¤¤ webové prehliadače : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Zvláštne súbory / Adresáre: ¤¤¤

¤¤¤ Ovládač : [NENAHRATÉ 0x0] ¤¤¤

¤¤¤ Vonkajšie Hives: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Súbor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3250410AS ATA Device +++++
--- User ---
[MBR] f1ff010c79c674fc0b6a61114300ee05
[BSP] 86a428bc8ba48b046930a1e2a983b171 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 49898 MB
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 102398310 | Size: 188465 MB
User = LL1 ... OK!
User = LL2 ... OK!

Dokončené : << RKreport[0]_D_05282014_180916.txt >>
RKreport[0]_S_05282014_180901.txt

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operačný systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spustené v : Normálny režim
Užívateľ : michalla [Práva Správcu]
Režim : Oprava HOSTS -- Dátum : 05/28/2014 18:11:01
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy : 0 ¤¤¤

¤¤¤ Záznamy Registrov : 0 ¤¤¤

¤¤¤ Ovládač : [NENAHRATÉ 0x0] ¤¤¤

¤¤¤ Vonkajšie Hives: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Súbor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost

Dokončené : << RKreport[0]_H_05282014_181101.txt >>
RKreport[0]_D_05282014_180916.txt;RKreport[0]_S_05282014_180901.txt

Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace

Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

ComboFix 14-05-27.02 - lucason3 . 05. 2014 9:12.1.2 - x64 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1051.18.3994.3279 [GMT 2:00]
Running from: c:\users\lucason3\Desktop\viry\ComboFix\ComboFix.exe
AV: COMODO Antivirus *Enabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
SP: COMODO Antivirus *Enabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2014-04-28 to 2014-05-30 )))))))))))))))))))))))))))))))
.
.
2014-05-30 07:16 . 2014-05-30 07:16 -------- d-----w- c:\users\michalla\AppData\Local\temp
2014-05-30 07:16 . 2014-05-30 07:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-29 11:49 . 2014-05-29 11:49 -------- d-----w- C:\VTRoot
2014-05-20 16:58 . 2014-05-20 16:58 512 ----a-w- C:\PhysicalMBR.bin
2014-05-20 06:40 . 2014-05-20 06:45 -------- d-----w- c:\program files\trend micro
2014-05-19 19:11 . 2014-05-19 19:11 -------- d-sh--w- c:\users\michalla\AppData\Local\EmieUserList
2014-05-19 19:11 . 2014-05-19 19:11 -------- d-sh--w- c:\users\michalla\AppData\Local\EmieSiteList
2014-05-19 07:20 . 2014-05-19 07:20 -------- d-----w- c:\users\michalla\AppData\Roaming\Comodo
2014-05-19 06:40 . 2014-05-19 06:40 -------- d-----w- c:\programdata\Comodo Downloader
2014-05-19 06:40 . 2014-05-19 06:40 -------- d-----w- c:\programdata\Shared Space
2014-05-19 06:40 . 2014-03-25 19:22 352984 ----a-w- c:\windows\system32\cmdvrt64.dll
2014-05-19 06:40 . 2014-03-25 19:22 45784 ----a-w- c:\windows\system32\cmdkbd64.dll
2014-05-19 06:40 . 2014-03-25 19:22 284888 ----a-w- c:\windows\SysWow64\cmdvrt32.dll
2014-05-19 06:40 . 2014-03-25 19:22 40664 ----a-w- c:\windows\SysWow64\cmdkbd32.dll
2014-05-18 13:18 . 2014-05-18 13:18 -------- d-sh--w- c:\users\lucason3\AppData\Local\EmieUserList
2014-05-18 13:18 . 2014-05-18 13:18 -------- d-sh--w- c:\users\lucason3\AppData\Local\EmieSiteList
2014-05-18 13:07 . 2014-03-06 08:15 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-05-18 12:46 . 2014-05-18 12:46 -------- d-----w- c:\programdata\Malwarebytes
2014-05-18 12:34 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll
2014-05-18 12:34 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-18 12:34 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-18 12:34 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-18 09:08 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2014-05-18 09:08 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2014-05-18 09:08 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-05-18 09:08 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-05-18 09:08 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-05-18 09:08 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
2014-05-18 09:07 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-05-18 09:07 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-05-18 09:06 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2014-05-18 09:06 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2014-05-18 08:16 . 2014-05-18 08:16 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-17 23:52 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2014-05-17 23:52 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-05-17 23:52 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-05-17 23:52 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2014-05-17 23:52 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2014-05-17 23:41 . 2014-05-17 23:41 -------- d-----w- c:\windows\Migration
2014-05-17 23:31 . 2013-10-14 16:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2014-05-17 23:22 . 2014-05-17 23:22 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-05-17 23:21 . 2014-05-17 23:21 363008 ----a-w- c:\windows\system32\dxgi.dll
2014-05-17 23:07 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2014-05-17 22:06 . 2014-05-17 22:11 -------- d-----w- c:\windows\system32\MRT
2014-05-17 21:55 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-05-17 21:55 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-05-17 21:55 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-05-17 21:55 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-05-17 21:55 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-05-17 21:55 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2014-05-17 21:55 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2014-05-17 16:03 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2014-05-17 16:03 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
2014-05-17 16:02 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2014-05-17 16:02 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2014-05-17 16:02 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-05-17 16:02 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2014-05-17 16:02 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll
2014-05-17 16:02 . 2013-07-04 11:50 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
2014-05-17 16:02 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2014-05-17 16:02 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2014-05-17 16:02 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2014-05-17 16:02 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2014-05-17 16:00 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll
2014-05-17 15:59 . 2013-10-04 02:28 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2014-05-17 15:54 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2014-05-17 15:53 . 2013-07-04 12:57 259584 ----a-w- c:\windows\system32\WebClnt.dll
2014-05-17 15:52 . 2013-08-29 02:16 1732032 ----a-w- c:\windows\system32\ntdll.dll
2014-05-17 15:52 . 2013-08-29 02:16 859648 ----a-w- c:\windows\system32\tdh.dll
2014-05-17 15:52 . 2013-08-29 02:13 878080 ----a-w- c:\windows\system32\advapi32.dll
2014-05-17 15:52 . 2013-08-29 01:50 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2014-05-17 15:52 . 2013-08-29 01:50 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2014-05-17 15:52 . 2013-08-29 01:48 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2014-05-17 15:52 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-05-17 15:52 . 2013-09-08 02:30 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-05-17 15:50 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2014-05-17 15:49 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx
2014-05-17 15:37 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll
2014-05-11 19:52 . 2014-05-11 19:52 -------- d-----w- c:\program files (x86)\Common Files\COMODO
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-17 23:25 . 2014-05-17 23:25 208384 ----a-w- c:\windows\SysWow64\webcheck.dll
2014-05-17 23:25 . 2014-05-17 23:25 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-05-14 13:10 . 2012-07-16 11:14 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 13:10 . 2012-07-16 11:14 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-14 13:10 . 2014-04-29 15:10 17938608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-05-04 15:12 . 2012-07-15 09:04 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-04-18 16:43 . 2012-07-15 11:38 35656 ----a-w- c:\windows\system32\LMIport.dll
2014-04-18 16:43 . 2012-07-15 11:38 107368 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2014-04-18 16:43 . 2012-07-15 11:38 92488 ----a-w- c:\windows\system32\LMIinit.dll
2014-04-16 21:12 . 2012-03-11 19:13 48360 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2014-04-16 21:12 . 2012-02-03 17:27 105552 ----a-w- c:\windows\system32\drivers\inspect.sys
2014-04-16 21:12 . 2012-03-11 19:13 738472 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2014-04-16 21:12 . 2012-03-11 19:13 23168 ----a-w- c:\windows\system32\drivers\cmderd.sys
2014-04-10 16:43 . 2012-07-15 11:38 107368 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2014-03-25 19:22 . 2012-03-11 19:13 43216 ----a-w- c:\windows\system32\cmdcsr.dll
2014-03-25 19:22 . 2012-03-11 19:13 363504 ----a-w- c:\windows\SysWow64\guard32.dll
2014-03-25 19:22 . 2012-03-11 19:13 453680 ----a-w- c:\windows\system32\guard64.dll
2014-03-04 09:17 . 2014-05-17 15:53 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2014-03-04 09:17 . 2014-05-17 15:50 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2012-07-15 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2012-07-15 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"GrooveMonitor"="d:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"mobilegeni daemon"="c:\program files (x86)\Mobogenie\DaemonProcess.exe" [2014-01-24 775872]
"tvncontrol"="c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" [2014-05-05 2327248]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Start GeekBuddy.lnk - c:\program files (x86)\COMODO\GeekBuddy\launcher.exe "unit_manager.exe" [2014-5-5 49360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys;c:\windows\SYSNATIVE\DRIVERS\CFRMD.sys [x]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
R2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\COMODO\launcher_service.exe;c:\program files (x86)\Common Files\COMODO\launcher_service.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 GeekBuddyRSP;GeekBuddyRSP Server;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [x]
R2 LMIGuardianSvc;LMIGuardianSvc;d:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe;d:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [x]
R2 LMIInfo;LogMeIn Kernel Information Provider;d:\program files (x86)\LogMeIn\x64\RaInfo.sys;d:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y62x64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-16 13:10]
.
2014-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-16 19:46]
.
2014-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-16 19:46]
.
2014-05-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2158292681-2161067555-2850423787-1000Core.job
- c:\users\lucason3\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-15 09:13]
.
2014-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2158292681-2161067555-2850423787-1000UA.job
- c:\users\lucason3\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-15 09:13]
.
2014-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2158292681-2161067555-2850423787-1003Core.job
- c:\users\michalla\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-16 11:16]
.
2014-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2158292681-2161067555-2850423787-1003UA.job
- c:\users\michalla\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-16 11:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-10 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-10 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-10 415256]
"LogMeIn GUI"="d:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2012-04-02 57928]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2014-03-25 1275608]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={BE45D010-D774-11E1-BA03-001CC0711607}
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\lucason3\AppData\Roaming\Mozilla\Firefox\Profiles\9oi8amhe.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-BitTorrent Sync - c:\program files (x86)\BitTorrent Sync\BTSync.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Installer\Sym_Cam\CIS]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdAgent\Mode\Configurations]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdAgent\Mode\Data]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdAgent\Mode\Options]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Cam]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
Completion time: 2014-05-30 09:18:23
ComboFix-quarantined-files.txt 2014-05-30 07:18
.
Pre-Run: 4 743 798 784 bytes free
Post-Run: 8 214 568 960 bytes free
.
- - End Of File - - D57F1915C4BF0BF9B1D066000394ED63
A36C5E4F47E84449FF07ED3517B43A31

Najdete tento soubor c:\windows\system32\user32.dll a otestujte ho na virustotal a jotti http://forum.viry.cz/viewtopic.php?f=29&t=5846 Vysledky sem zkopirujte, nebo dejte odkaz.

Najdete tento soubor c:\windows\SysWOW64\user32.dll a otestujte ho na virustotal a jotti http://forum.viry.cz/viewtopic.php?f=29&t=5846 Vysledky sem zkopirujte, nebo dejte odkaz.

Kód: Vybrat vše

https://www.virustotal.com/sk/file/fdc6b8e08ae234fa4302b6552a3935714755fe51d11b8dd3e3c24415e1ed8731/analysis/1401538935/

Kód: Vybrat vše

http://virusscan.jotti.org/sk/scanresult/55fbafa052b390c6eeb937d1cb3aff0383ff07ea/87e13e7420262d9e0c0012ee9ac0680b08f75c35

Kód: Vybrat vše

https://www.virustotal.com/sk/file/fdc6b8e08ae234fa4302b6552a3935714755fe51d11b8dd3e3c24415e1ed8731/analysis/1401539203/

Kód: Vybrat vše

http://virusscan.jotti.org/sk/scanresult/037f24a2247594c5ff34f4c6fc091bd28f68587d/5d1241c7a5fefe190f535cc8576f0aaf4f7041be

Presunte Combofix na plochu!

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=-
"GrooveMonitor"=-

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Installer\Sym_Cam\CIS]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdAgent\Mode\Configurations]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdAgent\Mode\Data]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdAgent\Mode\Options]
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Cam]
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro]

DDS::
uStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={BE45D010-D774-11E1-BA03-001CC0711607}

Driver::
SkypeUpdate

Reboot::

