VIRY.CZ

Logfile of random's system information tool 1.10 (written by random/random)
Run by Peter at 2014-07-06 09:39:05
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 22 GB (22%) free of 100 GB
Total RAM: 3578 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:39:10, on 6.7.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Peter\Downloads\RSIT.exe
C:\Program Files\trend micro\Peter.exe
C:\Windows\system32\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour SDK\Bin\ExplorerPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Abrosoft: Abrosoft FantaMorph update permissions manager. 12810. - Unknown owner - C:\Program Files\Abrosoft\FantaMorph5\FantaUp.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Smart Disk Mounter Service (SmartDiskMounter) - Unknown owner - C:\Program Files\SmartDiskMounter\sdfs.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - VIA Technologies, Inc. - C:\Windows\system32\viakaraokesrv.exe

--
End of file - 4630 bytes

=========Mozilla firefox=========

ProfilePath - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\p3burv9g.default

prefs.js - "browser.search.useDBForOrder" - "false"

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
"bonjour4firefox@apple.com"=C:\Program Files\Bonjour SDK\Bin\FirefoxExtension\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.55.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\p3burv9g.default\extensions\
ascsurfingprotection@iobit.com
staged

C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\p3burv9g.default\searchplugins\
yahoo_ff.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-03-17 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-06-22 436600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}]
Advanced SystemCare Browser Protection - C:\PROGRA~1\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-03-17 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-07-04 3890208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-09-27 59240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIMProbíhá stahování aktualizace...1338924290338]
c:\Program Files\Corel\CorelDRAW Graphics Suite X6\PHOTO-PAINT\DIM.exe [2012-02-23 179576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [2011-04-06 2154096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smart Disk Mounter]
C:\Program Files\SmartDiskMounter\Smart Disk Mounter.exe [2014-06-04 279192]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"msacm.divxa32"=msaud32_divx.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.ac3filter"=ac3filter.acm
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2014-07-06 09:39:05 ----D---- C:\rsit
2014-07-06 09:39:05 ----D---- C:\Program Files\trend micro
2014-07-06 09:24:41 ----A---- C:\ComboFix.txt
2014-07-06 09:23:03 ----D---- C:\$RECYCLE.BIN
2014-07-06 09:08:00 ----D---- C:\Windows\temp
2014-07-05 23:45:33 ----D---- C:\Windows\system32\appmgmt
2014-07-05 22:54:27 ----D---- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-05 22:48:46 ----A---- C:\TDSSKiller.3.0.0.39_05.07.2014_22.48.46_log.txt
2014-07-05 22:22:39 ----A---- C:\ComboFixLog.txt
2014-07-05 22:11:46 ----D---- C:\Windows\SysWow64
2014-07-05 21:58:42 ----A---- C:\Windows\zip.exe
2014-07-05 21:58:42 ----A---- C:\Windows\SWSC.exe
2014-07-05 21:58:42 ----A---- C:\Windows\SWREG.exe
2014-07-05 21:58:42 ----A---- C:\Windows\sed.exe
2014-07-05 21:58:42 ----A---- C:\Windows\PEV.exe
2014-07-05 21:58:42 ----A---- C:\Windows\NIRCMD.exe
2014-07-05 21:58:42 ----A---- C:\Windows\MBR.exe
2014-07-05 21:58:42 ----A---- C:\Windows\grep.exe
2014-07-05 21:57:45 ----D---- C:\Windows\erdnt
2014-07-05 20:26:30 ----A---- C:\Windows\system32\sqlite3.dll
2014-07-05 20:25:35 ----D---- C:\AdwCleaner
2014-07-05 02:25:36 ----ASH---- C:\pagefile.sys
2014-07-05 02:25:06 ----D---- C:\Windows\Minidump
2014-07-05 02:20:55 ----A---- C:\TDSSKiller.3.0.0.39_05.07.2014_02.20.55_log.txt
2014-07-05 01:44:00 ----D---- C:\FRST
2014-07-05 01:37:14 ----D---- C:\ProgramData\HitmanPro
2014-07-05 01:22:04 ----A---- C:\Windows\ntbtlog.txt
2014-07-05 01:21:06 ----D---- C:\Windows\pss
2014-07-04 23:59:15 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-07-04 23:58:56 ----A---- C:\Windows\system32\drivers\mwac.sys
2014-07-04 23:58:56 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2014-07-04 23:58:56 ----A---- C:\Windows\system32\drivers\mbam.sys
2014-07-04 23:58:55 ----D---- C:\ProgramData\Malwarebytes
2014-07-04 23:58:55 ----D---- C:\Program Files\Malwarebytes Anti-Malware
2014-07-04 22:56:47 ----D---- C:\Users\Peter\AppData\Roaming\ProductData
2014-07-04 22:55:20 ----D---- C:\ProgramData\ProductData
2014-07-04 22:55:15 ----D---- C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-07-04 22:52:13 ----D---- C:\Windows\455F074C814E4520B69B5584BD90400C.TMP
2014-07-04 22:49:12 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2014-07-04 22:15:46 ----D---- C:\Users\Peter\AppData\Roaming\Apple Computer
2014-07-04 22:05:44 ----D---- C:\Program Files\FreeRapid-0.9u4
2014-07-02 19:46:19 ----D---- C:\ProgramData\Apple Computer
2014-07-02 19:46:19 ----D---- C:\Program Files\QuickTime
2014-07-02 19:44:50 ----D---- C:\Program Files\Common Files\Apple
2014-07-02 19:44:22 ----D---- C:\Program Files\Apple Software Update
2014-06-23 20:24:38 ----D---- C:\Users\Peter\AppData\Roaming\DropboxMaster
2014-06-23 20:23:21 ----D---- C:\Users\Peter\AppData\Roaming\Dropbox
2014-06-22 20:38:27 ----A---- C:\Windows\system32\drivers\aswHwid.sys
2014-06-22 20:38:20 ----A---- C:\Windows\avastSS.scr
2014-06-20 20:19:09 ----D---- C:\ProgramData\AppSnow
2014-06-20 20:18:15 ----D---- C:\ProgramData\4d66ec623310361d
2014-06-20 20:17:17 ----D---- C:\ProgramData\InstallMate
2014-06-15 17:17:17 ----D---- C:\Users\Peter\AppData\Roaming\Mnemosyne
2014-06-15 17:14:39 ----D---- C:\Program Files\Mnemosyne
2014-06-11 05:57:36 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 05:57:36 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-06-11 05:57:36 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-06-11 05:57:35 ----A---- C:\Windows\system32\urlmon.dll
2014-06-11 05:57:35 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 05:57:34 ----A---- C:\Windows\system32\jsproxy.dll
2014-06-11 05:57:34 ----A---- C:\Windows\system32\ieUnatt.exe
2014-06-11 05:57:33 ----A---- C:\Windows\system32\msfeeds.dll
2014-06-11 05:57:33 ----A---- C:\Windows\system32\iernonce.dll
2014-06-11 05:57:33 ----A---- C:\Windows\system32\dxtmsft.dll
2014-06-11 05:57:32 ----A---- C:\Windows\system32\msrating.dll
2014-06-11 05:57:32 ----A---- C:\Windows\system32\ie4uinit.exe
2014-06-11 05:57:31 ----A---- C:\Windows\system32\iesetup.dll
2014-06-11 05:57:31 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 05:57:31 ----A---- C:\Windows\system32\ieapfltr.dll
2014-06-11 05:57:30 ----A---- C:\Windows\system32\wininet.dll
2014-06-11 05:57:29 ----A---- C:\Windows\system32\ieui.dll
2014-06-11 05:57:29 ----A---- C:\Windows\system32\dxtrans.dll
2014-06-11 05:57:28 ----A---- C:\Windows\system32\mshtmled.dll
2014-06-11 05:57:28 ----A---- C:\Windows\system32\ieframe.dll
2014-06-11 05:57:27 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-06-11 05:57:27 ----A---- C:\Windows\system32\iertutil.dll
2014-06-11 05:57:26 ----A---- C:\Windows\system32\jscript9diag.dll
2014-06-11 05:57:25 ----A---- C:\Windows\system32\mshtml.dll
2014-06-11 05:57:24 ----A---- C:\Windows\system32\vbscript.dll
2014-06-11 05:57:24 ----A---- C:\Windows\system32\jscript9.dll
2014-06-11 05:56:57 ----A---- C:\Windows\system32\msxml6r.dll
2014-06-11 05:56:57 ----A---- C:\Windows\system32\msxml6.dll
2014-06-11 05:56:57 ----A---- C:\Windows\system32\msxml3r.dll
2014-06-11 05:56:57 ----A---- C:\Windows\system32\msxml3.dll
2014-06-11 05:56:56 ----A---- C:\Windows\system32\drivers\tcpip.sys
2014-06-11 05:56:55 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2014-06-11 05:56:54 ----A---- C:\Windows\system32\aepdu.dll
2014-06-11 05:56:51 ----A---- C:\Windows\system32\aeinv.dll
2014-06-11 05:56:50 ----A---- C:\Windows\system32\usp10.dll

======List of files/folders modified in the last 1 month======

2014-07-06 09:39:10 ----D---- C:\Windows\Prefetch
2014-07-06 09:39:05 ----RD---- C:\Program Files
2014-07-06 09:24:43 ----D---- C:\Windows\system32\drivers
2014-07-06 09:24:43 ----AD---- C:\Qoobox
2014-07-06 09:23:07 ----D---- C:\Windows
2014-07-06 09:23:07 ----A---- C:\Windows\system.ini
2014-07-06 09:22:58 ----D---- C:\Windows\system32\drivers\etc
2014-07-06 09:09:08 ----D---- C:\ProgramData\NVIDIA
2014-07-06 09:08:15 ----D---- C:\Windows\system32\config
2014-07-06 09:06:16 ----D---- C:\Windows\AppPatch
2014-07-06 00:04:55 ----SHD---- C:\System Volume Information
2014-07-05 23:52:08 ----D---- C:\Users\Peter\AppData\Roaming\eM Client
2014-07-05 23:45:33 ----D---- C:\Windows\System32
2014-07-05 22:54:27 ----D---- C:\ProgramData
2014-07-05 22:21:51 ----RD---- C:\Users
2014-07-05 22:15:43 ----D---- C:\Program Files (x86)
2014-07-05 20:27:10 ----D---- C:\Program Files\Common Files
2014-07-05 01:08:12 ----D---- C:\Windows\Tasks
2014-07-05 01:08:12 ----D---- C:\Windows\system32\Tasks
2014-07-05 00:15:31 ----D---- C:\Windows\addins
2014-07-05 00:13:27 ----SHD---- C:\Windows\Installer
2014-07-04 23:04:23 ----D---- C:\Users\Peter\AppData\Roaming\AIMP3
2014-07-02 19:46:49 ----D---- C:\Program Files\Internet Explorer
2014-07-01 23:00:01 ----D---- C:\Users\Peter\AppData\Roaming\FileZilla
2014-06-29 04:48:25 ----D---- C:\Oslava života
2014-06-22 22:32:30 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-06-22 22:32:29 ----D---- C:\Windows\inf
2014-06-22 20:38:20 ----A---- C:\Windows\system32\aswBoot.exe
2014-06-20 20:18:13 ----D---- C:\Program Files\Google
2014-06-12 04:13:25 ----D---- C:\Windows\rescache
2014-06-12 03:23:25 ----D---- C:\Windows\winsxs
2014-06-12 03:19:59 ----D---- C:\Windows\system32\en-US
2014-06-12 03:19:51 ----SD---- C:\Windows\system32\CompatTel
2014-06-12 03:19:48 ----D---- C:\Windows\system32\DriverStore
2014-06-12 03:03:36 ----D---- C:\Windows\system32\MRT
2014-06-12 03:01:26 ----A---- C:\Windows\system32\MRT.exe
2014-06-11 05:56:46 ----D---- C:\Windows\system32\catroot
2014-06-11 05:56:36 ----D---- C:\Windows\system32\catroot2
2014-06-09 23:45:06 ----D---- C:\Users\Peter\AppData\Roaming\Skype

