Antivirus hlásí virus v podobě kódu slabiny Windows

[Márty84]

Napiste mi velikost adresare plochy (C:\Users\Eva\Desktop)




Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne
Znovu spustte OTL jako spravce
Do spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[Purity]
[CreateRestorePoint]

:services
gupdate
gupdatem
gusvc

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
C:\ProgramData\Spybot - Search & Destroy
C:\Program Files (x86)\Spybot - Search & Destroy

:otl
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKU\S-1-5-21-3560963707-2696677170-1312837993-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-3560963707-2696677170-1312837993-1000\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
FF - prefs.js..browser.search.useDBForOrder: false
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2:64bit: - BHO: (no name) - {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (no name) - {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Reg Error: Value error.) - Locked - Reg Error: Value error. File not found
O3 - HKU\S-1-5-21-3560963707-2696677170-1312837993-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2013.09.16 19:06:36 | 000,000,000 | ---D | M] -- C:\Users\Eva\AppData\Roaming\ICQ Search
[2014.06.12 16:15:13 | 000,000,000 | ---D | M] -- C:\Users\Eva\AppData\Roaming\Yandex
[31 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[17 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[1 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\*.tmp files -> C:\Windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\93edcf9c560cc7da92b250a3fc13b771\*.tmp files -> C:\Windows\SoftwareDistribution\Download\93edcf9c560cc7da92b250a3fc13b771\*.tmp -> ]
[41 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]
[1 C:\Windows\Temp\_avast_\*.tmp files -> C:\Windows\Temp\_avast_\*.tmp -> ]
[1 C:\Windows\Temp\is-PJHG0.tmp\*.tmp files -> C:\Windows\Temp\is-PJHG0.tmp\*.tmp -> ]
@Alternate Data Stream - 6144 bytes -> C:\Windows\Cursors\arrow_n.cur:NEDTA.DAT

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5FEC983-01DB-414a-9456-AF95AC9ED7B5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5FEC983-01DB-414a-9456-AF95AC9ED7B5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=-
"{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Setwallpaper"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] /64
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
"SunJavaUpdateSched"=-

Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

[Vasek_S]

Nastavení jsem nechal jak bylo v předchozím scanu (zatrženo) Velikost plochy by měla být 4,36/4,39MB. V mezičase byl dále používán Word a při jeho pokusu o uložení opět Avast zahlásil stejný vir jako před tím. Poté jsem nastavil zmíněný script - LOG po následném proběhnutím daným scriptem:
All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Eva
->Temp folder emptied: 1935362245 bytes
->Temporary Internet Files folder emptied: 330416336 bytes
->Java cache emptied: 3763975 bytes
->Google Chrome cache emptied: 299295649 bytes
->Flash cache emptied: 2913 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1045460493 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43261654 bytes
RecycleBin emptied: 156489308 bytes

Total Files Cleaned = 3 637,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Eva
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point
========== SERVICES/DRIVERS ==========
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
Service gusvc stopped successfully!
Service gusvc deleted successfully!
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Recovery folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Logs folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy folder moved successfully.
C:\Program Files (x86)\Spybot - Search & Destroy folder moved successfully.
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_USERS\S-1-5-21-3560963707-2696677170-1312837993-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKEY_USERS\S-1-5-21-3560963707-2696677170-1312837993-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Prefs.js: false removed from browser.search.useDBForOrder
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5FEC983-01DB-414a-9456-AF95AC9ED7B5}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5FEC983-01DB-414a-9456-AF95AC9ED7B5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5FEC983-01DB-414a-9456-AF95AC9ED7B5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5FEC983-01DB-414a-9456-AF95AC9ED7B5}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.
File C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3560963707-2696677170-1312837993-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SPReview deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SPReview not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Users\Eva\AppData\Roaming\ICQ Search folder moved successfully.
C:\Users\Eva\AppData\Roaming\Yandex folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1BEF.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2480.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP278F.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2C4E.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP312D.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP39A6.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP53A2.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP545.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP582.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5BE5.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9693.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E33.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA341.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA940.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPAA74.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPAE0C.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB0E7.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB4ED.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB60D.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPBDA5.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPBDD3.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC055.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC61C.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD4E6.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD944.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEB38.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEB68.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF171.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF911.tmp\System.Windows.Forms.dll deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF911.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPFB7E.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP166F.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP173A.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP2201.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP2962.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP3F24.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP5CB2.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPA767.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPA998.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPAF61.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPC03.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPD51A.tmp\System.ServiceModel.dll deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPD51A.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPDB03.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE198.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE3CB.tmp\ehiBmlDataCarousel.dll deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE3CB.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE62C.tmp folder deleted successfully.
C:\Windows\Installer\MSI9C1E.tmp deleted successfully.
C:\Windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\wltCBB8.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\93edcf9c560cc7da92b250a3fc13b771\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\93edcf9c560cc7da92b250a3fc13b771\$dpx$.tmp folder deleted successfully.
ADS C:\Windows\Cursors\arrow_n.cur:NEDTA.DAT deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5FEC983-01DB-414a-9456-AF95AC9ED7B5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5FEC983-01DB-414a-9456-AF95AC9ED7B5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5FEC983-01DB-414a-9456-AF95AC9ED7B5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5FEC983-01DB-414a-9456-AF95AC9ED7B5}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Setwallpaper not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 11172014_152020

Files\Folders moved on Reboot...
File move failed. C:\Users\Eva\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\63547c51a55c7182c5c77fb521826c6c_fce8395f8fd8a80a_6229ccd76215aea1_0_0.bin scheduled to be moved on reboot.
File move failed. C:\Users\Eva\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\63547c51a55c7182c5c77fb521826c6c_fce8395f8fd8a80a_6229ccd76215aea1_0_0.toc scheduled to be moved on reboot.
C:\Users\Eva\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Eva\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{3E028DDD-4999-4B16-B191-6ED9A3E1B884}.tmp moved successfully.
C:\Users\Eva\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{1E4A15ED-C8FE-496D-8529-25F7F2DBA9F3}.tmp moved successfully.
C:\Users\Eva\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{3BB9245D-348D-47B3-A92E-1383EBE58872}.tmp moved successfully.
C:\Users\Eva\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{5FEC5AAF-C9DD-4E29-9CB9-17035B4EC2C3}.tmp moved successfully.
C:\Users\Eva\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{6DB390FC-2359-4B29-9FC3-C64AA82D68B6}.tmp moved successfully.
C:\Users\Eva\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[Márty84]

Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

[Vasek_S]

Žádný restart log:

ComboFix 14-11-15.01 - Eva 17.11.2014 15:56:37.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3071.1720 [GMT 1:00]
Spuštěný z: c:\users\Eva\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru.json
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\app.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\aboutSupport.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\addonfs.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\addonmgr.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\addonStatus.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\backgroundImages.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\backup.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\barnavig.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\blacklist.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\bookmarks.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\branding.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\clids.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\cloudsource.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\colors.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\databaseMigration.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\dataprovider.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\fastdial.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\favicons.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\frontendHelper.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\installer.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\internalStructure.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\layout.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\metrika.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\migration.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\migration\install.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\migration\l-2_0.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\migration\l-2_3.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\migration\l-2_9.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\package.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\protocolSupport.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\safebrowsing.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\searchExample.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\searchSuggest.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\strbundle.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\sync.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\syncPinned.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\syncTopHistory.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\thumbs.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\usageHistory.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\workers\barnavig.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\cbapp\parts\ycookie.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\components\core.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\config.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\defaults\preferences\yandex-vb.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\defaults\vendor\vendor.xml
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\chrome.manifest
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\chrome\yandex-vb.jar
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\install.rdf
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\AddonManager.jsm
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\DataURI.jsm
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\Foundation.jsm
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\foundation\async.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\foundation\database.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\foundation\ecustom.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\foundation\fileutils.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\foundation\misc.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\foundation\netutils.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\foundation\patterns.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\foundation\promise.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\foundation\strutils.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\foundation\sysutils.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\foundation\task.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\foundation\xmlutils.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\Log4Moz.jsm
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\Preferences.jsm
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\SimpleHTMLParser.jsm
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\SimpleProtocol.jsm
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\Stemmer.jsm
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\WindowListener.jsm
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\vb@yandex.ru\modules\WinReg.jsm
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru.json
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\bar.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\aboutSupport.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\addonfs.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\addonmgr.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\addonStatus.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\anonymousStatistic.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\autoinst.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\barnavig.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\brand_prov.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\branding.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\browserUsage.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\clids.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\compsusage.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\defender.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\distribution.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\incoming.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\installer.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\migration.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\migration\install.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\migration\l-5_2_0.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\migration\l-6_4_0.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\migration\l-7_0_0.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\migration\l-7_6_0.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\migration\l-7_8_0.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\migration\l-7_8_1.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\migration\l-8_0_0.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\migration\l-8_1_0.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\native\barplugin.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\native\brandsvc.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\native\compapi.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\native\ncparser.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\native\npwidget.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\native\sliceapi.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\native_comps.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\notifications.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\overlay_prov.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\pacman.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\platform.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\platform\cachedres.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\platform\manifest.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\platform\package.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\platform\permissions.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\platform\preset-with-manifest.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\platform\preset.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\platform\unit.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\slices.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\strbundle.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\update.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\vendorCookie.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\widgetlib.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\workers\barnavig.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\ui\behaviour.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\ui\behaviour\action.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\ui\behaviour\attribute.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\ui\behaviour\button.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\ui\behaviour\computed.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\ui\behaviour\enabled.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\ui\behaviour\extra-text.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\ui\behaviour\grid.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\ui\behaviour\checkbox.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\ui\behaviour\checked.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\ui\behaviour\image.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\ui\behaviour\menu.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\ui\behaviour\style.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\ui\behaviour\text.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\ui\behaviour\tooltip.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\ui\behaviour\url.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\ui\behaviour\widget.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\ui\behaviour\xml.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\ui\elements.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\ui\event-listener.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\xbbase.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\xbcalcnodes.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\xbfuncs.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\xbparser.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\xbtypes.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\xbui.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\xb\xbwidget.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\cbapp\parts\ycookie.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\components\core.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\components\nsIYaSearch.xpt
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\components\nsSearchSuggestions.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\components\nsYaSearch.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\components\xbProtocol.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\config.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\defaults\dynamic-preferences\brand\ua\safebrowsing.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\defaults\dynamic-preferences\safebrowsing.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\defaults\preferences\yasearch.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\defaults\presets\http%3A%2F%2Fbar.yandex.ru%2Fpresets%2Fdefault-partner.xml
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\defaults\presets\http%3A%2F%2Fbar.yandex.ru%2Fpresets%2Fdefault.xml
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\defaults\presets\http%3A%2F%2Fbar.yandex.ru%2Fpresets%2Ftb.xml
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\defaults\presets\http%3A%2F%2Fbar.yandex.ru%2Fpresets%2Fua.xml
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\defaults\vendor\vendor.xml
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\chrome.manifest
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\chrome\yasearch.jar
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\install.rdf
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\AddonManager.jsm
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\DataURI.jsm
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\Foundation.jsm
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\async.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\database.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\dlqueue.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\ecustom.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\fileutils.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\legacy.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\misc.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\netutils.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\patterns.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\promise.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\strutils.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\sysutils.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\task.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\foundation\xmlutils.js
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\Log4Moz.jsm
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\Preferences.jsm
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\SimpleHTMLParser.jsm
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\SimpleProtocol.jsm
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\Stemmer.jsm
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\WindowListener.jsm
c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\yasearch@yandex.ru\modules\WinReg.jsm
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-10-17 do 2014-11-17 )))))))))))))))))))))))))))))))
.
.
2014-11-17 15:04 . 2014-11-17 15:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-17 15:03 . 2014-11-17 15:03 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6391CA21-EFA8-44F3-9B5C-DE065E1A96EA}\offreg.dll
2014-11-17 14:20 . 2014-11-17 14:20 -------- d-----w- C:\_OTL
2014-11-17 12:49 . 2014-11-17 12:49 512 ----a-w- C:\PhysicalMBR.bin
2014-11-17 09:45 . 2014-11-17 09:48 -------- d-----w- C:\AdwCleaner
2014-11-17 09:11 . 2014-11-17 14:30 -------- d-----w- c:\program files\trend micro
2014-11-17 09:11 . 2014-11-17 09:21 -------- d-----w- C:\rsit
2014-11-16 09:56 . 2014-11-16 09:56 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-11-16 09:55 . 2014-11-16 09:55 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-16 09:19 . 2014-11-17 10:08 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-16 09:19 . 2014-10-01 10:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-16 09:19 . 2014-10-01 10:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-16 09:19 . 2014-11-16 09:19 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-11-16 09:19 . 2014-11-16 09:19 -------- d-----w- c:\programdata\Malwarebytes
2014-11-16 09:19 . 2014-10-01 10:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-16 09:14 . 2014-10-20 01:37 11627712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6391CA21-EFA8-44F3-9B5C-DE065E1A96EA}\mpengine.dll
2014-11-16 08:48 . 2014-11-16 08:48 364512 ----a-w- c:\windows\system32\aswBoot.exe
2014-11-16 08:48 . 2014-11-16 08:48 43152 ----a-w- c:\windows\avastSS.scr
2014-11-13 08:05 . 2014-11-05 17:56 304640 ----a-w- c:\windows\system32\generaltel.dll
2014-11-13 08:05 . 2014-11-05 17:56 228864 ----a-w- c:\windows\system32\aepdu.dll
2014-11-13 08:05 . 2014-11-05 17:52 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-11-13 08:05 . 2014-10-14 02:16 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-11-13 08:05 . 2014-10-14 02:13 683520 ----a-w- c:\windows\system32\termsrv.dll
2014-11-13 08:05 . 2014-10-14 02:12 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-11-13 08:05 . 2014-10-14 02:07 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-11-13 08:05 . 2014-10-14 01:46 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
2014-11-13 08:05 . 2014-10-14 02:09 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-11-13 08:05 . 2014-10-14 01:50 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-11-13 08:05 . 2014-10-14 01:49 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-11-13 08:05 . 2014-10-14 01:47 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2014-11-13 08:03 . 2014-10-25 01:57 77824 ----a-w- c:\windows\system32\packager.dll
2014-11-13 08:03 . 2014-10-25 01:32 67584 ----a-w- c:\windows\SysWow64\packager.dll
2014-11-13 08:03 . 2014-10-10 00:57 3198976 ----a-w- c:\windows\system32\win32k.sys
2014-11-13 08:03 . 2014-10-14 02:13 3241984 ----a-w- c:\windows\system32\msi.dll
2014-11-13 08:03 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-11-13 08:03 . 2014-10-18 02:05 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-13 08:03 . 2014-10-18 01:33 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-10-30 17:28 . 2014-10-30 17:28 -------- d-----w- c:\users\Eva\AppData\Roaming\reaConverter7
2014-10-30 17:27 . 2014-11-16 21:47 -------- d-----w- c:\program files (x86)\reaConverter 7 Standard
2014-10-30 17:27 . 2014-10-30 17:27 -------- d-----w- c:\programdata\reaConverter7
2014-10-23 18:48 . 2014-10-23 18:48 -------- d-----w- c:\users\Eva\AppData\Roaming\NVIDIA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-16 08:48 . 2014-03-25 18:56 116728 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-11-16 08:48 . 2014-05-02 16:47 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-11-16 08:48 . 2013-09-16 12:45 436624 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-11-16 08:48 . 2013-09-16 12:45 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-11-16 08:48 . 2013-09-16 12:45 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-11-16 08:48 . 2013-09-16 12:45 83280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-11-16 08:48 . 2013-09-16 12:45 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-11-16 08:47 . 2013-09-16 12:45 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-13 21:59 . 2013-09-16 15:03 103374192 ----a-w- c:\windows\system32\MRT.exe
2014-11-04 13:30 . 2014-07-03 16:06 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-09-25 02:08 . 2014-10-01 17:06 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 17:06 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-19 09:23 . 2014-11-13 08:04 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2014-09-09 22:11 . 2014-09-24 15:08 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-24 15:08 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-09-04 05:23 . 2014-10-15 14:56 424448 ----a-w- c:\windows\system32\rastls.dll
2014-09-04 05:04 . 2014-10-15 14:56 372736 ----a-w- c:\windows\SysWow64\rastls.dll
2014-08-23 02:07 . 2014-08-28 15:40 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 15:40 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Syncables"="c:\program files (x86)\syncables\syncables desktop\Syncables.exe" [2010-04-05 370480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-09-17 2429]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2009-08-20 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-11-16 5225064]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe /f=srs_premium_sound_nopreset.zip /h [2010-9-17 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run;c:\windows\SYSNATIVE\hasplms.exe -run [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-28 08:45 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-16 08:48 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-07-25 1283136]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
AddRemove-{1B9604EE-B104-45C8-8551-5F63BA631E23} - c:\programdata\{E0A9340B-C01B-42C1-9910-C307D7BE4756}\WeatherBugSetup.exe
AddRemove-Free File Viewer Free Download Packages - c:\users\Eva\AppData\Roaming\0F1L1I1PtF1F1C1N\Free File Viewer Free Download Packages\uninstaller.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3560963707-2696677170-1312837993-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C312D1C0-81E9-8EE3-3CD5-8B3EF5E022CE}*]
"eabppkgoha"=hex:66,61,6c,61,6f,63,61,68,66,65,67,6b,00,00
"dagpgldo"=hex:64,62,64,62,66,69,62,6f,61,6e,6c,69,61,6d,62,68,68,6c,63,61,6c,
6f,6b,66,61,65,63,6b,66,69,62,70,70,67,63,6e,6b,65,70,6b,00,00
"iajpdeiajogppeniid"=hex:6b,61,6f,65,6b,6b,6c,65,65,68,6a,64,6f,6c,65,6e,67,61,
68,6c,6e,66,00,00
"hadbfgahajmfonhb"=hex:6b,61,6f,65,6b,6b,6c,65,65,68,6a,64,6f,6c,65,6e,67,61,
68,6c,6e,66,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-11-17 16:07:53
ComboFix-quarantined-files.txt 2014-11-17 15:07
.
Před spuštěním: Volných bajtů: 21 561 610 240
Po spuštění: Volných bajtů: 20 882 989 056
.
- - End Of File - - A9A6FD4A753E735F127F8B6D28232A1C
A36C5E4F47E84449FF07ED3517B43A31

[Márty84]

Vypnete trvale Windows Defender.


Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

KillAll::

Regnull::
[HKEY_USERS\S-1-5-21-3560963707-2696677170-1312837993-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C312D1C0-81E9-8EE3-3CD5-8B3EF5E022CE}*]

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

[Vasek_S]

Postupoval jsem přesně dle návodu. Spustil se stejný test co před tím + restart. Předpokládám, že je to v pořádku.