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace

Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

ComboFix 14-05-27.02 - lucason3 . 06. 2014 12:40:28.2.2 - x64 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1051.18.3994.2899 [GMT 2:00]
Running from: c:\users\lucason3\Desktop\viry\ComboFix\ComboFix.exe
Command switches used :: c:\users\lucason3\Desktop\CFScript.txt
AV: COMODO Antivirus *Disabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
SP: COMODO Antivirus *Disabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Files Created from 2014-05-01 to 2014-06-01 )))))))))))))))))))))))))))))))
.
.
2014-06-01 10:45 . 2014-06-01 10:45 -------- d-----w- c:\users\michalla\AppData\Local\temp
2014-05-29 11:49 . 2014-05-29 11:49 -------- d-----w- C:\VTRoot
2014-05-20 16:58 . 2014-05-20 16:58 512 ----a-w- C:\PhysicalMBR.bin
2014-05-20 06:40 . 2014-05-20 06:45 -------- d-----w- c:\program files\trend micro
2014-05-19 19:11 . 2014-05-19 19:11 -------- d-sh--w- c:\users\michalla\AppData\Local\EmieUserList
2014-05-19 19:11 . 2014-05-19 19:11 -------- d-sh--w- c:\users\michalla\AppData\Local\EmieSiteList
2014-05-19 07:20 . 2014-05-19 07:20 -------- d-----w- c:\users\michalla\AppData\Roaming\Comodo
2014-05-19 06:40 . 2014-05-19 06:40 -------- d-----w- c:\programdata\Comodo Downloader
2014-05-19 06:40 . 2014-05-19 06:40 -------- d-----w- c:\programdata\Shared Space
2014-05-19 06:40 . 2014-03-25 19:22 352984 ----a-w- c:\windows\system32\cmdvrt64.dll
2014-05-19 06:40 . 2014-03-25 19:22 45784 ----a-w- c:\windows\system32\cmdkbd64.dll
2014-05-19 06:40 . 2014-03-25 19:22 284888 ----a-w- c:\windows\SysWow64\cmdvrt32.dll
2014-05-19 06:40 . 2014-03-25 19:22 40664 ----a-w- c:\windows\SysWow64\cmdkbd32.dll
2014-05-18 13:18 . 2014-05-18 13:18 -------- d-sh--w- c:\users\lucason3\AppData\Local\EmieUserList
2014-05-18 13:18 . 2014-05-18 13:18 -------- d-sh--w- c:\users\lucason3\AppData\Local\EmieSiteList
2014-05-18 13:07 . 2014-03-06 08:15 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-05-18 12:46 . 2014-05-18 12:46 -------- d-----w- c:\programdata\Malwarebytes
2014-05-18 12:34 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll
2014-05-18 12:34 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-18 12:34 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-18 12:34 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-18 09:08 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2014-05-18 09:08 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2014-05-18 09:08 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-05-18 09:08 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-05-18 09:08 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-05-18 09:08 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
2014-05-18 09:07 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-05-18 09:07 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-05-18 09:06 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2014-05-18 09:06 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2014-05-18 08:16 . 2014-05-18 08:16 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-17 23:52 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2014-05-17 23:52 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-05-17 23:52 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-05-17 23:52 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2014-05-17 23:52 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2014-05-17 23:41 . 2014-05-17 23:41 -------- d-----w- c:\windows\Migration
2014-05-17 23:31 . 2013-10-14 16:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2014-05-17 23:22 . 2014-05-17 23:22 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-05-17 23:21 . 2014-05-17 23:21 363008 ----a-w- c:\windows\system32\dxgi.dll
2014-05-17 23:07 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2014-05-17 22:06 . 2014-05-17 22:11 -------- d-----w- c:\windows\system32\MRT
2014-05-17 21:55 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-05-17 21:55 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-05-17 21:55 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-05-17 21:55 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-05-17 21:55 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-05-17 21:55 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2014-05-17 21:55 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2014-05-17 16:03 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2014-05-17 16:03 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
2014-05-17 16:02 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2014-05-17 16:02 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2014-05-17 16:02 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-05-17 16:02 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2014-05-17 16:02 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll
2014-05-17 16:02 . 2013-07-04 11:50 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
2014-05-17 16:02 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2014-05-17 16:02 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2014-05-17 16:02 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2014-05-17 16:02 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2014-05-17 16:00 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll
2014-05-17 15:59 . 2013-10-04 02:28 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2014-05-17 15:54 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2014-05-17 15:53 . 2013-07-04 12:57 259584 ----a-w- c:\windows\system32\WebClnt.dll
2014-05-17 15:52 . 2013-08-29 02:16 1732032 ----a-w- c:\windows\system32\ntdll.dll
2014-05-17 15:52 . 2013-08-29 02:16 859648 ----a-w- c:\windows\system32\tdh.dll
2014-05-17 15:52 . 2013-08-29 02:13 878080 ----a-w- c:\windows\system32\advapi32.dll
2014-05-17 15:52 . 2013-08-29 01:50 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2014-05-17 15:52 . 2013-08-29 01:50 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2014-05-17 15:52 . 2013-08-29 01:48 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2014-05-17 15:52 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-05-17 15:52 . 2013-09-08 02:30 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-05-17 15:50 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2014-05-17 15:49 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx
2014-05-17 15:37 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll
2014-05-11 19:52 . 2014-05-11 19:52 -------- d-----w- c:\program files (x86)\Common Files\COMODO
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-17 23:25 . 2014-05-17 23:25 208384 ----a-w- c:\windows\SysWow64\webcheck.dll
2014-05-17 23:25 . 2014-05-17 23:25 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-05-14 13:10 . 2012-07-16 11:14 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 13:10 . 2012-07-16 11:14 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-14 13:10 . 2014-04-29 15:10 17938608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-05-04 15:12 . 2012-07-15 09:04 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-04-18 16:43 . 2012-07-15 11:38 35656 ----a-w- c:\windows\system32\LMIport.dll
2014-04-18 16:43 . 2012-07-15 11:38 107368 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2014-04-18 16:43 . 2012-07-15 11:38 92488 ----a-w- c:\windows\system32\LMIinit.dll
2014-04-16 21:12 . 2012-03-11 19:13 48360 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2014-04-16 21:12 . 2012-02-03 17:27 105552 ----a-w- c:\windows\system32\drivers\inspect.sys
2014-04-16 21:12 . 2012-03-11 19:13 738472 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2014-04-16 21:12 . 2012-03-11 19:13 23168 ----a-w- c:\windows\system32\drivers\cmderd.sys
2014-04-10 16:43 . 2012-07-15 11:38 107368 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2014-03-25 19:22 . 2012-03-11 19:13 43216 ----a-w- c:\windows\system32\cmdcsr.dll
2014-03-25 19:22 . 2012-03-11 19:13 363504 ----a-w- c:\windows\SysWow64\guard32.dll
2014-03-25 19:22 . 2012-03-11 19:13 453680 ----a-w- c:\windows\system32\guard64.dll
2014-03-04 09:17 . 2014-05-17 15:53 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2014-03-04 09:17 . 2014-05-17 15:50 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2012-07-15 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2012-07-15 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mobilegeni daemon"="c:\program files (x86)\Mobogenie\DaemonProcess.exe" [2014-01-24 775872]
"tvncontrol"="c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" [2014-05-05 2327248]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Start GeekBuddy.lnk - c:\program files (x86)\COMODO\GeekBuddy\launcher.exe "unit_manager.exe" [2014-5-5 49360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys;c:\windows\SYSNATIVE\DRIVERS\CFRMD.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
S2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\COMODO\launcher_service.exe;c:\program files (x86)\Common Files\COMODO\launcher_service.exe [x]
S2 GeekBuddyRSP;GeekBuddyRSP Server;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;d:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe;d:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;d:\program files (x86)\LogMeIn\x64\RaInfo.sys;d:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y62x64.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-16 13:10]
.
2014-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-16 19:46]
.
2014-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-16 19:46]
.
2014-05-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2158292681-2161067555-2850423787-1000Core.job
- c:\users\lucason3\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-15 09:13]
.
2014-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2158292681-2161067555-2850423787-1000UA.job
- c:\users\lucason3\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-15 09:13]
.
2014-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2158292681-2161067555-2850423787-1003Core.job
- c:\users\michalla\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-16 11:16]
.
2014-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2158292681-2161067555-2850423787-1003UA.job
- c:\users\michalla\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-16 11:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-10 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-10 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-10 415256]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [BU]
"LogMeIn GUI"="d:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2012-04-02 57928]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2014-03-25 1275608]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\lucason3\AppData\Roaming\Mozilla\Firefox\Profiles\9oi8amhe.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Installer\Sym_Cam\CIS]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdAgent\Mode\Configurations]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdAgent\Mode\Data]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdAgent\Mode\Options]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Cam]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
.
**************************************************************************
.
Completion time: 2014-06-01 12:58:58 - machine was rebooted
ComboFix-quarantined-files.txt 2014-06-01 10:58
ComboFix2.txt 2014-05-30 07:18
.
Pre-Run: 7 931 932 672 bytes free
Post-Run: 7 651 872 768 bytes free
.
- - End Of File - - ACEAFC89B197F65D315C2339839CFF2E
A36C5E4F47E84449FF07ED3517B43A31