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-06-22 49944]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-06-22 180632]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2009-04-17 44944]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-06-22 81768]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-06-22 777488]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-06-22 411680]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-06-22 24184]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-06-22 67824]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-06-22 68312]
R2 SmartDisk;SmartDisk; \??\C:\Program Files\SmartDiskMounter\sdfs.sys [2014-05-30 74392]
R3 amdiox86;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
R3 asmthub3;ASMedia USB3 Hub Service; C:\Windows\system32\DRIVERS\asmthub3.sys [2011-06-02 101352]
R3 asmtxhci;ASMEDIA XHCI Service; C:\Windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 317416]
R3 dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072]
R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2010-11-20 16384]
R3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2012-12-19 154040]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2011-08-23 414824]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2011-03-29 1804400]
S2 Parvdm;Parvdm; C:\Windows\system32\drivers\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW73.sys [2011-06-07 211984]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 catchme;catchme; \??\C:\Users\Peter\AppData\Local\Temp\catchme.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver; C:\Windows\system32\DRIVERS\silabenm.sys [2014-03-25 47176]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver; C:\Windows\system32\DRIVERS\silabser.sys [2014-03-25 63104]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUSB;WinUSB - Kernel Driver 06/18/2013 6.1.7600.16385; C:\Windows\system32\DRIVERS\WinUSB.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Abrosoft: Abrosoft FantaMorph update permissions manager. 12810.;Abrosoft: Abrosoft FantaMorph update permissions manager. 12810.; C:\Program Files\Abrosoft\FantaMorph5\FantaUp.exe [2010-11-18 224176]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-07-28 176128]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-28 291840]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-06-22 50344]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-10-07 345376]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-03-15 634144]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-10 189728]
R2 SmartDiskMounter;Smart Disk Mounter Service; C:\Program Files\SmartDiskMounter\sdfs.exe [2014-05-30 31896]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-03-14 383264]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service; C:\Windows\system32\viakaraokesrv.exe [2011-03-29 27760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe /svc []
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-03-15 1266464]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc []
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-10 136120]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-05-30 108032]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-12-05 119408]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-11-01 1343400]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

Dame si posledni sken a budem mazat.

Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

tak mi to po cca 40 min. vypíše "Cannot create file C:/Users/Peter/Downloads/cmd.bat." a pak už nic

Děkuji za dosavadní pomoc. Teď odjíždím na týden pryč. Po návratu se opět napíšu.

Obcas se to stane, ze OTL tuhle chybku vyhodi

Spustte ho podle stejneho navodu jeste jednou, ale s timto upravenym skriptem

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

Peter-turb píše:Děkuji za dosavadní pomoc. Teď odjíždím na týden pryč. Po návratu se opět napíšu.

OK, diky za zpravu

Pokud bude pc vypnuty, bude pak stacit log z OTL. Jestli bude mezitim pouzivan nekym jinym, dejte pak k logum z OTL jeste i novy log z RSIT.

Preji stastnou cestu a za tyden se tu sejdem

TL logfile created on: 19.7.2014 23:16:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Peter\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,49 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 26,53% Memory free
6,99 Gb Paging File | 1,91 Gb Available in Paging File | 27,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 20,62 Gb Free Space | 21,13% Space Free | Partition Type: NTFS
Drive D: | 292,97 Gb Total Space | 46,13 Gb Free Space | 15,74% Space Free | Partition Type: NTFS
Drive E: | 1,43 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 1396,92 Gb Total Space | 698,56 Gb Free Space | 50,01% Space Free | Partition Type: FAT32
Drive H: | 100,00 Mb Total Space | 70,34 Mb Free Space | 70,34% Space Free | Partition Type: NTFS
Drive J: | 1,90 Gb Total Space | 0,66 Gb Free Space | 34,62% Space Free | Partition Type: FAT

Computer Name: PETER-TURB-PC | User Name: Peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014.07.06 10:14:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Peter\Downloads\OTL.exe
PRC - [2014.07.04 20:38:39 | 003,890,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014.06.22 20:38:15 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014.06.06 16:42:16 | 009,027,952 | ---- | M] (Wargaming.net) -- D:\Games\World_of_Tanks\WOTLauncher.exe
PRC - [2014.06.05 15:58:39 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014.05.30 13:52:36 | 000,031,896 | ---- | M] () -- C:\Program Files\SmartDiskMounter\sdfs.exe
PRC - [2014.04.02 14:23:54 | 015,477,032 | ---- | M] (eM Client, Inc.) -- C:\Program Files\eM Client\MailClient.exe
PRC - [2013.12.21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.11.01 04:08:33 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2013.03.15 04:59:31 | 000,866,592 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013.03.15 04:59:30 | 001,821,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013.03.14 23:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.07.28 23:35:53 | 000,401,408 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011.07.28 23:35:24 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011.07.28 18:42:48 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2011.03.29 04:03:48 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\ViakaraokeSrv.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.18 19:26:22 | 000,224,176 | ---- | M] () -- C:\Program Files\Abrosoft\FantaMorph5\FantaUp.exe
PRC - [2010.03.10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

========== Modules (No Company Name) ==========

MOD - [2014.07.08 08:18:04 | 014,663,856 | ---- | M] () -- C:\Users\Peter\AppData\Local\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll
MOD - [2014.06.05 15:58:38 | 000,414,536 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppgooglenaclpluginchrome.dll
MOD - [2014.06.05 15:58:36 | 004,217,672 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll
MOD - [2014.06.05 15:58:32 | 000,716,616 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
MOD - [2014.06.05 15:58:31 | 000,126,280 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.153\libegl.dll
MOD - [2014.06.05 15:58:30 | 001,732,424 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
MOD - [2014.05.16 19:25:28 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359e693030a92977455667e67fb74267\Microsoft.VisualBasic.ni.dll
MOD - [2014.05.16 19:25:27 | 000,027,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MailClient.Exceptio#\08d043b8abe8b10f1120d80b078e71c7\MailClient.ExceptionUtils.ni.dll
MOD - [2014.05.16 19:25:26 | 004,484,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Exchange.#\96b52202889e0f1878b6913dad8354cb\Microsoft.Exchange.WebServices.ni.dll
MOD - [2014.05.16 19:25:26 | 000,378,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\RtfToHtml\a288a403acb0210517205fb83d8f0bbe\RtfToHtml.ni.dll
MOD - [2014.05.16 19:25:26 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MailClient.Interop\e5923eac821bef3c02003a3110ed37b8\MailClient.Interop.ni.dll
MOD - [2014.05.16 19:25:22 | 000,654,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SQLite\2bf949d1fada70a64a07cf27b012c9a6\System.Data.SQLite.ni.dll
MOD - [2014.05.16 19:25:20 | 036,643,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MailClient\13f0706b9fcfd282108ae0cdacee3f39\MailClient.ni.exe
MOD - [2014.05.16 18:23:00 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\15c45f1932751583dc3c2d49e5786acd\System.Web.Services.ni.dll
MOD - [2014.05.16 18:22:52 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\98c91b8d3f1d54c41ada5f37e0935303\System.Runtime.Remoting.ni.dll
MOD - [2014.05.16 18:22:52 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\6b0a1d4b63fb0ef68c0c1cd107ce9ba4\System.EnterpriseServices.ni.dll
MOD - [2014.05.16 18:22:50 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4f66c3dc2cd6583df3fcc393edcb48a7\System.Transactions.ni.dll
MOD - [2014.05.16 18:22:49 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dbc236ca6655e4e3839ee4f802eb3f99\System.Data.ni.dll
MOD - [2014.04.21 21:10:12 | 000,242,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SgmlReader\f5a0b0593685f1476e9aeb1c131e2b55\SgmlReader.ni.dll
MOD - [2014.04.21 21:09:44 | 000,942,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\HTMLEditorControl\bd7b6bd94bb8eaf8b51dd8d2025207ef\HTMLEditorControl.ni.dll
MOD - [2014.04.21 21:09:43 | 000,263,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MailClient.Imap.Base\98e45f500626e2a6c19ab49a189fd954\MailClient.Imap.Base.ni.dll
MOD - [2014.04.21 21:09:43 | 000,105,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\NHunspell\4b7a22586523cca91344d681d5673404\NHunspell.ni.dll
MOD - [2014.04.21 21:09:42 | 000,610,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MailClient.Common.UI\353577cef6c627549c0221c52d6e4322\MailClient.Common.UI.ni.dll
MOD - [2014.04.21 21:09:42 | 000,107,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MailClient.Sasl\a4ad27fe36ce43d031f6a5f05a235bd3\MailClient.Sasl.ni.dll
MOD - [2014.04.21 21:09:40 | 001,315,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Google.Apis\29f9dc2a74143c76a48b7de219babc53\Google.Apis.ni.dll
MOD - [2014.04.21 21:09:39 | 000,081,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SystemCoreTimeZone\e5879670d6b75234c2693d19661ecce9\SystemCoreTimeZone.ni.dll
MOD - [2014.04.21 21:09:32 | 000,507,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MailClient.Mail\cdd6a08cab7802c66400b4ba72d296d3\MailClient.Mail.ni.dll
MOD - [2014.04.21 21:09:31 | 000,141,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MailClient.Collecti#\ab0fe1262db97fa89d457dd91da27854\MailClient.Collections.ni.dll
MOD - [2014.04.02 14:23:54 | 000,106,496 | ---- | M] () -- C:\Program Files\eM Client\MailClient.XmlSerializers.dll
MOD - [2014.04.02 14:17:54 | 000,610,304 | ---- | M] () -- C:\Program Files\eM Client\cs\MailClient.resources.dll
MOD - [2014.03.28 11:35:02 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2014.03.04 07:57:21 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2014.02.12 04:36:29 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\d682d06abf8257c72ce11cefd1d74cf5\CustomMarshalers.ni.dll
MOD - [2014.02.12 04:36:06 | 000,109,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Search.In#\dc59a14cfbbf571f80147ee60b2d6d02\Microsoft.Search.Interop.ni.dll
MOD - [2014.02.12 04:36:06 | 000,050,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\QuartzTypeLib\877a050e7fc3698e03648180b3ac0999\QuartzTypeLib.ni.dll
MOD - [2014.02.12 04:36:04 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4412bbbb473c356b5ea3e1ea13b25f52\System.Management.ni.dll
MOD - [2014.02.12 04:36:02 | 000,035,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Experimen#\dede58b7ecef575900d0c0e6a8e0f97b\Microsoft.Experimental.IO.ni.dll
MOD - [2014.02.12 04:36:01 | 001,452,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsAPICodePack\f797e9f7427049019b18ed6986bca9b2\WindowsAPICodePack.ni.dll
MOD - [2014.02.12 04:36:01 | 000,140,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\RSS.NET\88e824cdac3aee1761c3eb77fb6af63b\RSS.NET.ni.dll
MOD - [2014.02.12 04:35:38 | 000,105,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\FacebookAPI\0ac83b0825660975f1a709ccb1f83a30\FacebookAPI.ni.dll
MOD - [2014.02.12 04:35:37 | 001,190,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Esent.Interop\a1481f9a64c99149696ffb9fa3caa310\Esent.Interop.ni.dll
MOD - [2014.02.12 04:35:35 | 000,366,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\HtmlInterop\4e13bfad74433eee5d4f64e5b75a1b6a\HtmlInterop.ni.dll
MOD - [2014.02.12 04:35:34 | 001,813,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\jabber-net\2c948cd3dee7ba2decac175f3e7f0895\jabber-net.ni.dll
MOD - [2014.02.12 04:35:32 | 000,220,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Google.GData.Extens#\c8f04b2a33bd7ef9545b7e266a56a438\Google.GData.Extensions.ni.dll
MOD - [2014.02.12 04:35:32 | 000,105,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Google.GData.Contac#\65837fe6049eb2d23647170c22059224\Google.GData.Contacts.ni.dll
MOD - [2014.02.12 04:35:31 | 001,612,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\6905f5a409b40fc96038621597dc12e0\Newtonsoft.Json.Net20.ni.dll
MOD - [2014.02.12 04:35:31 | 000,679,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Google.GData.Client\af765319644faae784f248ca559f41f9\Google.GData.Client.ni.dll
MOD - [2014.02.12 04:35:23 | 000,584,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\LinqBridge\25b608c857b0a6aa256f7c3a5aa1ef46\LinqBridge.ni.dll
MOD - [2014.02.12 04:33:03 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014.02.12 04:32:55 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014.02.12 04:32:52 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\4f5069e6497e5e6a381ab6aadf05d6a5\Accessibility.ni.dll
MOD - [2014.02.12 04:32:36 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014.02.12 04:32:32 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014.02.12 04:32:31 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014.02.12 04:32:18 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014.01.23 19:15:30 | 000,642,016 | ---- | M] () -- C:\Program Files\eM Client\SQLite\x86\sqlite3.dll
MOD - [2013.12.17 16:59:24 | 000,032,768 | ---- | M] () -- C:\Program Files\eM Client\cs\HtmlEditorControl.resources.dll
MOD - [2013.10.30 15:06:42 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013.07.08 14:43:49 | 000,159,744 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_cs_b77a5c561934e089\System.Xml.resources.dll
MOD - [2013.07.08 14:43:47 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_cs_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2012.06.17 23:14:42 | 001,021,440 | ---- | M] () -- C:\Program Files\AC3Filter\ac3filter_intl.dll
MOD - [2012.06.17 23:12:10 | 001,406,976 | ---- | M] () -- C:\Program Files\AC3Filter\ac3filter.ax
MOD - [2012.05.13 00:42:16 | 001,272,320 | ---- | M] () -- C:\Program Files\AC3Filter\avcodec-53.dll
MOD - [2012.05.13 00:42:16 | 000,146,432 | ---- | M] () -- C:\Program Files\AC3Filter\avutil-51.dll
MOD - [2011.04.12 05:12:12 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_cs_b77a5c561934e089\System.resources.dll
MOD - [2010.11.20 23:29:11 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.11.20 23:29:07 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2010.11.13 03:54:29 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_cs_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.11.13 03:54:19 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_cs_b77a5c561934e089\mscorlib.resources.dll