ComboFix 14-11-15.01 - Eva 17.11.2014 16:40:48.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3071.850 [GMT 1:00]
Spuštěný z: c:\users\Eva\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Eva\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-10-17 do 2014-11-17 )))))))))))))))))))))))))))))))
.
.
2014-11-17 14:20 . 2014-11-17 14:20 -------- d-----w- C:\_OTL
2014-11-17 12:49 . 2014-11-17 12:49 512 ----a-w- C:\PhysicalMBR.bin
2014-11-17 09:45 . 2014-11-17 09:48 -------- d-----w- C:\AdwCleaner
2014-11-17 09:11 . 2014-11-17 14:30 -------- d-----w- c:\program files\trend micro
2014-11-17 09:11 . 2014-11-17 09:21 -------- d-----w- C:\rsit
2014-11-16 09:56 . 2014-11-16 09:56 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-11-16 09:55 . 2014-11-16 09:55 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-16 09:19 . 2014-11-17 10:08 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-16 09:19 . 2014-10-01 10:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-16 09:19 . 2014-10-01 10:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-16 09:19 . 2014-11-16 09:19 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-11-16 09:19 . 2014-11-16 09:19 -------- d-----w- c:\programdata\Malwarebytes
2014-11-16 09:19 . 2014-10-01 10:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-16 09:14 . 2014-10-20 01:37 11627712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6391CA21-EFA8-44F3-9B5C-DE065E1A96EA}\mpengine.dll
2014-11-16 08:48 . 2014-11-16 08:48 364512 ----a-w- c:\windows\system32\aswBoot.exe
2014-11-16 08:48 . 2014-11-16 08:48 43152 ----a-w- c:\windows\avastSS.scr
2014-11-13 08:05 . 2014-11-05 17:56 304640 ----a-w- c:\windows\system32\generaltel.dll
2014-11-13 08:05 . 2014-11-05 17:56 228864 ----a-w- c:\windows\system32\aepdu.dll
2014-11-13 08:05 . 2014-11-05 17:52 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-11-13 08:05 . 2014-10-14 02:16 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-11-13 08:05 . 2014-10-14 02:13 683520 ----a-w- c:\windows\system32\termsrv.dll
2014-11-13 08:05 . 2014-10-14 02:12 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-11-13 08:05 . 2014-10-14 02:07 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-11-13 08:05 . 2014-10-14 01:46 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
2014-11-13 08:05 . 2014-10-14 02:09 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-11-13 08:05 . 2014-10-14 01:50 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-11-13 08:05 . 2014-10-14 01:49 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-11-13 08:05 . 2014-10-14 01:47 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2014-11-13 08:03 . 2014-10-25 01:57 77824 ----a-w- c:\windows\system32\packager.dll
2014-11-13 08:03 . 2014-10-25 01:32 67584 ----a-w- c:\windows\SysWow64\packager.dll
2014-11-13 08:03 . 2014-10-10 00:57 3198976 ----a-w- c:\windows\system32\win32k.sys
2014-11-13 08:03 . 2014-10-14 02:13 3241984 ----a-w- c:\windows\system32\msi.dll
2014-11-13 08:03 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-11-13 08:03 . 2014-10-18 02:05 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-13 08:03 . 2014-10-18 01:33 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-10-30 17:28 . 2014-10-30 17:28 -------- d-----w- c:\users\Eva\AppData\Roaming\reaConverter7
2014-10-30 17:27 . 2014-11-16 21:47 -------- d-----w- c:\program files (x86)\reaConverter 7 Standard
2014-10-30 17:27 . 2014-10-30 17:27 -------- d-----w- c:\programdata\reaConverter7
2014-10-23 18:48 . 2014-10-23 18:48 -------- d-----w- c:\users\Eva\AppData\Roaming\NVIDIA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-16 08:48 . 2014-03-25 18:56 116728 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-11-16 08:48 . 2014-05-02 16:47 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-11-16 08:48 . 2013-09-16 12:45 436624 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-11-16 08:48 . 2013-09-16 12:45 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-11-16 08:48 . 2013-09-16 12:45 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-11-16 08:48 . 2013-09-16 12:45 83280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-11-16 08:48 . 2013-09-16 12:45 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-11-16 08:47 . 2013-09-16 12:45 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-13 21:59 . 2013-09-16 15:03 103374192 ----a-w- c:\windows\system32\MRT.exe
2014-11-04 13:30 . 2014-07-03 16:06 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-09-25 02:08 . 2014-10-01 17:06 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 17:06 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-19 09:23 . 2014-11-13 08:04 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2014-09-09 22:11 . 2014-09-24 15:08 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-24 15:08 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-09-04 05:23 . 2014-10-15 14:56 424448 ----a-w- c:\windows\system32\rastls.dll
2014-09-04 05:04 . 2014-10-15 14:56 372736 ----a-w- c:\windows\SysWow64\rastls.dll
2014-08-23 02:07 . 2014-08-28 15:40 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 15:40 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Syncables"="c:\program files (x86)\syncables\syncables desktop\Syncables.exe" [2010-04-05 370480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-09-17 2429]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2009-08-20 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-11-16 5225064]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe /f=srs_premium_sound_nopreset.zip /h [2010-9-17 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run;c:\windows\SYSNATIVE\hasplms.exe -run [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-28 08:45 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-16 08:48 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"Setwallpaper"="c:\programdata\SetWallpaper.cmd" [BU]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-07-25 1283136]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
AddRemove-{1B9604EE-B104-45C8-8551-5F63BA631E23} - c:\programdata\{E0A9340B-C01B-42C1-9910-C307D7BE4756}\WeatherBugSetup.exe
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\windows\system32\hasplms.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
.
**************************************************************************
.
Celkový čas: 2014-11-17 16:54:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-11-17 15:54
ComboFix2.txt 2014-11-17 15:07
.
Před spuštěním: Volných bajtů: 20 835 934 208
Po spuštění: Volných bajtů: 20 522 913 792
.
- - End Of File - - BEA3F0406871D4B3E5AF5BCB59D0A633
A36C5E4F47E84449FF07ED3517B43A31

[Márty84]

Postupoval jsem přesně dle návodu. Spustil se stejný test co před tím + restart. Předpokládám, že je to v pořádku.

Ano, presne tak to melo byt. Probehl novy test + program vykonal prikazy, co jsem mu zadal.



Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

Prejmenujte ComboFix na Uninstall a spustte ho. CF by se mel odinstalovat.

T-Cleaner http://tharifas.sweb.cz/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry mohou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

Stahnete OTC http://oldtimer.geekstogo.com/OTC.exe , ulozte a spustte.
Kliknete na napis CleanUp a pote OK - Po uklidu dojde k restartu pc.

Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




Pak napiste, jak je na tom pc.

[Vasek_S]

PC se zdá být rychlejší, s tím hlášením AVASTU ještě uvidíme Mockrát děkuji za pomoc. Je možné nějak identifikovat co vlastně dělalo ty problémy? Jinak tedy předpokládám, že je PC čisté

Měl bych k Vám ještě prosbu ohledně PC ze kterého jsem vše psal. Občas jsme si vyměňovali soubory s tím o které se v tomto vlákně jedná. Jen tak pro zajímavost jsem si spustil test AdwCleaneru a našel mi pár věcí (neodstraňoval jsem je). Mohl byste se prosím podívat do tohoto RSIT logu jestli tam je nějaká havěť? Pokud to není možné, tak se omlouvám... A ještě jednou Vám moc děkuji!!

Přikládám oba logy


Adwcleaner:

# AdwCleaner v4.101 - Report created 17/11/2014 at 11:24:49
# Updated 09/11/2014 by Xplode
# Database : 2014-11-16.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Venca - STORMBRIGER-PC
# Running from : C:\Users\Venca\Desktop\adwcleaner_4.101.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Venca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Found : C:\Users\Venca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
Folder Found : C:\Program Files (x86)\eSupport.com
Folder Found : C:\Users\Venca\AppData\Local\eSupport.com
Folder Found : C:\Users\Venca\AppData\Roaming\pdfforge

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\eSupport.com
Key Found : HKCU\Software\Myfree Codec
Key Found : [x64] HKCU\Software\eSupport.com
Key Found : [x64] HKCU\Software\Myfree Codec
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Myfree Codec
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [2082 octets] - [17/11/2014 11:24:49]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2142 octets] ##########



RSIT log

Logfile of random's system information tool 1.10 (written by random/random)
Run by Venca at 2014-11-17 17:25:46
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 234 GB (50%) free of 465 GB
Total RAM: 3838 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:26:06, on 17.11.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17420)
Boot mode: Normal

Running processes:
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Users\Venca\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Venca\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Venca\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\SpeedFan\speedfan.exe
C:\Users\Venca\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Venca\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Venca\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Venca\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Venca\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Venca\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Venca.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (file missing)
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (file missing)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [Google Update] "C:\Users\Venca\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files (x86)\Common Files\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B20\win_b64\code\bin\CATSysDemon.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Avid Technology, Inc.. - C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService64 - Unknown owner - C:\Program Files\Avid\Pro Tools\digisptiservice64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FreemakeVideoCapture - Ellora Assets Corp. - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9256 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\Program Files\Dassault Systemes\B20\win_b64\code\bin\CATSysDemon.exe" -service
"C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe" -s
"C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe"
"C:\Windows\System32\M-AudioTaskBarIcon.exe"
"C:\Windows\PLFSetI.exe"
"C:\Program Files (x86)\Samsung\Kies\Kies.exe" /preload
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files\Acer\Acer Updater\UpdaterService.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 1936
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Users\Venca\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Venca\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="1772.0.919105284\1311531670" --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,16 --disable-accelerated-video-decode --gpu-vendor-id=0x1002 --gpu-device-id=0x9712 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=8.970.100.1100 --ignored=" --type=renderer " /prefetch:822062411
"C:\Users\Venca\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/BrowserBlacklist/Enabled/DomRel-Enable/control/EmbeddedSearch/Group1 pct:10a stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/ControlBootstrap/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SDCH/EnabledAll/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-1-Percent/group_94/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --extension-process --enable-webrtc-hw-h264-encoding --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --disable-accelerated-video-decode --channel="1772.3.1347595292\41438173" /prefetch:673131151
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Windows\system32\wuauclt.exe"
"C:\Program Files (x86)\SpeedFan\speedfan.exe"
"C:\Windows\system32\NOTEPAD.EXE" C:\AdwCleaner\AdwCleaner[R0].txt
"C:\Users\Venca\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/BrowserBlacklist/Enabled/DomRel-Enable/control/EmbeddedSearch/Group1 pct:10a stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/ControlBootstrap/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SDCH/EnabledAll/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-1-Percent/group_94/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --disable-accelerated-video-decode --channel="1772.72.1041078017\289647426" /prefetch:673131151
"C:\Users\Venca\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/BrowserBlacklist/Enabled/DomRel-Enable/control/EmbeddedSearch/Group1 pct:10a stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/ControlBootstrap/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SDCH/EnabledAll/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-1-Percent/group_94/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --disable-accelerated-video-decode --channel="1772.83.827858595\1414938981" /prefetch:673131151
"C:\Users\Venca\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/BrowserBlacklist/Enabled/DomRel-Enable/control/EmbeddedSearch/Group1 pct:10a stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/ControlBootstrap/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SDCH/EnabledAll/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-1-Percent/group_94/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --disable-accelerated-video-decode --channel="1772.85.836915046\1493117347" /prefetch:673131151
"C:\Users\Venca\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/BrowserBlacklist/Enabled/DomRel-Enable/control/EmbeddedSearch/Group1 pct:10a stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/ControlBootstrap/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SDCH/EnabledAll/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-1-Percent/group_94/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --disable-accelerated-video-decode --channel="1772.89.1088262212\874026236" /prefetch:673131151

"C:\Users\Venca\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/BrowserBlacklist/Enabled/DomRel-Enable/control/EmbeddedSearch/Group1 pct:10a stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/ControlBootstrap/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SDCH/EnabledAll/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-1-Percent/group_94/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --disable-accelerated-video-decode --channel="1772.93.423098499\344570451" /prefetch:673131151
"C:\Users\Venca\AppData\Local\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="1772.95.174415381\988966049" --ppapi-flash-args=enable_hw_video_decode=1 --lang=cs --ignored=" --type=renderer " /prefetch:-632637702
"C:\Users\Venca\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1101762115-1356681713-117081159-1000Core.job - C:\Users\Venca\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1101762115-1356681713-117081159-1000UA.job - C:\Users\Venca\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-07-09 612248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08 77424]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení k účtu Microsoft - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"M-Audio Taskbar Icon"=C:\Windows\system32\M-AudioTaskBarIcon.exe [2009-10-02 798216]
"PLFSetI"=C:\Windows\PLFSetI.exe [2008-07-29 200704]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Venca\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-23 116648]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-10-28 3675352]
"KiesPreload"=C:\Program Files (x86)\Samsung\Kies\Kies.exe [2013-04-23 1561968]
"KiesAirMessage"=C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup []
""=C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2013-04-23 844144]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2013-05-08 41056]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2013-04-30 642304]
"AMD AVT"=Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe aml []
"DigidesignMMERefresh"=C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [2010-06-24 77824]
"KiesTrayAgent"=C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [2013-04-23 311152]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-07-31 4085896]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Akcelerátor spuštění AutoCADu.lnk - C:\Program Files (x86)\Common Files\Autodesk Shared\acstart17.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - "C:\Windows\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2014-11-17 11:24:47 ----D---- C:\AdwCleaner
2014-11-17 11:01:55 ----D---- C:\rsit
2014-11-17 11:01:55 ----D---- C:\Program Files\trend micro
2014-11-12 21:47:56 ----A---- C:\Windows\system32\generaltel.dll
2014-11-12 21:47:56 ----A---- C:\Windows\system32\aepdu.dll
2014-11-12 21:47:56 ----A---- C:\Windows\system32\aeinv.dll
2014-11-12 21:47:52 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2014-11-12 21:47:52 ----A---- C:\Windows\system32\termsrv.dll
2014-11-12 21:47:52 ----A---- C:\Windows\system32\lsasrv.dll
2014-11-12 21:47:52 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2014-11-12 21:47:52 ----A---- C:\Windows\system32\adtschema.dll
2014-11-12 21:47:51 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2014-11-12 21:47:51 ----A---- C:\Windows\system32\msaudite.dll
2014-11-12 21:47:50 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2014-11-12 21:47:50 ----A---- C:\Windows\SYSWOW64\secur32.dll
2014-11-12 21:47:40 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-11-12 21:47:40 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-11-12 21:47:40 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-11-12 21:47:40 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-11-12 21:47:40 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-11-12 21:47:39 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-11-12 21:47:39 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-11-12 21:47:39 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-11-12 21:47:39 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2014-11-12 21:47:39 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-11-12 21:47:39 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 21:47:39 ----A---- C:\Windows\system32\iernonce.dll
2014-11-12 21:47:39 ----A---- C:\Windows\system32\ie4uinit.exe
2014-11-12 21:47:38 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-11-12 21:47:36 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-11-12 21:47:36 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-11-12 21:47:35 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-11-12 21:47:35 ----A---- C:\Windows\system32\urlmon.dll
2014-11-12 21:47:35 ----A---- C:\Windows\system32\iedkcs32.dll
2014-11-12 21:47:34 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-11-12 21:47:34 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-11-12 21:47:34 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-11-12 21:47:34 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 21:47:34 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 21:47:33 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-11-12 21:47:33 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-11-12 21:47:33 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-11-12 21:47:33 ----A---- C:\Windows\system32\msfeeds.dll
2014-11-12 21:47:33 ----A---- C:\Windows\system32\dxtrans.dll
2014-11-12 21:47:32 ----A---- C:\Windows\system32\iesetup.dll
2014-11-12 21:47:32 ----A---- C:\Windows\system32\ieapfltr.dll
2014-11-12 21:47:31 ----A---- C:\Windows\system32\iertutil.dll
2014-11-12 21:47:30 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2014-11-12 21:47:29 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-11-12 21:47:29 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-11-12 21:47:29 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-11-12 21:47:29 ----A---- C:\Windows\system32\jsproxy.dll
2014-11-12 21:47:29 ----A---- C:\Windows\system32\ieUnatt.exe
2014-11-12 21:47:28 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-11-12 21:47:28 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2014-11-12 21:47:28 ----A---- C:\Windows\system32\ieui.dll
2014-11-12 21:47:28 ----A---- C:\Windows\system32\dxtmsft.dll
2014-11-12 21:47:27 ----A---- C:\Windows\system32\ieframe.dll
2014-11-12 21:47:26 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-11-12 21:47:26 ----A---- C:\Windows\system32\mshtmled.dll
2014-11-12 21:47:26 ----A---- C:\Windows\system32\jscript9diag.dll
2014-11-12 21:47:26 ----A---- C:\Windows\system32\jscript9.dll
2014-11-12 21:47:25 ----A---- C:\Windows\system32\wininet.dll
2014-11-12 21:47:25 ----A---- C:\Windows\system32\vbscript.dll
2014-11-12 21:47:24 ----A---- C:\Windows\system32\msrating.dll
2014-11-12 21:47:24 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-11-12 21:47:23 ----A---- C:\Windows\system32\mshtml.dll
2014-11-12 21:46:54 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2014-11-12 21:46:54 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2014-11-12 21:46:54 ----A---- C:\Windows\system32\msxml3r.dll
2014-11-12 21:46:54 ----A---- C:\Windows\system32\msxml3.dll
2014-11-12 21:46:52 ----A---- C:\Windows\SYSWOW64\IMJP10K.DLL
2014-11-12 21:46:52 ----A---- C:\Windows\system32\IMJP10K.DLL
2014-11-12 21:46:37 ----A---- C:\Windows\system32\schannel.dll
2014-11-12 21:46:36 ----A---- C:\Windows\SYSWOW64\schannel.dll
2014-11-12 21:46:36 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2014-11-12 21:46:36 ----A---- C:\Windows\system32\ncrypt.dll
2014-11-12 21:46:35 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2014-11-12 21:46:35 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2014-11-12 21:46:35 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2014-11-12 21:46:35 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2014-11-12 21:46:35 ----A---- C:\Windows\SYSWOW64\credssp.dll
2014-11-12 21:46:35 ----A---- C:\Windows\system32\wdigest.dll
2014-11-12 21:46:35 ----A---- C:\Windows\system32\TSpkg.dll
2014-11-12 21:46:35 ----A---- C:\Windows\system32\msv1_0.dll
2014-11-12 21:46:35 ----A---- C:\Windows\system32\kerberos.dll
2014-11-12 21:46:35 ----A---- C:\Windows\system32\credssp.dll
2014-11-12 21:46:25 ----A---- C:\Windows\SYSWOW64\AUDIOKSE.dll
2014-11-12 21:46:25 ----A---- C:\Windows\system32\audiosrv.dll
2014-11-12 21:46:25 ----A---- C:\Windows\system32\AUDIOKSE.dll
2014-11-12 21:46:25 ----A---- C:\Windows\system32\AudioEng.dll
2014-11-12 21:46:24 ----A---- C:\Windows\SYSWOW64\AudioSes.dll
2014-11-12 21:46:24 ----A---- C:\Windows\SYSWOW64\AudioEng.dll
2014-11-12 21:46:24 ----A---- C:\Windows\system32\EncDump.dll
2014-11-12 21:46:24 ----A---- C:\Windows\system32\AudioSes.dll
2014-11-12 21:46:23 ----A---- C:\Windows\SYSWOW64\packager.dll
2014-11-12 21:46:23 ----A---- C:\Windows\system32\packager.dll
2014-11-12 21:46:22 ----A---- C:\Windows\system32\win32k.sys
2014-11-12 21:46:18 ----A---- C:\Windows\SYSWOW64\msi.dll
2014-11-12 21:46:18 ----A---- C:\Windows\system32\msi.dll
2014-11-12 21:46:14 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2014-11-12 21:46:14 ----A---- C:\Windows\system32\oleaut32.dll