Dejte novy log z RSIT

Logfile of random's system information tool 1.09 (written by random/random)
Run by michalla at 2014-06-02 10:32:40
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 7 GB (15%) free of 50 GB
Total RAM: 3994 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:32:51, on 2. 6. 2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
C:\Users\michalla\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\michalla\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\michalla\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\michalla\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\michalla.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
O4 - HKLM\..\Run: [tvncontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
O4 - HKCU\..\Run: [Google Update] "C:\Users\michalla\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Start GeekBuddy.lnk = C:\Program Files (x86)\COMODO\GeekBuddy\launcher.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: COMODO LPS Launcher (CLPSLauncher) - Comodo Security Solutions, Inc. - C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GeekBuddyRSP Server (GeekBuddyRSP) - Comodo Security Solutions, Inc. - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - D:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - D:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - D:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10129 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8653 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe"
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -service
"D:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe"
"D:\Program Files (x86)\LogMeIn\x64\RaMaint.exe"
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"
"D:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe" /ModeAvMonitor -Embedding
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"D:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
"C:\Program Files\COMODO\COMODO Internet Security\cistray.exe"
"C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
"C:\Program Files (x86)\COMODO\GeekBuddy\unit_manager.exe"
"C:\Program Files (x86)\COMODO\GeekBuddy\unit" "\"C:/Program Files (x86)/COMODO/GeekBuddy/lps-cspm\""
"C:\Program Files\COMODO\COMODO Internet Security\cis.exe" --alertsUI
C:\Windows\servicing\TrustedInstaller.exe
"C:\Users\michalla\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\michalla\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3868.0.1479494825\1269984910" --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,5,15 --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x2e22 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2189 --ignored=" --type=renderer " /prefetch:822062411
"C:\Users\michalla\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials="BrowserBlacklist/Enabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Bootstrap/OmniboxBundledExperimentV1/StableBookmarkValue5/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_22/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --disable-accelerated-video-decode --enable-software-compositing --channel="3868.10.225310038\176365474" /prefetch:673131151
"C:\Users\michalla\AppData\Local\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="3868.11.1906754163\405262033" --ppapi-flash-args --lang=sk --ignored=" --type=renderer " /prefetch:-632637702
C:\Windows\system32\AUDIODG.EXE 0xc90
taskeng.exe {9BE098EB-1918-49AE-BE06-F5A0E326B8CB}
"C:\Users\lucason3\Desktop\viry\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2158292681-2161067555-2850423787-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2158292681-2161067555-2850423787-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2158292681-2161067555-2850423787-1003Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2158292681-2161067555-2850423787-1003UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\michalla\AppData\Roaming\Mozilla\Firefox\Profiles\7lagljp6.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.214 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=d:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.2]
"Description"=VLC Multimedia Plugin
"Path"=d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=D:\AdobeReader\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.214 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-27 256456]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - D:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-27 194504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-08-16 3942048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-27 256456]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-27 194504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-08-10 161304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-08-10 386584]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-08-10 415256]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2011-10-23 1424896]
"LogMeIn GUI"=D:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [2012-04-02 57928]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-03-25 1275608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\michalla\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-16 116648]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"mobilegeni daemon"=C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [2014-01-24 775872]
"tvncontrol"=C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2014-05-05 2327248]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Start GeekBuddy.lnk - C:\Program Files (x86)\COMODO\GeekBuddy\launcher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-07-29 271360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=D:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux3"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux4"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux5"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux6"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2014-06-02 10:32:40 ----D---- C:\rsit
2014-06-01 12:59:08 ----SHD---- C:\$RECYCLE.BIN
2014-06-01 12:59:03 ----D---- C:\Windows\temp
2014-05-30 09:05:27 ----A---- C:\Windows\zip.exe
2014-05-30 09:05:27 ----A---- C:\Windows\SWSC.exe
2014-05-30 09:05:27 ----A---- C:\Windows\SWREG.exe
2014-05-30 09:05:27 ----A---- C:\Windows\sed.exe
2014-05-30 09:05:27 ----A---- C:\Windows\PEV.exe
2014-05-30 09:05:27 ----A---- C:\Windows\NIRCMD.exe
2014-05-30 09:05:27 ----A---- C:\Windows\MBR.exe
2014-05-30 09:05:27 ----A---- C:\Windows\grep.exe
2014-05-30 09:05:10 ----D---- C:\Qoobox
2014-05-30 09:04:54 ----D---- C:\Windows\erdnt
2014-05-30 09:04:09 ----A---- C:\Windows\ntbtlog.txt
2014-05-29 13:49:05 ----D---- C:\VTRoot
2014-05-29 13:49:03 ----A---- C:\Windows\system32\drivers\fvstore.dat
2014-05-20 08:40:14 ----D---- C:\Program Files\trend micro
2014-05-19 09:20:52 ----D---- C:\Users\michalla\AppData\Roaming\Comodo
2014-05-19 08:40:26 ----D---- C:\ProgramData\Comodo Downloader
2014-05-19 08:40:06 ----D---- C:\ProgramData\Shared Space
2014-05-19 08:40:02 ----A---- C:\Windows\SYSWOW64\cmdvrt32.dll
2014-05-19 08:40:02 ----A---- C:\Windows\SYSWOW64\cmdkbd32.dll
2014-05-19 08:40:02 ----A---- C:\Windows\system32\cmdvrt64.dll
2014-05-19 08:40:02 ----A---- C:\Windows\system32\cmdkbd64.dll
2014-05-18 15:07:50 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-18 14:46:45 ----D---- C:\ProgramData\Malwarebytes
2014-05-18 14:34:43 ----A---- C:\Windows\system32\mshtmled.dll
2014-05-18 14:34:43 ----A---- C:\Windows\system32\mshtml.dll
2014-05-18 14:34:42 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-05-18 14:34:42 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-05-18 11:08:59 ----A---- C:\Windows\SYSWOW64\WMPhoto.dll
2014-05-18 11:08:58 ----A---- C:\Windows\system32\WMPhoto.dll
2014-05-18 11:08:56 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll
2014-05-18 11:08:56 ----A---- C:\Windows\system32\d3d10warp.dll
2014-05-18 11:08:55 ----A---- C:\Windows\SYSWOW64\d2d1.dll
2014-05-18 11:08:55 ----A---- C:\Windows\system32\d2d1.dll
2014-05-18 11:07:02 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2014-05-18 11:07:02 ----A---- C:\Windows\system32\WindowsCodecs.dll
2014-05-18 11:06:57 ----A---- C:\Windows\system32\spoolsv.exe
2014-05-18 11:06:57 ----A---- C:\Windows\splwow64.exe
2014-05-18 10:16:52 ----SD---- C:\Windows\system32\CompatTel
2014-05-18 01:52:37 ----A---- C:\Windows\system32\wmploc.DLL
2014-05-18 01:52:36 ----A---- C:\Windows\SYSWOW64\wmploc.DLL
2014-05-18 01:52:36 ----A---- C:\Windows\SYSWOW64\wmp.dll
2014-05-18 01:52:35 ----A---- C:\Windows\system32\wmp.dll
2014-05-18 01:41:39 ----D---- C:\Windows\Migration
2014-05-18 01:31:40 ----A---- C:\Windows\system32\IEUDINIT.EXE
2014-05-18 01:26:12 ----A---- C:\Windows\SYSWOW64\elshyph.dll
2014-05-18 01:26:05 ----A---- C:\Windows\SYSWOW64\jsIntl.dll
2014-05-18 01:26:05 ----A---- C:\Windows\system32\elshyph.dll
2014-05-18 01:26:04 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-05-18 01:26:04 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2014-05-18 01:26:04 ----A---- C:\Windows\SYSWOW64\msls31.dll
2014-05-18 01:26:04 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-05-18 01:26:04 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-05-18 01:26:03 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-05-18 01:26:03 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-05-18 01:26:03 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-05-18 01:26:02 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-05-18 01:26:02 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-05-18 01:26:01 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-05-18 01:26:00 ----A---- C:\Windows\SYSWOW64\url.dll
2014-05-18 01:26:00 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2014-05-18 01:26:00 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-05-18 01:26:00 ----A---- C:\Windows\SYSWOW64\ieapfltr.dat
2014-05-18 01:26:00 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-05-18 01:25:59 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2014-05-18 01:25:59 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-05-18 01:25:59 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-05-18 01:25:59 ----A---- C:\Windows\SYSWOW64\icardie.dll
2014-05-18 01:25:58 ----A---- C:\Windows\SYSWOW64\wextract.exe
2014-05-18 01:25:58 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2014-05-18 01:25:58 ----A---- C:\Windows\SYSWOW64\inseng.dll
2014-05-18 01:25:58 ----A---- C:\Windows\SYSWOW64\iexpress.exe
2014-05-18 01:25:57 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2014-05-18 01:25:57 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-05-18 01:25:57 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-05-18 01:25:56 ----A---- C:\Windows\SYSWOW64\pngfilt.dll
2014-05-18 01:25:55 ----A---- C:\Windows\SYSWOW64\occache.dll
2014-05-18 01:25:55 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2014-05-18 01:25:55 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-05-18 01:25:54 ----A---- C:\Windows\SYSWOW64\mshta.exe
2014-05-18 01:25:54 ----A---- C:\Windows\SYSWOW64\jscript.dll
2014-05-18 01:25:54 ----A---- C:\Windows\SYSWOW64\imgutil.dll
2014-05-18 01:25:54 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-05-18 01:25:53 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2014-05-18 01:25:53 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2014-05-18 01:25:53 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2014-05-18 01:25:53 ----A---- C:\Windows\SYSWOW64\IEAdvpack.dll
2014-05-18 01:25:52 ----A---- C:\Windows\SYSWOW64\SetIEInstalledDate.exe
2014-05-18 01:25:52 ----A---- C:\Windows\SYSWOW64\mshtmler.dll
2014-05-18 01:25:52 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-05-18 01:25:51 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-05-18 01:25:51 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2014-05-18 01:25:46 ----A---- C:\Windows\system32\wininet.dll
2014-05-18 01:25:46 ----A---- C:\Windows\system32\urlmon.dll
2014-05-18 01:25:46 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-18 01:25:46 ----A---- C:\Windows\system32\msls31.dll
2014-05-18 01:25:46 ----A---- C:\Windows\system32\jsproxy.dll
2014-05-18 01:25:46 ----A---- C:\Windows\system32\jsIntl.dll
2014-05-18 01:25:45 ----A---- C:\Windows\system32\wextract.exe
2014-05-18 01:25:45 ----A---- C:\Windows\system32\webcheck.dll
2014-05-18 01:25:45 ----A---- C:\Windows\system32\vbscript.dll
2014-05-18 01:25:45 ----A---- C:\Windows\system32\url.dll
2014-05-18 01:25:45 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2014-05-18 01:25:45 ----A---- C:\Windows\system32\pngfilt.dll
2014-05-18 01:25:45 ----A---- C:\Windows\system32\occache.dll
2014-05-18 01:25:45 ----A---- C:\Windows\system32\msrating.dll
2014-05-18 01:25:45 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-05-18 01:25:45 ----A---- C:\Windows\system32\mshtmler.dll
2014-05-18 01:25:45 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-05-18 01:25:45 ----A---- C:\Windows\system32\mshta.exe
2014-05-18 01:25:45 ----A---- C:\Windows\system32\msfeedssync.exe
2014-05-18 01:25:45 ----A---- C:\Windows\system32\msfeedsbs.dll
2014-05-18 01:25:45 ----A---- C:\Windows\system32\msfeeds.dll
2014-05-18 01:25:45 ----A---- C:\Windows\system32\licmgr10.dll
2014-05-18 01:25:45 ----A---- C:\Windows\system32\jscript9diag.dll
2014-05-18 01:25:45 ----A---- C:\Windows\system32\jscript9.dll
2014-05-18 01:25:45 ----A---- C:\Windows\system32\jscript.dll
2014-05-18 01:25:45 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-18 01:25:45 ----A---- C:\Windows\system32\inseng.dll
2014-05-18 01:25:45 ----A---- C:\Windows\system32\imgutil.dll
2014-05-18 01:25:45 ----A---- C:\Windows\system32\iexpress.exe
2014-05-18 01:25:45 ----A---- C:\Windows\system32\ieUnatt.exe
2014-05-18 01:25:45 ----A---- C:\Windows\system32\ieui.dll
2014-05-18 01:25:45 ----A---- C:\Windows\system32\iesysprep.dll
2014-05-18 01:25:45 ----A---- C:\Windows\system32\iesetup.dll
2014-05-18 01:25:45 ----A---- C:\Windows\system32\iertutil.dll
2014-05-18 01:25:45 ----A---- C:\Windows\system32\iernonce.dll
2014-05-18 01:25:45 ----A---- C:\Windows\system32\iepeers.dll
2014-05-18 01:25:45 ----A---- C:\Windows\system32\ieframe.dll
2014-05-18 01:25:45 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-05-18 01:25:45 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-05-18 01:25:45 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-05-18 01:25:45 ----A---- C:\Windows\system32\iedkcs32.dll
2014-05-18 01:25:45 ----A---- C:\Windows\system32\ieapfltr.dll
2014-05-18 01:25:45 ----A---- C:\Windows\system32\ieapfltr.dat
2014-05-18 01:25:45 ----A---- C:\Windows\system32\IEAdvpack.dll
2014-05-18 01:25:45 ----A---- C:\Windows\system32\ie4uinit.exe
2014-05-18 01:25:45 ----A---- C:\Windows\system32\icardie.dll
2014-05-18 01:25:45 ----A---- C:\Windows\system32\dxtrans.dll
2014-05-18 01:25:45 ----A---- C:\Windows\system32\dxtmsft.dll
2014-05-18 01:22:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2014-05-18 01:22:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-05-18 01:22:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-05-18 01:22:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-05-18 01:22:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-05-18 01:22:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-05-18 01:22:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-05-18 01:22:01 ----AH---- C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-05-18 01:22:01 ----AH---- C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-05-18 01:22:01 ----AH---- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-05-18 01:22:01 ----AH---- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-05-18 01:22:01 ----AH---- C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-05-18 01:22:01 ----AH---- C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-05-18 01:22:00 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-05-18 01:22:00 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-05-18 01:22:00 ----AH---- C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-05-18 01:22:00 ----AH---- C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-05-18 01:22:00 ----AH---- C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-05-18 01:22:00 ----A---- C:\Windows\SYSWOW64\XpsPrint.dll
2014-05-18 01:22:00 ----A---- C:\Windows\SYSWOW64\XpsGdiConverter.dll
2014-05-18 01:22:00 ----A---- C:\Windows\SYSWOW64\msmpeg2vdec.dll
2014-05-18 01:22:00 ----A---- C:\Windows\system32\XpsPrint.dll
2014-05-18 01:22:00 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2014-05-18 01:22:00 ----A---- C:\Windows\system32\msmpeg2vdec.dll
2014-05-18 01:21:59 ----A---- C:\Windows\SYSWOW64\WindowsCodecsExt.dll
2014-05-18 01:21:59 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2014-05-18 01:21:59 ----A---- C:\Windows\SYSWOW64\d3d10core.dll
2014-05-18 01:21:59 ----A---- C:\Windows\SYSWOW64\d3d10.dll
2014-05-18 01:21:59 ----A---- C:\Windows\system32\FntCache.dll
2014-05-18 01:21:59 ----A---- C:\Windows\system32\dxgi.dll
2014-05-18 01:21:58 ----A---- C:\Windows\SYSWOW64\d3d10level9.dll
2014-05-18 01:21:58 ----A---- C:\Windows\SYSWOW64\d3d10_1core.dll
2014-05-18 01:21:58 ----A---- C:\Windows\SYSWOW64\d3d10_1.dll
2014-05-18 01:21:58 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2014-05-18 01:21:58 ----A---- C:\Windows\system32\DWrite.dll
2014-05-18 01:21:58 ----A---- C:\Windows\system32\d3d10core.dll
2014-05-18 01:21:58 ----A---- C:\Windows\system32\d3d10_1core.dll
2014-05-18 01:21:58 ----A---- C:\Windows\system32\d3d10_1.dll
2014-05-18 01:21:58 ----A---- C:\Windows\system32\d3d10.dll
2014-05-18 01:21:57 ----A---- C:\Windows\SYSWOW64\UIAnimation.dll
2014-05-18 01:21:57 ----A---- C:\Windows\SYSWOW64\dxgi.dll
2014-05-18 01:21:57 ----A---- C:\Windows\system32\d3d10level9.dll
2014-05-18 01:21:56 ----A---- C:\Windows\system32\UIAnimation.dll
2014-05-18 00:06:33 ----D---- C:\Windows\system32\MRT
2014-05-17 23:55:09 ----A---- C:\Windows\system32\WUDFSvc.dll
2014-05-17 23:55:09 ----A---- C:\Windows\system32\WUDFPlatform.dll
2014-05-17 23:55:09 ----A---- C:\Windows\system32\WUDFCoinstaller.dll
2014-05-17 23:55:09 ----A---- C:\Windows\system32\drivers\WUDFRd.sys
2014-05-17 23:55:09 ----A---- C:\Windows\system32\drivers\WUDFPf.sys
2014-05-17 23:55:08 ----A---- C:\Windows\system32\WUDFx.dll
2014-05-17 23:55:08 ----A---- C:\Windows\system32\WUDFHost.exe
2014-05-17 18:03:17 ----A---- C:\Windows\SYSWOW64\d3d11.dll
2014-05-17 18:03:17 ----A---- C:\Windows\system32\d3d11.dll
2014-05-17 18:02:22 ----A---- C:\Windows\SYSWOW64\msieftp.dll
2014-05-17 18:02:22 ----A---- C:\Windows\system32\msieftp.dll
2014-05-17 18:02:19 ----A---- C:\Windows\system32\wwansvc.dll
2014-05-17 18:02:19 ----A---- C:\Windows\system32\wwanprotdim.dll
2014-05-17 18:02:15 ----A---- C:\Windows\SYSWOW64\comctl32.dll
2014-05-17 18:02:15 ----A---- C:\Windows\system32\comctl32.dll
2014-05-17 18:02:02 ----A---- C:\Windows\SYSWOW64\dhcpcsvc6.dll
2014-05-17 18:02:02 ----A---- C:\Windows\SYSWOW64\dhcpcore6.dll
2014-05-17 18:02:02 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2014-05-17 18:02:02 ----A---- C:\Windows\system32\dhcpcore6.dll
2014-05-17 18:01:57 ----A---- C:\Windows\system32\mstscax.dll
2014-05-17 18:01:56 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2014-05-17 18:01:56 ----A---- C:\Windows\SYSWOW64\aaclient.dll