========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc -- (gupdatem)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc -- (gupdate)
SRV - [2014.06.22 20:38:15 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014.06.19 01:23:24 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014.05.30 13:52:36 | 000,031,896 | ---- | M] () [Auto | Running] -- C:\Program Files\SmartDiskMounter\sdfs.exe -- (SmartDiskMounter)
SRV - [2013.12.21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.12.05 21:36:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.11.01 04:17:22 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013.05.27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013.03.15 07:46:27 | 001,266,464 | R--- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.03.14 23:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.07.28 23:35:24 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.07.28 18:42:48 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2011.03.29 04:03:48 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\System32\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV - [2010.11.18 19:26:22 | 000,224,176 | ---- | M] () [Auto | Running] -- C:\Program Files\Abrosoft\FantaMorph5\FantaUp.exe -- (Abrosoft: Abrosoft FantaMorph update permissions manager. 12810.)
SRV - [2010.03.10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Peter\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2014.06.22 20:38:53 | 000,777,488 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsnx.sys -- (aswSnx)
DRV - [2014.06.22 20:38:53 | 000,411,680 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsp.sys -- (aswSP)
DRV - [2014.06.22 20:38:53 | 000,068,312 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswstm.sys -- (aswStm)
DRV - [2014.06.22 20:38:21 | 000,180,632 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014.06.22 20:38:21 | 000,081,768 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2014.06.22 20:38:21 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014.06.22 20:38:21 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014.06.22 20:38:21 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2014.05.30 13:52:02 | 000,074,392 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Program Files\SmartDiskMounter\sdfs.sys -- (SmartDisk)
DRV - [2014.03.25 14:35:35 | 000,063,104 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabser.sys -- (silabser)
DRV - [2014.03.25 14:35:35 | 000,047,176 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabenm.sys -- (silabenm)
DRV - [2013.03.15 07:46:27 | 008,952,608 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.12.19 07:41:53 | 000,154,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011.06.07 00:06:54 | 000,211,984 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2011.06.02 11:32:50 | 000,317,416 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\asmtxhci.sys -- (asmtxhci)
DRV - [2011.06.02 11:32:50 | 000,101,352 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\asmthub3.sys -- (asmthub3)
DRV - [2011.03.29 04:03:44 | 001,804,400 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2010.11.20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010.11.20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2010.11.20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.11.20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.02.18 10:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE11SR
IE - HKCU\..\SearchScopes\{D56751BC-A89F-450B-823C-8D6D0FF74265}: "URL" = https://search.yahoo.com/search?fr=chr- ... earchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Peter\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Peter\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014.06.22 20:38:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bonjour4firefox@apple.com: C:\Program Files\Bonjour SDK\Bin\FirefoxExtension\ [2014.06.04 19:33:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013.12.22 20:28:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\Mozilla\Extensions
[2014.07.05 00:18:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\p3burv9g.default\extensions
[2014.07.05 00:18:57 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\p3burv9g.default\extensions\ascsurfingprotection@iobit.com
[2014.07.05 22:15:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\p3burv9g.default\extensions\staged
[2014.07.04 22:55:56 | 000,000,794 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\p3burv9g.default\searchplugins\yahoo_ff.xml
[2013.12.22 20:28:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013.12.22 20:28:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014.04.03 18:58:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions
[2014.04.03 18:58:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\PROGRAM FILES\IOBIT APPS TOOLBAR\FF

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.153\gcswf32.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.153\gears.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Search by Image (by Google) = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.5.1_0\
CHR - Extension: Post To Tumblr = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbpicbbcpanckagpdjflgojlknomoiah\4.19_0\
CHR - Extension: AdBlock = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.7_0\
CHR - Extension: LastPass: Free Password Manager = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.1.43_0\
CHR - Extension: Multilingual TTS Engine = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\megclklaoidjbomplbhbdgbelkoebbdl\1.7_0\
CHR - Extension: PenĂ„â€şÄąÄľenka Google = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: SEO for Chrome = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj\0.9.5_0\
CHR - Extension: LogMeIn = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\omkjapkpkiciphacnalicgmmcelfolon\1.0.0.1037_0\