======List of files/folders modified in the last 1 month======

2014-11-17 17:25:54 ----D---- C:\Windows\Temp
2014-11-17 11:35:43 ----D---- C:\Program Files (x86)\SpeedFan
2014-11-17 11:01:55 ----D---- C:\Program Files
2014-11-17 10:56:08 ----D---- C:\ProgramData\Spybot - Search & Destroy
2014-11-17 10:56:08 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy
2014-11-17 10:16:03 ----D---- C:\Windows\system32\config
2014-11-16 17:46:27 ----D---- C:\Users\Venca\AppData\Roaming\vlc
2014-11-16 17:11:46 ----D---- C:\Windows\System32
2014-11-16 17:11:46 ----D---- C:\Windows\inf
2014-11-16 17:11:46 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-11-16 11:37:52 ----RD---- C:\Program Files (x86)
2014-11-16 11:37:46 ----D---- C:\Windows\Tasks
2014-11-13 12:53:52 ----D---- C:\Windows\Microsoft.NET
2014-11-13 12:52:23 ----RSD---- C:\Windows\assembly
2014-11-13 01:26:14 ----D---- C:\Windows\winsxs
2014-11-13 01:23:17 ----SD---- C:\Windows\system32\CompatTel
2014-11-13 01:23:16 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-11-13 01:23:16 ----D---- C:\Windows\SysWOW64
2014-11-13 01:23:16 ----D---- C:\Windows\system32\cs-CZ
2014-11-13 01:23:15 ----D---- C:\Windows\system32\drivers
2014-11-13 01:23:15 ----D---- C:\Program Files\Internet Explorer
2014-11-13 01:23:14 ----D---- C:\Windows\SYSWOW64\en-US
2014-11-13 01:23:13 ----D---- C:\Windows\system32\en-US
2014-11-13 01:23:11 ----D---- C:\Program Files (x86)\Internet Explorer
2014-11-12 22:35:51 ----SHD---- C:\Windows\Installer
2014-11-12 22:35:48 ----D---- C:\ProgramData\Microsoft Help
2014-11-12 22:31:46 ----D---- C:\Windows\system32\MRT
2014-11-12 22:28:04 ----A---- C:\Windows\system32\MRT.exe
2014-11-12 22:26:47 ----SHD---- C:\System Volume Information
2014-11-12 21:45:00 ----D---- C:\Windows\system32\catroot2
2014-11-09 14:51:03 ----D---- C:\Users\Venca\AppData\Roaming\Digidesign
2014-11-09 14:48:09 ----ASD---- C:\ProgramData\Microsoft
2014-11-09 14:44:28 ----D---- C:\Windows\Minidump
2014-11-09 14:44:15 ----D---- C:\Windows
2014-10-28 16:36:05 ----HD---- C:\ProgramData
2014-10-28 06:34:58 ----N---- C:\Windows\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-07-09 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-07-09 224896]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2012-12-29 28664]
R0 Tpkd;Tpkd; C:\Windows\system32\drivers\Tpkd.sys [2009-12-23 105592]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-07-09 93568]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-07-09 1041168]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-07-09 427360]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-11-23 283064]
R1 LUMDriver;LUMDriver; \??\C:\Windows\system32\drivers\LUMDriver.sys [2008-01-02 24848]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 AODDriver4.1;AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-07-09 29208]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-07-09 79184]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-07-09 92008]
R2 DigiNet;Digidesign Ethernet Support; C:\Windows\system32\DRIVERS\diginet.sys [2013-09-12 23824]
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2011-02-11 35344]
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-04-30 11922944]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2013-04-30 359936]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-10-05 1542656]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
R3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys [2013-08-21 38080]
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2009-09-30 121872]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-04-30 11922944]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys []
S3 MAUSBFASTTRACK;Service for M-Audio FastTrack; C:\Windows\system32\DRIVERS\MAudioFastTrack.sys [2009-10-02 187912]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2013-08-21 169288]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2013-08-21 21320]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2013-08-21 188232]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2013-08-21 158024]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2013-04-30 238080]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-04-29 361984]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-07-09 50344]
R2 BBDemon;Backbone Service; C:\Program Files\Dassault Systemes\B20\win_b64\code\bin\CATSysDemon.exe [2009-09-26 46592]
R2 DigiRefresh;Digidesign MME Refresh Service; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [2010-06-24 77824]
R2 FreemakeVideoCapture;FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2013-11-21 9216]
R2 Live Updater Service;Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2012-04-05 255376]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2013-11-23 77944]
S3 digiSPTIService64;digiSPTIService64; C:\Program Files\Avid\Pro Tools\digisptiservice64.exe []
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-11-06 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-11-18 119408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-11-23 1255736]
S4 NetMsmqActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

[Márty84]

PC se zdá být rychlejší, s tím hlášením AVASTU ještě uvidíme Mockrát děkuji za pomoc. Je možné nějak identifikovat co vlastně dělalo ty problémy? Jinak tedy předpokládám, že je PC čisté

Tezko se zjistuje, co je presne je pricinou problemu. PC je cisty, ale pokud je problem v samotnem wordu, budou hlaseni pokracovat. Nemam to jak opravit. Snad mate nainstalovane vsechny aktualizace.


Priste zalozte na druhy pc nove tema. Plati, ze 1 tema = 1 pc. Jinak je v tom pak gulas.


Nalezy ADWCleaneru i vymazte

a taky

Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=29&t=137928 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

[Vasek_S]

Hotovo

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 18.11.2014
Scan Time: 17:27:59
Logfile: 12.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.18.05
Rootkit Database: v2014.11.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Venca

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 587063
Time Elapsed: 2 hr, 30 min, 30 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 3
PUP.Optional.OpenCandy, C:\ZA!loha doc\instalaÄ?ky\DTLite4481-0347.exe, , [75c86bd2502cd26424475f13f510c53b],
PUP.Optional.OpenCandy, C:\Users\Venca\Desktop\huba mA!\DESKTOP\shit\zaloha flash II\DTLite-setup.exe, , [4fee66d70a728ea82348f2803dc8fc04],
PUP.Optional.OpenCandy, C:\Users\Venca\Downloads\FreemakeVideoConverterSetup.exe, , [a39a9aa3d7a50a2c4233e740758cc63a],

Physical Sectors: 0
(No malicious items detected)


(end)

[Márty84]

Nalezy hodte do karanteny.

Dejte novy log z RSIT.

[Vasek_S]

Logfile of random's system information tool 1.10 (written by random/random)
Run by Venca at 2014-11-18 21:18:55
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 234 GB (50%) free of 465 GB
Total RAM: 3838 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:19:15, on 18.11.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17420)
Boot mode: Normal

Running processes:
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\trend micro\Venca.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (file missing)
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (file missing)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [Google Update] "C:\Users\Venca\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files (x86)\Common Files\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B20\win_b64\code\bin\CATSysDemon.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Avid Technology, Inc.. - C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService64 - Unknown owner - C:\Program Files\Avid\Pro Tools\digisptiservice64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FreemakeVideoCapture - Ellora Assets Corp. - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8744 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
taskeng.exe {BBA78B3F-6DE0-4C1D-98F4-DE5839734C67}
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\Program Files\Dassault Systemes\B20\win_b64\code\bin\CATSysDemon.exe" -service
"C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe" -s
"C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe"
"C:\Program Files\Acer\Acer Updater\UpdaterService.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2288
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\System32\M-AudioTaskBarIcon.exe"
"C:\Windows\PLFSetI.exe"
"C:\Program Files (x86)\Samsung\Kies\Kies.exe" /preload
"C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Users\Venca\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1101762115-1356681713-117081159-1000Core.job - C:\Users\Venca\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1101762115-1356681713-117081159-1000UA.job - C:\Users\Venca\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-07-09 612248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08 77424]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení k účtu Microsoft - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"M-Audio Taskbar Icon"=C:\Windows\system32\M-AudioTaskBarIcon.exe [2009-10-02 798216]
"PLFSetI"=C:\Windows\PLFSetI.exe [2008-07-29 200704]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Venca\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-23 116648]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-10-28 3675352]
"KiesPreload"=C:\Program Files (x86)\Samsung\Kies\Kies.exe [2013-04-23 1561968]
"KiesAirMessage"=C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup []
""=C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2013-04-23 844144]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2013-05-08 41056]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2013-04-30 642304]
"AMD AVT"=Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe aml []
"DigidesignMMERefresh"=C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [2010-06-24 77824]
"KiesTrayAgent"=C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [2013-04-23 311152]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-07-31 4085896]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Akcelerátor spuštění AutoCADu.lnk - C:\Program Files (x86)\Common Files\Autodesk Shared\acstart17.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - "C:\Windows\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2014-11-17 21:16:39 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-11-17 21:16:13 ----D---- C:\ProgramData\Malwarebytes
2014-11-17 21:16:13 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-17 21:16:13 ----A---- C:\Windows\system32\drivers\mwac.sys
2014-11-17 21:16:13 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2014-11-17 21:16:13 ----A---- C:\Windows\system32\drivers\mbam.sys
2014-11-17 11:24:47 ----D---- C:\AdwCleaner
2014-11-17 11:01:55 ----D---- C:\rsit
2014-11-17 11:01:55 ----D---- C:\Program Files\trend micro
2014-11-12 21:47:56 ----A---- C:\Windows\system32\generaltel.dll
2014-11-12 21:47:56 ----A---- C:\Windows\system32\aepdu.dll
2014-11-12 21:47:56 ----A---- C:\Windows\system32\aeinv.dll
2014-11-12 21:47:52 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2014-11-12 21:47:52 ----A---- C:\Windows\system32\termsrv.dll
2014-11-12 21:47:52 ----A---- C:\Windows\system32\lsasrv.dll
2014-11-12 21:47:52 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2014-11-12 21:47:52 ----A---- C:\Windows\system32\adtschema.dll
2014-11-12 21:47:51 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2014-11-12 21:47:51 ----A---- C:\Windows\system32\msaudite.dll
2014-11-12 21:47:50 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2014-11-12 21:47:50 ----A---- C:\Windows\SYSWOW64\secur32.dll
2014-11-12 21:47:40 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-11-12 21:47:40 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-11-12 21:47:40 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-11-12 21:47:40 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-11-12 21:47:40 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-11-12 21:47:39 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-11-12 21:47:39 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-11-12 21:47:39 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-11-12 21:47:39 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2014-11-12 21:47:39 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-11-12 21:47:39 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 21:47:39 ----A---- C:\Windows\system32\iernonce.dll
2014-11-12 21:47:39 ----A---- C:\Windows\system32\ie4uinit.exe
2014-11-12 21:47:38 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-11-12 21:47:36 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-11-12 21:47:36 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-11-12 21:47:35 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-11-12 21:47:35 ----A---- C:\Windows\system32\urlmon.dll
2014-11-12 21:47:35 ----A---- C:\Windows\system32\iedkcs32.dll
2014-11-12 21:47:34 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-11-12 21:47:34 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-11-12 21:47:34 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-11-12 21:47:34 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 21:47:34 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 21:47:33 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-11-12 21:47:33 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-11-12 21:47:33 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-11-12 21:47:33 ----A---- C:\Windows\system32\msfeeds.dll
2014-11-12 21:47:33 ----A---- C:\Windows\system32\dxtrans.dll
2014-11-12 21:47:32 ----A---- C:\Windows\system32\iesetup.dll
2014-11-12 21:47:32 ----A---- C:\Windows\system32\ieapfltr.dll
2014-11-12 21:47:31 ----A---- C:\Windows\system32\iertutil.dll
2014-11-12 21:47:30 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2014-11-12 21:47:29 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-11-12 21:47:29 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-11-12 21:47:29 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-11-12 21:47:29 ----A---- C:\Windows\system32\jsproxy.dll
2014-11-12 21:47:29 ----A---- C:\Windows\system32\ieUnatt.exe
2014-11-12 21:47:28 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-11-12 21:47:28 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2014-11-12 21:47:28 ----A---- C:\Windows\system32\ieui.dll
2014-11-12 21:47:28 ----A---- C:\Windows\system32\dxtmsft.dll
2014-11-12 21:47:27 ----A---- C:\Windows\system32\ieframe.dll
2014-11-12 21:47:26 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-11-12 21:47:26 ----A---- C:\Windows\system32\mshtmled.dll
2014-11-12 21:47:26 ----A---- C:\Windows\system32\jscript9diag.dll
2014-11-12 21:47:26 ----A---- C:\Windows\system32\jscript9.dll
2014-11-12 21:47:25 ----A---- C:\Windows\system32\wininet.dll
2014-11-12 21:47:25 ----A---- C:\Windows\system32\vbscript.dll
2014-11-12 21:47:24 ----A---- C:\Windows\system32\msrating.dll
2014-11-12 21:47:24 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-11-12 21:47:23 ----A---- C:\Windows\system32\mshtml.dll
2014-11-12 21:46:54 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2014-11-12 21:46:54 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2014-11-12 21:46:54 ----A---- C:\Windows\system32\msxml3r.dll
2014-11-12 21:46:54 ----A---- C:\Windows\system32\msxml3.dll
2014-11-12 21:46:52 ----A---- C:\Windows\SYSWOW64\IMJP10K.DLL
2014-11-12 21:46:52 ----A---- C:\Windows\system32\IMJP10K.DLL
2014-11-12 21:46:37 ----A---- C:\Windows\system32\schannel.dll
2014-11-12 21:46:36 ----A---- C:\Windows\SYSWOW64\schannel.dll
2014-11-12 21:46:36 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2014-11-12 21:46:36 ----A---- C:\Windows\system32\ncrypt.dll
2014-11-12 21:46:35 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2014-11-12 21:46:35 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2014-11-12 21:46:35 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2014-11-12 21:46:35 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2014-11-12 21:46:35 ----A---- C:\Windows\SYSWOW64\credssp.dll
2014-11-12 21:46:35 ----A---- C:\Windows\system32\wdigest.dll
2014-11-12 21:46:35 ----A---- C:\Windows\system32\TSpkg.dll
2014-11-12 21:46:35 ----A---- C:\Windows\system32\msv1_0.dll
2014-11-12 21:46:35 ----A---- C:\Windows\system32\kerberos.dll
2014-11-12 21:46:35 ----A---- C:\Windows\system32\credssp.dll
2014-11-12 21:46:25 ----A---- C:\Windows\SYSWOW64\AUDIOKSE.dll
2014-11-12 21:46:25 ----A---- C:\Windows\system32\audiosrv.dll
2014-11-12 21:46:25 ----A---- C:\Windows\system32\AUDIOKSE.dll
2014-11-12 21:46:25 ----A---- C:\Windows\system32\AudioEng.dll
2014-11-12 21:46:24 ----A---- C:\Windows\SYSWOW64\AudioSes.dll
2014-11-12 21:46:24 ----A---- C:\Windows\SYSWOW64\AudioEng.dll
2014-11-12 21:46:24 ----A---- C:\Windows\system32\EncDump.dll
2014-11-12 21:46:24 ----A---- C:\Windows\system32\AudioSes.dll
2014-11-12 21:46:23 ----A---- C:\Windows\SYSWOW64\packager.dll
2014-11-12 21:46:23 ----A---- C:\Windows\system32\packager.dll
2014-11-12 21:46:22 ----A---- C:\Windows\system32\win32k.sys
2014-11-12 21:46:18 ----A---- C:\Windows\SYSWOW64\msi.dll
2014-11-12 21:46:18 ----A---- C:\Windows\system32\msi.dll
2014-11-12 21:46:14 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2014-11-12 21:46:14 ----A---- C:\Windows\system32\oleaut32.dll

======List of files/folders modified in the last 1 month======

2014-11-18 21:18:08 ----D---- C:\Windows\Temp
2014-11-18 21:18:03 ----D---- C:\Windows\system32\config
2014-11-18 21:16:57 ----D---- C:\Windows\system32\drivers
2014-11-18 20:58:35 ----D---- C:\Windows\PCHEALTH
2014-11-18 18:16:20 ----SHD---- C:\System Volume Information
2014-11-17 21:16:13 ----RD---- C:\Program Files (x86)
2014-11-17 21:16:13 ----HD---- C:\ProgramData
2014-11-17 11:35:43 ----D---- C:\Program Files (x86)\SpeedFan
2014-11-17 11:01:55 ----D---- C:\Program Files
2014-11-17 10:56:08 ----D---- C:\ProgramData\Spybot - Search & Destroy
2014-11-17 10:56:08 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy
2014-11-16 17:46:27 ----D---- C:\Users\Venca\AppData\Roaming\vlc
2014-11-16 17:11:46 ----D---- C:\Windows\System32
2014-11-16 17:11:46 ----D---- C:\Windows\inf
2014-11-16 17:11:46 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-11-16 11:37:46 ----D---- C:\Windows\Tasks
2014-11-13 12:53:52 ----D---- C:\Windows\Microsoft.NET
2014-11-13 12:52:23 ----RSD---- C:\Windows\assembly
2014-11-13 01:26:14 ----D---- C:\Windows\winsxs
2014-11-13 01:23:17 ----SD---- C:\Windows\system32\CompatTel
2014-11-13 01:23:16 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-11-13 01:23:16 ----D---- C:\Windows\SysWOW64
2014-11-13 01:23:16 ----D---- C:\Windows\system32\cs-CZ
2014-11-13 01:23:15 ----D---- C:\Program Files\Internet Explorer
2014-11-13 01:23:14 ----D---- C:\Windows\SYSWOW64\en-US
2014-11-13 01:23:13 ----D---- C:\Windows\system32\en-US
2014-11-13 01:23:11 ----D---- C:\Program Files (x86)\Internet Explorer
2014-11-12 22:35:51 ----SHD---- C:\Windows\Installer
2014-11-12 22:35:48 ----D---- C:\ProgramData\Microsoft Help
2014-11-12 22:31:46 ----D---- C:\Windows\system32\MRT
2014-11-12 22:28:04 ----A---- C:\Windows\system32\MRT.exe
2014-11-12 21:45:00 ----D---- C:\Windows\system32\catroot2
2014-11-09 14:51:03 ----D---- C:\Users\Venca\AppData\Roaming\Digidesign
2014-11-09 14:48:09 ----ASD---- C:\ProgramData\Microsoft
2014-11-09 14:44:28 ----D---- C:\Windows\Minidump
2014-11-09 14:44:15 ----D---- C:\Windows
2014-11-04 14:30:58 ----N---- C:\Windows\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-07-09 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-07-09 224896]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2012-12-29 28664]
R0 Tpkd;Tpkd; C:\Windows\system32\drivers\Tpkd.sys [2009-12-23 105592]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-07-09 93568]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-07-09 1041168]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-07-09 427360]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-11-23 283064]
R1 LUMDriver;LUMDriver; \??\C:\Windows\system32\drivers\LUMDriver.sys [2008-01-02 24848]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 AODDriver4.1;AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-07-09 29208]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-07-09 79184]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-07-09 92008]
R2 DigiNet;Digidesign Ethernet Support; C:\Windows\system32\DRIVERS\diginet.sys [2013-09-12 23824]
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2011-02-11 35344]
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-04-30 11922944]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2013-04-30 359936]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-10-05 1542656]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
R3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys [2013-08-21 38080]
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2009-09-30 121872]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-04-30 11922944]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys []
S3 MAUSBFASTTRACK;Service for M-Audio FastTrack; C:\Windows\system32\DRIVERS\MAudioFastTrack.sys [2009-10-02 187912]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2013-08-21 169288]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2013-08-21 21320]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2013-08-21 188232]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2013-08-21 158024]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2013-04-30 238080]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-04-29 361984]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-07-09 50344]
R2 BBDemon;Backbone Service; C:\Program Files\Dassault Systemes\B20\win_b64\code\bin\CATSysDemon.exe [2009-09-26 46592]
R2 DigiRefresh;Digidesign MME Refresh Service; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [2010-06-24 77824]
R2 FreemakeVideoCapture;FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2013-11-21 9216]
R2 Live Updater Service;Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2012-04-05 255376]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2013-11-23 77944]
S3 digiSPTIService64;digiSPTIService64; C:\Program Files\Avid\Pro Tools\digisptiservice64.exe []
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-11-06 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-11-18 119408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-11-23 1255736]
S4 NetMsmqActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