2014-05-17 18:01:55 ----A---- C:\Windows\SYSWOW64\tsgqec.dll
2014-05-17 18:01:55 ----A---- C:\Windows\system32\tsgqec.dll
2014-05-17 18:01:55 ----A---- C:\Windows\system32\aaclient.dll
2014-05-17 18:01:49 ----A---- C:\Windows\system32\shell32.dll
2014-05-17 18:01:48 ----A---- C:\Windows\SYSWOW64\shell32.dll
2014-05-17 18:01:46 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2014-05-17 18:01:46 ----A---- C:\Windows\system32\wintrust.dll
2014-05-17 18:01:34 ----A---- C:\Windows\system32\aepdu.dll
2014-05-17 18:01:34 ----A---- C:\Windows\system32\aeinv.dll
2014-05-17 18:01:30 ----A---- C:\Windows\system32\consent.exe
2014-05-17 18:01:30 ----A---- C:\Windows\system32\appinfo.dll
2014-05-17 18:00:59 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2014-05-17 18:00:59 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2014-05-17 18:00:59 ----A---- C:\Windows\system32\cryptsvc.dll
2014-05-17 18:00:59 ----A---- C:\Windows\system32\cryptnet.dll
2014-05-17 18:00:59 ----A---- C:\Windows\system32\crypt32.dll
2014-05-17 18:00:58 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2014-05-17 18:00:54 ----A---- C:\Windows\SYSWOW64\wer.dll
2014-05-17 18:00:54 ----A---- C:\Windows\system32\wer.dll
2014-05-17 18:00:53 ----A---- C:\Windows\system32\imagehlp.dll
2014-05-17 18:00:52 ----A---- C:\Windows\SYSWOW64\imagehlp.dll
2014-05-17 18:00:51 ----A---- C:\Windows\SYSWOW64\tzres.dll
2014-05-17 18:00:51 ----A---- C:\Windows\system32\tzres.dll
2014-05-17 18:00:43 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2014-05-17 18:00:43 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2014-05-17 18:00:43 ----A---- C:\Windows\system32\msxml3r.dll
2014-05-17 18:00:43 ----A---- C:\Windows\system32\msxml3.dll
2014-05-17 18:00:03 ----A---- C:\Windows\system32\drivers\portcls.sys
2014-05-17 18:00:03 ----A---- C:\Windows\system32\drivers\drmk.sys
2014-05-17 18:00:03 ----A---- C:\Windows\system32\drivers\afd.sys
2014-05-17 18:00:02 ----A---- C:\Windows\system32\win32k.sys
2014-05-17 18:00:01 ----A---- C:\Windows\system32\drivers\ataport.sys
2014-05-17 17:59:58 ----A---- C:\Windows\SYSWOW64\SmartcardCredentialProvider.dll
2014-05-17 17:59:58 ----A---- C:\Windows\SYSWOW64\credui.dll
2014-05-17 17:59:58 ----A---- C:\Windows\SYSWOW64\authui.dll
2014-05-17 17:59:58 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2014-05-17 17:59:58 ----A---- C:\Windows\system32\credui.dll
2014-05-17 17:59:58 ----A---- C:\Windows\system32\authui.dll
2014-05-17 17:59:53 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2014-05-17 17:59:53 ----A---- C:\Windows\system32\atmlib.dll
2014-05-17 17:59:53 ----A---- C:\Windows\system32\atmfd.dll
2014-05-17 17:59:52 ----A---- C:\Windows\SYSWOW64\lpk.dll
2014-05-17 17:59:52 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2014-05-17 17:59:52 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2014-05-17 17:59:52 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2014-05-17 17:59:52 ----A---- C:\Windows\system32\lpk.dll
2014-05-17 17:59:52 ----A---- C:\Windows\system32\fontsub.dll
2014-05-17 17:59:52 ----A---- C:\Windows\system32\dciman32.dll
2014-05-17 17:59:50 ----A---- C:\Windows\SYSWOW64\secproc_isv.dll
2014-05-17 17:59:50 ----A---- C:\Windows\SYSWOW64\RMActivate_ssp_isv.exe
2014-05-17 17:59:50 ----A---- C:\Windows\SYSWOW64\RMActivate_ssp.exe
2014-05-17 17:59:50 ----A---- C:\Windows\SYSWOW64\RMActivate_isv.exe
2014-05-17 17:59:50 ----A---- C:\Windows\SYSWOW64\RMActivate.exe
2014-05-17 17:59:50 ----A---- C:\Windows\system32\secproc_isv.dll
2014-05-17 17:59:50 ----A---- C:\Windows\system32\secproc.dll
2014-05-17 17:59:50 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2014-05-17 17:59:50 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2014-05-17 17:59:50 ----A---- C:\Windows\system32\RMActivate_isv.exe
2014-05-17 17:59:50 ----A---- C:\Windows\system32\RMActivate.exe
2014-05-17 17:59:50 ----A---- C:\Windows\system32\msdrm.dll
2014-05-17 17:59:49 ----A---- C:\Windows\SYSWOW64\secproc_ssp_isv.dll
2014-05-17 17:59:49 ----A---- C:\Windows\SYSWOW64\secproc_ssp.dll
2014-05-17 17:59:49 ----A---- C:\Windows\SYSWOW64\secproc.dll
2014-05-17 17:59:49 ----A---- C:\Windows\SYSWOW64\msdrm.dll
2014-05-17 17:59:49 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2014-05-17 17:59:49 ----A---- C:\Windows\system32\secproc_ssp.dll
2014-05-17 17:59:37 ----A---- C:\Windows\system32\drivers\usbuhci.sys
2014-05-17 17:59:37 ----A---- C:\Windows\system32\drivers\usbport.sys
2014-05-17 17:59:37 ----A---- C:\Windows\system32\drivers\usbohci.sys
2014-05-17 17:59:37 ----A---- C:\Windows\system32\drivers\usbhub.sys
2014-05-17 17:59:37 ----A---- C:\Windows\system32\drivers\usbehci.sys
2014-05-17 17:59:37 ----A---- C:\Windows\system32\drivers\usbd.sys
2014-05-17 17:59:37 ----A---- C:\Windows\system32\drivers\usbccgp.sys
2014-05-17 17:54:43 ----A---- C:\Windows\system32\drivers\RNDISMP.sys
2014-05-17 17:54:43 ----A---- C:\Windows\system32\drivers\ndis.sys
2014-05-17 17:54:41 ----A---- C:\Windows\system32\drivers\usb8023.sys
2014-05-17 17:54:40 ----A---- C:\Windows\SYSWOW64\WMVDECOD.DLL
2014-05-17 17:54:40 ----A---- C:\Windows\system32\WMVDECOD.DLL
2014-05-17 17:54:33 ----A---- C:\Windows\system32\Wdfres.dll
2014-05-17 17:54:33 ----A---- C:\Windows\system32\drivers\WdfLdr.sys
2014-05-17 17:54:33 ----A---- C:\Windows\system32\drivers\Wdf01000.sys
2014-05-17 17:54:31 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2014-05-17 17:54:31 ----A---- C:\Windows\system32\rpcrt4.dll
2014-05-17 17:54:30 ----A---- C:\Windows\system32\drivers\usbvideo.sys
2014-05-17 17:54:30 ----A---- C:\Windows\system32\drivers\usbcir.sys
2014-05-17 17:54:30 ----A---- C:\Windows\system32\drivers\USBAUDIO.sys
2014-05-17 17:54:29 ----A---- C:\Windows\system32\msxml6.dll
2014-05-17 17:54:28 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2014-05-17 17:54:26 ----A---- C:\Windows\SYSWOW64\nlaapi.dll
2014-05-17 17:54:26 ----A---- C:\Windows\SYSWOW64\netcorehc.dll
2014-05-17 17:54:26 ----A---- C:\Windows\SYSWOW64\ncsi.dll
2014-05-17 17:54:26 ----A---- C:\Windows\system32\nlasvc.dll
2014-05-17 17:54:26 ----A---- C:\Windows\system32\netcorehc.dll
2014-05-17 17:54:26 ----A---- C:\Windows\system32\ncsi.dll
2014-05-17 17:54:26 ----A---- C:\Windows\system32\iphlpsvc.dll
2014-05-17 17:54:25 ----A---- C:\Windows\SYSWOW64\netevent.dll
2014-05-17 17:54:25 ----A---- C:\Windows\system32\nlaapi.dll
2014-05-17 17:54:25 ----A---- C:\Windows\system32\netevent.dll
2014-05-17 17:54:25 ----A---- C:\Windows\system32\drivers\tcpipreg.sys
2014-05-17 17:54:19 ----A---- C:\Windows\system32\drivers\hidparse.sys
2014-05-17 17:54:19 ----A---- C:\Windows\system32\drivers\hidclass.sys
2014-05-17 17:53:58 ----A---- C:\Windows\SYSWOW64\WebClnt.dll
2014-05-17 17:53:58 ----A---- C:\Windows\system32\WebClnt.dll
2014-05-17 17:53:57 ----A---- C:\Windows\SYSWOW64\dpnet.dll
2014-05-17 17:53:57 ----A---- C:\Windows\SYSWOW64\davclnt.dll
2014-05-17 17:53:57 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2014-05-17 17:53:57 ----A---- C:\Windows\system32\dpnet.dll
2014-05-17 17:53:57 ----A---- C:\Windows\system32\davclnt.dll
2014-05-17 17:53:48 ----A---- C:\Windows\system32\ntoskrnl.exe
2014-05-17 17:53:47 ----A---- C:\Windows\system32\schannel.dll
2014-05-17 17:53:47 ----A---- C:\Windows\system32\lsasrv.dll
2014-05-17 17:53:47 ----A---- C:\Windows\system32\kerberos.dll
2014-05-17 17:53:46 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2014-05-17 17:53:46 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2014-05-17 17:53:46 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2014-05-17 17:53:45 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2014-05-17 17:53:45 ----A---- C:\Windows\SYSWOW64\schannel.dll
2014-05-17 17:53:45 ----A---- C:\Windows\SYSWOW64\objsel.dll
2014-05-17 17:53:45 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2014-05-17 17:53:45 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2014-05-17 17:53:45 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2014-05-17 17:53:45 ----A---- C:\Windows\system32\winlogon.exe
2014-05-17 17:53:45 ----A---- C:\Windows\system32\wdigest.dll
2014-05-17 17:53:45 ----A---- C:\Windows\system32\TSpkg.dll
2014-05-17 17:53:45 ----A---- C:\Windows\system32\objsel.dll
2014-05-17 17:53:45 ----A---- C:\Windows\system32\ncrypt.dll
2014-05-17 17:53:45 ----A---- C:\Windows\system32\msv1_0.dll
2014-05-17 17:53:45 ----A---- C:\Windows\system32\KernelBase.dll
2014-05-17 17:53:45 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2014-05-17 17:53:45 ----A---- C:\Windows\system32\drivers\cng.sys
2014-05-17 17:53:44 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2014-05-17 17:53:44 ----A---- C:\Windows\SYSWOW64\dpapiprovider.dll
2014-05-17 17:53:44 ----A---- C:\Windows\SYSWOW64\dimsroam.dll
2014-05-17 17:53:44 ----A---- C:\Windows\SYSWOW64\cngprovider.dll
2014-05-17 17:53:44 ----A---- C:\Windows\SYSWOW64\capiprovider.dll
2014-05-17 17:53:44 ----A---- C:\Windows\SYSWOW64\adprovider.dll
2014-05-17 17:53:44 ----A---- C:\Windows\system32\smss.exe
2014-05-17 17:53:44 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2014-05-17 17:53:44 ----A---- C:\Windows\system32\dpapiprovider.dll
2014-05-17 17:53:44 ----A---- C:\Windows\system32\dimsroam.dll
2014-05-17 17:53:44 ----A---- C:\Windows\system32\cngprovider.dll
2014-05-17 17:53:44 ----A---- C:\Windows\system32\capiprovider.dll
2014-05-17 17:53:44 ----A---- C:\Windows\system32\adprovider.dll
2014-05-17 17:53:43 ----A---- C:\Windows\SYSWOW64\wincredprovider.dll
2014-05-17 17:53:43 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2014-05-17 17:53:43 ----A---- C:\Windows\SYSWOW64\secur32.dll
2014-05-17 17:53:43 ----A---- C:\Windows\SYSWOW64\credssp.dll
2014-05-17 17:53:43 ----A---- C:\Windows\system32\wincredprovider.dll
2014-05-17 17:53:43 ----A---- C:\Windows\system32\sspisrv.dll
2014-05-17 17:53:43 ----A---- C:\Windows\system32\sspicli.dll
2014-05-17 17:53:43 ----A---- C:\Windows\system32\secur32.dll
2014-05-17 17:53:43 ----A---- C:\Windows\system32\lsass.exe
2014-05-17 17:53:43 ----A---- C:\Windows\system32\csrsrv.dll
2014-05-17 17:53:43 ----A---- C:\Windows\system32\credssp.dll
2014-05-17 17:53:42 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2014-05-17 17:53:42 ----A---- C:\Windows\system32\apisetschema.dll
2014-05-17 17:53:33 ----A---- C:\Windows\system32\OxpsConverter.exe
2014-05-17 17:53:30 ----A---- C:\Windows\SYSWOW64\usp10.dll
2014-05-17 17:53:30 ----A---- C:\Windows\system32\usp10.dll
2014-05-17 17:53:27 ----A---- C:\Windows\system32\rdpcorets.dll
2014-05-17 17:53:27 ----A---- C:\Windows\system32\drivers\tssecsrv.sys
2014-05-17 17:53:26 ----A---- C:\Windows\system32\mswsock.dll
2014-05-17 17:53:25 ----A---- C:\Windows\SYSWOW64\mswsock.dll
2014-05-17 17:53:20 ----A---- C:\Windows\SYSWOW64\Wpc.dll
2014-05-17 17:53:20 ----A---- C:\Windows\SYSWOW64\gameux.dll
2014-05-17 17:53:20 ----A---- C:\Windows\system32\Wpc.dll
2014-05-17 17:53:20 ----A---- C:\Windows\system32\gameux.dll
2014-05-17 17:52:09 ----A---- C:\Windows\system32\tdh.dll
2014-05-17 17:52:09 ----A---- C:\Windows\system32\ntdll.dll
2014-05-17 17:52:09 ----A---- C:\Windows\system32\advapi32.dll
2014-05-17 17:52:08 ----A---- C:\Windows\SYSWOW64\tdh.dll
2014-05-17 17:52:08 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2014-05-17 17:52:08 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2014-05-17 17:52:06 ----A---- C:\Windows\system32\drivers\tcpip.sys
2014-05-17 17:52:06 ----A---- C:\Windows\system32\drivers\netio.sys
2014-05-17 17:51:24 ----A---- C:\Windows\SYSWOW64\iologmsg.dll
2014-05-17 17:51:24 ----A---- C:\Windows\system32\iologmsg.dll
2014-05-17 17:51:24 ----A---- C:\Windows\system32\drivers\storport.sys
2014-05-17 17:51:24 ----A---- C:\Windows\system32\drivers\msiscsi.sys
2014-05-17 17:51:24 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2014-05-17 17:51:20 ----A---- C:\Windows\SYSWOW64\synceng.dll
2014-05-17 17:51:20 ----A---- C:\Windows\system32\synceng.dll
2014-05-17 17:51:13 ----A---- C:\Windows\SYSWOW64\shdocvw.dll
2014-05-17 17:51:13 ----A---- C:\Windows\system32\shdocvw.dll
2014-05-17 17:51:06 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2014-05-17 17:51:06 ----A---- C:\Windows\system32\win32spl.dll
2014-05-17 17:51:01 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2014-05-17 17:51:01 ----A---- C:\Windows\system32\gdi32.dll
2014-05-17 17:50:59 ----A---- C:\Windows\system32\taskhost.exe
2014-05-17 17:50:58 ----A---- C:\Windows\SYSWOW64\qedit.dll
2014-05-17 17:50:58 ----A---- C:\Windows\system32\qedit.dll
2014-05-17 17:50:55 ----A---- C:\Windows\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-05-17 17:50:55 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-05-17 17:50:47 ----A---- C:\Windows\SYSWOW64\cryptdlg.dll
2014-05-17 17:50:47 ----A---- C:\Windows\system32\cryptdlg.dll
2014-05-17 17:50:34 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2014-05-17 17:50:32 ----A---- C:\Windows\SYSWOW64\netapi32.dll
2014-05-17 17:50:32 ----A---- C:\Windows\SYSWOW64\browcli.dll
2014-05-17 17:50:32 ----A---- C:\Windows\system32\netapi32.dll
2014-05-17 17:50:32 ----A---- C:\Windows\system32\browser.dll
2014-05-17 17:50:32 ----A---- C:\Windows\system32\browcli.dll
2014-05-17 17:50:31 ----A---- C:\Windows\system32\kernel32.dll
2014-05-17 17:50:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-05-17 17:50:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-05-17 17:50:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-05-17 17:50:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-05-17 17:50:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-05-17 17:50:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-05-17 17:50:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2014-05-17 17:50:30 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-05-17 17:50:30 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-05-17 17:50:30 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-05-17 17:50:30 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-05-17 17:50:30 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-05-17 17:50:30 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-05-17 17:50:30 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-05-17 17:50:30 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-05-17 17:50:30 ----A---- C:\Windows\SYSWOW64\wow32.dll
2014-05-17 17:50:30 ----A---- C:\Windows\SYSWOW64\setup16.exe
2014-05-17 17:50:30 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2014-05-17 17:50:30 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2014-05-17 17:50:30 ----A---- C:\Windows\SYSWOW64\instnm.exe
2014-05-17 17:50:30 ----A---- C:\Windows\system32\wow64win.dll
2014-05-17 17:50:30 ----A---- C:\Windows\system32\wow64cpu.dll
2014-05-17 17:50:30 ----A---- C:\Windows\system32\wow64.dll
2014-05-17 17:50:30 ----A---- C:\Windows\system32\winsrv.dll
2014-05-17 17:50:30 ----A---- C:\Windows\system32\ntvdm64.dll
2014-05-17 17:50:30 ----A---- C:\Windows\system32\conhost.exe
2014-05-17 17:50:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2014-05-17 17:50:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-05-17 17:50:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2014-05-17 17:50:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-05-17 17:50:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2014-05-17 17:50:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-05-17 17:50:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-05-17 17:50:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-05-17 17:50:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-05-17 17:50:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-05-17 17:50:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-05-17 17:50:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2014-05-17 17:50:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-05-17 17:50:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-05-17 17:50:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-05-17 17:50:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-05-17 17:50:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-05-17 17:50:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-05-17 17:50:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-05-17 17:50:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-05-17 17:50:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2014-05-17 17:50:29 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-05-17 17:50:29 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-05-17 17:50:29 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-05-17 17:50:29 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-05-17 17:50:29 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-05-17 17:50:29 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-05-17 17:50:29 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-05-17 17:50:29 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-05-17 17:50:29 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-05-17 17:50:29 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-05-17 17:50:29 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-05-17 17:50:29 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-05-17 17:50:29 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-05-17 17:50:29 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-05-17 17:50:29 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-05-17 17:50:29 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-05-17 17:50:29 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-05-17 17:50:29 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-05-17 17:50:29 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-05-17 17:50:29 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-05-17 17:50:29 ----A---- C:\Windows\SYSWOW64\user.exe
2014-05-17 17:50:28 ----A---- C:\Windows\system32\drivers\fvevol.sys
2014-05-17 17:50:27 ----A---- C:\Windows\SYSWOW64\srclient.dll
2014-05-17 17:50:27 ----A---- C:\Windows\system32\srcore.dll
2014-05-17 17:50:25 ----A---- C:\Windows\system32\drivers\ntfs.sys
2014-05-17 17:50:21 ----A---- C:\Windows\SYSWOW64\certutil.exe
2014-05-17 17:50:21 ----A---- C:\Windows\system32\certutil.exe
2014-05-17 17:50:21 ----A---- C:\Windows\system32\certenc.dll
2014-05-17 17:50:20 ----A---- C:\Windows\SYSWOW64\certenc.dll
2014-05-17 17:49:48 ----A---- C:\Windows\SYSWOW64\wscript.exe
2014-05-17 17:49:48 ----A---- C:\Windows\SYSWOW64\scrrun.dll
2014-05-17 17:49:48 ----A---- C:\Windows\SYSWOW64\cscript.exe
2014-05-17 17:49:48 ----A---- C:\Windows\system32\wscript.exe
2014-05-17 17:49:48 ----A---- C:\Windows\system32\scrrun.dll
2014-05-17 17:49:48 ----A---- C:\Windows\system32\cscript.exe
2014-05-17 17:49:44 ----A---- C:\Windows\system32\localspl.dll
2014-05-17 17:49:43 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2014-05-17 17:49:43 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2014-05-17 17:49:43 ----A---- C:\Windows\system32\cdd.dll
2014-05-17 17:49:18 ----A---- C:\Windows\SYSWOW64\nshwfp.dll
2014-05-17 17:49:18 ----A---- C:\Windows\SYSWOW64\FWPUCLNT.DLL
2014-05-17 17:49:18 ----A---- C:\Windows\system32\nshwfp.dll
2014-05-17 17:49:18 ----A---- C:\Windows\system32\IKEEXT.DLL
2014-05-17 17:49:18 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2014-05-17 17:37:13 ----A---- C:\Windows\system32\scavengeui.dll
2014-05-12 11:20:44 ----D---- C:\Program Files (x86)\Mozilla Firefox