O1 HOSTS File: ([2014.07.06 09:22:58 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour SDK\Bin\ExplorerPlugin.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{266BFA5D-D7A9-4265-AA67-DEFC0DA7FCF3}: DhcpNameServer = 10.0.0.138
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.divxa32 - C:\Windows\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2014.07.19 08:57:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2014.07.19 08:57:04 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2014.07.19 08:57:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2014.07.09 04:44:47 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014.07.09 04:44:47 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014.07.09 04:44:47 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014.07.09 04:44:47 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2014.07.09 04:44:46 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014.07.09 04:44:46 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014.07.09 04:44:46 | 000,240,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2014.07.09 04:44:46 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014.07.09 04:44:46 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014.07.09 04:44:46 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014.07.09 04:44:45 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014.07.09 04:44:45 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014.07.09 04:44:45 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014.07.09 04:44:44 | 000,595,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014.07.09 04:44:44 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014.07.09 04:44:44 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014.07.09 04:44:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014.07.09 04:44:43 | 000,442,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014.07.09 04:44:43 | 000,239,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014.07.09 04:44:41 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2014.07.09 04:44:41 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2014.07.09 04:44:40 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014.07.09 04:44:38 | 004,254,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014.07.09 04:44:23 | 002,350,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014.07.09 04:44:22 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2014.07.09 04:44:13 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2014.07.09 04:44:08 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2014.07.09 04:44:02 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2014.07.09 04:43:59 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2014.07.06 09:39:05 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014.07.06 09:39:05 | 000,000,000 | ---D | C] -- C:\rsit
[2014.07.06 09:23:03 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2014.07.06 09:08:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014.07.06 09:08:00 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\temp
[2014.07.05 23:45:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2014.07.05 22:54:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014.07.05 22:53:39 | 000,000,000 | ---D | C] -- C:\Users\Peter\Desktop\mbar
[2014.07.05 22:11:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64
[2014.07.05 21:58:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014.07.05 21:58:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014.07.05 21:58:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014.07.05 21:57:45 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014.07.05 21:54:31 | 005,213,907 | R--- | C] (Swearware) -- C:\Users\Peter\Desktop\ComboFix.exe
[2014.07.05 20:26:30 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014.07.05 20:25:35 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.07.05 02:25:06 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2014.07.05 01:44:00 | 000,000,000 | ---D | C] -- C:\FRST
[2014.07.05 01:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014.07.05 01:21:06 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2014.07.05 00:17:36 | 000,000,000 | ---D | C] -- C:\Windows\tasks\ImCleanDisabled
[2014.07.04 23:59:15 | 000,113,880 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014.07.04 23:59:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014.07.04 23:58:56 | 000,075,480 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014.07.04 23:58:56 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014.07.04 23:58:56 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014.07.04 23:58:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014.07.04 23:58:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014.07.04 23:31:44 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\Apple Computer
[2014.07.04 22:56:47 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\ProductData
[2014.07.04 22:55:20 | 000,000,000 | ---D | C] -- C:\ProgramData\ProductData
[2014.07.04 22:55:15 | 000,000,000 | ---D | C] -- C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
[2014.07.04 22:49:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2014.07.04 22:15:46 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Apple Computer
[2014.07.04 22:05:44 | 000,000,000 | ---D | C] -- C:\Program Files\FreeRapid-0.9u4
[2014.07.02 19:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2014.07.02 19:44:28 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\Apple
[2014.07.02 19:44:22 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2014.07.02 19:41:24 | 000,000,000 | ---D | C] -- C:\Users\Peter\Documents\ethogram_agonistic_behaviours
[2014.06.23 20:24:38 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\DropboxMaster
[2014.06.23 20:24:19 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2014.06.23 20:23:21 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Dropbox
[2014.06.22 20:38:20 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014.06.21 02:04:25 | 000,000,000 | ---D | C] -- C:\Users\Peter\Desktop\FreeRapid-0.9u4
[2014.06.20 20:19:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AppSnow
[2014.06.20 20:18:15 | 000,000,000 | ---D | C] -- C:\ProgramData\4d66ec623310361d
[2014.06.20 20:18:12 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\Comodo
[2014.06.20 20:17:17 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014.07.19 23:20:11 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014.07.19 08:57:28 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2014.07.17 07:42:28 | 000,022,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.07.17 07:42:28 | 000,022,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.07.17 07:34:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.07.17 07:34:40 | 2814,185,472 | -HS- | M] () -- C:\hiberfil.sys
[2014.07.16 16:15:57 | 000,668,138 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2014.07.16 16:15:57 | 000,653,526 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014.07.16 16:15:57 | 000,140,798 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2014.07.16 16:15:57 | 000,121,398 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014.07.10 20:36:34 | 000,312,923 | ---- | M] () -- C:\Users\Peter\Documents\whole-body-workout-in-7-min.png
[2014.07.09 20:51:27 | 000,407,168 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014.07.06 09:22:58 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014.07.05 22:54:26 | 000,113,880 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014.07.05 22:53:43 | 000,075,480 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014.07.05 21:55:18 | 005,213,907 | R--- | M] (Swearware) -- C:\Users\Peter\Desktop\ComboFix.exe
[2014.07.05 02:25:05 | 429,011,106 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014.07.04 23:59:01 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014.07.04 22:13:20 | 000,000,546 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014.06.30 03:40:16 | 000,404,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2014.06.30 03:36:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2014.06.29 04:39:22 | 002,232,077 | ---- | M] () -- C:\Users\Peter\Documents\PDF.pdf
[2014.06.28 17:09:56 | 424,728,533 | ---- | M] () -- C:\Users\Peter\Documents\ethogram_agonistic_behaviours.zip
[2014.06.27 22:37:38 | 000,021,441 | ---- | M] () -- C:\Users\Peter\Documents\Pohled vysoka stena.pdf
[2014.06.27 22:37:34 | 000,179,845 | ---- | M] () -- C:\Users\Peter\Documents\Pudorys se skrinkami ikea.pdf
[2014.06.27 22:33:31 | 000,042,919 | ---- | M] () -- C:\Users\Peter\Documents\Pohledy na stenu s digestori.pdf
[2014.06.22 20:39:05 | 000,002,047 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014.06.22 20:38:53 | 000,777,488 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswsnx.sys
[2014.06.22 20:38:53 | 000,411,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswsp.sys
[2014.06.22 20:38:53 | 000,068,312 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswstm.sys
[2014.06.22 20:38:21 | 000,180,632 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014.06.22 20:38:21 | 000,081,768 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2014.06.22 20:38:21 | 000,067,824 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2014.06.22 20:38:21 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2014.06.22 20:38:21 | 000,024,184 | ---- | M] () -- C:\Windows\System32\drivers\aswHwid.sys
[2014.06.22 20:38:20 | 000,271,264 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2014.06.22 20:38:20 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014.06.20 21:39:54 | 000,240,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2014.06.20 20:25:01 | 017,403,694 | ---- | M] () -- C:\Users\Peter\Desktop\FreeRapid-0.9u4.zip
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014.07.19 08:57:28 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2014.07.10 20:36:27 | 000,312,923 | ---- | C] () -- C:\Users\Peter\Documents\whole-body-workout-in-7-min.png
[2014.07.06 10:18:44 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014.07.05 21:58:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014.07.05 21:58:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014.07.05 21:58:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014.07.05 21:58:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014.07.05 21:58:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014.07.05 02:25:05 | 429,011,106 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014.07.04 23:59:01 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014.07.02 19:44:26 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2014.07.02 19:40:29 | 424,728,533 | ---- | C] () -- C:\Users\Peter\Documents\ethogram_agonistic_behaviours.zip
[2014.06.29 04:39:22 | 002,232,077 | ---- | C] () -- C:\Users\Peter\Documents\PDF.pdf
[2014.06.27 22:37:38 | 000,021,441 | ---- | C] () -- C:\Users\Peter\Documents\Pohled vysoka stena.pdf
[2014.06.27 22:37:34 | 000,179,845 | ---- | C] () -- C:\Users\Peter\Documents\Pudorys se skrinkami ikea.pdf
[2014.06.27 22:33:31 | 000,042,919 | ---- | C] () -- C:\Users\Peter\Documents\Pohledy na stenu s digestori.pdf
[2014.06.22 20:38:27 | 000,024,184 | ---- | C] () -- C:\Windows\System32\drivers\aswHwid.sys
[2014.06.20 20:19:14 | 017,403,694 | ---- | C] () -- C:\Users\Peter\Desktop\FreeRapid-0.9u4.zip
[2014.06.15 17:59:35 | 000,001,663 | ---- | C] () -- C:\Users\Peter\anatomie 1.cards
[2014.06.15 17:43:47 | 000,001,404 | ---- | C] () -- C:\Users\Peter\svaly.cards
[2014.03.25 14:47:01 | 000,000,546 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014.02.15 01:32:08 | 000,007,605 | ---- | C] () -- C:\Users\Peter\AppData\Local\Resmon.ResmonCfg
[2014.02.02 00:18:01 | 000,003,584 | ---- | C] () -- C:\Users\Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014.01.10 10:40:00 | 003,065,455 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2013.10.30 15:06:54 | 000,180,632 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.10.30 15:06:53 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.10.30 15:01:17 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2013.10.30 14:50:41 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2013.10.30 14:50:38 | 000,029,492 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

========== ZeroAccess Check ==========

[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.03.25 04:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014.02.10 12:00:05 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\.mono
[2014.07.09 20:23:00 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\AIMP3
[2013.10.30 15:07:58 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\AVAST Software
[2014.06.05 23:56:55 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\com.wd.WDMyCloud
[2014.06.23 20:24:49 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Dropbox
[2014.06.23 20:24:48 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\DropboxMaster
[2014.07.17 07:38:09 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\eM Client
[2014.07.01 23:00:01 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\FileZilla
[2014.01.12 22:49:12 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Jovian Archive
[2013.10.30 23:32:51 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\LibreOffice
[2014.06.15 17:44:25 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Mnemosyne
[2013.10.31 14:20:06 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\NuSphere
[2014.07.04 22:56:47 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\ProductData
[2014.02.10 12:41:19 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Unity
[2014.02.22 11:51:42 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\uTorrent
[2013.11.08 02:50:33 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\VitySoft
[2013.10.30 18:38:10 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Wargaming.net
[2014.06.05 23:52:19 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\WDC

========== Purity Check ==========

========== Custom Scans ==========

< >
[2009.07.14 06:53:46 | 000,023,194 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT

< >

< MD5 for: ATAPI.SYS >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\erdnt\cache\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_a5025d31bee4647c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_df26d4d57fdef5b0\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_dfc9143c98e9a6c4\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010.11.20 23:29:06 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe
[2010.11.20 23:29:06 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2010.11.20 23:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010.11.20 23:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010.11.20 23:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010.11.20 23:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\erdnt\cache\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

< MD5 for: HAL.DLL >
[2010.11.20 23:29:19 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\System32\hal.dll
[2010.11.20 23:29:19 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll

< MD5 for: SCECLI.DLL >
[2010.11.20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache\scecli.dll
[2010.11.20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWow64\scecli.dll
[2010.11.20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

< MD5 for: SVCHOST.EXE >
[2014.05.12 07:24:30 | 000,750,392 | ---- | M] (MalwareBytes) MD5=09882E8EDD1144E6EF1AF6D1F98305EE -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: TCPIP.SYS >
[2011.04.25 06:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2010.11.20 23:29:20 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2013.07.06 07:05:35 | 001,293,760 | ---- | M] (Microsoft Corporation) MD5=4E8B9BE71B807B3BAEDB7F4243F85E3C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_b52f2f65c4a146e5\tcpip.sys
[2013.07.06 06:57:37 | 001,309,120 | ---- | M] (Microsoft Corporation) MD5=528F7CC60391DD0FAB0344F32F051FDF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_b5721e2eddf328f9\tcpip.sys
[2014.04.05 04:25:01 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=5579DD18546999F5D0EC39D018726C6B -- C:\Windows\erdnt\cache\tcpip.sys
[2014.04.05 04:25:01 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=5579DD18546999F5D0EC39D018726C6B -- C:\Windows\System32\drivers\tcpip.sys
[2014.04.05 04:25:01 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=5579DD18546999F5D0EC39D018726C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18438_none_b513c4dfc4b513b9\tcpip.sys
[2013.09.07 04:06:48 | 001,309,120 | ---- | M] (Microsoft Corporation) MD5=6C4F3D92764FFA22D28061A4D9235446 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_b58e8eb0ddde6cf1\tcpip.sys
[2011.04.25 08:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2013.09.08 04:07:12 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=CA59F7C570AF70BC174F477CFE2D9EE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_b4fa2013c4c8ebf1\tcpip.sys
[2012.10.03 18:44:01 | 001,308,040 | ---- | M] (Microsoft Corporation) MD5=D490DD0A91B4EAC3B4EE08D11EE37C31 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_b5a428d6ddce3d9a\tcpip.sys
[2013.11.26 13:07:37 | 001,309,632 | ---- | M] (Microsoft Corporation) MD5=DC08335B30D83FB61E9EFE6FDD09D40D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22525_none_b5a530b8ddcd4b8d\tcpip.sys
[2012.10.03 18:58:30 | 001,293,680 | ---- | M] (Microsoft Corporation) MD5=E23A56F843E2AEBBB209D0ACCA73C640 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_b4ef7439c4d0da52\tcpip.sys
[2014.04.05 04:16:21 | 001,310,144 | ---- | M] (Microsoft Corporation) MD5=EA47AB18E289333AB94397D77CA6E3A1 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22648_none_b59293a4dddacc9b\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010.11.20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe
[2010.11.20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWow64\userinit.exe
[2010.11.20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

< MD5 for: WINLOGON.EXE >
[2014.05.12 07:24:30 | 000,750,392 | ---- | M] (MalwareBytes) MD5=09882E8EDD1144E6EF1AF6D1F98305EE -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2010.11.20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2014.03.04 11:17:02 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=998507B046BA314CE8245364C686FA67 -- C:\Windows\erdnt\cache\winlogon.exe
[2014.03.04 11:17:02 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=998507B046BA314CE8245364C686FA67 -- C:\Windows\System32\winlogon.exe
[2014.03.04 11:17:02 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=998507B046BA314CE8245364C686FA67 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_71da23b23327143c\winlogon.exe
[2014.03.04 12:39:02 | 000,304,640 | ---- | M] (Microsoft Corporation) MD5=D53972F87D850CD2EB4B29B60CAFDD77 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_7255f1994c4f8119\winlogon.exe

< >

< %systemroot%*.* /U /s >
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[4 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[2 C:\Windows\temp\*.tmp files -> C:\Windows\temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2014.02.10 12:00:05 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\.mono
[2013.11.19 13:15:28 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Adobe
[2014.07.09 20:23:00 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\AIMP3
[2014.07.04 22:55:36 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Apple Computer
[2014.01.10 12:31:48 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\ATI
[2013.10.30 15:07:58 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\AVAST Software
[2014.06.05 23:56:55 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\com.wd.WDMyCloud
[2013.11.07 16:13:57 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Corel
[2014.06.23 20:24:49 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Dropbox
[2014.06.23 20:24:48 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\DropboxMaster
[2014.07.17 07:38:09 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\eM Client
[2014.07.01 23:00:01 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\FileZilla
[2013.10.31 15:09:29 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\GRETECH
[2013.10.30 14:43:18 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Identities
[2014.01.12 22:49:12 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Jovian Archive
[2013.10.30 23:32:51 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\LibreOffice
[2013.10.30 15:17:50 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Macromedia
[2011.04.12 05:17:58 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Media Center Programs
[2014.06.06 14:35:38 | 000,000,000 | --SD | M] -- C:\Users\Peter\AppData\Roaming\Microsoft
[2014.06.15 17:44:25 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Mnemosyne
[2013.12.22 20:28:37 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Mozilla
[2013.10.31 14:20:06 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\NuSphere
[2014.02.01 23:14:26 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\NVIDIA
[2014.07.04 22:56:47 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\ProductData
[2013.10.31 15:11:41 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Real
[2014.06.09 23:45:06 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Skype
[2014.02.10 12:41:19 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Unity
[2014.02.22 11:51:42 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\uTorrent
[2013.11.08 02:50:33 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\VitySoft
[2013.10.30 18:38:10 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Wargaming.net
[2014.06.05 23:52:19 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\WDC