[Márty84]

Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne
Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

[Vasek_S]

OTL logfile created on: 18.11.2014 21:40:44 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Venca\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,75 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 57,50% Memory free
7,50 Gb Paging File | 5,43 Gb Available in Paging File | 72,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,94 Gb Total Space | 228,93 Gb Free Space | 50,43% Space Free | Partition Type: NTFS
Drive F: | 1,11 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: STORMBRIGER-PC | User Name: Venca | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014.11.18 21:40:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Venca\Desktop\OTL.exe
PRC - [2014.07.31 13:26:44 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014.07.09 15:32:44 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013.11.21 09:58:56 | 000,009,216 | ---- | M] (Ellora Assets Corp.) -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
PRC - [2013.04.23 13:48:20 | 000,844,144 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2013.04.23 13:48:16 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013.04.23 13:48:12 | 001,561,968 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2012.04.05 15:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010.06.24 00:40:36 | 000,077,824 | ---- | M] (Avid Technology, Inc..) -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
PRC - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe


========== Modules (No Company Name) ==========

MOD - [2014.11.12 22:32:25 | 000,805,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\11650ce4aad4575fc146aa66a575bcb7\System.Runtime.Remoting.ni.dll
MOD - [2014.10.22 05:04:57 | 008,910,664 | ---- | M] () -- C:\Users\Venca\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll
MOD - [2014.10.22 05:04:51 | 001,042,760 | ---- | M] () -- C:\Users\Venca\AppData\Local\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
MOD - [2014.10.22 05:04:49 | 000,211,272 | ---- | M] () -- C:\Users\Venca\AppData\Local\Google\Chrome\Application\38.0.2125.111\libegl.dll
MOD - [2014.10.22 05:04:48 | 001,681,224 | ---- | M] () -- C:\Users\Venca\AppData\Local\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
MOD - [2014.10.16 15:14:10 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\8b133e0d94535a7534719f70873ca7fe\System.Xaml.ni.dll
MOD - [2014.10.16 15:14:06 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\3646375313dd2b8e3afecbf945960336\PresentationFramework.ni.dll
MOD - [2014.10.16 15:13:37 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\006d28e7c86f3e70db90ce06ea2f33fb\PresentationCore.ni.dll
MOD - [2014.10.16 15:13:23 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\94bbd298ec8575f3c6151a59538a109c\WindowsBase.ni.dll
MOD - [2014.10.16 15:12:55 | 007,668,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll
MOD - [2014.10.16 15:12:31 | 000,223,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\902843918d037f5f3511d679bf1e2216\System.ServiceProcess.ni.dll
MOD - [2014.10.16 15:12:30 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll
MOD - [2014.10.16 15:12:28 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll
MOD - [2014.10.16 15:12:21 | 010,100,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll
MOD - [2014.07.09 15:32:45 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014.07.09 15:32:45 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
MOD - [2014.03.04 22:21:02 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2013.07.10 18:07:22 | 000,756,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe


========== Services (SafeList) ==========

SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\Avid\Pro Tools\digisptiservice64.exe -- (digiSPTIService64)
SRV:64bit: - [2014.11.06 04:30:08 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014.07.09 15:32:44 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013.05.27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013.04.30 04:52:38 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013.04.29 23:25:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012.04.05 15:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2009.09.26 02:24:30 | 000,046,592 | ---- | M] (Dassault Systemes) [Auto | Running] -- C:\Program Files\Dassault Systemes\B20\win_b64\code\bin\CATSysDemon.exe -- (BBDemon)
SRV - [2014.03.20 23:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013.11.23 15:01:53 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2013.11.21 09:58:56 | 000,009,216 | ---- | M] (Ellora Assets Corp.) [Auto | Running] -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture)
SRV - [2013.11.18 19:02:04 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.09.11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.06.24 00:40:36 | 000,077,824 | ---- | M] (Avid Technology, Inc..) [Auto | Running] -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014.07.09 15:33:29 | 000,427,360 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014.07.09 15:32:47 | 001,041,168 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014.07.09 15:32:47 | 000,224,896 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014.07.09 15:32:47 | 000,092,008 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2014.07.09 15:32:46 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014.07.09 15:32:46 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014.07.09 15:32:46 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014.07.09 15:32:46 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2013.11.23 14:32:31 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013.09.12 05:45:42 | 000,023,824 | ---- | M] (Avid Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\diginet.sys -- (DigiNet)
DRV:64bit: - [2013.08.21 05:31:28 | 000,188,232 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2013.08.21 05:31:28 | 000,169,288 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2013.08.21 05:31:28 | 000,158,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2013.08.21 05:31:28 | 000,038,080 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2013.08.21 05:31:28 | 000,021,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2013.04.30 05:16:04 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2013.04.30 05:16:04 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013.04.30 03:48:14 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.05.14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.11 22:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.12.23 11:36:04 | 000,105,592 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:64bit: - [2009.10.05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.10.02 12:53:48 | 000,187,912 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioFastTrack.sys -- (MAUSBFASTTRACK)
DRV:64bit: - [2009.09.30 15:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 21:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.01.02 13:11:50 | 000,024,848 | ---- | M] (IBM) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\LUMDriver.sys -- (LUMDriver)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1101762115-1356681713-117081159-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1101762115-1356681713-117081159-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IESR02
IE - HKU\S-1-5-21-1101762115-1356681713-117081159-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Venca\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Venca\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014.07.09 15:32:57 | 000,000,000 | ---D | M]

[2014.02.03 17:56:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Venca\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Venca\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Venca\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Venca\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Venca\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Venca\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.13.2_0\
CHR - Extension: No name found = C:\Users\Venca\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Venca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013.11.27 15:18:23 | 000,450,660 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15467 more lines...
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll File not found
O2 - BHO: (Pomocná služba pro přihlášení k účtu Microsoft) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File not found
O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysNative\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe (Avid Technology, Inc..)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1101762115-1356681713-117081159-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-1101762115-1356681713-117081159-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-1101762115-1356681713-117081159-1000..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKU\S-1-5-21-1101762115-1356681713-117081159-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1101762115-1356681713-117081159-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{477F84CF-D7B0-43CA-99A8-96997789B3D1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1F1200F-6C19-41DF-AE6F-3B302CDDC081}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.04.12 10:32:51 | 000,000,291 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{992c9d72-543a-11e3-b951-001f16cf81e6}\Shell - "" = AutoRun
O33 - MountPoints2\{992c9d72-543a-11e3-b951-001f16cf81e6}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2004.09.09 17:14:38 | 003,264,512 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{992c9d72-543a-11e3-b951-001f16cf81e6}\Shell\CDkey\command - "" = notepad.exe TEAMKNIGHTZ\RON GOLD.txt
O33 - MountPoints2\{992c9d72-543a-11e3-b951-001f16cf81e6}\Shell\Čeština pro RoN-Gold\command - "" = F:\TEAMKNIGHTZ\rise-of-nations-gold-CZpatch.exe -- [2012.04.06 16:23:50 | 095,500,761 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2014.11.18 21:39:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Venca\Desktop\OTL.exe
[2014.11.17 21:16:39 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.11.17 21:16:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014.11.17 21:16:13 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014.11.17 21:16:13 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014.11.17 21:16:13 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014.11.17 21:16:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014.11.17 21:16:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014.11.17 11:24:47 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.11.17 11:01:55 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014.11.17 11:01:55 | 000,000,000 | ---D | C] -- C:\rsit
[2014.11.12 21:47:56 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014.11.12 21:47:56 | 000,304,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2014.11.12 21:47:56 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014.11.12 21:47:52 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014.11.12 21:47:52 | 000,681,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2014.11.12 21:47:52 | 000,681,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2014.11.12 21:47:51 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2014.11.12 21:47:51 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2014.11.12 21:47:40 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014.11.12 21:47:40 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014.11.12 21:47:40 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014.11.12 21:47:40 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014.11.12 21:47:40 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014.11.12 21:47:39 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014.11.12 21:47:39 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014.11.12 21:47:39 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014.11.12 21:47:39 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014.11.12 21:47:36 | 000,708,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014.11.12 21:47:36 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014.11.12 21:47:35 | 002,051,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014.11.12 21:47:34 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014.11.12 21:47:34 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014.11.12 21:47:34 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014.11.12 21:47:34 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014.11.12 21:47:33 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014.11.12 21:47:33 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014.11.12 21:47:33 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014.11.12 21:47:32 | 000,799,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014.11.12 21:47:32 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014.11.12 21:47:31 | 002,124,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014.11.12 21:47:30 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014.11.12 21:47:29 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014.11.12 21:47:28 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014.11.12 21:47:28 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014.11.12 21:47:28 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014.11.12 21:47:28 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014.11.12 21:47:26 | 006,040,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014.11.12 21:47:26 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014.11.12 21:47:26 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014.11.12 21:47:26 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014.11.12 21:47:25 | 000,580,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014.11.12 21:47:24 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014.11.12 21:47:24 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014.11.12 21:46:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014.11.12 21:46:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014.11.12 21:46:52 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IMJP10K.DLL
[2014.11.12 21:46:52 | 000,701,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IMJP10K.DLL
[2014.11.12 21:46:36 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2014.11.12 21:46:25 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2014.11.12 21:46:25 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
[2014.11.12 21:46:25 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2014.11.12 21:46:24 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2014.11.12 21:46:24 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll
[2014.11.12 21:46:23 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2014.11.12 21:46:23 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2014.11.12 21:46:18 | 003,241,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2014.11.12 21:46:14 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2014.11.11 21:47:29 | 000,000,000 | ---D | C] -- C:\Users\Venca\Desktop\3.sem.pr
[2014.11.09 14:48:01 | 000,000,000 | ---D | C] -- C:\Users\Venca\Desktop\Guitar
[2014.11.09 14:20:00 | 000,000,000 | ---D | C] -- C:\Users\Venca\Desktop\Empty Session
[2014.11.08 11:33:46 | 000,000,000 | ---D | C] -- C:\Users\Venca\Desktop\škola
[2014.11.08 11:18:08 | 000,000,000 | ---D | C] -- C:\Users\Venca\Desktop\huba má
[2014.10.28 16:33:35 | 000,000,000 | ---D | C] -- C:\Users\Venca\Documents\model

========== Files - Modified Within 30 Days ==========

[2014.11.18 21:44:00 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014.11.18 21:42:00 | 000,000,962 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1101762115-1356681713-117081159-1000UA.job
[2014.11.18 21:40:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Venca\Desktop\OTL.exe
[2014.11.18 21:25:30 | 000,032,336 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.11.18 21:25:30 | 000,032,336 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.11.18 21:17:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.11.18 21:17:01 | 3018,608,640 | -HS- | M] () -- C:\hiberfil.sys
[2014.11.18 17:27:58 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.11.17 21:16:20 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014.11.17 11:42:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1101762115-1356681713-117081159-1000Core.job
[2014.11.17 10:49:18 | 002,140,160 | ---- | M] () -- C:\Users\Venca\Desktop\adwcleaner_4.101.exe
[2014.11.16 23:19:03 | 000,083,322 | ---- | M] () -- C:\Users\Venca\Desktop\_.png
[2014.11.16 17:11:46 | 001,584,554 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.11.16 17:11:46 | 000,669,116 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2014.11.16 17:11:46 | 000,654,464 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.11.16 17:11:46 | 000,141,744 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2014.11.16 17:11:46 | 000,122,336 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.11.15 15:49:43 | 000,113,427 | ---- | M] () -- C:\Users\Venca\Desktop\hlaseni o viru.png
[2014.11.13 18:01:33 | 000,000,051 | ---- | M] () -- C:\Users\Venca\Desktop\FaceBook.url
[2014.11.13 01:25:07 | 000,435,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014.11.12 18:49:04 | 000,066,099 | ---- | M] () -- C:\Users\Venca\Desktop\cat-needs-this.jpg
[2014.11.11 22:26:48 | 001,635,554 | ---- | M] () -- C:\Users\Venca\Documents\Fotografie-0083_e1poz.jpg
[2014.11.11 22:22:38 | 001,748,743 | ---- | M] () -- C:\Users\Venca\Documents\Fotografie-0146.jpg
[2014.11.11 22:21:11 | 002,446,910 | ---- | M] () -- C:\Users\Venca\Documents\Fotografie-0137.jpg
[2014.11.11 22:15:26 | 002,080,012 | ---- | M] () -- C:\Users\Venca\Documents\Fotografie-0136.jpg
[2014.11.11 22:06:51 | 001,166,166 | ---- | M] () -- C:\Users\Venca\Documents\Fotografie-0126.jpg
[2014.11.11 22:05:39 | 001,957,327 | ---- | M] () -- C:\Users\Venca\Documents\Fotografie-0139.jpg
[2014.11.09 14:50:56 | 005,998,756 | ---- | M] () -- C:\Users\Venca\Desktop\llol.wav
[2014.11.09 14:44:15 | 431,167,039 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014.11.06 05:03:50 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014.11.06 04:47:03 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014.11.06 04:46:12 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014.11.06 04:46:12 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014.11.06 04:44:28 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014.11.06 04:35:59 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014.11.06 04:31:48 | 000,633,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014.11.06 04:30:22 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014.11.06 04:30:08 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014.11.06 04:29:18 | 000,814,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014.11.06 04:23:57 | 006,040,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014.11.06 04:20:18 | 000,968,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014.11.06 04:16:23 | 000,490,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014.11.06 04:13:36 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014.11.06 04:12:44 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014.11.06 04:10:58 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014.11.06 04:07:29 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014.11.06 04:03:56 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014.11.06 04:02:05 | 000,199,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014.11.06 04:00:56 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014.11.06 04:00:51 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014.11.06 03:59:36 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014.11.06 03:58:38 | 000,620,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014.11.06 03:57:38 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014.11.06 03:42:36 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014.11.06 03:41:26 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014.11.06 03:41:26 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014.11.06 03:39:39 | 001,359,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014.11.06 03:38:25 | 002,124,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014.11.06 03:37:58 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014.11.06 03:36:47 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014.11.06 03:21:25 | 002,051,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014.11.06 03:20:37 | 001,155,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014.11.06 02:53:19 | 000,799,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014.11.06 02:47:17 | 000,708,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014.11.05 20:08:32 | 000,132,447 | ---- | M] () -- C:\Users\Venca\Documents\eva čůanek.pdf
[2014.11.05 20:04:06 | 000,474,087 | ---- | M] () -- C:\Users\Venca\Documents\ac.els-cdn.com_S0022460X05008047_1-s2.0-S0022460X05008047-main.pdf
[2014.11.05 18:56:54 | 000,304,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2014.11.05 18:56:36 | 000,228,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014.11.05 18:52:22 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014.10.30 22:39:32 | 001,016,829 | ---- | M] () -- C:\Users\Venca\Documents\Prověrky pro osmáky (1).pdf
[2014.10.29 18:32:33 | 002,243,993 | ---- | M] () -- C:\Users\Venca\2014-10-28 13.41.15 (2).jpg
[2014.10.29 18:31:14 | 002,327,364 | ---- | M] () -- C:\Users\Venca\2014-10-28 13.39.58.jpg
[2014.10.29 18:30:55 | 002,110,431 | ---- | M] () -- C:\Users\Venca\2014-10-28 13.40.05.jpg
[2014.10.29 18:30:36 | 001,703,146 | ---- | M] () -- C:\Users\Venca\2014-10-28 13.40.27.jpg
[2014.10.29 18:30:19 | 001,976,085 | ---- | M] () -- C:\Users\Venca\2014-10-28 13.40.41.jpg
[2014.10.29 18:27:27 | 002,231,609 | ---- | M] () -- C:\Users\Venca\2014-10-28 13.41.15.jpg
[2014.10.28 21:41:49 | 000,002,370 | ---- | M] () -- C:\Users\Venca\Desktop\Google Chrome.lnk
[2014.10.25 02:57:59 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2014.10.25 02:32:37 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll

========== Files Created - No Company Name ==========

[2014.11.18 21:43:59 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014.11.17 21:16:20 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014.11.17 10:49:13 | 002,140,160 | ---- | C] () -- C:\Users\Venca\Desktop\adwcleaner_4.101.exe
[2014.11.16 23:19:02 | 000,083,322 | ---- | C] () -- C:\Users\Venca\Desktop\_.png
[2014.11.15 15:49:40 | 000,113,427 | ---- | C] () -- C:\Users\Venca\Desktop\hlaseni o viru.png
[2014.11.13 18:01:33 | 000,000,051 | ---- | C] () -- C:\Users\Venca\Desktop\FaceBook.url
[2014.11.12 18:49:04 | 000,066,099 | ---- | C] () -- C:\Users\Venca\Desktop\cat-needs-this.jpg
[2014.11.11 22:05:52 | 001,635,554 | ---- | C] () -- C:\Users\Venca\Documents\Fotografie-0083_e1poz.jpg
[2014.11.11 22:05:39 | 001,748,743 | ---- | C] () -- C:\Users\Venca\Documents\Fotografie-0146.jpg
[2014.11.11 22:05:24 | 001,957,327 | ---- | C] () -- C:\Users\Venca\Documents\Fotografie-0139.jpg
[2014.11.11 22:05:05 | 002,446,910 | ---- | C] () -- C:\Users\Venca\Documents\Fotografie-0137.jpg
[2014.11.11 22:04:46 | 002,080,012 | ---- | C] () -- C:\Users\Venca\Documents\Fotografie-0136.jpg
[2014.11.11 22:03:58 | 001,166,166 | ---- | C] () -- C:\Users\Venca\Documents\Fotografie-0126.jpg
[2014.11.11 21:41:13 | 013,261,439 | ---- | C] () -- C:\Users\Venca\Desktop\F2000.lvm
[2014.11.11 21:41:13 | 011,125,439 | ---- | C] () -- C:\Users\Venca\Desktop\F1000.lvm
[2014.11.11 21:41:13 | 004,272,439 | ---- | C] () -- C:\Users\Venca\Desktop\F3000.lvm
[2014.11.09 14:50:55 | 005,998,756 | ---- | C] () -- C:\Users\Venca\Desktop\llol.wav
[2014.11.09 14:44:15 | 431,167,039 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014.11.05 20:08:32 | 000,132,447 | ---- | C] () -- C:\Users\Venca\Documents\eva čůanek.pdf
[2014.11.05 20:04:06 | 000,474,087 | ---- | C] () -- C:\Users\Venca\Documents\ac.els-cdn.com_S0022460X05008047_1-s2.0-S0022460X05008047-main.pdf
[2014.10.30 22:39:35 | 001,016,829 | ---- | C] () -- C:\Users\Venca\Documents\Prověrky pro osmáky (1).pdf
[2014.10.29 18:30:55 | 002,327,364 | ---- | C] () -- C:\Users\Venca\2014-10-28 13.39.58.jpg
[2014.10.29 18:30:36 | 002,110,431 | ---- | C] () -- C:\Users\Venca\2014-10-28 13.40.05.jpg
[2014.10.29 18:30:20 | 001,703,146 | ---- | C] () -- C:\Users\Venca\2014-10-28 13.40.27.jpg
[2014.10.29 18:29:57 | 001,976,085 | ---- | C] () -- C:\Users\Venca\2014-10-28 13.40.41.jpg
[2014.10.29 18:28:06 | 002,243,993 | ---- | C] () -- C:\Users\Venca\2014-10-28 13.41.15 (2).jpg
[2014.10.29 18:27:09 | 002,231,609 | ---- | C] () -- C:\Users\Venca\2014-10-28 13.41.15.jpg
[2014.09.09 17:46:25 | 001,243,242 | ---- | C] () -- C:\Users\Venca\2014-05-21 18.42.15.jpg
[2014.09.09 17:46:10 | 001,512,774 | ---- | C] () -- C:\Users\Venca\2014-05-21 18.42.04.jpg
[2014.02.05 00:10:29 | 000,000,384 | ---- | C] () -- C:\Windows\ODBC.INI
[2014.02.04 23:12:56 | 001,560,204 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014.02.01 10:23:04 | 000,000,211 | ---- | C] () -- C:\ProgramData\acer.zip
[2014.01.31 17:00:44 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2014.01.31 17:00:44 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2014.01.31 17:00:44 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2014.01.31 17:00:44 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2014.01.31 16:53:44 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe
[2014.01.11 13:19:51 | 000,003,166 | ---- | C] () -- C:\Users\Venca\programy.rar
[2013.12.27 10:25:28 | 000,000,000 | ---- | C] () -- C:\Windows\Setup.INI
[2013.12.10 16:57:41 | 000,005,632 | ---- | C] () -- C:\Users\Venca\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.12.01 16:54:52 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2013.11.27 19:55:11 | 000,007,605 | ---- | C] () -- C:\Users\Venca\AppData\Local\Resmon.ResmonCfg
[2013.11.23 17:36:57 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013.04.30 03:37:40 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013.04.30 03:37:40 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013.04.18 19:07:00 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013.04.18 19:06:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013.04.18 19:06:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013.04.18 19:06:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013.04.18 19:06:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014.06.25 03:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.06.25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.12.02 15:36:40 | 000,000,000 | ---D | M] -- C:\Users\Venca\AppData\Roaming\Audacity
[2013.11.23 15:07:30 | 000,000,000 | ---D | M] -- C:\Users\Venca\AppData\Roaming\Autodesk
[2014.07.09 15:33:46 | 000,000,000 | ---D | M] -- C:\Users\Venca\AppData\Roaming\AVAST Software
[2013.11.23 14:35:49 | 000,000,000 | ---D | M] -- C:\Users\Venca\AppData\Roaming\DAEMON Tools Lite
[2013.11.23 15:11:35 | 000,000,000 | ---D | M] -- C:\Users\Venca\AppData\Roaming\DassaultSystemes
[2014.11.09 14:51:03 | 000,000,000 | ---D | M] -- C:\Users\Venca\AppData\Roaming\Digidesign
[2014.06.10 19:08:15 | 000,000,000 | ---D | M] -- C:\Users\Venca\AppData\Roaming\GarenaPlus
[2013.12.25 15:18:51 | 000,000,000 | ---D | M] -- C:\Users\Venca\AppData\Roaming\HD Tune Pro
[2013.11.27 18:36:08 | 000,000,000 | ---D | M] -- C:\Users\Venca\AppData\Roaming\IrfanView
[2013.12.01 17:22:49 | 000,000,000 | ---D | M] -- C:\Users\Venca\AppData\Roaming\Leadertech
[2014.08.25 20:20:18 | 000,000,000 | ---D | M] -- C:\Users\Venca\AppData\Roaming\Mount&Blade Warband
[2013.12.01 17:21:26 | 000,000,000 | ---D | M] -- C:\Users\Venca\AppData\Roaming\PACE Anti-Piracy
[2013.12.02 19:52:45 | 000,000,000 | ---D | M] -- C:\Users\Venca\AppData\Roaming\PDF Architect
[2014.01.09 19:13:33 | 000,000,000 | ---D | M] -- C:\Users\Venca\AppData\Roaming\Samsung
[2014.02.03 17:56:23 | 000,000,000 | ---D | M] -- C:\Users\Venca\AppData\Roaming\Thunderbird

========== Purity Check ==========



========== Custom Scans ==========

< >
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,622 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013.11.23 13:41:20 | 000,000,910 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1101762115-1356681713-117081159-1000Core.job
[2013.11.23 13:41:22 | 000,000,962 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1101762115-1356681713-117081159-1000UA.job

< >

< MD5 for: AGP440.SYS >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010.11.21 04:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010.11.21 04:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2010.11.21 04:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010.11.21 04:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2010.11.21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010.11.21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010.11.21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2010.11.21 04:24:16 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[2014.07.07 03:06:31 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=19D511CC455C19DE1ADF60E6C39C85B6 -- C:\Windows\SysNative\cryptsvc.dll
[2014.07.07 03:06:31 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=19D511CC455C19DE1ADF60E6C39C85B6 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18526_none_d41cb8b3b175406a\cryptsvc.dll
[2013.05.10 05:49:59 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=33ADF6E0853AB39EA1723BE82842C1D3 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_77d7a417f9359661\cryptsvc.dll
[2013.05.13 05:45:55 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=3897DFF247D9ED0006190349DE264E14 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_77d8a461f934afb8\cryptsvc.dll
[2013.07.09 15:47:30 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=434CCE8E7150CD1324C5FAA088D1D061 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_d45f6e88cac8f85b\cryptsvc.dll
[2013.10.05 03:25:30 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=509D31797A4B8A3D6ED78A330B19A919 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_d46d4138cabe2596\cryptsvc.dll
[2014.07.07 02:40:07 | 000,143,872 | ---- | M] (Microsoft Corporation) MD5=623E143F2DF17C0106A9988F5D7DC878 -- C:\Windows\SysWOW64\cryptsvc.dll
[2014.07.07 02:40:07 | 000,143,872 | ---- | M] (Microsoft Corporation) MD5=623E143F2DF17C0106A9988F5D7DC878 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18526_none_77fe1d2ff917cf34\cryptsvc.dll
[2014.07.07 03:06:07 | 000,190,976 | ---- | M] (Microsoft Corporation) MD5=63A15BA9875364C4147B226CB70468B3 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22736_none_d49b8778ca9af94c\cryptsvc.dll
[2013.07.09 06:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=6B400F211BEE880A37A1ED0368776BF4 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_d431528fb165f7bc\cryptsvc.dll
[2013.07.09 14:57:37 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=6DB499DEFCC827317C5371164A7CDB27 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_7840d305126b8725\cryptsvc.dll
[2013.07.09 05:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=7CA1BECEA5DE2643ADDAD32670E7A4C9 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_7812b70bf9088686\cryptsvc.dll
[2013.05.10 06:49:28 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=7FDC4626B01106A8EF328C88C7C0DEE3 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_d3f63f9bb1930797\cryptsvc.dll
[2013.05.11 06:18:23 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=8122252F0A4ACFA92FA0C1D50D18493B -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_d4a24ea4ca968363\cryptsvc.dll
[2014.07.07 02:40:42 | 000,145,920 | ---- | M] (Microsoft Corporation) MD5=90BFC30E730A6760F1FEE2A55F8AB029 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22736_none_787cebf5123d8816\cryptsvc.dll
[2010.11.21 04:24:32 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2013.05.11 05:59:05 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=AC04D05309BB2C418D0D80B9FB014642 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_7883b3211239122d\cryptsvc.dll
[2013.05.10 06:18:53 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=CA13C4F92BEE66DB48E58AB3223DDF6E -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_d4a14e5aca976a0c\cryptsvc.dll
[2013.05.13 06:51:01 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=D8129C49798CBBFB2E4351D4B7B8EF9C -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_d3f73fe5b19220ee\cryptsvc.dll
[2013.05.10 06:06:21 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=E122AA1C9A3CC46FF9DDDE46E5EB0C58 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_7882b2d71239f8d6\cryptsvc.dll
[2013.10.05 02:52:03 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=F2D9242C3BBD1C36467FCAE1AE01733F -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_784ea5b51260b460\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: HAL.DLL >
[2010.11.21 04:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\SysNative\hal.dll
[2010.11.21 04:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll

< MD5 for: IASTORV.SYS >
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009.07.14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\drivers\isapnp.sys
[2009.07.14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\isapnp.sys
[2009.07.14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\isapnp.sys

< MD5 for: LSASS.EXE >
[2014.05.30 09:00:12 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=04F6C08B30C599D301CE8530A6F6A703 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22705_none_0505e8508c7f766f\lsass.exe
[2009.07.14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
[2011.11.17 07:20:34 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0A10B74FBB437FF9A23F1D5DE4446A83 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe
[2014.04.12 03:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=204F3F58212B3E422C90BD9691A2DF28 -- C:\Windows\SysNative\lsass.exe
[2014.04.12 03:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=204F3F58212B3E422C90BD9691A2DF28 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18443_none_044f07757384196d\lsass.exe
[2014.04.12 03:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=204F3F58212B3E422C90BD9691A2DF28 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18496_none_041bf8b773a9f127\lsass.exe
[2014.04.12 03:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=204F3F58212B3E422C90BD9691A2DF28 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18526_none_0467aa1173712ab7\lsass.exe
[2014.04.12 03:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=204F3F58212B3E422C90BD9691A2DF28 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18637_none_045ddc5573785d26\lsass.exe
[2014.09.19 10:42:18 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=341655B216721D89CADE9DEA2F33872F -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18606_none_047d4bcf7360effc\lsass.exe
[2013.09.25 02:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=4D71227301DD8D09097B9E4CC6527E5A -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18270_none_042b9307739f26ed\lsass.exe
[2014.04.12 03:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22653_none_04cdd63a8ca9d24f\lsass.exe
[2014.04.12 03:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22712_none_04f817868c8a465b\lsass.exe
[2014.04.12 03:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22736_none_04e678d68c96e399\lsass.exe
[2014.04.12 03:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22807_none_0507eaca8c7da644\lsass.exe
[2014.04.12 03:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22843_none_04d8a9f28ca1b0ac\lsass.exe
[2014.09.19 10:47:37 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=B84317193B6A29F5F5DCF538C34FDCED -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22814_none_04fa1a008c887630\lsass.exe
[2011.11.17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe
[2013.09.25 02:08:17 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=F021DAFB1F87616FCEBA159C2ED7042F -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22465_none_04c503168cb026a0\lsass.exe
[2014.05.30 09:07:57 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=F23812F9F7B130854E4BC0389F7C688C -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18489_none_0429c981739f213b\lsass.exe

< MD5 for: NDIS.SYS >
[2012.08.22 19:06:07 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=5E74508FCB5820B29EEAFE24E6035BCF -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.22097_none_06232d534c0a8d67\ndis.sys
[2012.08.22 19:12:40 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=760E38053BF56E501D562B70AD796B88 -- C:\Windows\SysNative\drivers\ndis.sys
[2012.08.22 19:12:40 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=760E38053BF56E501D562B70AD796B88 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_05dc9a6832ba428a\ndis.sys
[2010.11.21 04:23:55 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys

< MD5 for: NETLOGON.DLL >
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

< MD5 for: NVRAID.SYS >
[2011.03.11 07:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\Windows\SysNative\drivers\nvraid.sys
[2011.03.11 07:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvraid.sys
[2011.03.11 07:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvraid.sys
[2010.11.21 04:23:47 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=5D9FD91F3D38DC9DA01E3CB5FA89CD48 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvraid.sys
[2010.11.21 04:23:47 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=5D9FD91F3D38DC9DA01E3CB5FA89CD48 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvraid.sys
[2011.03.11 07:19:21 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=666CA16F17914C1CD3616CF16DE0A6EA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SMSS.EXE >
[2009.07.14 02:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe
[2014.04.12 03:31:44 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=3442A918386D4716D74C661543151746 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22653_none_0abdf375491039d3\smss.exe
[2014.04.12 03:31:44 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=3442A918386D4716D74C661543151746 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22780_none_0a9a84b9492b3ec8\smss.exe
[2013.08.29 02:04:30 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=B2B31D4C79EFD883097FA24D02E79C12 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22436_none_0ad6905f48fd53a8\smss.exe
[2013.08.02 06:06:34 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=CB5DA3E44456D1084BCD87F5B1B3152B -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22411_none_0ae72ec548f19d13\smss.exe
[2013.03.19 04:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=F0371DE302FFFF8F086661611BE60848 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18113_none_0a5f8ec22fd235a9\smss.exe
[2013.08.02 01:59:09 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=F0970A4BC8395659C22BF53D0FADF16F -- C:\Windows\SysNative\smss.exe
[2013.08.02 01:59:09 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=F0970A4BC8395659C22BF53D0FADF16F -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18229_none_0a5ac2782fd4e6cb\smss.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2014.10.01 11:09:16 | 000,761,656 | ---- | M] (MalwareBytes) MD5=C0AFB3C7E6C7CA3F6E42FF242BBBCB1F -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2014.04.05 03:47:20 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=04ADD18EE5CC9FBEDAEC1DD1CD0CB45E -- C:\Windows\SysNative\drivers\tcpip.sys
[2014.04.05 03:47:20 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=04ADD18EE5CC9FBEDAEC1DD1CD0CB45E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18438_none_113260637d1284ef\tcpip.sys
[2012.10.03 18:56:54 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[2013.09.08 03:30:37 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_1118bb977d265d27\tcpip.sys
[2014.04.05 03:37:43 | 001,897,408 | ---- | M] (Microsoft Corporation) MD5=4F80944B03112F486212DC20BE166079 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22648_none_11b12f2896383dd1\tcpip.sys
[2010.11.21 04:24:08 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2013.09.07 03:27:48 | 001,896,896 | ---- | M] (Microsoft Corporation) MD5=75F9106B74585D38C8FF6BB5CAD262D7 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_11ad2a34963bde27\tcpip.sys
[2012.10.03 18:44:29 | 001,902,472 | ---- | M] (Microsoft Corporation) MD5=D5707FC2300AA5B04B7BFE86D40C0133 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys
[2013.11.26 12:34:34 | 001,897,408 | ---- | M] (Microsoft Corporation) MD5=F55B41AA6114568AC558ADBABDA85620 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22525_none_11c3cc3c962abcc3\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2014.03.04 12:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014.03.04 10:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[2014.07.17 03:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\SysNative\winlogon.exe
[2014.07.17 03:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_cdc47ed1ebad0e4e\winlogon.exe
[2014.07.16 04:23:23 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=98AA0BFEE089C7E5DADB94190D93456C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_ce434d9704d2c730\winlogon.exe
[2014.10.01 11:09:16 | 000,761,656 | ---- | M] (MalwareBytes) MD5=C0AFB3C7E6C7CA3F6E42FF242BBBCB1F -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe

< MD5 for: WS2_32.DLL >
[2010.11.21 04:24:28 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- C:\Windows\SysNative\ws2_32.dll
[2010.11.21 04:24:28 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_50ddb631e4f59005\ws2_32.dll
[2010.11.21 04:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\SysWOW64\ws2_32.dll
[2010.11.21 04:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[8 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[21 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[2 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[6 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2013.11.25 08:46:39 | 000,000,000 | ---D | M] -- C:\Users\Venca\AppData\Roaming\Adobe
[2013.11.23 17:34:42 | 000,000,000 | ---D | M] -- C:\Users\Venca\AppData\Roaming\ATI
[2013.12.02 15:36:40 | 000,000,000 | ---D | M] -- C:\Users\Venca\AppData\Roaming\Audacity
[2013.11.23 15:07:30 | 000,000,000 | ---D | M] -- C:\Users\Venca\AppData\Roaming\Autodesk
[2014.07.09 15:33:46 | 000,000,000 | ---D | M] -- C:\Users\Venca\AppData\Roaming\AVAST Software
[2013.11.23 14:35:49 | 000,000,000 | ---D | M] -- C:\Users\Venca\AppData\Roaming\DAEMON Tools Lite
[2013.11.23 15:11:35 | 000,000,000 | ---D | M] -- C:\Users\Venca\AppData\Roaming\DassaultSystemes
[2014.11.09 14:51:03 | 000,000,000 | ---D | M] -- C:\Users\Venca\AppData\Roaming\Digidesign
[2014.06.10 19:08:15 | 000,000,000 | ---D | M] -- C:\Users\Venca\AppData\Roaming\GarenaPlus
[2013.12.25 15:18:51 | 000,000,000 | ---D | M] -- C:\Users\Venca\AppData\Roaming\HD Tune Pro
[2013.11.23 13:36:32 | 000,000,000 | ---D | M] -- C:\Users\Venca\AppData\Roaming\Identities
[2014.01.31 16:53:11 | 000,000,000 | ---D | M] -- C:\Users\Venca\AppData\Roaming\InstallShield
[2013.11.27 18:36:08 | 000,000,000 | ---D | M] -- C:\Users\Venca\AppData\Roaming\IrfanView
[2013.12.01 17:22:49 | 000,000,000 | ---D | M] -- C:\Users\Venca\AppData\Roaming\Leadertech
[2013.12.01 17:26:08 | 000,000,000 | ---D | M] -- C:\Users\Venca\AppData\Roaming\Macromedia
[2010.11.21 08:16:41 | 000,000,000 | ---D | M] -- C:\Users\Venca\AppData\Roaming\Media Center Programs
[2014.06.23 17:22:18 | 000,000,000 | --SD | M] -- C:\Users\Venca\AppData\Roaming\Microsoft
[2014.01.20 22:08:48 | 000,000,000 | ---D | M] -- C:\Users\Venca\AppData\Roaming\Microsoft Games
[2014.08.25 20:20:18 | 000,000,000 | ---D | M] -- C:\Users\Venca\AppData\Roaming\Mount&Blade Warband
[2014.02.03 17:56:23 | 000,000,000 | ---D | M] -- C:\Users\Venca\AppData\Roaming\Mozilla
[2013.12.01 17:21:26 | 000,000,000 | ---D | M] -- C:\Users\Venca\AppData\Roaming\PACE Anti-Piracy
[2013.12.02 19:52:45 | 000,000,000 | ---D | M] -- C:\Users\Venca\AppData\Roaming\PDF Architect
[2014.01.09 19:13:33 | 000,000,000 | ---D | M] -- C:\Users\Venca\AppData\Roaming\Samsung
[2014.02.03 17:56:23 | 000,000,000 | ---D | M] -- C:\Users\Venca\AppData\Roaming\Thunderbird
[2014.11.16 17:46:27 | 000,000,000 | ---D | M] -- C:\Users\Venca\AppData\Roaming\vlc
[2013.11.26 20:40:07 | 000,000,000 | ---D | M] -- C:\Users\Venca\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2014.06.23 17:22:18 | 000,010,134 | R--- | M] () -- C:\Users\Venca\AppData\Roaming\Microsoft\Installer\{89661B04-C646-4412-B6D3-5E19F02F1F37}\ARPPRODUCTICON.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >

< %SYSTEMDRIVE%\*.exe >

< >

[Vasek_S]

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Google Update" = "C:\Users\Venca\AppData\Local\Google\Update\GoogleUpdate.exe" /c -- [2013.11.23 13:41:00 | 000,116,648 | ---- | M] (Google Inc.)
"DAEMON Tools Lite" = "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun -- [2013.10.28 09:29:38 | 003,675,352 | ---- | M] (Disc Soft Ltd)
"KiesPreload" = C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload -- [2013.04.23 13:48:12 | 001,561,968 | ---- | M] (Samsung)
"KiesAirMessage" = C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
"" = C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe -- [2013.04.23 13:48:20 | 000,844,144 | ---- | M] (Samsung)

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< >

< type c:\boot.ini >> test.txt /c >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014.11.18 21:44:00 | 000,000,512 | ---- | M] () MD5=5AEA9708CB7D143F5956008C8DD29D70 -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2010.05.18 11:04:54 | 000,000,600 | ---- | M] () -- \Program Files (x86)\Common Files\Digidesign\DAE\Plug-In Settings\EQ 3.0\Equalizer\Snare\Emphasize Crack 2.tfx
[2010.05.18 11:04:54 | 000,000,600 | ---- | M] () -- \Program Files (x86)\Common Files\Digidesign\DAE\Plug-In Settings\EQ 3.0\Equalizer\Snare\Emphasize Crack.tfx
[2009.01.19 13:27:44 | 000,083,645 | ---- | M] () -- \Program Files (x86)\Mount&Blade Warband\Sounds\Fire_Small_Crackle_Slick_op.ogg
[2014.08.25 19:50:53 | 006,514,872 | ---- | M] () -- \Users\Venca\Downloads\Mount-and-Blade-Warband-1158-crack.rar
[2014.08.26 15:08:41 | 099,094,819 | ---- | M] () -- \Users\Venca\Downloads\Mount.and.Blade.Warband.v1.134+crack.rar
[1 \Users\Venca\Downloads\*.tmp files -> \Users\Venca\Downloads\*.tmp -> ]

< *keygen* /s >
[2011.02.28 15:06:00 | 000,002,392 | ---- | M] () -- \Users\Venca\Desktop\huba má\DESKTOP\hidded\Hidden and Dangerous 2 Sabre Squadron CZ\KeyGen\H&D2 keygenerator info.txt

< *AntiWPA* /s >

< *loader* /s >
[2006.10.26 13:40:34 | 000,057,344 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006.10.26 13:40:34 | 000,005,120 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2013.10.24 10:40:00 | 000,015,511 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Audio Converter\FMCommon\FreemakeCommon\Profiles\FmDownloaderProfiles.xml
[2013.10.24 10:40:00 | 000,064,651 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Audio Converter\FMCommon\FreemakeCommon\Resources\VideoDownloader.png
[2013.10.24 10:40:00 | 000,064,719 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Audio Converter\FMCommon\FreemakeCommon\Resources\VideoDownloaderOn.png
[2014.09.02 19:39:14 | 000,015,511 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\FreemakeCommon\Profiles\FmDownloaderProfiles.xml
[2014.09.02 19:39:14 | 000,064,651 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\FreemakeCommon\Resources\VideoDownloader.png
[2014.09.02 19:39:14 | 000,064,719 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\FreemakeCommon\Resources\VideoDownloaderOn.png
[2014.09.09 03:01:08 | 000,043,008 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Downloader\DownloaderCommon.dll
[2014.09.09 03:01:06 | 000,020,992 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Downloader\FMDownloader.Detector.dll
[2014.09.09 02:48:50 | 000,008,192 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Downloader\FMDownloader.GlobalSettings.dll
[2014.09.09 03:01:18 | 000,014,336 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Downloader\FMDownloader.HtmlParser.dll
[2014.09.09 03:00:50 | 000,045,568 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Downloader\FMDownloader.Interface.dll
[2014.09.09 02:48:52 | 000,020,480 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Downloader\FMDownloader.Miscellaneous.dll
[2014.09.09 03:00:56 | 000,066,048 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Downloader\FMDownloader.SmartDownloader.Core.dll
[2014.09.09 03:01:00 | 000,158,720 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Downloader\FMDownloader.SmartDownloader.Extensions.dll
[2014.09.09 03:01:16 | 000,147,968 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Downloader\FMDownloader.SupportedSite.dll
[2014.09.09 03:00:54 | 000,019,456 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Downloader\FMDownloader.TrackDownloaderLib.dll
[2014.09.02 19:38:42 | 000,034,304 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Converter\FMWeb\Uploader\FMYouTubeUploader.dll
[2013.11.21 10:09:50 | 002,089,024 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Downloader\FreemakeVideoDownloader.exe
[2013.11.12 13:04:02 | 000,007,379 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\chrome\content\downloader.js
[2013.11.12 13:04:02 | 000,000,402 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\chrome\content\downloader.xul
[2013.11.12 13:09:22 | 000,015,511 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Downloader\FMCommon\FreemakeCommon\Profiles\FmDownloaderProfiles.xml
[2013.11.12 13:09:22 | 000,064,651 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Downloader\FMCommon\FreemakeCommon\Resources\VideoDownloader.png
[2013.11.12 13:09:22 | 000,064,719 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Downloader\FMCommon\FreemakeCommon\Resources\VideoDownloaderOn.png
[2013.11.21 10:07:24 | 000,043,008 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Downloader\FMWeb\Downloader\DownloaderCommon.dll
[2013.11.21 10:05:02 | 000,020,992 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Downloader\FMWeb\Downloader\FMDownloader.Detector.dll
[2013.11.21 09:58:28 | 000,008,192 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Downloader\FMWeb\Downloader\FMDownloader.GlobalSettings.dll
[2013.11.21 10:05:04 | 000,014,336 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Downloader\FMWeb\Downloader\FMDownloader.HtmlParser.dll
[2013.11.21 10:04:56 | 000,045,568 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Downloader\FMWeb\Downloader\FMDownloader.Interface.dll
[2013.11.21 09:58:28 | 000,020,480 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Downloader\FMWeb\Downloader\FMDownloader.Miscellaneous.dll
[2013.11.21 10:04:58 | 000,066,048 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Downloader\FMWeb\Downloader\FMDownloader.SmartDownloader.Core.dll
[2013.11.21 10:05:00 | 000,158,720 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Downloader\FMWeb\Downloader\FMDownloader.SmartDownloader.Extensions.dll
[2013.11.21 10:05:02 | 000,144,896 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Downloader\FMWeb\Downloader\FMDownloader.SupportedSite.dll
[2013.11.21 10:04:58 | 000,019,456 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Downloader\FMWeb\Downloader\FMDownloader.TrackDownloaderLib.dll
[2013.11.21 10:07:42 | 000,241,664 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Downloader\FreemakeVideoDownloader\VideoDownloader.Model.dll
[2013.11.21 10:05:04 | 000,018,944 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Downloader\FreemakeVideoDownloader\VideoDownloader.Tools.dll
[2013.11.21 10:07:52 | 000,010,752 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Downloader\FreemakeVideoDownloader\Languages\cs\FreemakeVideoDownloader.resources.dll
[2013.11.21 10:07:52 | 000,010,752 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Downloader\FreemakeVideoDownloader\Languages\da\FreemakeVideoDownloader.resources.dll
[2013.11.21 10:07:52 | 000,016,384 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Downloader\FreemakeVideoDownloader\Languages\de-DE\FreemakeVideoDownloader.resources.dll
[2013.11.21 10:07:52 | 000,013,312 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Downloader\FreemakeVideoDownloader\Languages\el-GR\FreemakeVideoDownloader.resources.dll
[2013.11.21 10:07:52 | 000,016,384 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Downloader\FreemakeVideoDownloader\Languages\es-ES\FreemakeVideoDownloader.resources.dll
[2013.11.21 10:07:52 | 000,016,384 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Downloader\FreemakeVideoDownloader\Languages\fr-FR\FreemakeVideoDownloader.resources.dll
[2013.11.21 10:07:52 | 000,011,264 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Downloader\FreemakeVideoDownloader\Languages\hu\FreemakeVideoDownloader.resources.dll
[2013.11.21 10:07:54 | 000,015,872 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Downloader\FreemakeVideoDownloader\Languages\it\FreemakeVideoDownloader.resources.dll
[2013.11.21 10:07:54 | 000,017,920 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Downloader\FreemakeVideoDownloader\Languages\ja-JP\FreemakeVideoDownloader.resources.dll
[2013.11.21 10:07:54 | 000,011,264 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Downloader\FreemakeVideoDownloader\Languages\nl\FreemakeVideoDownloader.resources.dll
[2013.11.21 10:07:54 | 000,011,264 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Downloader\FreemakeVideoDownloader\Languages\pl\FreemakeVideoDownloader.resources.dll
[2013.11.21 10:07:54 | 000,015,872 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Downloader\FreemakeVideoDownloader\Languages\pt-BR\FreemakeVideoDownloader.resources.dll
[2013.11.21 10:07:56 | 000,019,456 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Downloader\FreemakeVideoDownloader\Languages\ru-RU\FreemakeVideoDownloader.resources.dll
[2013.11.21 10:07:54 | 000,011,264 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Downloader\FreemakeVideoDownloader\Languages\sk\FreemakeVideoDownloader.resources.dll
[2013.11.21 10:07:54 | 000,012,800 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Downloader\FreemakeVideoDownloader\Languages\uk\FreemakeVideoDownloader.resources.dll
[2013.11.21 10:07:54 | 000,011,776 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Downloader\FreemakeVideoDownloader\Languages\vi\FreemakeVideoDownloader.resources.dll
[2013.11.21 10:07:54 | 000,010,240 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Downloader\FreemakeVideoDownloader\Languages\zh-CN\FreemakeVideoDownloader.resources.dll
[2013.11.21 10:07:54 | 000,010,240 | ---- | M] () -- \Program Files (x86)\Freemake\Freemake Video Downloader\FreemakeVideoDownloader\Languages\zh-TW\FreemakeVideoDownloader.resources.dll
[2013.04.19 13:36:58 | 000,069,120 | ---- | M] () -- \Program Files (x86)\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.dll
[2014.07.09 15:32:44 | 000,071,968 | ---- | M] () -- \Program Files\AVAST Software\Avast\aswWrcIELoader32.exe
[2014.07.09 15:32:44 | 000,085,376 | ---- | M] () -- \Program Files\AVAST Software\Avast\aswWrcIELoader64.exe
[2009.10.17 11:13:12 | 000,025,920 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\code\clr\V5JsyClrLoader.dll
[2009.07.11 01:49:02 | 000,002,520 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\docs\java\CATJsyClassLoader.jar
[2009.07.11 01:49:58 | 000,006,795 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\docs\java\CATJWSIWASLoader.jar
[2009.09.29 11:35:40 | 000,002,045 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\docs\java\ClassLoader_de.properties
[2004.01.23 17:29:00 | 000,001,684 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\docs\java\ClassLoader_en.properties
[2009.09.29 11:30:18 | 000,002,362 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\docs\java\ClassLoader_fr.properties
[2009.09.29 11:42:02 | 000,004,216 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\docs\java\ClassLoader_ja.properties
[2009.09.29 12:12:36 | 000,003,795 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\docs\java\ClassLoader_ko.properties
[2009.09.29 12:07:24 | 000,002,550 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\docs\java\ClassLoader_zh.properties
[2009.07.11 01:48:58 | 000,005,919 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\docs\java\V5JsyLoader.jar
[2009.07.11 01:49:02 | 000,002,520 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\docs\javaserver\CATJsyClassLoader.jar
[2009.07.11 01:49:58 | 000,006,795 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\docs\javaserver\CATJWSIWASLoader.jar
[2009.07.11 01:48:58 | 000,005,919 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\docs\javaserver\V5JsyLoader.jar
[2006.04.12 16:07:12 | 000,001,702 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\CATFMSaveLoadError.CATNls
[1999.11.26 14:59:46 | 000,000,147 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\CATMdlEdtSaveLoadError.CATNls
[2005.05.18 18:56:50 | 000,000,584 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\CATMMSaveLoadError.CATNls
[1999.04.29 17:31:30 | 000,000,066 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\CATOMCATSDMSaveLoadError.CATNls
[2008.05.20 18:33:14 | 000,001,275 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\CATOMLoadError.CATNls
[2005.04.19 09:33:58 | 000,003,533 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\CATOMSaveLoadError.CATNls
[2008.07.10 19:11:24 | 000,004,981 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\CATOsmSaveLoadError.CATNls
[2003.06.27 10:47:46 | 000,000,621 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\CATSmBOMSaveLoadError.CATNls
[2005.02.22 17:44:36 | 000,000,098 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\CATStandardSaveLoadError.CATNls
[2007.09.06 17:48:08 | 000,000,464 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\CATStkParamLoaderCmd.CATNls
[2009.08.05 13:49:14 | 000,001,581 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\OMCATSaveLoadError.CATNls
[2009.09.01 11:14:08 | 000,002,084 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\French\CATFMSaveLoadError.CATNls
[2009.09.01 11:16:14 | 000,000,161 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\French\CATMdlEdtSaveLoadError.CATNls
[2009.09.01 11:17:28 | 000,000,680 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\French\CATMMSaveLoadError.CATNls
[2009.09.01 11:18:00 | 000,000,108 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\French\CATOMCATSDMSaveLoadError.CATNls
[2009.09.01 11:18:02 | 000,001,467 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\French\CATOMLoadError.CATNls
[2009.09.01 11:18:02 | 000,004,261 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\French\CATOMSaveLoadError.CATNls
[2009.09.01 11:18:04 | 000,006,264 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\French\CATOsmSaveLoadError.CATNls
[2009.09.01 11:20:40 | 000,000,798 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\French\CATSmBOMSaveLoadError.CATNls
[2009.09.01 11:21:24 | 000,000,118 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\French\CATStandardSaveLoadError.CATNls
[2009.10.23 17:06:18 | 000,001,909 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\French\OMCATSaveLoadError.CATNls
[2009.08.31 16:06:04 | 000,002,065 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\German\CATFMSaveLoadError.CATNls
[2009.08.31 16:07:10 | 000,000,149 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\German\CATMdlEdtSaveLoadError.CATNls
[2009.08.31 16:07:56 | 000,000,712 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\German\CATMMSaveLoadError.CATNls
[2009.08.31 16:08:16 | 000,000,088 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\German\CATOMCATSDMSaveLoadError.CATNls
[2009.08.31 16:08:16 | 000,001,439 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\German\CATOMLoadError.CATNls
[2009.08.31 16:08:16 | 000,004,380 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\German\CATOMSaveLoadError.CATNls
[2009.08.31 16:08:18 | 000,006,160 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\German\CATOsmSaveLoadError.CATNls
[2009.08.31 16:09:48 | 000,000,839 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\German\CATSmBOMSaveLoadError.CATNls
[2009.08.31 16:10:18 | 000,000,110 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\German\CATStandardSaveLoadError.CATNls
[2009.10.23 16:58:58 | 000,001,860 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\German\OMCATSaveLoadError.CATNls
[2009.09.04 11:58:00 | 000,001,966 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Italian\CATFMSaveLoadError.CATNls
[2009.09.04 11:58:44 | 000,000,161 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Italian\CATMdlEdtSaveLoadError.CATNls
[2009.09.04 11:59:14 | 000,000,670 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Italian\CATMMSaveLoadError.CATNls
[2009.09.04 11:59:28 | 000,000,089 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Italian\CATOMCATSDMSaveLoadError.CATNls
[2009.09.04 11:59:28 | 000,001,370 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Italian\CATOMLoadError.CATNls
[2009.09.04 11:59:28 | 000,004,167 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Italian\CATOMSaveLoadError.CATNls
[2009.09.04 11:59:30 | 000,006,121 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Italian\CATOsmSaveLoadError.CATNls
[2009.09.04 12:00:32 | 000,000,743 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Italian\CATSmBOMSaveLoadError.CATNls
[2009.09.04 12:00:54 | 000,000,117 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Italian\CATStandardSaveLoadError.CATNls
[2009.10.16 16:29:08 | 000,001,934 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Italian\OMCATSaveLoadError.CATNls
[2009.08.28 16:40:30 | 000,001,774 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Japanese\CATFMSaveLoadError.CATNls
[2009.08.28 16:41:16 | 000,000,128 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Japanese\CATMdlEdtSaveLoadError.CATNls
[2009.08.28 16:41:22 | 000,000,593 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Japanese\CATMMSaveLoadError.CATNls
[2009.08.28 16:41:28 | 000,000,072 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Japanese\CATOMCATSDMSaveLoadError.CATNls
[2009.08.28 16:41:28 | 000,001,197 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Japanese\CATOMLoadError.CATNls
[2009.08.28 16:41:28 | 000,003,437 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Japanese\CATOMSaveLoadError.CATNls
[2009.08.28 16:41:30 | 000,004,842 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Japanese\CATOsmSaveLoadError.CATNls
[2009.08.28 16:41:54 | 000,000,702 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Japanese\CATSmBOMSaveLoadError.CATNls
[2009.08.28 16:41:58 | 000,000,087 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Japanese\CATStandardSaveLoadError.CATNls
[2009.10.21 15:01:52 | 000,001,495 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Japanese\OMCATSaveLoadError.CATNls
[2009.08.28 14:14:00 | 000,001,639 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Korean\CATFMSaveLoadError.CATNls
[2009.08.28 14:15:30 | 000,000,129 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Korean\CATMdlEdtSaveLoadError.CATNls
[2009.08.28 14:15:44 | 000,000,588 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Korean\CATMMSaveLoadError.CATNls
[2009.08.28 14:16:00 | 000,000,074 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Korean\CATOMCATSDMSaveLoadError.CATNls
[2009.08.28 14:16:00 | 000,001,245 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Korean\CATOMLoadError.CATNls
[2009.08.28 14:16:00 | 000,003,466 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Korean\CATOMSaveLoadError.CATNls
[2009.08.28 14:16:02 | 000,004,993 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Korean\CATOsmSaveLoadError.CATNls
[2009.08.28 14:17:42 | 000,000,663 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Korean\CATSmBOMSaveLoadError.CATNls
[2009.08.28 14:17:50 | 000,000,092 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Korean\CATStandardSaveLoadError.CATNls
[2009.08.28 14:20:32 | 000,001,539 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Korean\OMCATSaveLoadError.CATNls
[2009.08.31 16:56:34 | 000,001,845 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Russian\CATFMSaveLoadError.CATNls
[2009.08.31 16:57:38 | 000,000,145 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Russian\CATMdlEdtSaveLoadError.CATNls
[2009.08.31 16:57:48 | 000,000,695 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Russian\CATMMSaveLoadError.CATNls
[2009.08.31 16:58:02 | 000,000,074 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Russian\CATOMCATSDMSaveLoadError.CATNls
[2009.08.31 16:58:02 | 000,001,357 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Russian\CATOMLoadError.CATNls
[2009.08.31 16:58:02 | 000,003,753 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Russian\CATOMSaveLoadError.CATNls
[2009.08.31 16:58:04 | 000,005,318 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Russian\CATOsmSaveLoadError.CATNls
[2009.08.31 16:59:32 | 000,000,726 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Russian\CATSmBOMSaveLoadError.CATNls
[2009.08.31 16:59:36 | 000,000,099 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Russian\CATStandardSaveLoadError.CATNls
[2009.10.13 11:12:38 | 000,001,623 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Russian\OMCATSaveLoadError.CATNls
[2009.09.30 17:31:10 | 000,001,195 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Simplified_Chinese\CATFMSaveLoadError.CATNls
[2009.09.30 17:31:36 | 000,000,099 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Simplified_Chinese\CATMdlEdtSaveLoadError.CATNls
[2009.09.30 17:31:40 | 000,000,401 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Simplified_Chinese\CATMMSaveLoadError.CATNls
[2009.09.30 17:33:00 | 000,000,053 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Simplified_Chinese\CATOMCATSDMSaveLoadError.CATNls
[2009.09.30 17:33:00 | 000,000,958 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Simplified_Chinese\CATOMLoadError.CATNls
[2009.09.30 17:33:00 | 000,002,562 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Simplified_Chinese\CATOMSaveLoadError.CATNls
[2009.09.30 17:33:02 | 000,003,980 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Simplified_Chinese\CATOsmSaveLoadError.CATNls
[2009.09.30 17:33:32 | 000,000,503 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Simplified_Chinese\CATSmBOMSaveLoadError.CATNls
[2009.09.30 17:33:34 | 000,000,063 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Simplified_Chinese\CATStandardSaveLoadError.CATNls
[2009.10.12 13:43:40 | 000,001,128 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Simplified_Chinese\OMCATSaveLoadError.CATNls
[2005.11.24 14:34:26 | 000,000,176 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\servlet\SessionDownloader.XMLServlet
[2005.06.09 16:05:40 | 000,000,126 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\widget\FileUploader.XMLWidget
[2012.06.09 19:19:38 | 000,055,296 | ---- | M] () -- \Program Files\WinRAR\Formats\ace32loader.exe
[2013.11.27 18:39:27 | 000,001,350 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake\Freemake Video Downloader.lnk
[2010.12.16 14:11:46 | 000,001,037 | ---- | M] () -- \Programme\iTNC530\340494\sys\usr\lib\gtk\etc\gtk-2.0\gdk-pixbuf.loaders
[2010.12.16 14:11:46 | 000,002,416 | ---- | M] () -- \Programme\iTNC530\340494\sys\usr\lib\gtk\etc\gtk-2.0\gdk-pixbuf.loaders.all
[2013.11.27 18:39:27 | 000,001,350 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\Freemake\Freemake Video Downloader.lnk
[2013.11.27 18:39:27 | 000,001,332 | ---- | M] () -- \Users\Public\Desktop\Freemake Video Downloader.lnk
[2014.08.13 13:14:30 | 000,009,418 | ---- | M] () -- \Users\Venca\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.13.2_0\img\gifloader.gif
[2013.11.23 13:40:04 | 000,003,061 | ---- | M] () -- \Users\Venca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ELLSYLAC\rmsloaderdelayeddiv[1].js
[12 \Users\Venca\AppData\Local\Temp\*.tmp files -> \Users\Venca\AppData\Local\Temp\*.tmp -> ]
[2013.11.27 18:39:27 | 000,001,437 | ---- | M] () -- \Users\Venca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake\Uninstall\Uninstall Freemake Video Downloader.lnk
[2014.03.03 15:12:36 | 000,000,145 | ---- | M] () -- \Users\Venca\Desktop\huba má\DESKTOP\shit\zaloha DELL\dokumenty\Freemake\FreemakeVideoDownloader\Persistent\DownloaderPersistentList.xml
[2014.02.28 10:22:14 | 001,272,264 | ---- | M] () -- \Users\Venca\Desktop\huba má\DESKTOP\shit\zaloha DELL\Stažené souboury\FreemakeVideoDownloaderSetup.exe
[2014.09.09 19:52:15 | 000,000,145 | ---- | M] () -- \Users\Venca\Documents\Freemake\FreemakeVideoDownloader\Persistent\DownloaderPersistentList.xml
[2013.08.02 02:48:15 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2013.08.02 02:48:15 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2009.07.14 02:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009.07.14 02:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:38:44 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 03:12:19 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:39:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_69239340abbb38d0\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 07:20:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_695e76beab8ff095\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.29 03:18:31 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22436_none_694dd858ab9ba72a\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.03.04 12:03:17 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22616_none_69637bfcab8b6996\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.04.12 03:28:21 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_69353b6eabae8d55\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.10.16 15:04:07 | 000,004,141 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18526_cs-cz_915f8df913af6c96.manifest
[2014.10.16 15:04:07 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18526_cs-cz_915f8df913af6c96_winload.efi.mui_35ee487d
[2014.10.16 15:04:07 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18526_cs-cz_915f8df913af6c96_winload.exe.mui_3bc5b827
[2014.10.16 15:04:07 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18526_cs-cz_915f8df913af6c96_winresume.efi.mui_f412814e
[2014.10.16 15:04:07 | 000,030,288 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18526_cs-cz_915f8df913af6c96_winresume.exe.mui_ff8b5358
[2014.10.16 15:04:09 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18574_none_b90bc95183772bd0.manifest
[2014.10.16 15:04:09 | 000,693,176 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18574_none_b90bc95183772bd0_winload.efi_75834aa0
[2014.10.16 15:04:09 | 000,619,056 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18574_none_b90bc95183772bd0_winload.exe_75835076
[2014.10.16 15:04:09 | 000,616,352 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18574_none_b90bc95183772bd0_winresume.efi_85cd069f
[2014.10.16 15:04:09 | 000,532,176 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18574_none_b90bc95183772bd0_winresume.exe_85cd1215
[2009.07.14 03:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 03:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2011.02.23 15:44:42 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2014.07.08 22:51:46 | 000,004,141 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18526_cs-cz_915f8df913af6c96.manifest
[2014.07.08 22:52:03 | 000,004,141 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22736_cs-cz_91de5cbe2cd52578.manifest
[2010.11.21 04:16:35 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89.manifest
[2011.02.05 18:34:23 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2014.08.19 04:35:45 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18574_none_b90bc95183772bd0.manifest
[2011.02.05 14:09:57 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e.manifest
[2014.08.19 04:26:49 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22780_none_b98696ee9ca07f56.manifest
[2009.07.14 03:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 05:45:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 02:48:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 05:46:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_0d04f7bcf35dc79a\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 06:53:29 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_0d3fdb3af3327f5f\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.29 02:54:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22436_none_0d2f3cd4f33e35f4\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.03.04 11:35:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22616_none_0d44e078f32df860\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.04.12 03:03:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_0d169feaf3511c1f\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.11.17 13:44:46 | 000,000,145 | ---- | M] () -- \Záloha doc\Freemake\FreemakeVideoDownloader\Persistent\DownloaderPersistentList.xml
[2013.03.28 17:24:06 | 001,290,264 | ---- | M] () -- \Záloha doc\instalačky\FreemakeVideoDownloaderSetup.exe

< *minodlogin* /s >

< *tnod* /s >
[2009.09.26 01:26:44 | 000,098,816 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\code\bin\CATNodelockDlg.dll
[2009.09.26 02:23:12 | 000,041,984 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\code\bin\CATNodelockMgt.exe
[2009.09.26 02:23:12 | 000,013,824 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\code\bin\CATNodelockMgtB.exe
[2009.09.26 01:26:42 | 000,028,672 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\code\bin\CATNodelockUtil.dll
[2005.09.27 20:56:10 | 000,000,382 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\graphic\icons\CATVoaSeatNode.bmp
[2003.11.05 20:54:34 | 000,000,350 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\graphic\icons\I_TreeConstraintNode.bmp
[2004.03.19 23:20:56 | 000,001,550 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\graphic\icons\I_TreeReportNode.bmp
[2005.02.08 22:06:12 | 000,000,822 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\graphic\icons\I_TreeSegmentOffsetNode.bmp
[2005.11.29 17:57:42 | 000,000,348 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\graphic\icons\normal\I_ArrInsertNodeCenterLocation.bmp
[2000.10.18 01:43:30 | 000,001,606 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\graphic\icons\normal\I_ArrInsertNodes.bmp
[2005.11.29 17:58:34 | 000,000,348 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\graphic\icons\normal\I_ArrInsertNodesBetweenRange.bmp
[2000.08.22 13:26:24 | 000,001,606 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\graphic\icons\normal\I_AssyFeatNode.bmp
[2002.06.19 15:47:24 | 000,001,606 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\graphic\icons\normal\I_QsrAdjustNode.bmp
[2001.05.15 16:42:28 | 000,000,382 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\graphic\icons\normal\I_TlbModuleConstantNode.bmp
[2005.11.29 17:58:08 | 000,000,212 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\graphic\icons\small\I_ArrInsertNodeCenterLocation.bmp
[2000.10.18 01:42:54 | 000,001,334 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\graphic\icons\small\I_ArrInsertNodes.bmp
[2005.11.29 17:58:46 | 000,000,212 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\graphic\icons\small\I_ArrInsertNodesBetweenRange.bmp
[2002.06.19 15:38:08 | 000,001,334 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\graphic\icons\small\I_QsrAdjustNode.bmp
[2005.12.13 02:54:36 | 000,001,745 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\CATArrInsertNodeCmd.CATNls
[2005.12.07 01:15:50 | 000,000,676 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\CATArrInsertNodePanel.CATNls
[2005.12.07 01:11:32 | 000,000,220 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\CATArrInsertNodePanel.CATRsc
[2007.02.15 14:24:54 | 000,006,818 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\CATCustNodeSettings.CATNls
[2005.01.20 15:29:20 | 000,000,856 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\CATDYNSelectNodeFrame.CATNls
[2006.03.24 14:13:14 | 000,009,904 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\CATNodelockDlg.CATNls
[1999.05.06 23:14:20 | 000,000,035 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\CATNodelockEditorDlg.CATNls
[2004.04.08 14:42:28 | 000,001,009 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\CATNodelockMgtB.CATNls
[2004.06.23 10:02:52 | 000,009,110 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\CATNodeSettings.CATNls
[1999.11.08 17:23:34 | 000,000,094 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\CATNodeSettingsEditor.CATNls
[2000.10.20 15:56:04 | 000,000,268 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\CATNodeSettingsEditor.CATRsc
[2006.09.12 13:52:20 | 000,001,913 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\CATQsrAdjustNodeCmd.CATNls
[2006.11.06 11:21:22 | 000,001,639 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\CATQsrAdjustNodeDlg.CATNls
[2009.04.15 15:03:42 | 000,000,208 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\DNBPertNodeVisuAdapter.CATNls
[2009.09.01 11:10:30 | 000,002,093 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\French\CATArrInsertNodeCmd.CATNls
[2009.09.01 11:10:30 | 000,000,779 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\French\CATArrInsertNodePanel.CATNls
[2009.09.01 11:12:02 | 000,007,292 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\French\CATCustNodeSettings.CATNls
[2009.09.01 11:13:02 | 000,000,901 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\French\CATDYNSelectNodeFrame.CATNls
[2009.09.01 11:18:00 | 000,010,738 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\French\CATNodelockDlg.CATNls
[2009.09.01 11:18:00 | 000,000,038 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\French\CATNodelockEditorDlg.CATNls
[2009.09.01 11:18:00 | 000,001,113 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\French\CATNodelockMgtB.CATNls
[2009.09.01 11:18:00 | 000,009,789 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\French\CATNodeSettings.CATNls
[2009.09.01 11:18:00 | 000,000,106 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\French\CATNodeSettingsEditor.CATNls
[2009.09.01 11:19:16 | 000,002,088 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\French\CATQsrAdjustNodeCmd.CATNls
[2009.09.01 11:19:16 | 000,001,690 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\French\CATQsrAdjustNodeDlg.CATNls
[2009.09.01 11:24:10 | 000,000,216 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\French\DNBPertNodeVisuAdapter.CATNls
[2009.08.31 16:04:40 | 000,002,244 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\German\CATArrInsertNodeCmd.CATNls
[2009.08.31 16:04:40 | 000,000,804 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\German\CATArrInsertNodePanel.CATNls
[2009.08.31 16:05:20 | 000,007,017 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\German\CATCustNodeSettings.CATNls
[2009.08.31 16:05:52 | 000,000,908 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\German\CATDYNSelectNodeFrame.CATNls
[2009.08.31 16:08:16 | 000,010,654 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\German\CATNodelockDlg.CATNls
[2009.08.31 16:08:16 | 000,000,045 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\German\CATNodelockEditorDlg.CATNls
[2009.08.31 16:08:16 | 000,001,013 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\German\CATNodelockMgtB.CATNls
[2009.08.31 16:08:16 | 000,009,301 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\German\CATNodeSettings.CATNls
[2009.08.31 16:08:16 | 000,000,094 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\German\CATNodeSettingsEditor.CATNls
[2009.08.31 16:11:58 | 000,000,217 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\German\DNBPertNodeVisuAdapter.CATNls
[2009.09.04 11:57:10 | 000,002,015 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Italian\CATArrInsertNodeCmd.CATNls
[2009.09.04 11:57:10 | 000,000,771 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Italian\CATArrInsertNodePanel.CATNls
[2009.09.04 11:57:32 | 000,007,435 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Italian\CATCustNodeSettings.CATNls
[2009.09.04 11:57:52 | 000,000,886 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Italian\CATDYNSelectNodeFrame.CATNls
[2009.09.04 11:59:28 | 000,010,895 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Italian\CATNodelockDlg.CATNls
[2009.09.04 11:59:28 | 000,000,048 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Italian\CATNodelockEditorDlg.CATNls
[2009.09.04 11:59:28 | 000,001,194 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Italian\CATNodelockMgtB.CATNls
[2009.09.04 11:59:28 | 000,010,098 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Italian\CATNodeSettings.CATNls
[2009.09.04 11:59:28 | 000,000,105 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Italian\CATNodeSettingsEditor.CATNls
[2009.09.04 12:02:04 | 000,000,216 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Italian\DNBPertNodeVisuAdapter.CATNls
[2009.08.28 16:39:30 | 000,001,721 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Japanese\CATArrInsertNodeCmd.CATNls
[2009.08.28 16:39:30 | 000,000,644 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Japanese\CATArrInsertNodePanel.CATNls
[2009.08.28 16:39:44 | 000,006,175 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Japanese\CATCustNodeSettings.CATNls
[2009.08.28 16:34:34 | 000,000,843 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Japanese\CATDYNSelectNodeFrame.CATNls
[2009.08.28 16:41:28 | 000,009,428 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Japanese\CATNodelockDlg.CATNls
[2009.08.28 16:41:28 | 000,000,032 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Japanese\CATNodelockEditorDlg.CATNls
[2009.08.28 16:41:28 | 000,000,967 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Japanese\CATNodelockMgtB.CATNls
[2009.08.28 16:41:28 | 000,008,726 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Japanese\CATNodeSettings.CATNls
[2009.08.28 16:41:28 | 000,000,092 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Japanese\CATNodeSettingsEditor.CATNls
[2009.08.28 16:43:14 | 000,001,837 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Japanese\CATQsrAdjustNodeCmd.CATNls
[2009.08.28 16:43:14 | 000,001,563 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Japanese\CATQsrAdjustNodeDlg.CATNls
[2009.08.28 16:37:06 | 000,000,193 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Japanese\DNBPertNodeVisuAdapter.CATNls
[2009.08.28 14:11:10 | 000,001,702 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Korean\CATArrInsertNodeCmd.CATNls
[2009.08.28 14:11:10 | 000,000,632 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Korean\CATArrInsertNodePanel.CATNls
[2009.08.28 14:12:28 | 000,006,473 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Korean\CATCustNodeSettings.CATNls
[2009.08.28 14:15:58 | 000,009,804 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Korean\CATNodelockDlg.CATNls
[2009.08.28 14:15:58 | 000,000,034 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Korean\CATNodelockEditorDlg.CATNls
[2009.08.28 14:15:58 | 000,000,997 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Korean\CATNodelockMgtB.CATNls
[2009.08.28 14:15:58 | 000,009,112 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Korean\CATNodeSettings.CATNls
[2009.08.28 14:15:58 | 000,000,095 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Korean\CATNodeSettingsEditor.CATNls
[2009.08.31 16:55:28 | 000,007,013 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Russian\CATCustNodeSettings.CATNls
[2009.08.31 16:58:00 | 000,010,490 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Russian\CATNodelockDlg.CATNls
[2009.08.31 16:58:00 | 000,000,048 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Russian\CATNodelockEditorDlg.CATNls
[2009.08.31 16:58:00 | 000,001,168 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Russian\CATNodelockMgtB.CATNls
[2009.08.31 16:58:00 | 000,009,342 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Russian\CATNodeSettings.CATNls
[2009.08.31 16:58:00 | 000,000,090 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Russian\CATNodeSettingsEditor.CATNls
[2009.09.30 17:30:24 | 000,001,392 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Simplified_Chinese\CATArrInsertNodeCmd.CATNls
[2009.09.30 17:30:24 | 000,000,586 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Simplified_Chinese\CATArrInsertNodePanel.CATNls
[2009.09.30 17:30:44 | 000,005,684 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Simplified_Chinese\CATCustNodeSettings.CATNls
[2009.09.30 17:33:00 | 000,008,325 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Simplified_Chinese\CATNodelockDlg.CATNls
[2009.09.30 17:33:00 | 000,000,028 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Simplified_Chinese\CATNodelockEditorDlg.CATNls
[2009.09.30 17:33:00 | 000,000,918 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Simplified_Chinese\CATNodelockMgtB.CATNls
[2009.09.30 17:33:00 | 000,008,087 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Simplified_Chinese\CATNodeSettings.CATNls
[2009.09.30 17:33:00 | 000,000,085 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\resources\msgcatalog\Simplified_Chinese\CATNodeSettingsEditor.CATNls
[2005.01.28 18:52:04 | 000,000,232 | ---- | M] () -- \Program Files\Dassault Systemes\B20\win_b64\startup\EquipmentAndSystems\MultiDiscipline\SampleData\RunInputNodeData.txt

< *AutoKMS* /s >

< *activator* /s >

< *serial* /s >
[2014.07.10 23:24:10 | 000,970,752 | ---- | M] () -- \Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2011.02.23 15:48:42 | 000,090,112 | ---- | M] () -- \Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[2014.07.10 23:24:01 | 000,847,872 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2011.02.23 15:48:42 | 000,090,112 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[2007.03.28 16:07:46 | 000,000,358 | ---- | M] () -- \Users\Venca\Desktop\huba má\DESKTOP\hidded\Hidden and Dngerous 2 cz\Serial.txt
[2013.07.08 13:43:52 | 000,011,776 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2014.06.24 00:43:20 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2010.11.13 03:37:37 | 000,090,112 | ---- | M] () -- \Windows\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
[2014.07.10 23:24:10 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2014.10.16 22:42:52 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\91eb4f41130c65ef17f0fee1d3ab48fb\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.10.18 12:35:50 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\b1e0939384cc320d6ac7b8921ccc2877\System.Runtime.Serialization.ni.dll
[2014.10.16 22:47:59 | 000,396,288 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\2a07bf9a29a64827bf06e7853214fc0f\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.10.18 12:54:02 | 003,073,536 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\5015b90fbd31c9ba4fff989b2c79711b\System.Runtime.Serialization.ni.dll
[2014.09.10 15:25:53 | 000,309,760 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#\e67230bbca0858b6ff4caccfb4595fa8\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.09.10 15:25:53 | 000,000,580 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#\e67230bbca0858b6ff4caccfb4595fa8\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux
[2014.10.16 15:13:13 | 002,822,144 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f9f13cd8fe1cefaad78579a7c3a41464\System.Runtime.Serialization.ni.dll
[2014.10.16 15:13:13 | 000,001,308 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f9f13cd8fe1cefaad78579a7c3a41464\System.Runtime.Serialization.ni.dll.aux
[2014.03.25 20:24:22 | 000,026,624 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.84e525b7#\94ce7a3b39b335283a0087f9964e9099\System.Xml.Serialization.ni.dll
[2014.03.25 20:24:22 | 000,000,376 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.84e525b7#\94ce7a3b39b335283a0087f9964e9099\System.Xml.Serialization.ni.dll.aux
[2014.09.10 17:18:47 | 000,376,832 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\10cfe6422504c1beb7abe4f8f26aa6a8\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.09.10 17:18:47 | 000,000,580 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\10cfe6422504c1beb7abe4f8f26aa6a8\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux
[2014.10.19 20:25:19 | 003,638,272 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runteb92aa12#\6d9b2d977435904b70f2e1571f7cf026\System.Runtime.Serialization.ni.dll
[2014.10.19 20:25:19 | 000,001,308 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runteb92aa12#\6d9b2d977435904b70f2e1571f7cf026\System.Runtime.Serialization.ni.dll.aux
[2014.04.22 18:55:51 | 000,028,672 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Xml.84e525b7#\7c4a5c747f2dcdac0329022b43a7be6b\System.Xml.Serialization.ni.dll
[2014.04.22 18:55:51 | 000,000,376 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Xml.84e525b7#\7c4a5c747f2dcdac0329022b43a7be6b\System.Xml.Serialization.ni.dll.aux
[2014.03.03 11:08:45 | 002,825,216 | ---- | M] () -- \Windows\assembly\temp\UISED7VY97\System.Runtime.Serialization.ni.dll
[2014.03.03 11:08:45 | 000,001,308 | ---- | M] () -- \Windows\assembly\temp\UISED7VY97\System.Runtime.Serialization.ni.dll.aux
[2013.09.11 22:33:38 | 001,052,320 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\BE4EBED704B66673BB53C5BB3C58AD73\4.5.50938\System.Runtime.Serialization.dll.amd64
[2013.09.11 22:33:38 | 001,052,320 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\BE4EBED704B66673BB53C5BB3C58AD73\4.5.50938\System.Runtime.Serialization.dll.x86
[2013.09.11 22:33:38 | 001,052,320 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\BE4EBED704B66673BB53C5BB3C58AD73\4.5.50938\System.Runtime.Serialization.dll_gac_x86
[2013.09.11 21:33:38 | 000,027,920 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\v4.0_4.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2013.09.11 22:33:38 | 000,133,344 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2013.09.11 21:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Json\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Json.dll
[2013.09.11 21:21:54 | 000,022,208 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Primitives.dll
[2013.09.11 21:33:38 | 000,113,864 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.RunTime.Serialization.resources\v4.0_4.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.resources.dll
[2013.09.11 21:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Xml\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Xml.dll
[2014.07.23 00:17:44 | 001,050,840 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2013.09.11 21:21:54 | 000,036,480 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
[2013.09.11 21:21:54 | 000,022,656 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.XmlSerializer\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Xml.XmlSerializer.dll
[2014.06.24 00:43:20 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2011.02.23 15:48:26 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2014.07.10 23:24:11 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2014.07.23 00:17:44 | 001,050,840 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2013.09.11 22:33:38 | 000,133,344 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2013.09.11 21:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Json.dll
[2013.09.11 21:21:54 | 000,022,208 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Primitives.dll
[2013.09.11 21:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Xml.dll
[2013.09.11 21:21:54 | 000,036,480 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll
[2013.09.11 21:21:54 | 000,022,656 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.XmlSerializer.dll
[2013.09.11 21:33:38 | 000,027,920 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2013.09.11 21:33:38 | 000,113,864 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\cs\System.RunTime.Serialization.resources.dll
[2014.06.24 00:43:09 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2011.02.23 15:48:20 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2014.07.10 23:24:02 | 000,847,872 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2014.07.23 00:17:44 | 001,050,840 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.dll
[2013.09.11 22:33:38 | 000,133,344 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2013.09.11 21:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Json.dll
[2013.09.11 21:21:54 | 000,022,208 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Primitives.dll
[2013.09.11 21:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Xml.dll
[2013.09.11 21:21:54 | 000,036,480 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.Serialization.dll
[2013.09.11 21:21:54 | 000,022,656 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.XmlSerializer.dll
[2013.09.11 19:32:16 | 000,027,920 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2013.09.11 19:32:16 | 000,113,864 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\cs\System.RunTime.Serialization.resources.dll
[2009.07.14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2011.02.23 15:48:06 | 000,005,120 | ---- | M] () -- \Windows\System32\cs-CZ\serialui.dll.mui
[2009.07.14 01:00:40 | 000,094,208 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_amd64_neutral_fdcfb86ce78678d1\serial.sys
[2009.06.10 21:37:50 | 000,038,400 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_amd64_neutral_6fb75ea318f84fe5\grserial.sys
[2009.07.14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\SysWOW64\serialui.dll
[2011.02.23 15:48:06 | 000,005,120 | ---- | M] () -- \Windows\SysWOW64\cs-CZ\serialui.dll.mui
[2011.02.23 15:48:20 | 000,011,776 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_1e527062c1f59d5f\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2011.02.23 15:48:20 | 000,011,776 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_cs-cz_1e468964c1feb99a\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2011.02.23 15:48:20 | 000,011,776 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.22731_cs-cz_1ec35795db263fce\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2011.02.23 15:48:27 | 000,005,120 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_aa5fd338fd5bcb23\serialui.dll.mui
[2009.07.14 02:41:54 | 000,017,920 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360\serialui.dll
[2011.02.23 15:48:42 | 000,090,112 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_bb9a1800691e639c\System.RunTime.Serialization.Resources.dll
[2011.02.23 15:48:42 | 000,090,112 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_cs-cz_bb8e310269277fd7\System.RunTime.Serialization.Resources.dll
[2011.02.23 15:48:42 | 000,090,112 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.22733_cs-cz_bc0cffc7824d38b9\System.RunTime.Serialization.Resources.dll
[2011.02.23 15:48:30 | 000,009,728 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_20ab142d65ed6acc\serial.sys.mui
[2009.07.14 01:00:40 | 000,094,208 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_548ca258d20f4ada\serial.sys
[2009.06.10 21:40:06 | 000,131,072 | ---- | M] () -- \Windows\winsxs\amd64_netfx-system.runtim..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_a9d1bee515273f56\System.Runtime.Serialization.Formatters.Soap.dll
[2014.06.24 00:43:09 | 000,131,072 | ---- | M] () -- \Windows\winsxs\amd64_netfx-system.runtim..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7601.18523_none_a9a7e561157d82e9\System.Runtime.Serialization.Formatters.Soap.dll
[2014.06.24 00:43:05 | 000,131,072 | ---- | M] () -- \Windows\winsxs\amd64_netfx-system.runtim..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7601.22733_none_92db3ec72f23fc97\System.Runtime.Serialization.Formatters.Soap.dll
[2009.06.10 21:37:50 | 000,038,400 | ---- | M] () -- \Windows\winsxs\amd64_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_ce9ed3064deed3aa\grserial.sys
[2010.11.21 04:24:53 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17514_none_5918bfde74e3f722\System.Runtime.Serialization.dll
[2012.10.05 11:52:38 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17966_none_591d933074dfaa5b\System.Runtime.Serialization.dll
[2014.03.09 22:48:51 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.18523_none_5919d8d674e2f3ff\System.Runtime.Serialization.dll
[2014.07.10 23:24:02 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.18532_none_591aefe874e1f3b5\System.Runtime.Serialization.dll
[2012.10.05 11:56:11 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.22126_none_424bee728e8a9f53\System.Runtime.Serialization.dll
[2014.03.17 15:38:51 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.22733_none_424d323c8e896dad\System.Runtime.Serialization.dll
[2014.07.08 00:36:29 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.22743_none_424e32868e888704\System.Runtime.Serialization.dll
[2010.11.21 04:24:53 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_93efcca8c8dbf1bb\System.Runtime.Serialization.dll
[2012.10.05 11:52:37 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_93f49ffac8d7a4f4\System.Runtime.Serialization.dll
[2014.03.09 22:48:50 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.18523_none_93f0e5a0c8daee98\System.Runtime.Serialization.dll
[2014.07.10 23:24:01 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.18532_none_93f1fcb2c8d9ee4e\System.Runtime.Serialization.dll
[2012.10.05 11:56:11 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_7d22fb3ce28299ec\System.Runtime.Serialization.dll
[2014.03.17 15:38:51 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22733_none_7d243f06e2816846\System.Runtime.Serialization.dll
[2014.07.08 00:36:29 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22743_none_7d253f50e280819d\System.Runtime.Serialization.dll
[2013.11.23 18:24:26 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8.manifest
[2013.11.23 18:24:26 | 000,017,792 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8_kdcom.dll_db5e7744
[2011.02.23 15:49:14 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_aa5fd338fd5bcb23_serialui.dll.mui_7d29d2a3
[2009.07.14 03:57:29 | 000,017,920 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360_serialui.dll_bea29328
[2011.02.23 15:49:09 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed_serialui.dll.mui_7d29d2a3
[2009.07.14 03:58:37 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a_serialui.dll_bea29328
[2009.07.14 03:15:17 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_6daa7ec5c65bf5bc.manifest
[2011.02.05 18:35:45 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8.manifest
[2011.02.05 14:11:05 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.21655_none_703aeff2dc87a23b.manifest
[2009.07.14 03:11:30 | 000,000,868 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.1.7600.16385_none_88b1c48f2026fe3f.manifest
[2010.11.21 04:17:50 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17514_none_5918bfde74e3f722.manifest
[2012.10.05 19:18:30 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17966_none_591d933074dfaa5b.manifest
[2014.07.02 07:30:52 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.18523_none_5919d8d674e2f3ff.manifest
[2014.07.14 03:24:48 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.18532_none_591aefe874e1f3b5.manifest
[2012.10.05 19:10:31 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.22126_none_424bee728e8a9f53.manifest
[2014.07.02 07:30:44 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.22733_none_424d323c8e896dad.manifest
[2014.07.14 03:13:57 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.22743_none_424e32868e888704.manifest
[2010.11.21 04:17:50 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_93efcca8c8dbf1bb.manifest
[2012.10.05 19:19:07 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_93f49ffac8d7a4f4.manifest
[2014.07.02 07:31:00 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.18523_none_93f0e5a0c8daee98.manifest
[2014.07.14 03:24:58 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.18532_none_93f1fcb2c8d9ee4e.manifest
[2012.10.05 19:11:10 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_7d22fb3ce28299ec.manifest
[2014.07.02 07:30:53 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22733_none_7d243f06e2816846.manifest
[2014.07.14 03:14:06 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22743_none_7d253f50e280819d.manifest
[2010.11.21 04:17:50 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c.manifest
[2012.10.05 18:15:39 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17966_none_a683f56a74d63285.manifest
[2014.07.02 06:57:49 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.18523_none_a6803b1074d97c29.manifest
[2014.07.14 03:04:09 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.18532_none_a681522274d87bdf.manifest
[2012.10.05 18:17:50 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22126_none_8fb250ac8e81277d.manifest
[2014.07.02 07:07:46 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22733_none_8fb394768e7ff5d7.manifest
[2014.07.14 03:04:27 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22743_none_8fb494c08e7f0f2e.manifest
[2011.02.23 15:46:22 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0.manifest
[2012.10.05 21:12:17 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17966_cs-cz_342f3c238422529f.manifest
[2014.07.02 08:46:46 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.18523_cs-cz_342b81c984259c43.manifest
[2014.07.14 05:02:27 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.18532_cs-cz_342c98db84249bf9.manifest
[2012.10.05 20:59:28 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22126_cs-cz_1d5d97659dcd4797.manifest
[2014.07.02 09:08:13 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22733_cs-cz_1d5edb2f9dcc15f1.manifest
[2014.07.14 05:06:58 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22743_cs-cz_1d5fdb799dcb2f48.manifest
[2010.11.21 04:17:50 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f.manifest
[2012.10.05 18:15:03 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17966_none_d6c72b049c7d33b8.manifest
[2014.07.02 07:00:03 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.18523_none_d6c370aa9c807d5c.manifest
[2014.07.14 03:06:40 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.18532_none_d6c487bc9c7f7d12.manifest
[2012.10.05 18:17:15 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22126_none_bff58646b62828b0.manifest
[2014.07.02 07:10:04 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22733_none_bff6ca10b626f70a.manifest
[2014.07.14 03:06:53 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22743_none_bff7ca5ab6261061.manifest
[2010.11.21 04:18:20 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1.manifest
[2012.10.05 18:19:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_dba1d6d1dd53cdfa.manifest
[2014.07.02 06:58:58 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.18523_none_db9e1c77dd57179e.manifest
[2014.07.14 03:05:25 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.18532_none_db9f3389dd561754.manifest
[2012.10.05 18:22:10 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_c4d03213f6fec2f2.manifest
[2014.07.02 07:08:55 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22733_none_c4d175ddf6fd914c.manifest
[2014.07.14 03:05:41 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22743_none_c4d27627f6fcaaa3.manifest
[2009.06.10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll
[2014.06.24 00:43:20 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7601.18523_none_1c70653de072abde\System.Runtime.Serialization.Formatters.Soap.dll
[2014.06.24 00:43:36 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7601.22733_none_05a3bea3fa19258c\System.Runtime.Serialization.Formatters.Soap.dll
[2011.02.23 15:48:23 | 000,011,776 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.1.7600.16385_cs-cz_d5c3552dd9b47144\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2013.07.08 13:43:52 | 000,011,776 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.1.7601.18523_cs-cz_d5997ba9da0ab4d7\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010.11.21 04:24:53 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c\System.Runtime.Serialization.dll
[2012.10.05 11:53:24 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17966_none_a683f56a74d63285\System.Runtime.Serialization.dll
[2014.03.09 22:47:42 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.18523_none_a6803b1074d97c29\System.Runtime.Serialization.dll
[2014.07.10 23:24:11 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.18532_none_a681522274d87bdf\System.Runtime.Serialization.dll
[2012.10.05 11:56:07 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22126_none_8fb250ac8e81277d\System.Runtime.Serialization.dll
[2014.03.17 15:38:28 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22733_none_8fb394768e7ff5d7\System.Runtime.Serialization.dll
[2014.07.08 00:27:52 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22743_none_8fb494c08e7f0f2e\System.Runtime.Serialization.dll
[2011.02.23 15:48:42 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0\System.RunTime.Serialization.Resources.dll
[2010.11.13 03:02:06 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17966_cs-cz_342f3c238422529f\System.RunTime.Serialization.Resources.dll
[2010.11.13 03:37:37 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.18523_cs-cz_342b81c984259c43\System.RunTime.Serialization.Resources.dll
[2010.11.13 03:37:37 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.18532_cs-cz_342c98db84249bf9\System.RunTime.Serialization.Resources.dll
[2010.11.13 03:37:37 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22126_cs-cz_1d5d97659dcd4797\System.RunTime.Serialization.Resources.dll
[2010.11.13 03:37:37 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22733_cs-cz_1d5edb2f9dcc15f1\System.RunTime.Serialization.Resources.dll
[2010.11.13 03:37:37 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22743_cs-cz_1d5fdb799dcb2f48\System.RunTime.Serialization.Resources.dll
[2010.11.21 04:24:53 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f\System.Runtime.Serialization.dll
[2012.10.05 11:53:23 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17966_none_d6c72b049c7d33b8\System.Runtime.Serialization.dll
[2014.03.09 22:47:42 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.18523_none_d6c370aa9c807d5c\System.Runtime.Serialization.dll
[2014.07.10 23:24:10 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.18532_none_d6c487bc9c7f7d12\System.Runtime.Serialization.dll
[2012.10.05 11:56:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22126_none_bff58646b62828b0\System.Runtime.Serialization.dll
[2014.03.17 15:38:27 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22733_none_bff6ca10b626f70a\System.Runtime.Serialization.dll
[2014.07.08 00:27:52 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22743_none_bff7ca5ab6261061\System.Runtime.Serialization.dll
[2011.02.23 15:48:26 | 000,011,776 | ---- | M] () -- \Windows\winsxs\wow64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_28a71ab4f6565f5a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2011.02.23 15:48:26 | 000,011,776 | ---- | M] () -- \Windows\winsxs\wow64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_cs-cz_289b33b6f65f7b95\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2011.02.23 15:48:26 | 000,011,776 | ---- | M] () -- \Windows\winsxs\wow64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.22731_cs-cz_291801e80f8701c9\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2011.02.23 15:48:06 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed\serialui.dll.mui
[2009.07.14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a\serialui.dll
[2011.02.23 15:48:42 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_5f7b7c7cb0c0f266\System.RunTime.Serialization.Resources.dll
[2011.02.23 15:48:42 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_cs-cz_5f6f957eb0ca0ea1\System.RunTime.Serialization.Resources.dll
[2011.02.23 15:48:42 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.22733_cs-cz_5fee6443c9efc783\System.RunTime.Serialization.Resources.dll
[2010.11.21 04:25:11 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1\System.Runtime.Serialization.dll
[2012.10.05 11:53:23 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_dba1d6d1dd53cdfa\System.Runtime.Serialization.dll
[2014.03.09 22:47:42 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.18523_none_db9e1c77dd57179e\System.Runtime.Serialization.dll
[2014.07.10 23:24:10 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.18532_none_db9f3389dd561754\System.Runtime.Serialization.dll
[2012.10.05 11:56:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_c4d03213f6fec2f2\System.Runtime.Serialization.dll
[2014.03.17 15:38:27 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22733_none_c4d175ddf6fd914c\System.Runtime.Serialization.dll
[2014.07.08 00:27:52 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22743_none_c4d27627f6fcaaa3\System.Runtime.Serialization.dll

< *w7lxe* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 964 bytes -> C:\ProgramData\Microsoft:FPgZSxL1YB6ha6StVGkgu
@Alternate Data Stream - 952 bytes -> C:\ProgramData\Microsoft:F79hlrMWjUul1tJCpEnZDj
@Alternate Data Stream - 951 bytes -> C:\ProgramData\Microsoft:mOANVuEHpdbYCsz9DkKS79aPB
@Alternate Data Stream - 1098 bytes -> C:\Users\Venca\AppData\Local\Temp:jAGgDBDpUD5Lmpzi20YJ
@Alternate Data Stream - 1083 bytes -> C:\Program Files (x86)\Common Files\System:SCZmhDw5QSPqinjr43Ge7A
@Alternate Data Stream - 1073 bytes -> C:\Users\Venca\AppData\Local\jlqF1yXgXz:LfJsCAbalfjWDOgv
@Alternate Data Stream - 1019 bytes -> C:\ProgramData\Microsoft:jbRQGr9rEPvKIU9hQFS6qzK
@Alternate Data Stream - 1018 bytes -> C:\ProgramData\Microsoft:TKAeAJCzzSEVqGScidNR
@Alternate Data Stream - 1002 bytes -> C:\ProgramData\Microsoft:eLwpGouQtX5nAIojBRICM

< End of report >