======List of files/folders modified in the last 1 month======

2014-06-02 10:32:51 ----D---- C:\Windows\Prefetch
2014-06-02 10:27:17 ----D---- C:\Windows\system32\config
2014-06-02 08:58:35 ----SHD---- C:\System Volume Information
2014-06-02 07:52:52 ----D---- C:\ProgramData\LogMeIn
2014-06-01 13:13:52 ----D---- C:\Windows\system32\Tasks
2014-06-01 12:59:05 ----D---- C:\Windows\system32\drivers
2014-06-01 12:59:03 ----D---- C:\Windows
2014-06-01 12:55:19 ----A---- C:\Windows\system.ini
2014-06-01 12:55:05 ----D---- C:\Windows\system32\drivers\etc
2014-06-01 12:43:50 ----D---- C:\Windows\SYSWOW64\drivers
2014-06-01 12:43:50 ----D---- C:\Windows\SysWOW64
2014-06-01 12:43:50 ----D---- C:\Windows\AppPatch
2014-06-01 12:43:49 ----D---- C:\Program Files (x86)\Common Files
2014-05-30 12:11:10 ----D---- C:\Windows\System32
2014-05-30 12:11:10 ----D---- C:\Windows\inf
2014-05-30 12:11:10 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-05-29 17:03:52 ----D---- C:\Users\michalla\AppData\Roaming\vlc
2014-05-27 09:12:28 ----D---- C:\Windows\system32\catroot2
2014-05-25 10:26:00 ----RD---- C:\Program Files (x86)
2014-05-25 10:25:58 ----D---- C:\ProgramData
2014-05-25 10:25:58 ----D---- C:\Program Files (x86)\Mobogenie
2014-05-20 08:40:14 ----RD---- C:\Program Files
2014-05-19 14:28:27 ----D---- C:\Windows\rescache
2014-05-18 15:35:14 ----D---- C:\Windows\Microsoft.NET
2014-05-18 15:13:33 ----SHD---- C:\Windows\Installer
2014-05-18 15:08:59 ----D---- C:\Windows\winsxs
2014-05-18 15:08:57 ----D---- C:\Windows\SYSWOW64\sk-SK
2014-05-18 15:08:57 ----D---- C:\Windows\system32\sk-SK
2014-05-18 15:08:52 ----D---- C:\Windows\system32\catroot
2014-05-18 14:31:58 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2014-05-18 12:34:07 ----RSD---- C:\Windows\assembly
2014-05-18 10:17:01 ----D---- C:\Program Files\Windows Media Player
2014-05-18 10:17:01 ----D---- C:\Program Files (x86)\Windows Media Player
2014-05-18 10:17:00 ----D---- C:\Windows\SYSWOW64\en-US
2014-05-18 10:17:00 ----D---- C:\Windows\system32\en-US
2014-05-18 10:16:57 ----D---- C:\Windows\SYSWOW64\migration
2014-05-18 10:16:57 ----D---- C:\Program Files\Internet Explorer
2014-05-18 10:16:57 ----D---- C:\Program Files (x86)\Internet Explorer
2014-05-18 10:16:56 ----D---- C:\Windows\system32\migration
2014-05-18 10:16:56 ----D---- C:\Windows\PolicyDefinitions
2014-05-18 10:16:54 ----D---- C:\Windows\SYSWOW64\zh-TW
2014-05-18 10:16:54 ----D---- C:\Windows\SYSWOW64\zh-HK
2014-05-18 10:16:54 ----D---- C:\Windows\SYSWOW64\zh-CN
2014-05-18 10:16:54 ----D---- C:\Windows\SYSWOW64\tr-TR
2014-05-18 10:16:54 ----D---- C:\Windows\SYSWOW64\sv-SE
2014-05-18 10:16:54 ----D---- C:\Windows\SYSWOW64\ru-RU
2014-05-18 10:16:54 ----D---- C:\Windows\SYSWOW64\pt-PT
2014-05-18 10:16:54 ----D---- C:\Windows\SYSWOW64\pt-BR
2014-05-18 10:16:54 ----D---- C:\Windows\SYSWOW64\pl-PL
2014-05-18 10:16:54 ----D---- C:\Windows\SYSWOW64\nl-NL
2014-05-18 10:16:54 ----D---- C:\Windows\SYSWOW64\nb-NO
2014-05-18 10:16:54 ----D---- C:\Windows\SYSWOW64\ko-KR
2014-05-18 10:16:54 ----D---- C:\Windows\SYSWOW64\ja-JP
2014-05-18 10:16:54 ----D---- C:\Windows\SYSWOW64\it-IT
2014-05-18 10:16:54 ----D---- C:\Windows\SYSWOW64\hu-HU
2014-05-18 10:16:54 ----D---- C:\Windows\SYSWOW64\fr-FR
2014-05-18 10:16:54 ----D---- C:\Windows\SYSWOW64\fi-FI
2014-05-18 10:16:54 ----D---- C:\Windows\SYSWOW64\es-ES
2014-05-18 10:16:54 ----D---- C:\Windows\SYSWOW64\el-GR
2014-05-18 10:16:54 ----D---- C:\Windows\SYSWOW64\de-DE
2014-05-18 10:16:54 ----D---- C:\Windows\SYSWOW64\da-DK
2014-05-18 10:16:54 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-05-18 10:16:53 ----D---- C:\Windows\system32\zh-TW
2014-05-18 10:16:53 ----D---- C:\Windows\system32\zh-HK
2014-05-18 10:16:53 ----D---- C:\Windows\system32\zh-CN
2014-05-18 10:16:53 ----D---- C:\Windows\system32\tr-TR
2014-05-18 10:16:53 ----D---- C:\Windows\system32\sv-SE
2014-05-18 10:16:53 ----D---- C:\Windows\system32\ru-RU
2014-05-18 10:16:53 ----D---- C:\Windows\system32\pt-PT
2014-05-18 10:16:53 ----D---- C:\Windows\system32\pt-BR
2014-05-18 10:16:53 ----D---- C:\Windows\system32\pl-PL
2014-05-18 10:16:53 ----D---- C:\Windows\system32\nl-NL
2014-05-18 10:16:53 ----D---- C:\Windows\system32\nb-NO
2014-05-18 10:16:53 ----D---- C:\Windows\system32\ko-KR
2014-05-18 10:16:53 ----D---- C:\Windows\system32\ja-JP
2014-05-18 10:16:53 ----D---- C:\Windows\system32\it-IT
2014-05-18 10:16:53 ----D---- C:\Windows\system32\hu-HU
2014-05-18 10:16:53 ----D---- C:\Windows\system32\fr-FR
2014-05-18 10:16:53 ----D---- C:\Windows\system32\fi-FI
2014-05-18 10:16:53 ----D---- C:\Windows\system32\es-ES
2014-05-18 10:16:53 ----D---- C:\Windows\system32\el-GR
2014-05-18 10:16:53 ----D---- C:\Windows\system32\de-DE
2014-05-18 10:16:53 ----D---- C:\Windows\system32\da-DK
2014-05-18 10:16:53 ----D---- C:\Windows\system32\cs-CZ
2014-05-18 10:16:47 ----D---- C:\Windows\system32\drivers\en-US
2014-05-18 10:16:47 ----D---- C:\Program Files\Windows Defender
2014-05-18 10:16:47 ----D---- C:\Program Files (x86)\Windows Defender
2014-05-18 10:16:45 ----D---- C:\Windows\system32\wbem
2014-05-18 10:16:37 ----RSD---- C:\Windows\Fonts
2014-05-18 10:16:37 ----D---- C:\Program Files\Windows Journal
2014-05-18 10:16:27 ----D---- C:\Windows\system32\DriverStore
2014-05-18 01:41:39 ----SD---- C:\ProgramData\Microsoft
2014-05-18 01:31:40 ----D---- C:\Windows\Logs
2014-05-14 15:10:44 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-05-14 15:10:39 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe
2014-05-13 10:21:04 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-04 17:12:44 ----A---- C:\Windows\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 cmderd;COMODO Internet Security Eradication Driver; C:\Windows\System32\DRIVERS\cmderd.sys [2014-04-16 23168]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2014-04-16 738472]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2014-04-16 48360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2014-04-16 105552]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\D:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [2013-05-30 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys [2012-04-02 72216]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver; C:\Windows\system32\DRIVERS\e1y62x64.sys [2010-04-07 290008]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2010-07-29 10610400]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2010-03-15 145408]
R3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys [2012-04-02 11552]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt64.sys [2011-10-23 535040]
S1 CFRMD;CFRMD; C:\Windows\system32\DRIVERS\CFRMD.sys []
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\Windows\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-18 65432]
R2 CLPSLauncher;COMODO LPS Launcher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [2014-05-05 70864]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2014-04-16 6817544]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 GeekBuddyRSP;GeekBuddyRSP Server; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2014-05-05 2327248]
R2 LMIGuardianSvc;LMIGuardianSvc; D:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2014-04-18 376144]
R2 LMIMaint;LogMeIn Maintenance Service; D:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [2014-04-18 226640]
R2 LogMeIn;LogMeIn; D:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [2012-04-02 407424]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10129; C:\Program Files\IDT\WDM\STacSV64.exe [2011-10-23 309760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-16 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14 257712]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 cmdvirth;COMODO Virtual Service Manager; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2014-03-25 2264280]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-16 136176]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-12 194032]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-05-18 111616]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; D:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-05-12 119408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-07-15 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

Proc je ted log z jineho uctu? Ma prava spravce?

Zopakujte mi sken s OTL http://forum.viry.cz/viewtopic.php?f=13 ... 2#p1321348 a budeme mazat.