< %APPDATA%\*.exe /s >
[2014.01.15 16:47:48 | 007,673,744 | ---- | M] (AIMP DevTeam) -- C:\Users\Peter\AppData\Roaming\AIMP3\UpdateInstaller.exe
[2014.03.19 14:17:02 | 032,667,896 | ---- | M] (Dropbox, Inc.) -- C:\Users\Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2014.03.19 14:18:14 | 000,244,648 | ---- | M] (Dropbox, Inc.) -- C:\Users\Peter\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
[2014.03.19 14:17:06 | 000,143,616 | ---- | M] (Dropbox, Inc.) -- C:\Users\Peter\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2007.03.22 12:46:42 | 000,126,976 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\GRETECH\GomPlayer\GrLauncher.exe
[2014.01.09 14:40:51 | 000,071,894 | R--- | M] () -- C:\Users\Peter\AppData\Roaming\Microsoft\Installer\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}\GPUploader.exe
[2013.12.12 13:00:00 | 000,393,728 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Peter\AppData\Roaming\uTorrent\utorrent.exe
[2014.06.06 17:55:43 | 000,096,112 | ---- | M] ( ) -- C:\Users\Peter\AppData\Roaming\WDC\orion\WebDAVRegistryUpdater.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2014.07.17 07:42:28 | 000,022,224 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.07.17 07:42:28 | 000,022,224 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

< %SYSTEMDRIVE%\*.exe >

< >

< *crack* /s >
[2012.02.27 22:36:42 | 000,092,827 | ---- | M] () -- \Program Files\Corel\CorelDRAW Graphics Suite X6\Custom Data\Bumpmap\Cracks.cpt
[2012.02.27 22:36:42 | 000,017,870 | ---- | M] () -- \Program Files\Corel\CorelDRAW Graphics Suite X6\Custom Data\Canvas\cracks2c.bmp
[2008.02.12 06:05:16 | 000,036,864 | ---- | M] () -- \Program Files\NuSphere\PhpED\php\extensions\php_crack.dll
[2008.05.02 18:07:02 | 000,041,024 | ---- | M] () -- \Program Files\NuSphere\PhpED\php5\extensions\php_crack.dll
[2014.06.21 02:05:48 | 000,005,592 | ---- | M] () -- \Users\Peter\AppData\Roaming\VitySoft\FRD\plugins\crackle.frp

< *keygen* /s >
[2012.03.24 15:59:36 | 000,217,088 | ---- | M] () -- \Users\Peter\Downloads\CorelDRAW_X6_CZ_32bit\32 bit\Keygen.exe

< *AntiWPA* /s >

< *loader* /s >
[2008.07.30 10:06:58 | 000,072,192 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7Debug\coloader80.dll
[2008.07.29 03:43:16 | 000,004,096 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7Debug\coloader80.tlb
[2013.01.15 18:47:04 | 001,088,320 | ---- | M] () -- \Program Files (x86)\IObit\Advanced SystemCare 6\ActionCenterDownloader.exe
[2011.02.15 16:49:08 | 000,004,176 | ---- | M] () -- \Program Files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\loader.gif
[2011.03.28 23:54:08 | 000,004,176 | ---- | M] () -- \Program Files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Shopzilla\images\loader.gif
[2014.06.22 20:38:14 | 000,072,480 | ---- | M] () -- \Program Files\AVAST Software\Avast\aswWrcIELoader32.exe
[2013.09.13 19:51:30 | 000,008,827 | ---- | M] () -- \Program Files\Common Files\Apple\Apple Application Support\WebKit.resources\inspector\HeapSnapshotLoader.js
[2008.07.30 11:06:58 | 000,072,192 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7Debug\coloader80.dll
[2008.07.29 04:43:16 | 000,004,096 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7Debug\coloader80.tlb
[2012.02.28 05:53:38 | 000,013,216 | ---- | M] () -- \Program Files\Corel\CorelDRAW Graphics Suite X6\Programs\ReflectionLoader.dll
[2014.01.06 20:47:02 | 000,000,702 | ---- | M] () -- \Program Files\Google\Picasa3\runtime\gpuploader_advoptions.fen
[2014.01.06 20:47:02 | 000,000,790 | ---- | M] () -- \Program Files\Google\Picasa3\runtime\gpuploader_debug.fen
[2014.01.06 20:47:02 | 000,000,723 | ---- | M] () -- \Program Files\Google\Picasa3\runtime\gpuploader_download.fen
[2014.01.06 20:47:02 | 000,000,694 | ---- | M] () -- \Program Files\Google\Picasa3\runtime\gpuploader_file_errors.fen
[2013.02.09 03:39:28 | 000,000,934 | ---- | M] () -- \Program Files\Google\Picasa3\runtime\gpuploader_main.fen
[2014.01.06 20:47:04 | 000,000,634 | ---- | M] () -- \Program Files\Google\Picasa3\runtime\gpuploader_manage_devices.fen
[2014.01.06 20:47:04 | 000,002,283 | ---- | M] () -- \Program Files\Google\Picasa3\runtime\gpuploader_onboard.fen
[2014.01.06 20:47:04 | 000,001,417 | ---- | M] () -- \Program Files\Google\Picasa3\runtime\gpuploader_options.fen
[2014.01.06 20:47:04 | 000,001,330 | ---- | M] () -- \Program Files\Google\Picasa3\runtime\gpuploader_pinwheel_72.png
[2014.01.06 20:47:04 | 000,002,541 | ---- | M] () -- \Program Files\Google\Picasa3\runtime\gpuploader_pinwheel_72x2.png
[2014.01.06 20:47:04 | 000,002,109 | ---- | M] () -- \Program Files\Google\Picasa3\runtime\gpuploader_prefs.fen
[2014.01.06 20:47:04 | 000,000,956 | ---- | M] () -- \Program Files\Google\Picasa3\runtime\gpuploader_quota_error1.fen
[2014.01.06 20:47:04 | 000,001,080 | ---- | M] () -- \Program Files\Google\Picasa3\runtime\gpuploader_quota_error2.fen
[2014.01.06 20:47:04 | 000,001,139 | ---- | M] () -- \Program Files\Google\Picasa3\runtime\gpuploader_quota_error_estimate.fen
[2014.01.06 20:47:04 | 000,002,181 | ---- | M] () -- \Program Files\Google\Picasa3\runtime\gpuploader_welcome.fen
[2013.09.05 05:19:44 | 000,006,852 | ---- | M] () -- \Program Files\LibreOffice 4\program\pythonloader.py
[2013.09.30 09:51:04 | 000,000,171 | ---- | M] () -- \Program Files\LibreOffice 4\program\pythonloader.uno.ini
[2013.09.30 09:47:08 | 000,037,392 | ---- | M] () -- \Program Files\LibreOffice 4\program\pythonloaderlo.dll
[2014.06.23 10:43:03 | 000,007,171 | ---- | M] () -- \Program Files\LibreOffice 4\program\__pycache__\pythonloader.cpython-33.pyc
[2013.09.29 03:42:20 | 000,124,248 | ---- | M] () -- \Program Files\LibreOffice 4\program\classes\libloader-1.1.6.jar
[2013.09.29 21:29:30 | 000,013,850 | ---- | M] () -- \Program Files\LibreOffice 4\program\python-core-3.3.0\lib\unittest\loader.py
[2013.09.29 21:29:32 | 000,049,593 | ---- | M] () -- \Program Files\LibreOffice 4\program\python-core-3.3.0\lib\unittest\test\test_loader.py
[2013.09.30 09:45:44 | 000,082,448 | ---- | M] () -- \Program Files\LibreOffice 4\URE\bin\javaloaderlo.dll
[2013.09.29 03:35:06 | 000,004,759 | ---- | M] () -- \Program Files\LibreOffice 4\URE\java\unoloader.jar
[2012.11.01 10:32:14 | 000,057,224 | ---- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2012.09.05 00:34:12 | 000,083,848 | ---- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader.dll
[2012.02.14 16:56:18 | 000,005,379 | ---- | M] () -- \Qoobox\Quarantine\C\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\content\loader.js.vir
[2012.02.14 16:56:18 | 000,004,163 | ---- | M] () -- \Qoobox\Quarantine\C\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\windows\loader.js.vir
[2014.07.06 08:54:59 | 000,067,610 | ---- | M] () -- \Qoobox\Quarantine\C\ProgramData\IObit\ASCDownloader\Downloader.log.vir
[2014.06.26 09:46:50 | 000,009,418 | ---- | M] () -- \Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.7_0\img\gifloader.gif
[2013.10.30 15:52:10 | 000,018,893 | ---- | M] () -- \Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj\0.9.5_0\img\loader.gif
[2014.01.06 11:52:30 | 003,244,032 | ---- | M] () -- \Users\Peter\AppData\Local\Programs\Google\Google+ Auto Backup\gpuploader_i18n.dll
[2014.01.06 11:47:04 | 000,000,702 | ---- | M] () -- \Users\Peter\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_advoptions.fen
[2014.01.06 11:47:04 | 000,000,790 | ---- | M] () -- \Users\Peter\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_debug.fen
[2014.01.06 11:47:04 | 000,000,723 | ---- | M] () -- \Users\Peter\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_download.fen
[2014.01.06 11:47:04 | 000,000,694 | ---- | M] () -- \Users\Peter\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_file_errors.fen
[2014.01.06 11:47:06 | 000,171,541 | ---- | M] () -- \Users\Peter\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_icons.psd
[2014.01.06 11:47:06 | 000,000,634 | ---- | M] () -- \Users\Peter\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_manage_devices.fen
[2014.01.06 11:47:06 | 000,002,283 | ---- | M] () -- \Users\Peter\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_onboard.fen
[2014.01.06 11:47:06 | 000,001,417 | ---- | M] () -- \Users\Peter\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_options.fen
[2014.01.06 11:47:06 | 000,002,109 | ---- | M] () -- \Users\Peter\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_prefs.fen
[2014.01.06 11:47:06 | 000,000,956 | ---- | M] () -- \Users\Peter\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_quota_error1.fen
[2014.01.06 11:47:06 | 000,001,080 | ---- | M] () -- \Users\Peter\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_quota_error2.fen
[2014.01.06 11:47:06 | 000,001,139 | ---- | M] () -- \Users\Peter\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_quota_error_estimate.fen
[2014.01.06 11:47:06 | 000,002,181 | ---- | M] () -- \Users\Peter\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_welcome.fen
[2014.02.18 18:46:42 | 000,072,638 | ---- | M] () -- \Users\Peter\AppData\Local\Skype\Apps\login\images\loader.gif
[2014.02.18 18:46:42 | 000,003,032 | ---- | M] () -- \Users\Peter\AppData\Local\Skype\Apps\login\images\loader.png
[2014.02.18 18:46:42 | 000,006,012 | ---- | M] () -- \Users\Peter\AppData\Local\Skype\Apps\login\images\normal\loader_15fps.gif
[2014.02.18 18:46:42 | 000,021,956 | ---- | M] () -- \Users\Peter\AppData\Local\Skype\Apps\login\images\normal\loader_30fps.gif
[2014.02.18 18:46:42 | 000,009,772 | ---- | M] () -- \Users\Peter\AppData\Local\Skype\Apps\login\images\retina\loader@2x.png
[2014.01.09 14:40:51 | 000,071,894 | R--- | M] () -- \Users\Peter\AppData\Roaming\Microsoft\Installer\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}\GPUploader.exe
[2013.12.16 14:09:31 | 000,008,921 | ---- | M] () -- \Users\Peter\Downloads\Aspire_mod_kompilace_v1.2_pro0.9.0\Aspire_mod_kompilace_v1.2_pro0.9.0\res_mods\0.9.0\gui\maps\icons\tankmen\skills\big\loader_desperado.png
[2013.12.16 14:09:31 | 000,009,727 | ---- | M] () -- \Users\Peter\Downloads\Aspire_mod_kompilace_v1.2_pro0.9.0\Aspire_mod_kompilace_v1.2_pro0.9.0\res_mods\0.9.0\gui\maps\icons\tankmen\skills\big\loader_intuition.png
[2013.12.16 14:09:31 | 000,006,536 | ---- | M] () -- \Users\Peter\Downloads\Aspire_mod_kompilace_v1.2_pro0.9.0\Aspire_mod_kompilace_v1.2_pro0.9.0\res_mods\0.9.0\gui\maps\icons\tankmen\skills\big\loader_pedant.png
[2014.03.23 16:38:14 | 000,001,004 | ---- | M] () -- \Users\Peter\Downloads\Aspire_mod_kompilace_v1.2_pro0.9.0\Aspire_mod_kompilace_v1.2_pro0.9.0\res_mods\0.9.0\xml\ScriptLoaderPRO.xml
[2011.01.01 00:00:00 | 000,000,856 | ---- | M] () -- \Users\Peter\Downloads\Aspire-v-1.3pro-8.9\Aspire v 1.3pro 8.9\res_mods\0.8.9\gui\maps\icons\library\YasenKrasen\loaderDestroyedSmall.png
[2013.12.16 14:09:31 | 000,008,921 | ---- | M] () -- \Users\Peter\Downloads\Aspire-zakladni-v-1.1-pro-0.8.11\Aspire zakladni v 1.1 pro 0.8.11\res_mods\0.8.11\gui\maps\icons\tankmen\skills\big\loader_desperado.png
[2013.12.16 14:09:31 | 000,009,727 | ---- | M] () -- \Users\Peter\Downloads\Aspire-zakladni-v-1.1-pro-0.8.11\Aspire zakladni v 1.1 pro 0.8.11\res_mods\0.8.11\gui\maps\icons\tankmen\skills\big\loader_intuition.png
[2013.12.16 14:09:31 | 000,006,536 | ---- | M] () -- \Users\Peter\Downloads\Aspire-zakladni-v-1.1-pro-0.8.11\Aspire zakladni v 1.1 pro 0.8.11\res_mods\0.8.11\gui\maps\icons\tankmen\skills\big\loader_pedant.png
[2012.10.27 16:21:08 | 000,008,192 | ---- | M] () -- \Users\Peter\Downloads\guiminer\_win32sysloader.pyd
[2010.07.02 13:59:00 | 000,001,451 | ---- | M] () -- \Users\Peter\Downloads\themeforest-7315054-bridge-creative-multipurpose-wordpress-theme\documentation\layerslider\assets\js\syntaxhighlighter\scripts\shAutoloader.js
[2010.07.02 13:59:00 | 000,002,693 | ---- | M] () -- \Users\Peter\Downloads\themeforest-7315054-bridge-creative-multipurpose-wordpress-theme\documentation\layerslider\assets\js\syntaxhighlighter\src\shAutoloader.js
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009.07.14 06:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2011.04.12 05:12:31 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2011.04.12 05:12:31 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winload.exe.mui_3bc5b827
[2011.04.12 05:12:31 | 000,030,272 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winresume.exe.mui_ff8b5358
[2010.11.20 23:31:02 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2010.11.20 23:31:02 | 000,508,904 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winload.exe_75835076
[2010.11.20 23:31:02 | 000,442,720 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winresume.exe_85cd1215
[2009.07.14 04:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 04:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2011.04.12 05:11:47 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2010.11.20 23:23:54 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2009.07.14 03:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.11.01 04:07:22 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17617_none_0cbc5ca5da0f5573\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.11.01 04:07:58 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17932_none_0ca1c10dda240617\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:40:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_0c845227da39a5ef\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.11.01 04:07:22 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21728_none_0d3c29cef3342a85\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.11.01 04:07:58 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22091_none_0ce95442f3736a4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:29:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_0d3906c4f3370937\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:46:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_0d04f7bcf35dc79a\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 07:53:29 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_0d3fdb3af3327f5f\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.03.04 12:35:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22616_none_0d44e078f32df860\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.04.12 04:03:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_0d169feaf3511c1f\api-ms-win-core-libraryloader-l1-1-0.dll

< *minodlogin* /s >

< *tnod* /s >

< *AutoKMS* /s >

< *activator* /s >

< *serial* /s >
[2013.09.11 13:34:32 | 000,106,496 | ---- | M] () -- \Program Files (x86)\eM Client\MailClient.XmlSerializers.dll
[2012.10.05 12:53:23 | 000,970,752 | ---- | M] () -- \Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2010.11.05 03:53:39 | 000,090,112 | ---- | M] () -- \Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[2008.06.14 01:32:10 | 000,285,032 | ---- | M] () -- \Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\en\System.Runtime.Serialization.xml
[2012.02.28 07:08:08 | 000,045,488 | ---- | M] () -- \Program Files\Corel\CorelDRAW Graphics Suite X6\Connect\Connect.XmlSerializers.dll
[2012.02.28 07:08:06 | 000,017,840 | ---- | M] () -- \Program Files\Corel\CorelDRAW Graphics Suite X6\Connect\CrlUtlWPF.XmlSerializers.dll
[2012.02.28 05:53:36 | 000,017,840 | ---- | M] () -- \Program Files\Corel\CorelDRAW Graphics Suite X6\Programs\CrlUtlWPF.XmlSerializers.dll
[2012.02.28 08:23:26 | 000,017,840 | ---- | M] () -- \Program Files\Corel\CorelDRAW Graphics Suite X6\VideoBrowser\CrlUtlWPF.XmlSerializers.dll
[2014.04.02 14:23:54 | 000,106,496 | ---- | M] () -- \Program Files\eM Client\MailClient.XmlSerializers.dll
[2014.04.12 20:06:04 | 000,278,281 | ---- | M] () -- \Program Files\FreeMind\lib\serializer.jar
[2013.09.29 03:42:22 | 000,021,754 | ---- | M] () -- \Program Files\LibreOffice 4\program\classes\libserializer-1.1.6.jar
[2014.02.13 23:57:42 | 000,434,368 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.1.30214.0\System.Runtime.Serialization.dll
[2014.03.29 11:23:59 | 001,164,288 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.1.30214.0\System.Runtime.Serialization.ni.dll
[2006.01.27 01:44:04 | 000,000,612 | ---- | M] () -- \Program Files\Microsoft Visual Studio 9.0\VB\Snippets\1033\other\connectivity\EnumerateSerialPorts.snippet
[2006.01.27 01:44:04 | 000,001,198 | ---- | M] () -- \Program Files\Microsoft Visual Studio 9.0\VB\Snippets\1033\other\connectivity\ReadDatafromaSerialPort.snippet
[2006.01.27 01:44:04 | 000,001,512 | ---- | M] () -- \Program Files\Microsoft Visual Studio 9.0\VB\Snippets\1033\other\connectivity\UseaSerialPorttoDialaPhoneNumber.snippet
[2012.10.05 12:53:23 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2011.04.12 05:12:20 | 000,090,112 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[2008.06.14 02:32:10 | 000,285,032 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\en\System.Runtime.Serialization.xml
[2014.03.26 01:28:04 | 000,003,072 | ---- | M] () -- \Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.serialzone.cz_0.localstorage
[2014.06.19 18:35:44 | 000,022,528 | ---- | M] () -- \Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.sledujuserialy.cz_0.localstorage
[2013.11.01 21:15:08 | 000,000,060 | ---- | M] () -- \Users\Peter\AppData\Local\Google\Picasa2\cache\cacheindex_serial.pmp
[2011.04.12 05:12:14 | 000,011,776 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.06.10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2010.11.13 03:55:26 | 000,090,112 | ---- | M] () -- \Windows\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
[2012.10.05 12:53:23 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2014.02.12 04:33:03 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\553e7bfc9cac5e4feaa83d8ee1e187bd\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.02.12 04:36:26 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f177ea74036d5fdc6c6b9c967dc877cf\System.Runtime.Serialization.ni.dll
[2014.03.04 04:04:27 | 000,309,760 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#\abb3fbf787b74b7d2513a8c409b5ef74\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.03.04 04:04:27 | 000,000,580 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#\abb3fbf787b74b7d2513a8c409b5ef74\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux
[2014.03.04 04:04:55 | 002,825,216 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
[2014.03.04 04:04:55 | 000,001,308 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll.aux
[2014.03.04 04:11:48 | 000,026,624 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.84e525b7#\94ce7a3b39b335283a0087f9964e9099\System.Xml.Serialization.ni.dll
[2014.03.04 04:11:48 | 000,000,376 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.84e525b7#\94ce7a3b39b335283a0087f9964e9099\System.Xml.Serialization.ni.dll.aux
[2013.09.11 23:33:38 | 000,027,920 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\v4.0_4.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2013.09.11 23:33:38 | 000,133,344 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2013.09.11 22:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Json\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Json.dll
[2013.09.11 22:21:54 | 000,022,208 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Primitives.dll
[2013.09.11 23:33:38 | 000,113,864 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.RunTime.Serialization.resources\v4.0_4.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.resources.dll
[2013.09.11 22:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Xml\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Xml.dll
[2013.09.11 23:33:38 | 001,052,320 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2013.09.11 22:21:54 | 000,036,480 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
[2013.09.11 22:21:54 | 000,022,656 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.XmlSerializer\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Xml.XmlSerializer.dll
[2009.06.10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2011.04.12 05:12:10 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2008.06.02 09:01:28 | 000,009,272 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\en\System.Runtime.Serialization.Formatters.Soap.xml
[2012.10.05 12:53:24 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2013.09.11 23:33:38 | 001,052,320 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2013.09.11 23:33:38 | 000,133,344 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2013.09.11 22:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Json.dll
[2013.09.11 22:21:54 | 000,022,208 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Primitives.dll
[2013.09.11 22:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Xml.dll
[2013.09.11 22:21:54 | 000,036,480 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll
[2013.09.11 22:21:54 | 000,022,656 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.XmlSerializer.dll
[2013.09.11 23:33:38 | 000,027,920 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2013.09.11 23:33:38 | 000,113,864 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\cs\System.RunTime.Serialization.resources.dll
[2009.07.14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2011.04.12 05:12:12 | 000,005,120 | ---- | M] () -- \Windows\System32\cs-CZ\serialui.dll.mui
[2009.07.14 01:45:33 | 000,083,456 | ---- | M] () -- \Windows\System32\drivers\serial.sys
[2011.04.12 05:12:17 | 000,009,728 | ---- | M] () -- \Windows\System32\drivers\cs-CZ\serial.sys.mui
[2009.07.14 00:13:45 | 001,068,032 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\mdmmotsm.inf_x86_neutral_c1415d9789c54b89\smserial.sys
[2009.07.14 01:45:33 | 000,083,456 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_x86_neutral_c1a802e06677f73f\serial.sys
[2009.07.14 00:09:18 | 000,031,232 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_x86_neutral_63e72c669d043f14\grserial.sys
[2009.07.14 04:18:03 | 000,002,762 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486.manifest
[2009.07.14 04:18:03 | 000,015,952 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486_kdcom.dll_db5e7744
[2011.04.12 05:12:31 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed_serialui.dll.mui_7d29d2a3
[2009.07.14 04:18:51 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a_serialui.dll_bea29328
[2010.11.20 23:24:56 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c.manifest
[2012.10.05 19:15:39 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17966_none_a683f56a74d63285.manifest
[2012.10.05 19:17:50 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22126_none_8fb250ac8e81277d.manifest
[2011.04.12 05:11:55 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0.manifest
[2012.10.05 21:04:43 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17966_cs-cz_342f3c238422529f.manifest
[2012.10.05 21:02:24 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22126_cs-cz_1d5d97659dcd4797.manifest
[2010.11.20 23:24:56 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f.manifest
[2012.10.05 19:15:03 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17966_none_d6c72b049c7d33b8.manifest
[2012.10.05 19:17:15 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22126_none_bff58646b62828b0.manifest
[2009.07.14 03:49:26 | 000,002,762 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486.manifest
[2009.07.14 03:45:27 | 000,000,866 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.1.7600.16385_none_2c93290b67c98d09.manifest
[2010.11.20 23:24:56 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1.manifest
[2012.10.05 19:19:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_dba1d6d1dd53cdfa.manifest
[2012.10.05 19:22:10 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_c4d03213f6fec2f2.manifest
[2009.06.10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll
[2011.04.12 05:12:14 | 000,011,776 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.1.7600.16385_cs-cz_d5c3552dd9b47144\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010.11.20 23:29:48 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c\System.Runtime.Serialization.dll
[2012.10.05 12:53:24 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17966_none_a683f56a74d63285\System.Runtime.Serialization.dll
[2012.10.05 12:56:07 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22126_none_8fb250ac8e81277d\System.Runtime.Serialization.dll
[2011.04.12 05:12:20 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0\System.RunTime.Serialization.Resources.dll
[2010.11.13 03:55:26 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17966_cs-cz_342f3c238422529f\System.RunTime.Serialization.Resources.dll
[2010.11.13 04:37:50 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22126_cs-cz_1d5d97659dcd4797\System.RunTime.Serialization.Resources.dll
[2010.11.20 23:29:48 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f\System.Runtime.Serialization.dll
[2012.10.05 12:53:23 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17966_none_d6c72b049c7d33b8\System.Runtime.Serialization.dll
[2012.10.05 12:56:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22126_none_bff58646b62828b0\System.Runtime.Serialization.dll
[2009.07.14 00:13:45 | 001,068,032 | ---- | M] () -- \Windows\winsxs\x86_mdmmotsm.inf_31bf3856ad364e35_6.1.7600.16385_none_7a97936f8a972896\smserial.sys
[2011.04.12 05:12:10 | 000,011,776 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_c233d4df09982c29\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2011.04.12 05:12:12 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed\serialui.dll.mui
[2009.07.14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a\serialui.dll
[2011.04.12 05:12:20 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_5f7b7c7cb0c0f266\System.RunTime.Serialization.Resources.dll
[2011.04.12 05:12:17 | 000,009,728 | ---- | M] () -- \Windows\winsxs\x86_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_c48c78a9ad8ff996\serial.sys.mui
[2009.07.14 01:45:33 | 000,083,456 | ---- | M] () -- \Windows\winsxs\x86_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_f86e06d519b1d9a4\serial.sys
[2009.07.14 00:09:18 | 000,031,232 | ---- | M] () -- \Windows\winsxs\x86_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_7280378295916274\grserial.sys
[2010.11.20 23:29:48 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1\System.Runtime.Serialization.dll
[2012.10.05 12:53:23 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_dba1d6d1dd53cdfa\System.Runtime.Serialization.dll
[2012.10.05 12:56:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_c4d03213f6fec2f2\System.Runtime.Serialization.dll