OTL logfile created on: 2. 6. 2014 21:36:19 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\lucason3\Desktop\viry\OTL
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

3,90 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 61,31% Memory free
7,80 Gb Paging File | 6,06 Gb Available in Paging File | 77,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,73 Gb Total Space | 7,05 Gb Free Space | 14,46% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 39,11 Gb Free Space | 80,10% Space Free | Partition Type: NTFS
Drive E: | 86,39 Gb Total Space | 0,52 Gb Free Space | 0,60% Space Free | Partition Type: NTFS

Computer Name: HAZINPC | User Name: lucason3 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/05/20 15:36:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\lucason3\Desktop\viry\OTL\OTL.exe
PRC - [2014/05/14 15:10:44 | 001,863,856 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
PRC - [2014/05/12 11:20:50 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/05/05 12:20:16 | 000,255,696 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\COMODO\GeekBuddy\unit_manager.exe
PRC - [2014/05/05 12:20:16 | 000,241,872 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\COMODO\GeekBuddy\unit.exe
PRC - [2014/05/05 12:20:16 | 000,070,864 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
PRC - [2014/05/05 10:46:18 | 002,327,248 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
PRC - [2013/12/18 20:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

========== Modules (No Company Name) ==========

MOD - [2014/05/14 15:10:44 | 016,361,136 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
MOD - [2014/05/12 11:20:49 | 003,839,088 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014/05/18 01:25:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/04/16 23:12:45 | 006,817,544 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2014/03/25 21:22:18 | 002,264,280 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
SRV:64bit: - [2013/05/27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/10/23 21:50:28 | 000,309,760 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/05/14 15:10:44 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/12 11:20:49 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/05 12:20:16 | 000,070,864 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe -- (CLPSLauncher)
SRV - [2014/05/05 10:46:18 | 002,327,248 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe -- (GeekBuddyRSP)
SRV - [2014/04/18 18:43:29 | 000,226,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- D:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2014/04/18 18:43:23 | 000,376,144 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- D:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2013/12/18 20:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/04/02 12:17:40 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- D:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/10/27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/04/18 18:43:24 | 000,107,368 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2014/04/16 23:12:55 | 000,023,168 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2012/04/02 12:17:40 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2012/04/02 12:17:18 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/23 20:08:48 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/01/23 20:08:48 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/10/23 21:50:28 | 000,535,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/11/21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/07/29 05:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/04/07 16:04:00 | 000,290,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
DRV:64bit: - [2010/03/15 23:45:28 | 000,145,408 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/05/30 15:31:44 | 000,016,056 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- D:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2012/09/03 09:20:00 | 000,037,976 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\CFRMD.sys -- (CFRMD)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2158292681-2161067555-2850423787-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2158292681-2161067555-2850423787-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CF 89 62 40 31 63 CD 01 [binary data]
IE - HKU\S-1-5-21-2158292681-2161067555-2850423787-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2158292681-2161067555-2850423787-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2158292681-2161067555-2850423787-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2158292681-2161067555-2850423787-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE11SR
IE - HKU\S-1-5-21-2158292681-2161067555-2850423787-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcer ... ORM=IE11SR
IE - HKU\S-1-5-21-2158292681-2161067555-2850423787-1000\..\SearchScopes\{8D483D04-76A4-4820-9DC4-7458E4345300}: "URL" = http://www.google.com/search?q={searchT ... f8&oe=utf8
IE - HKU\S-1-5-21-2158292681-2161067555-2850423787-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: d:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\AdobeReader\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\lucason3\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\lucason3\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/07/15 11:15:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lucason3\AppData\Roaming\mozilla\Extensions
[2014/05/25 10:26:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lucason3\AppData\Roaming\mozilla\Firefox\Profiles\9oi8amhe.default\extensions
[2014/05/12 11:20:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/05/12 11:20:45 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/05/12 11:20:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/12 11:20:51 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\lucason3\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\lucason3\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\lucason3\AppData\Local\Google\Chrome\Application\35.0.1916.114\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\lucason3\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = D:\AdobeReader\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = d:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: VLC Web Plugin (Enabled) = d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - Extension: Skype Click to Call = C:\Users\lucason3\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\
CHR - Extension: PeĹaĹľenka Google = C:\Users\lucason3\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Skype Click to Call = C:\Users\lucason3\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\
CHR - Extension: PeĹaĹľenka Google = C:\Users\lucason3\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

O1 HOSTS File: ([2014/06/01 12:55:05 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (COMODO)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] D:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe ()
O4 - HKLM..\Run: [tvncontrol] C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2158292681-2161067555-2850423787-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2158292681-2161067555-2850423787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2158292681-2161067555-2850423787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&xportovat do aplikace Microsoft Excel - D:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - D:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E865634B-1B8E-49FB-8B5D-4A96DEA6773A}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2014/06/02 20:48:09 | 000,000,000 | ---D | C] -- C:\Users\lucason3\AppData\Roaming\DAEMON Tools Lite
[2014/06/02 20:47:33 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2014/06/02 20:21:16 | 000,000,000 | ---D | C] -- C:\Users\lucason3\AppData\Roaming\DAEMON Tools Pro
[2014/06/02 20:20:33 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2014/06/02 16:06:02 | 000,000,000 | ---D | C] -- C:\UpdateChromeLinksLogs
[2014/06/02 15:43:26 | 000,000,000 | ---D | C] -- C:\Users\lucason3\AppData\Local\Comodo
[2014/06/02 10:32:40 | 000,000,000 | ---D | C] -- C:\rsit
[2014/06/01 12:59:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/06/01 12:59:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/05/30 09:05:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/05/30 09:05:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/05/30 09:05:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/05/30 09:05:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/05/30 09:04:54 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/05/29 13:49:05 | 000,000,000 | ---D | C] -- C:\VTRoot
[2014/05/21 15:32:33 | 000,000,000 | ---D | C] -- C:\Users\lucason3\Desktop\viry
[2014/05/20 08:40:14 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014/05/19 08:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2014/05/19 08:40:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Shared Space
[2014/05/19 08:40:02 | 000,352,984 | ---- | C] (COMODO) -- C:\Windows\SysNative\cmdvrt64.dll
[2014/05/19 08:40:02 | 000,284,888 | ---- | C] (COMODO) -- C:\Windows\SysWow64\cmdvrt32.dll
[2014/05/19 08:40:02 | 000,045,784 | ---- | C] (COMODO) -- C:\Windows\SysNative\cmdkbd64.dll
[2014/05/19 08:40:02 | 000,040,664 | ---- | C] (COMODO) -- C:\Windows\SysWow64\cmdkbd32.dll
[2014/05/18 15:18:54 | 000,000,000 | -HSD | C] -- C:\Users\lucason3\AppData\Local\EmieUserList
[2014/05/18 15:18:54 | 000,000,000 | -HSD | C] -- C:\Users\lucason3\AppData\Local\EmieSiteList
[2014/05/18 14:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/05/18 10:16:52 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2014/05/18 01:41:39 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/05/18 00:06:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2014/05/12 19:09:52 | 000,000,000 | ---D | C] -- C:\Users\lucason3\Desktop\usb pap a bakal
[2014/05/12 11:20:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/05/11 21:52:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\COMODO
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/06/02 21:37:49 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014/06/02 21:34:43 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2014/06/02 21:30:00 | 000,000,958 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2158292681-2161067555-2850423787-1003UA.job
[2014/06/02 21:25:08 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/02 21:24:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/02 21:24:46 | 3141,165,056 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/02 21:12:26 | 000,000,958 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2158292681-2161067555-2850423787-1000UA.job
[2014/06/02 21:10:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/02 20:51:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/02 20:50:55 | 000,785,826 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/06/02 20:50:55 | 000,656,848 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/06/02 20:50:55 | 000,122,660 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/06/02 15:30:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2158292681-2161067555-2850423787-1003Core.job
[2014/06/02 08:12:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2158292681-2161067555-2850423787-1000Core.job
[2014/06/01 12:55:05 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/06/01 12:27:28 | 000,020,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/01 12:27:28 | 000,020,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/31 22:45:15 | 000,938,770 | ---- | M] () -- C:\Windows\SysNative\drivers\fvstore.dat
[2014/05/19 08:40:16 | 000,002,291 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2014/05/18 14:31:58 | 000,769,692 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/05/18 10:19:49 | 000,419,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/05/18 01:25:59 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/05/18 01:25:45 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2014/05/12 09:13:17 | 000,001,072 | ---- | M] () -- C:\Users\lucason3\Desktop\µTorrent.lnk
[2014/05/11 21:52:28 | 000,002,050 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2014/05/11 21:52:28 | 000,002,050 | ---- | M] () -- C:\Users\Public\Desktop\GeekBuddy.lnk
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/05/30 09:05:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/05/30 09:05:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/05/30 09:05:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/05/30 09:05:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/05/30 09:05:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/05/29 13:49:03 | 000,938,770 | ---- | C] () -- C:\Windows\SysNative\drivers\fvstore.dat
[2014/05/20 18:58:44 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014/05/18 01:25:59 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/05/18 01:25:45 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2014/05/17 23:55:08 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2014/05/17 17:54:32 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2014/05/12 08:43:51 | 000,001,072 | ---- | C] () -- C:\Users\lucason3\Desktop\µTorrent.lnk
[2013/02/16 18:31:29 | 000,002,967 | ---- | C] () -- C:\Users\lucason3\AppData\Local\SRDownloader.err
[2013/01/26 14:57:32 | 000,001,104 | ---- | C] () -- C:\Users\lucason3\AppData\Local\SRDownloader.nast
[2012/12/24 17:27:19 | 000,000,512 | ---- | C] () -- C:\Windows\eReg.dat
[2012/09/26 19:52:23 | 000,769,692 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/16 12:03:27 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/07/15 13:44:16 | 000,000,600 | ---- | C] () -- C:\Users\lucason3\AppData\Roaming\winscp.rnd

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/25 04:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 04:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/08/10 11:58:23 | 000,000,000 | ---D | M] -- C:\Users\lucason3\AppData\Roaming\Canneverbe Limited
[2014/06/02 20:49:58 | 000,000,000 | ---D | M] -- C:\Users\lucason3\AppData\Roaming\DAEMON Tools Lite
[2014/06/02 20:24:14 | 000,000,000 | ---D | M] -- C:\Users\lucason3\AppData\Roaming\DAEMON Tools Pro
[2014/06/02 21:03:19 | 000,000,000 | ---D | M] -- C:\Users\lucason3\AppData\Roaming\uTorrent
[2013/04/17 19:41:41 | 000,000,000 | ---D | M] -- C:\Users\michalla\AppData\Roaming\Canneverbe Limited

========== Purity Check ==========

========== Custom Scans ==========

< >
[2009/07/14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 07:08:49 | 000,032,610 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/07/15 11:13:15 | 000,000,906 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2158292681-2161067555-2850423787-1000Core.job
[2012/07/15 11:13:17 | 000,000,958 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2158292681-2161067555-2850423787-1000UA.job
[2012/07/16 13:14:04 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012/07/16 13:16:21 | 000,000,906 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2158292681-2161067555-2850423787-1003Core.job
[2012/07/16 13:16:22 | 000,000,958 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2158292681-2161067555-2850423787-1003UA.job
[2012/07/16 21:46:36 | 000,000,936 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012/07/16 21:46:37 | 000,000,940 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< >

< MD5 for: AGP440.SYS >
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010/11/21 05:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010/11/21 05:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2010/11/21 05:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010/11/21 05:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2010/11/21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010/11/21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010/11/21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache86\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\erdnt\cache64\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2012/04/24 06:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
[2010/11/21 05:24:16 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[2012/04/24 06:28:22 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=21993009E0CCB9B4FA195F14D3408626 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
[2013/05/10 06:49:59 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=33ADF6E0853AB39EA1723BE82842C1D3 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_77d7a417f9359661\cryptsvc.dll
[2013/05/13 06:45:55 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=3897DFF247D9ED0006190349DE264E14 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_77d8a461f934afb8\cryptsvc.dll
[2013/07/09 16:47:30 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=434CCE8E7150CD1324C5FAA088D1D061 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_d45f6e88cac8f85b\cryptsvc.dll
[2012/04/24 07:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=4F5414602E2544A4554D95517948B705 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_d41dd577b1743795\cryptsvc.dll
[2013/10/05 04:25:30 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=509D31797A4B8A3D6ED78A330B19A919 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_d46d4138cabe2596\cryptsvc.dll
[2013/07/09 07:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=6B400F211BEE880A37A1ED0368776BF4 -- C:\Windows\erdnt\cache64\cryptsvc.dll
[2013/07/09 07:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=6B400F211BEE880A37A1ED0368776BF4 -- C:\Windows\SysNative\cryptsvc.dll
[2013/07/09 07:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=6B400F211BEE880A37A1ED0368776BF4 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_d431528fb165f7bc\cryptsvc.dll
[2013/07/09 15:57:37 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=6DB499DEFCC827317C5371164A7CDB27 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_7840d305126b8725\cryptsvc.dll
[2013/07/09 06:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=7CA1BECEA5DE2643ADDAD32670E7A4C9 -- C:\Windows\erdnt\cache86\cryptsvc.dll
[2013/07/09 06:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=7CA1BECEA5DE2643ADDAD32670E7A4C9 -- C:\Windows\SysWOW64\cryptsvc.dll
[2013/07/09 06:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=7CA1BECEA5DE2643ADDAD32670E7A4C9 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_7812b70bf9088686\cryptsvc.dll
[2013/05/10 07:49:28 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=7FDC4626B01106A8EF328C88C7C0DEE3 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_d3f63f9bb1930797\cryptsvc.dll
[2013/05/11 07:18:23 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=8122252F0A4ACFA92FA0C1D50D18493B -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_d4a24ea4ca968363\cryptsvc.dll
[2010/11/21 05:24:32 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2013/05/11 06:59:05 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=AC04D05309BB2C418D0D80B9FB014642 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_7883b3211239122d\cryptsvc.dll
[2012/04/24 07:22:32 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=B7337E9C9E5936355BB700AA33E0936E -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_d473633acab895c2\cryptsvc.dll
[2013/05/10 07:18:53 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=CA13C4F92BEE66DB48E58AB3223DDF6E -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_d4a14e5aca976a0c\cryptsvc.dll
[2013/05/13 07:51:01 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=D8129C49798CBBFB2E4351D4B7B8EF9C -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_d3f73fe5b19220ee\cryptsvc.dll
[2013/05/10 07:06:21 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=E122AA1C9A3CC46FF9DDDE46E5EB0C58 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_7882b2d71239f8d6\cryptsvc.dll
[2013/10/05 03:52:03 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=F2D9242C3BBD1C36467FCAE1AE01733F -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_784ea5b51260b460\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2012/01/23 20:37:18 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2012/01/23 20:37:18 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2012/01/23 20:37:18 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2012/01/23 20:37:18 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2012/01/23 20:37:18 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2012/01/23 20:37:19 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2012/01/23 20:37:19 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: HAL.DLL >
[2010/11/21 05:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\SysNative\hal.dll
[2010/11/21 05:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll

< MD5 for: IASTORV.SYS >
[2010/11/21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2012/01/23 20:08:48 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2012/01/23 20:08:48 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2012/01/23 20:08:48 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2012/01/23 20:08:48 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009/07/14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\drivers\isapnp.sys
[2009/07/14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\isapnp.sys
[2009/07/14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\isapnp.sys

< MD5 for: LSASS.EXE >
[2009/07/14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
[2012/01/23 20:57:01 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0A10B74FBB437FF9A23F1D5DE4446A83 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe
[2014/04/12 04:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=204F3F58212B3E422C90BD9691A2DF28 -- C:\Windows\erdnt\cache64\lsass.exe
[2014/04/12 04:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=204F3F58212B3E422C90BD9691A2DF28 -- C:\Windows\SysNative\lsass.exe
[2014/04/12 04:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=204F3F58212B3E422C90BD9691A2DF28 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18443_none_044f07757384196d\lsass.exe
[2014/04/12 04:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22653_none_04cdd63a8ca9d24f\lsass.exe
[2012/06/04 09:51:10 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=79C908CAA6F43021EB05F4C733A927D1 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_04f609a88c8c279c\lsass.exe
[2012/01/23 20:57:01 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe
[2012/01/23 20:57:01 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_044756c773895c5e\lsass.exe