< *w7lxe* /s >

< End of report >

Tak už jsem zpátky. Tady je OTL log.

Děkuji

A ještě RSIT

Logfile of random's system information tool 1.10 (written by random/random)
Run by Peter at 2014-07-20 00:12:24
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 21 GB (21%) free of 100 GB
Total RAM: 3578 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:12:34, on 20.7.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17207)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\eM Client\MailClient.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
D:\Games\World_of_Tanks\WOTLauncher.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Peter\Downloads\OTL.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\notepad.exe
C:\Windows\notepad.exe
C:\Users\Peter\Downloads\RSIT.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Peter.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour SDK\Bin\ExplorerPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Abrosoft: Abrosoft FantaMorph update permissions manager. 12810. - Unknown owner - C:\Program Files\Abrosoft\FantaMorph5\FantaUp.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Smart Disk Mounter Service (SmartDiskMounter) - Unknown owner - C:\Program Files\SmartDiskMounter\sdfs.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - VIA Technologies, Inc. - C:\Windows\system32\viakaraokesrv.exe

--
End of file - 5821 bytes

=========Mozilla firefox=========

ProfilePath - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\p3burv9g.default

prefs.js - "browser.search.useDBForOrder" - "false"

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
"bonjour4firefox@apple.com"=C:\Program Files\Bonjour SDK\Bin\FirefoxExtension\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.55.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\p3burv9g.default\extensions\
ascsurfingprotection@iobit.com
staged

C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\p3burv9g.default\searchplugins\
yahoo_ff.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-03-17 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-06-22 436600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}]
Advanced SystemCare Browser Protection - C:\PROGRA~1\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-03-17 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-07-04 3890208]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2014-01-17 421888]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-09-13 59720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-09-13 59720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIMProbíhá stahování aktualizace...1338924290338]
c:\Program Files\Corel\CorelDRAW Graphics Suite X6\PHOTO-PAINT\DIM.exe [2012-02-23 179576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [2011-04-06 2154096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smart Disk Mounter]
C:\Program Files\SmartDiskMounter\Smart Disk Mounter.exe [2014-06-04 279192]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"msacm.divxa32"=msaud32_divx.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.ac3filter"=ac3filter.acm
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2014-07-19 08:57:04 ----D---- C:\ProgramData\Apple Computer
2014-07-19 08:57:04 ----D---- C:\Program Files\QuickTime
2014-07-09 04:44:47 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 04:44:47 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 04:44:47 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-07-09 04:44:47 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-07-09 04:44:46 ----A---- C:\Windows\system32\urlmon.dll
2014-07-09 04:44:46 ----A---- C:\Windows\system32\jsproxy.dll
2014-07-09 04:44:46 ----A---- C:\Windows\system32\ieUnatt.exe
2014-07-09 04:44:46 ----A---- C:\Windows\system32\iernonce.dll
2014-07-09 04:44:46 ----A---- C:\Windows\system32\iedkcs32.dll
2014-07-09 04:44:46 ----A---- C:\Windows\system32\ieapfltr.dll
2014-07-09 04:44:46 ----A---- C:\Windows\system32\dxtmsft.dll
2014-07-09 04:44:45 ----A---- C:\Windows\system32\msfeeds.dll
2014-07-09 04:44:44 ----A---- C:\Windows\system32\wininet.dll
2014-07-09 04:44:44 ----A---- C:\Windows\system32\msrating.dll
2014-07-09 04:44:44 ----A---- C:\Windows\system32\iesetup.dll
2014-07-09 04:44:44 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 04:44:44 ----A---- C:\Windows\system32\ie4uinit.exe
2014-07-09 04:44:43 ----A---- C:\Windows\system32\ieui.dll
2014-07-09 04:44:43 ----A---- C:\Windows\system32\dxtrans.dll
2014-07-09 04:44:42 ----A---- C:\Windows\system32\ieframe.dll
2014-07-09 04:44:41 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-07-09 04:44:41 ----A---- C:\Windows\system32\mshtmled.dll
2014-07-09 04:44:41 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-07-09 04:44:40 ----A---- C:\Windows\system32\jscript9diag.dll
2014-07-09 04:44:40 ----A---- C:\Windows\system32\iertutil.dll
2014-07-09 04:44:39 ----A---- C:\Windows\system32\mshtml.dll
2014-07-09 04:44:38 ----A---- C:\Windows\system32\vbscript.dll
2014-07-09 04:44:38 ----A---- C:\Windows\system32\jscript9.dll
2014-07-09 04:44:23 ----A---- C:\Windows\system32\win32k.sys
2014-07-09 04:44:22 ----A---- C:\Windows\system32\osk.exe
2014-07-09 04:44:13 ----A---- C:\Windows\system32\qedit.dll
2014-07-09 04:44:12 ----A---- C:\Windows\system32\drivers\afd.sys
2014-07-09 04:44:08 ----A---- C:\Windows\system32\schannel.dll
2014-07-09 04:44:08 ----A---- C:\Windows\system32\ncrypt.dll
2014-07-09 04:44:08 ----A---- C:\Windows\system32\msv1_0.dll
2014-07-09 04:44:08 ----A---- C:\Windows\system32\kerberos.dll
2014-07-09 04:44:07 ----A---- C:\Windows\system32\wdigest.dll
2014-07-09 04:44:07 ----A---- C:\Windows\system32\TSpkg.dll
2014-07-09 04:44:07 ----A---- C:\Windows\system32\credssp.dll
2014-07-09 04:44:02 ----A---- C:\Windows\system32\aepdu.dll
2014-07-09 04:43:59 ----A---- C:\Windows\system32\aeinv.dll
2014-07-09 04:43:55 ----A---- C:\Windows\system32\lsasrv.dll
2014-07-06 09:39:05 ----D---- C:\rsit
2014-07-06 09:39:05 ----D---- C:\Program Files\trend micro
2014-07-06 09:24:41 ----A---- C:\ComboFix.txt
2014-07-06 09:23:03 ----D---- C:\$RECYCLE.BIN
2014-07-06 09:08:00 ----D---- C:\Windows\temp
2014-07-05 23:45:33 ----D---- C:\Windows\system32\appmgmt
2014-07-05 22:54:27 ----D---- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-05 22:48:46 ----A---- C:\TDSSKiller.3.0.0.39_05.07.2014_22.48.46_log.txt
2014-07-05 22:22:39 ----A---- C:\ComboFixLog.txt
2014-07-05 22:11:46 ----D---- C:\Windows\SysWow64
2014-07-05 21:58:42 ----A---- C:\Windows\zip.exe
2014-07-05 21:58:42 ----A---- C:\Windows\SWSC.exe
2014-07-05 21:58:42 ----A---- C:\Windows\SWREG.exe
2014-07-05 21:58:42 ----A---- C:\Windows\sed.exe
2014-07-05 21:58:42 ----A---- C:\Windows\PEV.exe
2014-07-05 21:58:42 ----A---- C:\Windows\NIRCMD.exe
2014-07-05 21:58:42 ----A---- C:\Windows\MBR.exe
2014-07-05 21:58:42 ----A---- C:\Windows\grep.exe
2014-07-05 21:57:45 ----D---- C:\Windows\erdnt
2014-07-05 20:26:30 ----A---- C:\Windows\system32\sqlite3.dll
2014-07-05 20:25:35 ----D---- C:\AdwCleaner
2014-07-05 02:25:36 ----ASH---- C:\pagefile.sys
2014-07-05 02:25:06 ----D---- C:\Windows\Minidump
2014-07-05 02:20:55 ----A---- C:\TDSSKiller.3.0.0.39_05.07.2014_02.20.55_log.txt
2014-07-05 01:44:00 ----D---- C:\FRST
2014-07-05 01:37:14 ----D---- C:\ProgramData\HitmanPro
2014-07-05 01:22:04 ----A---- C:\Windows\ntbtlog.txt
2014-07-05 01:21:06 ----D---- C:\Windows\pss
2014-07-04 23:59:15 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-07-04 23:58:56 ----A---- C:\Windows\system32\drivers\mwac.sys
2014-07-04 23:58:56 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2014-07-04 23:58:56 ----A---- C:\Windows\system32\drivers\mbam.sys
2014-07-04 23:58:55 ----D---- C:\ProgramData\Malwarebytes
2014-07-04 23:58:55 ----D---- C:\Program Files\Malwarebytes Anti-Malware
2014-07-04 22:56:47 ----D---- C:\Users\Peter\AppData\Roaming\ProductData
2014-07-04 22:55:20 ----D---- C:\ProgramData\ProductData
2014-07-04 22:55:15 ----D---- C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-07-04 22:52:13 ----D---- C:\Windows\455F074C814E4520B69B5584BD90400C.TMP
2014-07-04 22:49:12 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2014-07-04 22:15:46 ----D---- C:\Users\Peter\AppData\Roaming\Apple Computer
2014-07-04 22:05:44 ----D---- C:\Program Files\FreeRapid-0.9u4
2014-07-02 19:44:50 ----D---- C:\Program Files\Common Files\Apple
2014-07-02 19:44:22 ----D---- C:\Program Files\Apple Software Update
2014-06-23 20:24:38 ----D---- C:\Users\Peter\AppData\Roaming\DropboxMaster
2014-06-23 20:23:21 ----D---- C:\Users\Peter\AppData\Roaming\Dropbox
2014-06-22 20:38:27 ----A---- C:\Windows\system32\drivers\aswHwid.sys
2014-06-22 20:38:20 ----A---- C:\Windows\avastSS.scr