< MD5 for: NDIS.SYS >
[2012/08/22 20:06:07 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=5E74508FCB5820B29EEAFE24E6035BCF -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.22097_none_06232d534c0a8d67\ndis.sys
[2012/08/22 20:12:40 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=760E38053BF56E501D562B70AD796B88 -- C:\Windows\erdnt\cache64\ndis.sys
[2012/08/22 20:12:40 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=760E38053BF56E501D562B70AD796B88 -- C:\Windows\SysNative\drivers\ndis.sys
[2012/08/22 20:12:40 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=760E38053BF56E501D562B70AD796B88 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_05dc9a6832ba428a\ndis.sys
[2010/11/21 05:23:55 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys

< MD5 for: NETLOGON.DLL >
[2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\erdnt\cache64\netlogon.dll
[2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\erdnt\cache86\netlogon.dll
[2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

< MD5 for: NVRAID.SYS >
[2012/01/23 20:08:48 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\Windows\SysNative\drivers\nvraid.sys
[2012/01/23 20:08:48 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvraid.sys
[2012/01/23 20:08:48 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvraid.sys
[2010/11/21 05:23:47 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=5D9FD91F3D38DC9DA01E3CB5FA89CD48 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvraid.sys
[2010/11/21 05:23:47 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=5D9FD91F3D38DC9DA01E3CB5FA89CD48 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvraid.sys
[2012/01/23 20:08:48 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=666CA16F17914C1CD3616CF16DE0A6EA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2012/01/23 20:08:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2012/01/23 20:08:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2012/01/23 20:08:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2012/01/23 20:08:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache86\scecli.dll
[2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\erdnt\cache64\scecli.dll
[2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SMSS.EXE >
[2009/07/14 03:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe
[2014/04/12 04:31:44 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=3442A918386D4716D74C661543151746 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22653_none_0abdf375491039d3\smss.exe
[2013/08/29 03:04:30 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=B2B31D4C79EFD883097FA24D02E79C12 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22436_none_0ad6905f48fd53a8\smss.exe
[2013/08/02 07:06:34 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=CB5DA3E44456D1084BCD87F5B1B3152B -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22411_none_0ae72ec548f19d13\smss.exe
[2013/03/19 05:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=F0371DE302FFFF8F086661611BE60848 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18113_none_0a5f8ec22fd235a9\smss.exe
[2013/08/02 02:59:09 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=F0970A4BC8395659C22BF53D0FADF16F -- C:\Windows\SysNative\smss.exe
[2013/08/02 02:59:09 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=F0970A4BC8395659C22BF53D0FADF16F -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18229_none_0a5ac2782fd4e6cb\smss.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2012/10/03 19:56:54 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[2012/01/23 20:57:39 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[2013/09/08 04:30:37 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\erdnt\cache64\tcpip.sys
[2013/09/08 04:30:37 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\SysNative\drivers\tcpip.sys
[2013/09/08 04:30:37 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_1118bb977d265d27\tcpip.sys
[2010/11/21 05:24:08 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2013/09/07 04:27:48 | 001,896,896 | ---- | M] (Microsoft Corporation) MD5=75F9106B74585D38C8FF6BB5CAD262D7 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_11ad2a34963bde27\tcpip.sys
[2012/03/30 12:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2012/01/23 20:28:35 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2012/03/30 13:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2013/07/06 07:20:38 | 001,900,992 | ---- | M] (Microsoft Corporation) MD5=B27F13153343BC37A27EAE01634D94E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_1190b9b296509a2f\tcpip.sys
[2012/01/23 20:28:35 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2012/10/03 19:44:29 | 001,902,472 | ---- | M] (Microsoft Corporation) MD5=D5707FC2300AA5B04B7BFE86D40C0133 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys
[2013/07/06 08:03:53 | 001,910,208 | ---- | M] (Microsoft Corporation) MD5=DB74544B75566C974815E79A62433F29 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_114dcae97cfeb81b\tcpip.sys
[2013/11/26 13:34:34 | 001,897,408 | ---- | M] (Microsoft Corporation) MD5=F55B41AA6114568AC558ADBABDA85620 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22525_none_11c3cc3c962abcc3\tcpip.sys
[2012/01/23 20:57:39 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2014/03/04 13:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014/03/04 11:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\erdnt\cache64\winlogon.exe
[2014/03/04 11:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\SysNative\winlogon.exe
[2014/03/04 11:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe

< MD5 for: WS2_32.DLL >
[2010/11/21 05:24:28 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- C:\Windows\erdnt\cache64\ws2_32.dll
[2010/11/21 05:24:28 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- C:\Windows\SysNative\ws2_32.dll
[2010/11/21 05:24:28 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_50ddb631e4f59005\ws2_32.dll
[2010/11/21 05:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\erdnt\cache86\ws2_32.dll
[2010/11/21 05:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\SysWOW64\ws2_32.dll
[2010/11/21 05:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[2 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[6 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[26 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\Installer\{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}\*.tmp files -> C:\Windows\Installer\{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\e3698c58def47b366f88a743e3d61360\*.tmp files -> C:\Windows\SoftwareDistribution\Download\e3698c58def47b366f88a743e3d61360\*.tmp -> ]
[1 C:\Windows\System32\catroot\*.tmp files -> C:\Windows\System32\catroot\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2012/07/15 13:25:27 | 000,000,000 | ---D | M] -- C:\Users\lucason3\AppData\Roaming\Adobe
[2012/08/10 11:58:23 | 000,000,000 | ---D | M] -- C:\Users\lucason3\AppData\Roaming\Canneverbe Limited
[2014/06/02 20:49:58 | 000,000,000 | ---D | M] -- C:\Users\lucason3\AppData\Roaming\DAEMON Tools Lite
[2014/06/02 20:24:14 | 000,000,000 | ---D | M] -- C:\Users\lucason3\AppData\Roaming\DAEMON Tools Pro
[2013/10/27 16:17:27 | 000,000,000 | ---D | M] -- C:\Users\lucason3\AppData\Roaming\dvdcss
[2012/07/15 10:44:30 | 000,000,000 | ---D | M] -- C:\Users\lucason3\AppData\Roaming\Identities
[2012/07/16 13:14:14 | 000,000,000 | ---D | M] -- C:\Users\lucason3\AppData\Roaming\Macromedia
[2010/11/21 17:10:34 | 000,000,000 | ---D | M] -- C:\Users\lucason3\AppData\Roaming\Media Center Programs
[2012/07/17 23:54:02 | 000,000,000 | ---D | M] -- C:\Users\lucason3\AppData\Roaming\Media Player Classic
[2014/05/20 19:31:59 | 000,000,000 | --SD | M] -- C:\Users\lucason3\AppData\Roaming\Microsoft
[2012/07/15 11:15:43 | 000,000,000 | ---D | M] -- C:\Users\lucason3\AppData\Roaming\Mozilla
[2014/06/01 12:18:22 | 000,000,000 | ---D | M] -- C:\Users\lucason3\AppData\Roaming\Skype
[2014/06/02 21:03:19 | 000,000,000 | ---D | M] -- C:\Users\lucason3\AppData\Roaming\uTorrent
[2014/06/01 19:21:28 | 000,000,000 | ---D | M] -- C:\Users\lucason3\AppData\Roaming\vlc
[2012/07/27 00:23:34 | 000,000,000 | ---D | M] -- C:\Users\lucason3\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2014/01/09 10:53:56 | 000,071,894 | R--- | M] () -- C:\Users\lucason3\AppData\Roaming\Microsoft\Installer\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}\GPUploader.exe
[2014/05/12 08:44:06 | 001,272,400 | ---- | M] (BitTorrent Inc.) -- C:\Users\lucason3\AppData\Roaming\uTorrent\uTorrent.exe
[2014/03/26 09:39:40 | 001,614,416 | ---- | M] (BitTorrent Inc.) -- C:\Users\lucason3\AppData\Roaming\uTorrent\updates\3.4.0_30660.exe
[2014/05/12 08:44:06 | 001,272,400 | ---- | M] (BitTorrent Inc.) -- C:\Users\lucason3\AppData\Roaming\uTorrent\updates\3.4.1_31139.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2010/11/21 05:24:51 | 001,475,584 | ---- | M] (Microsoft Corporation)

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< >

< type c:\boot.ini >> test.txt /c >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014/06/02 21:37:49 | 000,000,512 | ---- | M] () MD5=F1FF010C79C674FC0B6A61114300EE05 -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2014/06/02 20:42:37 | 000,006,639 | ---- | M] () -- \Users\lucason3\AppData\Roaming\uTorrent\Daemon.Tools.Pro.Advanced.v5.3.0.0359.Multilingual.Cracked-BRD.torrent
[2014/06/02 20:18:49 | 000,006,582 | ---- | M] () -- \Users\lucason3\AppData\Roaming\uTorrent\Daemon.Tools.Pro.Advanced.v5.4.0.0377.Multilingual.Cracked-BRD.torrent

< *keygen* /s >

< *AntiWPA* /s >

< *loader* /s >
[2006/10/26 13:40:34 | 000,057,344 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006/10/26 13:40:34 | 000,005,120 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2006/10/26 13:45:02 | 000,061,440 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader80.dll
[2006/10/26 13:45:02 | 000,004,608 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader80.tlb
[2013/02/16 18:50:48 | 000,002,967 | ---- | M] () -- \Users\lucason3\AppData\Local\SRDownloader.err
[2014/02/05 17:39:22 | 000,001,104 | ---- | M] () -- \Users\lucason3\AppData\Local\SRDownloader.nast
[2014/06/02 15:43:39 | 000,019,765 | ---- | M] () -- \Users\lucason3\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\2.1.0.23_0\js\configLoader.js
[2014/06/02 15:43:40 | 000,002,597 | ---- | M] () -- \Users\lucason3\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\2.1.0.23_0\js\scriptLoader.js
[2014/05/30 12:10:47 | 000,017,912 | ---- | M] () -- \Users\lucason3\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39HPR5PN\AdLoader-3b8e790904fffcf74f96367cd382e261.min[1].js
[2014/05/30 12:10:46 | 000,001,980 | ---- | M] () -- \Users\lucason3\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8I1BJJUH\AdLoader[1].htm
[2014/05/31 12:55:19 | 000,001,980 | ---- | M] () -- \Users\lucason3\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIKVD68J\AdLoader[1].htm
[2014/01/28 19:35:56 | 000,072,638 | ---- | M] () -- \Users\lucason3\AppData\Local\Skype\Apps\login\images\loader.gif
[2014/01/28 19:35:56 | 000,003,032 | ---- | M] () -- \Users\lucason3\AppData\Local\Skype\Apps\login\images\loader.png
[2014/01/28 19:35:56 | 000,006,012 | ---- | M] () -- \Users\lucason3\AppData\Local\Skype\Apps\login\images\normal\loader_15fps.gif
[2014/01/28 19:35:56 | 000,021,956 | ---- | M] () -- \Users\lucason3\AppData\Local\Skype\Apps\login\images\normal\loader_30fps.gif
[2014/01/28 19:35:56 | 000,009,772 | ---- | M] () -- \Users\lucason3\AppData\Local\Skype\Apps\login\images\retina\loader@2x.png
[2014/01/09 10:53:56 | 000,071,894 | R--- | M] () -- \Users\lucason3\AppData\Roaming\Microsoft\Installer\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}\GPUploader.exe
[2014/03/26 18:02:26 | 003,305,472 | ---- | M] () -- \Users\michalla\AppData\Local\Programs\Google\Google+ Auto Backup\gpuploader_i18n.dll
[2014/03/26 17:59:54 | 000,000,702 | ---- | M] () -- \Users\michalla\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_advoptions.fen
[2014/03/26 17:59:54 | 000,000,790 | ---- | M] () -- \Users\michalla\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_debug.fen
[2014/03/26 17:59:54 | 000,000,723 | ---- | M] () -- \Users\michalla\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_download.fen
[2014/03/26 17:59:54 | 000,000,694 | ---- | M] () -- \Users\michalla\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_file_errors.fen
[2014/01/06 11:47:06 | 000,171,541 | ---- | M] () -- \Users\michalla\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_icons.psd
[2014/03/26 17:59:54 | 000,000,634 | ---- | M] () -- \Users\michalla\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_manage_devices.fen
[2014/03/26 17:59:54 | 000,002,379 | ---- | M] () -- \Users\michalla\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_onboard.fen
[2014/03/26 17:59:54 | 000,001,417 | ---- | M] () -- \Users\michalla\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_options.fen
[2014/03/26 17:59:54 | 000,001,330 | ---- | M] () -- \Users\michalla\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_pinwheel_72.png
[2014/03/26 17:59:54 | 000,002,541 | ---- | M] () -- \Users\michalla\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_pinwheel_72x2.png
[2014/03/26 17:59:54 | 000,002,177 | ---- | M] () -- \Users\michalla\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_prefs.fen
[2014/03/26 17:59:54 | 000,000,956 | ---- | M] () -- \Users\michalla\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_quota_error1.fen
[2014/03/26 17:59:54 | 000,001,080 | ---- | M] () -- \Users\michalla\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_quota_error2.fen
[2014/03/26 17:59:54 | 000,001,139 | ---- | M] () -- \Users\michalla\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_quota_error_estimate.fen
[2014/03/26 17:59:54 | 000,002,181 | ---- | M] () -- \Users\michalla\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_welcome.fen
[2014/01/28 20:35:56 | 000,072,638 | ---- | M] () -- \Users\michalla\AppData\Local\Skype\Apps\login\images\loader.gif

[2014/01/28 20:35:56 | 000,003,032 | ---- | M] () -- \Users\michalla\AppData\Local\Skype\Apps\login\images\loader.png
[2014/01/28 20:35:56 | 000,006,012 | ---- | M] () -- \Users\michalla\AppData\Local\Skype\Apps\login\images\normal\loader_15fps.gif
[2014/01/28 20:35:56 | 000,021,956 | ---- | M] () -- \Users\michalla\AppData\Local\Skype\Apps\login\images\normal\loader_30fps.gif
[2014/01/28 20:35:56 | 000,009,772 | ---- | M] () -- \Users\michalla\AppData\Local\Skype\Apps\login\images\retina\loader@2x.png
[2014/01/15 20:11:00 | 000,071,894 | R--- | M] () -- \Users\michalla\AppData\Roaming\Microsoft\Installer\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}\GPUploader.exe
[2012/07/15 14:06:58 | 000,082,784 | ---- | M] () -- \Windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
[2013/08/02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2013/08/02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2009/07/14 03:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009/07/14 03:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/01/23 20:53:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/05/18 01:23:40 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17932_none_68c05c919281774d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 19:38:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_68a2edab92971725\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 07:38:44 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/02 04:12:19 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/01/23 20:53:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_691eb3faabbf8f66\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/05/18 01:23:36 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22091_none_6907efc6abd0db81\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 19:35:00 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_6957a248ab947a6d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 07:39:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_69239340abbb38d0\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/02 08:20:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_695e76beab8ff095\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/29 04:18:31 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22436_none_694dd858ab9ba72a\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/03/04 13:03:17 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22616_none_69637bfcab8b6996\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/04/12 04:28:21 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_69353b6eabae8d55\api-ms-win-core-libraryloader-l1-1-0.dll
[2010/11/21 17:00:29 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a.manifest
[2010/11/21 17:00:29 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winload.efi.mui_35ee487d
[2010/11/21 17:00:29 | 000,033,344 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winload.exe.mui_3bc5b827
[2010/11/21 17:00:29 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winresume.efi.mui_f412814e
[2010/11/21 17:00:29 | 000,029,760 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winresume.exe.mui_ff8b5358
[2012/01/23 20:30:11 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2012/01/23 20:30:11 | 000,642,944 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.efi_75834aa0
[2012/01/23 20:30:11 | 000,605,552 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.exe_75835076
[2012/01/23 20:30:11 | 000,566,208 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.efi_85cd069f
[2012/01/23 20:30:11 | 000,518,672 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.exe_85cd1215
[2009/07/14 04:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009/07/14 04:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2010/11/21 16:59:29 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a.manifest
[2010/11/21 05:16:35 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89.manifest
[2012/01/23 20:30:05 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2012/01/23 20:30:05 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e.manifest
[2009/07/14 04:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009/07/14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/01/23 20:53:56 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/05/18 01:23:44 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17932_none_0ca1c10dda240617\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 18:40:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_0c845227da39a5ef\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 06:45:15 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/01/23 20:53:52 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_0d001876f3621e30\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/05/18 01:23:40 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22091_none_0ce95442f3736a4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 18:29:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_0d3906c4f3370937\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 06:46:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_0d04f7bcf35dc79a\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/02 07:53:29 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_0d3fdb3af3327f5f\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/29 03:54:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22436_none_0d2f3cd4f33e35f4\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/03/04 12:35:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22616_none_0d44e078f32df860\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/04/12 04:03:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_0d169feaf3511c1f\api-ms-win-core-libraryloader-l1-1-0.dll

< *minodlogin* /s >

< *tnod* /s >

< *AutoKMS* /s >

< *activator* /s >

< *serial* /s >
[2005/10/28 15:29:20 | 000,000,592 | ---- | M] () -- \Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\VBSnippets\1033\Connectivity\EnumerateSerialPorts.snippet
[2005/10/28 15:29:20 | 000,001,178 | ---- | M] () -- \Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\VBSnippets\1033\Connectivity\ReadDatafromaSerialPort.snippet
[2005/10/28 15:29:20 | 000,001,492 | ---- | M] () -- \Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\VBSnippets\1033\Connectivity\UseaSerialPorttoDialaPhoneNumber.snippet
[2012/10/05 12:53:23 | 000,970,752 | ---- | M] () -- \Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2012/10/05 12:52:37 | 000,847,872 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2012/07/16 12:05:19 | 000,000,024 | ---- | M] () -- \Users\lucason3\AppData\Local\Google\Picasa2\cache\cacheindex_serial.pmp
[2014/01/03 18:31:41 | 000,003,072 | ---- | M] () -- \Users\michalla\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.serialzone.cz_0.localstorage
[2014/01/03 18:31:41 | 000,003,608 | ---- | M] () -- \Users\michalla\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.serialzone.cz_0.localstorage-journal
[2013/10/28 18:47:53 | 000,000,024 | ---- | M] () -- \Users\michalla\AppData\Local\Google\Picasa2\cache\cacheindex_serial.pmp
[2009/06/10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2012/10/05 12:53:23 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2014/05/18 10:24:33 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\553e7bfc9cac5e4feaa83d8ee1e187bd\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014/05/18 10:25:28 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f177ea74036d5fdc6c6b9c967dc877cf\System.Runtime.Serialization.ni.dll
[2014/05/18 10:27:20 | 000,396,288 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\8653acb87b4a219a84e4ce58df35e62a\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014/05/18 10:28:55 | 003,073,536 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\b73fbf8a2db2192752ad2b13744a393b\System.Runtime.Serialization.ni.dll
[2014/05/18 14:33:48 | 000,309,760 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#\abb3fbf787b74b7d2513a8c409b5ef74\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014/05/18 14:33:48 | 000,000,580 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#\abb3fbf787b74b7d2513a8c409b5ef74\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux
[2014/05/18 14:34:07 | 002,825,216 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
[2014/05/18 14:34:07 | 000,001,308 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll.aux
[2014/05/18 15:00:48 | 000,026,624 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.84e525b7#\94ce7a3b39b335283a0087f9964e9099\System.Xml.Serialization.ni.dll
[2014/05/18 15:00:48 | 000,000,376 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.84e525b7#\94ce7a3b39b335283a0087f9964e9099\System.Xml.Serialization.ni.dll.aux
[2014/05/18 15:04:11 | 000,376,832 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\3b1e2119f9cdfbc454bf08eb1ed9f023\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014/05/18 15:04:11 | 000,000,580 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\3b1e2119f9cdfbc454bf08eb1ed9f023\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux
[2014/05/18 15:05:41 | 003,640,320 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runteb92aa12#\7e7ed14f2b9a7e3d94307462aa99f5b9\System.Runtime.Serialization.ni.dll
[2014/05/18 15:05:41 | 000,001,308 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runteb92aa12#\7e7ed14f2b9a7e3d94307462aa99f5b9\System.Runtime.Serialization.ni.dll.aux
[2014/05/18 15:34:53 | 000,028,672 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Xml.84e525b7#\7c4a5c747f2dcdac0329022b43a7be6b\System.Xml.Serialization.ni.dll
[2014/05/18 15:34:53 | 000,000,376 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Xml.84e525b7#\7c4a5c747f2dcdac0329022b43a7be6b\System.Xml.Serialization.ni.dll.aux
[2013/09/11 22:33:38 | 000,133,344 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2013/09/11 21:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Json\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Json.dll
[2013/09/11 21:21:54 | 000,022,208 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Primitives.dll
[2013/09/11 21:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Xml\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Xml.dll
[2013/09/11 22:33:38 | 001,052,320 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2013/09/11 21:21:54 | 000,036,480 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
[2013/09/11 21:21:54 | 000,022,656 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.XmlSerializer\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Xml.XmlSerializer.dll
[2009/06/10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2005/09/23 07:56:56 | 000,008,007 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.xml
[2012/10/05 12:53:24 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2013/09/11 22:33:38 | 001,052,320 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2013/09/11 22:33:38 | 000,133,344 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2013/09/11 21:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Json.dll
[2013/09/11 21:21:54 | 000,022,208 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Primitives.dll
[2013/09/11 21:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Xml.dll
[2013/09/11 21:21:54 | 000,036,480 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll
[2013/09/11 21:21:54 | 000,022,656 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.XmlSerializer.dll
[2009/06/10 22:40:06 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2012/10/05 12:52:38 | 000,847,872 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2013/09/11 22:33:38 | 001,052,320 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.dll
[2013/09/11 22:33:38 | 000,133,344 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2013/09/11 21:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Json.dll
[2013/09/11 21:21:54 | 000,022,208 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Primitives.dll
[2013/09/11 21:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Xml.dll
[2013/09/11 21:21:54 | 000,036,480 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.Serialization.dll
[2013/09/11 21:21:54 | 000,022,656 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.XmlSerializer.dll
[2009/07/14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2009/07/14 02:00:40 | 000,094,208 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_amd64_neutral_fdcfb86ce78678d1\serial.sys
[2009/06/10 22:37:50 | 000,038,400 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_amd64_neutral_6fb75ea318f84fe5\grserial.sys
[2010/11/21 17:00:02 | 000,005,120 | ---- | M] () -- \Windows\System32\sk-SK\serialui.dll.mui
[2009/07/14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\SysWOW64\serialui.dll
[2010/11/21 17:00:02 | 000,005,120 | ---- | M] () -- \Windows\SysWOW64\sk-SK\serialui.dll.mui
[2010/11/21 17:00:00 | 000,005,120 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_sk-sk_d5f23af62a751552\serialui.dll.mui
[2009/07/14 03:41:54 | 000,017,920 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360\serialui.dll
[2010/11/21 17:00:06 | 000,010,240 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_64015f894ce7c72a\serial.sys.mui
[2009/07/14 02:00:40 | 000,094,208 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_548ca258d20f4ada\serial.sys
[2009/06/10 22:40:06 | 000,131,072 | ---- | M] () -- \Windows\winsxs\amd64_netfx-system.runtim..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_a9d1bee515273f56\System.Runtime.Serialization.Formatters.Soap.dll
[2009/06/10 22:37:50 | 000,038,400 | ---- | M] () -- \Windows\winsxs\amd64_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_ce9ed3064deed3aa\grserial.sys
[2010/11/21 05:24:53 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17514_none_5918bfde74e3f722\System.Runtime.Serialization.dll
[2012/10/05 12:52:38 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17966_none_591d933074dfaa5b\System.Runtime.Serialization.dll
[2012/10/05 12:56:11 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.22126_none_424bee728e8a9f53\System.Runtime.Serialization.dll
[2010/11/21 05:24:53 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_93efcca8c8dbf1bb\System.Runtime.Serialization.dll
[2012/10/05 12:52:37 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_93f49ffac8d7a4f4\System.Runtime.Serialization.dll
[2012/10/05 12:56:11 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_7d22fb3ce28299ec\System.Runtime.Serialization.dll
[2012/01/23 20:30:11 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8.manifest
[2012/01/23 20:30:11 | 000,017,792 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8_kdcom.dll_db5e7744
[2010/11/21 17:00:28 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_sk-sk_d5f23af62a751552_serialui.dll.mui_7d29d2a3
[2009/07/14 04:57:29 | 000,017,920 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360_serialui.dll_bea29328
[2010/11/21 17:00:28 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_sk-sk_79d39f727217a41c_serialui.dll.mui_7d29d2a3
[2009/07/14 04:58:37 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a_serialui.dll_bea29328
[2009/07/14 04:15:17 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_6daa7ec5c65bf5bc.manifest
[2012/01/23 20:30:06 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8.manifest
[2012/01/23 20:30:06 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.21655_none_703aeff2dc87a23b.manifest
[2009/07/14 04:11:30 | 000,000,868 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.1.7600.16385_none_88b1c48f2026fe3f.manifest
[2010/11/21 05:17:50 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17514_none_5918bfde74e3f722.manifest
[2012/10/05 20:18:30 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17966_none_591d933074dfaa5b.manifest
[2012/10/05 20:10:31 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.22126_none_424bee728e8a9f53.manifest
[2010/11/21 05:17:50 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_93efcca8c8dbf1bb.manifest
[2012/10/05 20:19:07 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_93f49ffac8d7a4f4.manifest
[2012/10/05 20:11:10 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_7d22fb3ce28299ec.manifest
[2010/11/21 05:17:50 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c.manifest
[2012/10/05 19:15:39 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17966_none_a683f56a74d63285.manifest
[2012/10/05 19:17:50 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22126_none_8fb250ac8e81277d.manifest
[2010/11/21 16:59:36 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_en-us_8f71d563bf7aa3c2.manifest
[2012/10/05 20:09:41 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17966_en-us_8f4bb639bfcd9db1.manifest
[2012/10/05 19:57:17 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22126_en-us_787a117bd97892a9.manifest
[2010/11/21 05:17:50 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f.manifest
[2012/10/05 19:15:03 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17966_none_d6c72b049c7d33b8.manifest
[2012/10/05 19:17:15 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22126_none_bff58646b62828b0.manifest
[2010/11/21 05:18:20 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1.manifest
[2012/10/05 19:19:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_dba1d6d1dd53cdfa.manifest
[2012/10/05 19:22:10 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_c4d03213f6fec2f2.manifest
[2009/06/10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll
[2010/11/21 05:24:53 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c\System.Runtime.Serialization.dll
[2012/10/05 12:53:24 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17966_none_a683f56a74d63285\System.Runtime.Serialization.dll
[2012/10/05 12:56:07 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22126_none_8fb250ac8e81277d\System.Runtime.Serialization.dll
[2010/11/21 05:24:53 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f\System.Runtime.Serialization.dll
[2012/10/05 12:53:23 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17966_none_d6c72b049c7d33b8\System.Runtime.Serialization.dll
[2012/10/05 12:56:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22126_none_bff58646b62828b0\System.Runtime.Serialization.dll
[2010/11/21 17:00:02 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_sk-sk_79d39f727217a41c\serialui.dll.mui
[2009/07/14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a\serialui.dll
[2010/11/21 05:25:11 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1\System.Runtime.Serialization.dll
[2012/10/05 12:53:23 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_dba1d6d1dd53cdfa\System.Runtime.Serialization.dll
[2012/10/05 12:56:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_c4d03213f6fec2f2\System.Runtime.Serialization.dll

< *w7lxe* /s >

< End of report >

Obe ucty maju prava spravce, a ten druhy log nechcelo vytvorit

Vypnete antivir, at nebrani programu v praci.

Znovu spustte OTL jako spravce
Do spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[Purity]
[CreateRestorePoint]

:services
AdobeARMservice
gupdate
AdobeFlashPlayerUpdateSvc
gupdatem
gusvc

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2158292681-2161067555-2850423787-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2158292681-2161067555-2850423787-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2158292681-2161067555-2850423787-1003Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2158292681-2161067555-2850423787-1003UA.job

:otl
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2158292681-2161067555-2850423787-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[2 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[6 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[26 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\Installer\{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}\*.tmp files -> C:\Windows\Installer\{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\e3698c58def47b366f88a743e3d61360\*.tmp files -> C:\Windows\SoftwareDistribution\Download\e3698c58def47b366f88a743e3d61360\*.tmp -> ]
[1 C:\Windows\System32\catroot\*.tmp files -> C:\Windows\System32\catroot\*.tmp -> ]

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=-

Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

VIRY.CZ

Poprosim kontrolu

Re: Poprosim kontrolu

Re: Poprosim kontrolu

Re: Poprosim kontrolu

Re: Poprosim kontrolu

Re: Poprosim kontrolu

Re: Poprosim kontrolu

Re: Poprosim kontrolu

Re: Poprosim kontrolu

Re: Poprosim kontrolu

Re: Poprosim kontrolu

Re: Poprosim kontrolu

Re: Poprosim kontrolu

Re: Poprosim kontrolu

Re: Poprosim kontrolu

Re: Poprosim kontrolu