======List of files/folders modified in the last 1 month======

2014-07-20 00:12:34 ----D---- C:\Windows\Prefetch
2014-07-19 23:19:59 ----SHD---- C:\System Volume Information
2014-07-19 12:57:09 ----D---- C:\Windows\system32\config
2014-07-19 08:58:36 ----SHD---- C:\Windows\Installer
2014-07-19 08:57:04 ----RD---- C:\Program Files
2014-07-19 08:57:04 ----D---- C:\Windows\System32
2014-07-19 08:57:04 ----D---- C:\ProgramData
2014-07-17 07:38:09 ----D---- C:\Users\Peter\AppData\Roaming\eM Client
2014-07-17 07:34:55 ----D---- C:\ProgramData\NVIDIA
2014-07-16 16:15:57 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-07-16 16:15:56 ----D---- C:\Windows\inf
2014-07-09 22:44:40 ----D---- C:\Windows\rescache
2014-07-09 20:51:57 ----D---- C:\Windows\winsxs
2014-07-09 20:48:26 ----D---- C:\Windows\system32\en-US
2014-07-09 20:48:26 ----D---- C:\Program Files\Windows Journal
2014-07-09 20:48:21 ----D---- C:\Program Files\Internet Explorer
2014-07-09 20:48:13 ----D---- C:\Windows\ehome
2014-07-09 20:48:10 ----D---- C:\Windows\system32\Dism
2014-07-09 20:48:08 ----D---- C:\Windows\system32\drivers
2014-07-09 20:48:08 ----D---- C:\Windows\system32\cs-CZ
2014-07-09 20:48:05 ----SD---- C:\Windows\system32\CompatTel
2014-07-09 20:26:14 ----D---- C:\Windows\system32\MRT
2014-07-09 20:24:32 ----A---- C:\Windows\system32\MRT.exe
2014-07-09 20:23:00 ----D---- C:\Users\Peter\AppData\Roaming\AIMP3
2014-07-09 04:43:46 ----D---- C:\Windows\system32\catroot
2014-07-09 04:43:45 ----D---- C:\Windows\system32\catroot2
2014-07-06 09:24:43 ----AD---- C:\Qoobox
2014-07-06 09:23:07 ----D---- C:\Windows
2014-07-06 09:23:07 ----A---- C:\Windows\system.ini
2014-07-06 09:22:58 ----D---- C:\Windows\system32\drivers\etc
2014-07-06 09:06:16 ----D---- C:\Windows\AppPatch
2014-07-05 22:21:51 ----RD---- C:\Users
2014-07-05 22:15:43 ----D---- C:\Program Files (x86)
2014-07-05 20:27:10 ----D---- C:\Program Files\Common Files
2014-07-05 01:08:12 ----D---- C:\Windows\Tasks
2014-07-05 01:08:12 ----D---- C:\Windows\system32\Tasks
2014-07-05 00:15:31 ----D---- C:\Windows\addins
2014-07-05 00:13:30 ----D---- C:\ProgramData\AppSnow
2014-07-04 22:13:22 ----D---- C:\ProgramData\4d66ec623310361d
2014-07-01 23:00:01 ----D---- C:\Users\Peter\AppData\Roaming\FileZilla
2014-06-29 04:48:25 ----D---- C:\Oslava života
2014-06-22 20:38:20 ----A---- C:\Windows\system32\aswBoot.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-06-22 49944]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-06-22 180632]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2009-04-17 44944]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-06-22 81768]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-06-22 777488]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-06-22 411680]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-06-22 24184]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-06-22 67824]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-06-22 68312]
R2 SmartDisk;SmartDisk; \??\C:\Program Files\SmartDiskMounter\sdfs.sys [2014-05-30 74392]
R3 amdiox86;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
R3 asmthub3;ASMedia USB3 Hub Service; C:\Windows\system32\DRIVERS\asmthub3.sys [2011-06-02 101352]
R3 asmtxhci;ASMEDIA XHCI Service; C:\Windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 317416]
R3 dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072]
R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2010-11-20 16384]
R3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2012-12-19 154040]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2011-08-23 414824]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2011-03-29 1804400]
S2 Parvdm;Parvdm; C:\Windows\system32\drivers\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW73.sys [2011-06-07 211984]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 catchme;catchme; \??\C:\Users\Peter\AppData\Local\Temp\catchme.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver; C:\Windows\system32\DRIVERS\silabenm.sys [2014-03-25 47176]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver; C:\Windows\system32\DRIVERS\silabser.sys [2014-03-25 63104]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUSB;WinUSB - Kernel Driver 06/18/2013 6.1.7600.16385; C:\Windows\system32\DRIVERS\WinUSB.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Abrosoft: Abrosoft FantaMorph update permissions manager. 12810.;Abrosoft: Abrosoft FantaMorph update permissions manager. 12810.; C:\Program Files\Abrosoft\FantaMorph5\FantaUp.exe [2010-11-18 224176]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-07-28 176128]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-28 291840]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-06-22 50344]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-10-07 345376]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-03-15 634144]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-10 189728]
R2 SmartDiskMounter;Smart Disk Mounter Service; C:\Program Files\SmartDiskMounter\sdfs.exe [2014-05-30 31896]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-03-14 383264]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service; C:\Windows\system32\viakaraokesrv.exe [2011-03-29 27760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe /svc []
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-03-15 1266464]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc []
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-10 136120]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-06-19 108032]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-12-05 119408]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-11-01 1343400]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

Napiste mi velikost adresare plochy (C:\Users\Peter\Desktop)

Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne

Znovu spustte OTL jako spravce
Do spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[Purity]
[CreateRestorePoint]

:services
AdobeARMservice
gupdate
gupdatem
gusvc

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\p3burv9g.default\searchplugins\yahoo_ff.xml
C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\p3burv9g.default\extensions\ascsurfingprotection@iobit.com

:otl
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\..\SearchScopes\{D56751BC-A89F-450B-823C-8D6D0FF74265}: "URL" = https://search.yahoo.com/search?fr=chr- ... =198484&p={searchTerms}
FF - prefs.js..browser.search.useDBForOrder: "false"
[2014.07.05 00:18:57 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\p3burv9g.default\extensions\ascsurfingprotection@iobit.com
[2014.07.04 22:55:56 | 000,000,794 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\p3burv9g.default\searchplugins\yahoo_ff.xml
File not found (No name found) -- C:\PROGRAM FILES\IOBIT APPS TOOLBAR\FF
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[4 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[2 C:\Windows\temp\*.tmp files -> C:\Windows\temp\*.tmp -> ]
[2013.01.15 18:47:04 | 001,088,320 | ---- | M] () -- \Program Files (x86)\IObit\Advanced SystemCare 6\ActionCenterDownloader.exe

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIMProbíhá stahování aktualizace...1338924290338]

Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

plocha ma 72,7MB

Peter-turb píše:plocha ma 72,7MB

OK, to je v poradku

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Anetka
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest

User: HomeGroupUser$

User: Peter
->Temp folder emptied: 14318493 bytes
->Temporary Internet Files folder emptied: 56450124 bytes
->Java cache emptied: 184224 bytes
->FireFox cache emptied: 3833305 bytes
->Google Chrome cache emptied: 259386688 bytes
->Flash cache emptied: 687 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1319519 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3563510 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 323,00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Anetka

User: Default

User: Default User

User: Guest

User: HomeGroupUser$

User: Peter
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point
========== SERVICES/DRIVERS ==========
Service AdobeARMservice stopped successfully!
Service AdobeARMservice deleted successfully!
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
Service gusvc stopped successfully!
Service gusvc deleted successfully!
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\p3burv9g.default\searchplugins\yahoo_ff.xml moved successfully.
C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\p3burv9g.default\extensions\ascsurfingprotection@iobit.com\chrome\content folder moved successfully.
C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\p3burv9g.default\extensions\ascsurfingprotection@iobit.com\chrome folder moved successfully.
C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\p3burv9g.default\extensions\ascsurfingprotection@iobit.com folder moved successfully.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D56751BC-A89F-450B-823C-8D6D0FF74265}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D56751BC-A89F-450B-823C-8D6D0FF74265}\ not found.
Prefs.js: "false" removed from browser.search.useDBForOrder
Folder C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\p3burv9g.default\extensions\ascsurfingprotection@iobit.com\ not found.
File C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\p3burv9g.default\searchplugins\yahoo_ff.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5744.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5E64.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7C7F.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8545.tmp folder deleted successfully.
File move failed. \Program Files (x86)\IObit\Advanced SystemCare 6\ActionCenterDownloader.exe scheduled to be moved on reboot.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIMProbíhá stahování aktualizace...1338924290338\ deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 07202014_111832

Files\Folders moved on Reboot...
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File move failed. \Program Files (x86)\IObit\Advanced SystemCare 6\ActionCenterDownloader.exe scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

Prejmenujte ComboFix na Uninstall a spustte ho. CF by se mel odinstalovat.

vyosek píše: T-Cleaner http://tharifas.sweb.cz/T-Cleaner.exe
Stahnete a spustte

Pro potvrzeni volby mackejte A, Enter

Po pouziti utilitu smazte

Antiviry mohou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

Stahnete OTC http://oldtimer.geekstogo.com/OTC.exe , ulozte a spustte.
Kliknete na napis CleanUp a pote OK - Po uklidu dojde k restartu pc.

Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.

Pak napiste, jak je na tom pc.

Moc děkuji za pomoc. Vše se zdá byt OK .

VIRY.CZ

prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu