VIRY.CZ

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

OTL.txt
--------
OTL logfile created on: 26.8.2015 12:06:44 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kopac\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 0,88 Gb Available Physical Memory | 43,85% Memory free
4,24 Gb Paging File | 2,43 Gb Available in Paging File | 57,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225,07 Gb Total Space | 43,37 Gb Free Space | 19,27% Space Free | Partition Type: NTFS

Computer Name: KOPAC-PC | User Name: Kopac | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015.08.26 11:59:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kopac\Desktop\OTL.exe
PRC - [2015.08.13 04:58:03 | 000,377,000 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2015.07.17 20:33:20 | 006,453,528 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
PRC - [2015.04.20 01:59:56 | 001,765,856 | ---- | M] (Last.fm) -- C:\Program Files\Winamp\Last.fm\Last.fm Scrobbler.exe
PRC - [2015.03.28 12:58:42 | 000,089,840 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
PRC - [2014.12.16 14:07:19 | 001,005,352 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
PRC - [2013.10.20 08:04:24 | 000,214,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
PRC - [2013.04.30 05:53:00 | 000,453,632 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2013.04.30 05:52:26 | 000,217,088 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011.10.10 14:55:04 | 000,085,344 | ---- | M] (Software602 a.s.) -- C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
PRC - [2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2015.07.17 19:34:42 | 000,047,104 | ---- | M] () -- C:\Program Files\CCleaner\Lang\lang-1029.dll
MOD - [2015.05.13 22:08:20 | 000,250,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\69e762017ca0da2b45d9ed147e4865e3\WindowsFormsIntegration.ni.dll
MOD - [2015.05.13 22:07:15 | 019,547,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a78078ff6ff0c28ef3bf65bd84e193f0\System.ServiceModel.ni.dll
MOD - [2015.05.13 22:00:24 | 018,753,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\dba6e73775e7b823a02925f063bd2983\PresentationFramework.ni.dll
MOD - [2015.05.13 22:00:07 | 011,014,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\f6fee9c78602505e874ec0807e3b1a51\PresentationCore.ni.dll
MOD - [2015.05.13 21:59:57 | 003,904,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\efd34838fa44da246b78328f4432eac7\WindowsBase.ni.dll
MOD - [2015.05.13 21:59:52 | 000,967,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\908075c4922acdf834c67ac802814c9d\System.Configuration.ni.dll
MOD - [2015.05.13 21:59:48 | 006,982,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c61bafa9d029e3f2bf83bd5af3f1f5ac\System.Core.ni.dll
MOD - [2015.04.20 02:00:38 | 000,184,800 | ---- | M] () -- C:\Program Files\Winamp\Last.fm\plugins\phonon_backend\phonon_vlc.dll
MOD - [2015.04.20 02:00:38 | 000,051,680 | ---- | M] () -- C:\Program Files\Winamp\Last.fm\plugins\audio_output\libaout_directx_plugin.dll
MOD - [2015.04.20 02:00:04 | 000,353,248 | ---- | M] () -- C:\Program Files\Winamp\Last.fm\lastfm.dll
MOD - [2015.04.20 02:00:04 | 000,034,784 | ---- | M] () -- C:\Program Files\Winamp\Last.fm\logger.dll
MOD - [2015.04.20 02:00:00 | 000,738,784 | ---- | M] () -- C:\Program Files\Winamp\Last.fm\unicorn.dll
MOD - [2015.04.20 02:00:00 | 000,128,992 | ---- | M] () -- C:\Program Files\Winamp\Last.fm\listener.dll
MOD - [2015.04.20 01:59:56 | 000,304,608 | ---- | M] () -- C:\Program Files\Winamp\Last.fm\phonon.dll
MOD - [2015.04.20 01:59:56 | 000,113,120 | ---- | M] () -- C:\Program Files\Winamp\Last.fm\libvlc.dll
MOD - [2015.04.20 01:59:54 | 002,288,608 | ---- | M] () -- C:\Program Files\Winamp\Last.fm\libvlccore.dll
MOD - [2015.02.08 23:22:51 | 010,069,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\d18e2115a3270f89663fce831547f534\System.ni.dll
MOD - [2015.02.08 23:22:36 | 000,188,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\232495ea0368dada2d208c51f0e5349c\UIAutomationTypes.ni.dll
MOD - [2015.02.08 23:15:34 | 000,286,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatiod51afaa5#\4edaa939589829c3b21a1295310bf2d1\PresentationFramework.classic.ni.dll
MOD - [2015.02.08 23:15:32 | 000,016,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\9e42fe7c83345249b5dde1693d1bf8b5\PresentationFramework-SystemXml.ni.dll
MOD - [2015.02.08 20:29:01 | 007,793,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6ee4ffbd9a86ac1e7b01800b6fe9c7\System.Xml.ni.dll
MOD - [2015.02.08 20:27:15 | 001,873,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\1196cc375887ce75f134047505fe19bf\System.Xaml.ni.dll
MOD - [2015.02.08 20:26:11 | 017,207,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\d1265d6159ea876f9d63ea4c1361b587\mscorlib.ni.dll
MOD - [2013.09.05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013.06.17 13:35:10 | 000,478,400 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
MOD - [2013.04.30 04:46:36 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2012.03.07 02:37:08 | 000,020,288 | ---- | M] () -- C:\Program Files\CCleaner\branding.dll

========== Services (SafeList) ==========

SRV - [2015.08.13 04:58:15 | 000,149,160 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015.03.28 12:58:42 | 000,089,840 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)
SRV - [2013.12.19 01:41:02 | 030,814,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2013.10.20 08:04:24 | 000,214,512 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe -- (AVP)
SRV - [2013.04.30 05:52:26 | 000,217,088 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.02.04 18:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.10.10 14:55:04 | 000,085,344 | ---- | M] (Software602 a.s.) [Auto | Running] -- C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe -- (602XML Updater)
SRV - [2008.01.19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2014.03.20 13:07:23 | 000,576,608 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2014.02.17 11:32:32 | 000,025,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2014.02.07 14:07:00 | 000,243,128 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2014.02.07 13:18:00 | 000,144,992 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps)
DRV - [2014.02.07 13:17:59 | 000,135,776 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2013.10.20 08:04:20 | 000,025,696 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2013.10.20 08:04:20 | 000,025,696 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2013.05.14 18:34:44 | 000,045,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi)
DRV - [2013.04.30 06:14:44 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2013.04.30 04:47:52 | 000,290,304 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2013.04.12 16:34:48 | 000,014,432 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klpd.sys -- (klpd)
DRV - [2012.10.26 17:32:26 | 000,136,192 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qcusbnet.sys -- (qcusbnet)
DRV - [2012.10.26 17:31:56 | 000,110,080 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qcusbser.sys -- (qcusbser)
DRV - [2012.02.23 14:31:36 | 000,083,984 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2011.02.11 12:22:50 | 000,025,728 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\androidusb.sys -- (androidusb)
DRV - [2010.03.04 14:50:14 | 000,261,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2005.05.08 13:30:56 | 000,070,233 | ---- | M] (Y0YS Software) [File_System | Boot | Running] -- C:\Windows\System32\secdir.sys -- (secdir)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3771582624-879338843-1209121951-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3771582624-879338843-1209121951-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3771582624-879338843-1209121951-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-3771582624-879338843-1209121951-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "CZ"
FF - prefs.js..browser.search.hiddenOneOffs: "Seznam,HeurĂ©ka,Mapy.cz,SluneÄŤnice"
FF - prefs.js..browser.search.region: "CZ"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:40.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@software602.cz/602XML Filler: C:\Program Files\Software602\602XML\Filler\npfiller.dll (Software602 a.s.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014.12.16 14:09:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014.12.16 14:09:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014.12.16 14:09:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014.12.16 14:09:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014.12.16 14:09:02 | 000,000,000 | ---D | M]

[2014.02.06 13:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kopac\AppData\Roaming\Mozilla\Extensions
[2015.08.20 00:32:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kopac\AppData\Roaming\Mozilla\Firefox\Profiles\58vzoub2.default-1439983395755\extension-data
[2015.08.20 13:41:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kopac\AppData\Roaming\Mozilla\Firefox\Profiles\58vzoub2.default-1439983395755\extensions
[2015.08.19 13:25:52 | 003,627,011 | ---- | M] () (No name found) -- C:\Users\Kopac\AppData\Roaming\Mozilla\Firefox\Profiles\58vzoub2.default-1439983395755\extensions\uBlock0@raymondhill.net.xpi
[2015.08.19 23:45:57 | 000,963,213 | ---- | M] () (No name found) -- C:\Users\Kopac\AppData\Roaming\Mozilla\Firefox\Profiles\58vzoub2.default-1439983395755\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2015.08.16 02:36:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2015.08.16 02:36:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2015.08.20 11:56:59 | 000,000,057 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 license.piriform.com
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\AMD\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3771582624-879338843-1209121951-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Přidat do součásti Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm ()
O9 - Extra Button: Virtuální klávesnice - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Kontrola adres URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62190150-41CE-4D59-AFD3-1CDAFFB9A237}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Kopac\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kopac\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{055a57b2-9ec4-11e3-a1c7-00a0c6000016}\Shell - "" = AutoRun
O33 - MountPoints2\{055a57b2-9ec4-11e3-a1c7-00a0c6000016}\Shell\AutoRun\command - "" = J:\setup.exe
O33 - MountPoints2\{245bae5b-9c66-11e3-95ab-00a0c6000015}\Shell - "" = AutoRun
O33 - MountPoints2\{245bae5b-9c66-11e3-95ab-00a0c6000015}\Shell\AutoRun\command - "" = K:\setup.exe
O33 - MountPoints2\{a9726611-958e-11e3-b35a-001f81000250}\Shell - "" = AutoRun
O33 - MountPoints2\{a9726611-958e-11e3-b35a-001f81000250}\Shell\AutoRun\command - "" = K:\setup.exe
O33 - MountPoints2\{a9726622-958e-11e3-b35a-001f81000250}\Shell - "" = AutoRun
O33 - MountPoints2\{a9726622-958e-11e3-b35a-001f81000250}\Shell\AutoRun\command - "" = J:\setup.exe
O33 - MountPoints2\{d4d31824-0310-11e5-a151-00a0c6000019}\Shell - "" = AutoRun
O33 - MountPoints2\{d4d31824-0310-11e5-a151-00a0c6000019}\Shell\AutoRun\command - "" = K:\setup.exe
O33 - MountPoints2\{df20c158-8fe6-11e3-898a-001d7d432424}\Shell - "" = AutoRun
O33 - MountPoints2\{df20c158-8fe6-11e3-898a-001d7d432424}\Shell\AutoRun\command - "" = I:\Setup.exe
O33 - MountPoints2\{fd4e185a-d45c-11e3-8590-00a0c6000018}\Shell - "" = AutoRun
O33 - MountPoints2\{fd4e185a-d45c-11e3-8590-00a0c6000018}\Shell\AutoRun\command - "" = K:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2015.08.26 11:59:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kopac\Desktop\OTL.exe
[2015.08.20 12:57:16 | 000,000,000 | ---D | C] -- C:\Users\Kopac\AppData\Local\Eraser 6
[2015.08.20 12:54:47 | 000,000,000 | ---D | C] -- C:\Program Files\Eraser
[2015.08.20 12:04:54 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2015.08.20 11:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2015.08.19 20:15:35 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2015.08.19 14:14:28 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2015.08.19 14:12:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
[2015.08.19 14:12:58 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2015.08.19 13:47:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DO
[2015.08.17 22:38:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2015.08.17 22:38:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015.08.17 13:41:47 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2015.08.14 14:58:55 | 000,000,000 | ---D | C] -- C:\Users\Kopac\Documents\NFS Most Wanted
[2015.08.14 12:23:32 | 000,000,000 | ---D | C] -- C:\Users\Kopac\Documents\Criterion Games
[2015.08.13 18:12:00 | 000,000,000 | ---D | C] -- C:\Users\Kopac\AppData\Local\CrashRpt
[2015.08.13 00:24:49 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2015.08.13 00:24:49 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmmsp.dll
[2015.08.13 00:24:48 | 003,605,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2015.08.13 00:24:46 | 003,553,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2015.08.13 00:20:46 | 000,103,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2015.08.12 21:36:13 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basesrv.dll
[2015.08.12 21:24:27 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2015.08.12 21:24:27 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2015.08.12 21:24:27 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2015.08.12 21:24:27 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2015.08.12 21:24:26 | 002,066,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2015.08.12 21:24:26 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2015.08.12 21:24:26 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2015.08.12 21:24:26 | 000,682,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2015.08.12 21:24:26 | 000,297,472 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2015.08.12 21:24:26 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2015.08.12 21:24:25 | 001,072,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2015.08.12 10:09:12 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2015.08.12 10:09:11 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2015.08.12 10:09:11 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2015.08.12 10:09:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2015.08.12 10:09:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2015.08.12 10:09:10 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2015.08.12 10:09:10 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2015.08.12 10:09:09 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2015.08.12 10:09:07 | 001,810,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2015.08.12 10:09:07 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2015.08.12 10:09:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2015.08.12 10:09:05 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2015.08.09 16:29:53 | 000,000,000 | ---D | C] -- C:\Users\Kopac\AppData\Roaming\dvdcss
[2015.08.05 00:03:08 | 000,877,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr120_clr0400.dll
[2015.08.05 00:03:08 | 000,538,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp120_clr0400.dll
[2015.08.04 14:48:18 | 000,000,000 | ---D | C] -- C:\Users\Kopac\Documents\Bigasoft Total Video Converter
[2015.08.04 14:46:23 | 000,000,000 | ---D | C] -- C:\Users\Kopac\AppData\Roaming\Bigasoft Total Video Converter 5
[2015.08.04 14:46:05 | 000,000,000 | ---D | C] -- C:\Users\Kopac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bigasoft
[2015.08.04 14:46:01 | 000,000,000 | ---D | C] -- C:\Program Files\Bigasoft
[2015.08.04 14:24:15 | 000,000,000 | ---D | C] -- C:\Users\Kopac\AppData\Roaming\avidemux
[2015.08.04 14:17:30 | 000,000,000 | ---D | C] -- C:\Users\Kopac\AppData\Roaming\Nico Mak Computing
[2015.08.03 16:37:37 | 000,000,000 | ---D | C] -- C:\Users\Kopac\Documents\GTA San Andreas User Files
[2015.08.03 15:37:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2015.08.03 15:35:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2015.08.26 12:16:11 | 000,063,488 | ---- | M] () -- C:\Users\Kopac\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2015.08.26 12:12:23 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2015.08.26 11:59:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kopac\Desktop\OTL.exe
[2015.08.26 10:48:58 | 000,004,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2015.08.26 10:48:58 | 000,004,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2015.08.26 10:48:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015.08.26 10:48:50 | 2147,016,704 | -HS- | M] () -- C:\hiberfil.sys
[2015.08.26 00:02:44 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2015.08.25 22:27:26 | 000,390,336 | ---- | M] () -- C:\Users\Kopac\Documents\all.m3u
[2015.08.23 11:24:28 | 000,000,918 | ---- | M] () -- C:\Users\Kopac\Documents\cc_20150823_112423.reg
[2015.08.20 11:56:59 | 000,000,057 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2015.08.19 13:09:47 | 000,029,696 | ---- | M] () -- C:\Users\Kopac\AppData\Local\MSGBOX.EXE
[2015.08.15 00:55:37 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2015.08.12 22:18:39 | 000,377,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2015.08.12 12:05:35 | 000,778,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2015.08.12 12:05:35 | 000,142,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2015.08.09 09:53:51 | 000,024,206 | ---- | M] () -- C:\Users\Kopac\AppData\Roaming\UserTile.png
[2015.08.06 10:47:04 | 000,658,970 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2015.08.06 10:47:04 | 000,648,752 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2015.08.06 10:47:04 | 000,144,862 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2015.08.06 10:47:04 | 000,125,448 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2015.08.05 00:03:08 | 000,877,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr120_clr0400.dll
[2015.08.05 00:03:08 | 000,538,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp120_clr0400.dll
[2015.08.01 00:08:07 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2015.07.31 23:46:51 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2015.07.31 23:46:51 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2015.07.31 23:46:51 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2015.07.31 23:46:51 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2015.07.31 22:41:22 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2015.07.31 22:40:42 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2015.07.31 22:35:10 | 000,682,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2015.07.31 22:33:57 | 001,072,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2015.07.31 22:33:43 | 002,066,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2015.07.31 22:33:04 | 000,297,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2015.07.31 21:27:52 | 000,103,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2015.08.26 12:12:23 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2015.08.23 11:24:26 | 000,000,918 | ---- | C] () -- C:\Users\Kopac\Documents\cc_20150823_112423.reg
[2015.08.20 12:54:48 | 000,001,670 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eraser.lnk
[2015.08.19 11:33:50 | 000,029,696 | ---- | C] () -- C:\Users\Kopac\AppData\Local\MSGBOX.EXE
[2015.08.16 02:36:19 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2015.08.12 22:13:04 | 2147,016,704 | -HS- | C] () -- C:\hiberfil.sys
[2015.08.09 09:53:51 | 000,024,206 | ---- | C] () -- C:\Users\Kopac\AppData\Roaming\UserTile.png
[2015.05.24 18:17:46 | 000,162,689 | ---- | C] () -- C:\Windows\hpoins19.dat
[2015.05.24 18:14:25 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2014.07.12 10:08:39 | 000,000,161 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2014.02.11 13:31:55 | 000,028,456 | ---- | C] () -- C:\Windows\System32\solidlocalmon.dll
[2014.02.11 13:31:55 | 000,019,752 | ---- | C] () -- C:\Windows\System32\solidlocalui.dll
[2014.02.11 12:21:08 | 000,000,200 | ---- | C] () -- C:\Windows\pdf2word.INI
[2014.02.08 21:10:27 | 000,000,298 | ---- | C] () -- C:\Windows\game.ini
[2014.02.07 14:10:47 | 000,000,543 | ---- | C] () -- C:\Windows\wininit.ini
[2014.02.06 18:59:23 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2014.02.06 18:58:04 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2014.02.06 18:58:04 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2014.02.06 15:49:51 | 000,063,488 | ---- | C] () -- C:\Users\Kopac\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014.02.06 15:08:03 | 000,433,664 | ---- | C] () -- C:\Users\Kopac\AppData\Roaming\setup.msi
[2014.02.06 13:14:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2014.02.06 12:56:54 | 000,001,356 | ---- | C] () -- C:\Users\Kopac\AppData\Local\d3d9caps.dat
[2014.02.06 12:48:27 | 000,001,076 | ---- | C] () -- C:\Windows\bthservsdp.dat

========== ZeroAccess Check ==========

[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015.07.11 17:56:09 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 00:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014.02.20 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\602Installer
[2014.02.20 12:32:35 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\602XML
[2014.11.07 14:47:50 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\AnvSoft
[2014.11.06 12:30:23 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\anyburn
[2014.11.06 10:31:21 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\Ashampoo
[2015.03.04 16:47:52 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\AVG
[2015.08.10 15:53:42 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\avidemux
[2015.08.04 14:46:23 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\Bigasoft Total Video Converter 5
[2015.01.28 11:58:06 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\calibre
[2015.03.16 14:56:25 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\Canneverbe Limited
[2015.08.19 14:19:01 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\DAEMON Tools Lite
[2014.07.19 20:32:17 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\fofix
[2014.11.05 17:26:51 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\Free Burning Studio
[2014.07.19 19:16:03 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\fretsonfire
[2014.06.26 12:57:39 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\ICQ-Profile
[2014.02.13 16:59:00 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\ICQM
[2015.07.09 19:55:09 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\Image Zone Express
[2015.03.08 12:40:16 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\Maxthon3
[2015.08.26 11:00:06 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\MiniLyrics
[2015.04.07 16:42:06 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\Miranda
[2014.11.05 17:26:54 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\New Version Available
[2015.08.04 22:17:13 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\Nico Mak Computing
[2015.08.17 11:04:13 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\Opera Software
[2014.08.26 10:15:20 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\Printer Info Cache
[2015.04.06 07:30:37 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\QIP
[2014.02.08 00:31:30 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\Seznam.cz
[2014.02.20 12:32:42 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\Software602
[2014.02.11 14:54:27 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\SolidDocuments
[2014.02.11 12:13:28 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\SomePDF
[2014.02.07 13:31:08 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\Thunderbird
[2014.02.06 15:10:56 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\TuneUp Software
[2014.02.11 12:43:20 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\Wondershare
[2015.03.09 16:27:12 | 000,000,000 | ---D | M] -- C:\Users\Ostatní\AppData\Roaming\AVG
[2014.07.26 20:54:51 | 000,000,000 | ---D | M] -- C:\Users\Ostatní\AppData\Roaming\MiniLyrics
[2015.04.02 16:46:29 | 000,000,000 | ---D | M] -- C:\Users\Ostatní\AppData\Roaming\Opera Software
[2014.02.06 17:39:48 | 000,000,000 | ---D | M] -- C:\Users\Ostatní\AppData\Roaming\TuneUp Software
[2015.01.16 18:23:07 | 000,000,000 | ---D | M] -- C:\Users\Ostatní\AppData\Roaming\XRay Engine

========== Purity Check ==========

========== Custom Scans ==========

< >
[2006.11.02 15:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 15:01:49 | 000,032,604 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2015.05.26 18:59:14 | 000,000,292 | ---- | C] () -- C:\Windows\Tasks\WebReg psc 1400 series.job

< >

< MD5 for: AGP440.SYS >
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.04.11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2014.02.06 17:11:24 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2014.02.06 17:11:24 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2014.02.06 17:11:24 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.04.11 00:27:22 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\System32\autochk.exe
[2009.04.11 00:27:22 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_e3df6655bee2ee3b\autochk.exe
[2008.01.19 00:33:02 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe
[2006.11.02 11:44:50 | 000,640,000 | ---- | M] (Microsoft Corporation) MD5=C08D1FE284C3330934E45D6E5F5B768B -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6000.16386_none_dfbd2b4dc4d6121b\autochk.exe

< MD5 for: CDROM.SYS >
[2008.01.18 22:49:52 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys
[2008.01.18 22:49:52 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2009.04.10 22:39:18 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\drivers\cdrom.sys
[2009.04.10 22:39:18 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys
[2009.04.10 22:39:18 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
[2006.11.02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2013.10.03 15:16:48 | 000,135,168 | ---- | M] (Microsoft Corporation) MD5=165E9D93A84A7F55EBEEB1B554110680 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.23235_none_78542a95b127239a\cryptsvc.dll
[2006.11.02 11:46:03 | 000,123,392 | ---- | M] (Microsoft Corporation) MD5=1C26FB097170A2A91066D1E3A24366E3 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6000.16386_none_73c8d7689de43d15\cryptsvc.dll
[2013.04.24 06:00:30 | 000,133,120 | ---- | M] (Microsoft Corporation) MD5=3EDE4C1F9672C972479201544969ADCB -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18831_none_77c6b0b4980cf0e4\cryptsvc.dll
[2013.04.17 14:30:06 | 000,133,120 | ---- | M] (Microsoft Corporation) MD5=58CEF2D243575512657452B9E89A2E1F -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18827_none_77d7825c97ff6cfd\cryptsvc.dll
[2013.07.08 06:16:55 | 000,133,120 | ---- | M] (Microsoft Corporation) MD5=684C130BBC6DB681BAD4920A4C944AA5 -- C:\Windows\System32\cryptsvc.dll
[2013.07.08 06:16:55 | 000,133,120 | ---- | M] (Microsoft Corporation) MD5=684C130BBC6DB681BAD4920A4C944AA5 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18881_none_7790a11898357c99\cryptsvc.dll
[2008.01.19 00:34:02 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=6DE363F9F99334514C46AEC02D3E3678 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\cryptsvc.dll
[2013.07.08 04:50:53 | 000,135,168 | ---- | M] (Microsoft Corporation) MD5=828805E2E7F529B24849AD52740288DA -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.23154_none_783d888db13844fe\cryptsvc.dll
[2013.04.17 13:28:51 | 000,135,168 | ---- | M] (Microsoft Corporation) MD5=CC8E2C87016A07892B5448D764BF8A30 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.23097_none_781547d5b15603a0\cryptsvc.dll
[2009.04.11 00:28:20 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FB27772BEAF8E1D28CCD825C09DA939B -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18005_none_77eb127097f11935\cryptsvc.dll
[2013.04.24 05:46:45 | 000,135,168 | ---- | M] (Microsoft Corporation) MD5=FBE051C07C3D2B9011ECB1C7A73120C1 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.23101_none_7870974bb1126d44\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2014.02.06 17:10:35 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2014.02.06 17:10:34 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2014.02.06 17:10:34 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2014.02.06 15:28:08 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2014.02.06 15:28:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2014.02.06 17:10:34 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 00:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: HAL.DLL >
[2009.04.11 00:32:48 | 000,177,128 | ---- | M] (Microsoft Corporation) MD5=B8D52005181A15D7D1470CBF2AF214DD -- C:\Windows\System32\hal.dll

< MD5 for: IASTORV.SYS >
[2008.01.19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2006.11.02 11:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) MD5=350FCA7E73CF65BCEF43FAE1E4E91293 -- C:\Windows\System32\drivers\isapnp.sys
[2006.11.02 11:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) MD5=350FCA7E73CF65BCEF43FAE1E4E91293 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\isapnp.sys
[2008.01.19 00:42:16 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\isapnp.sys
[2008.01.19 00:42:16 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\isapnp.sys
[2008.01.19 00:42:16 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\isapnp.sys
[2008.01.19 00:42:16 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\isapnp.sys

< MD5 for: LSASS.EXE >
[2014.02.06 17:09:10 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=203D86EBD6D8E4C8501B222421E81506 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\lsass.exe
[2014.02.06 15:24:46 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=2D3AC5E7AC01E905F3ABD2D745FE3A9B -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22223_none_a8a80213731ca5a7\lsass.exe
[2015.06.27 16:20:12 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=2DCDD1B84875C0D5404173EC3B00E454 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.23737_none_a8a1260573213258\lsass.exe
[2014.02.06 15:24:47 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\lsass.exe
[2015.04.30 16:19:51 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=474FDD99DB6012E21405AAEE8DA61546 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.23683_none_a867135b734d5b8a\lsass.exe
[2014.02.06 17:00:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=59DE082968FDD257FFF0D209B9A5B460 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975\lsass.exe
[2012.06.02 00:37:38 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=613DEB66A91820F0A41915B40BB8833F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22869_none_a882cf8373379c5f\lsass.exe
[2006.11.02 11:45:21 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=6A0E382E74280E4CC0DF17FE2661D003 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16386_none_a413c8c65fe02762\lsass.exe
[2014.02.06 17:09:09 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=6F1F23D3599EAE17734451936B7F17C6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\lsass.exe
[2014.10.11 01:21:41 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=86C519D59C70327434641E862A70B52B -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.23521_none_a8a5f069731e840f\lsass.exe
[2015.01.15 07:17:50 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A28A5386D01A5C6B085838624955EF3C -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.23594_none_a85d41d3735493ab\lsass.exe
[2011.11.16 16:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A3E186B4B935905B829219502557314E -- C:\Windows\System32\lsass.exe
[2011.11.16 16:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A3E186B4B935905B829219502557314E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18541_none_a806cc745a10ffad\lsass.exe
[2011.11.16 16:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A3E186B4B935905B829219502557314E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18643_none_a808ceee5a0f2f82\lsass.exe
[2011.11.16 16:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A3E186B4B935905B829219502557314E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.19214_none_a82a209c59f61a0b\lsass.exe
[2011.11.16 16:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A3E186B4B935905B829219502557314E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.19284_none_a7de71285a2edda2\lsass.exe
[2011.11.16 16:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A3E186B4B935905B829219502557314E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.19431_none_a81183b25a090036\lsass.exe
[2014.02.06 15:24:46 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A911ECAC81F94ADEAFBE8E3F7873EDB0 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\lsass.exe
[2015.03.06 04:16:32 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=ACAC4085ECDA9A35ED621936D67DB9D4 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.23640_none_a88f522d732f9fc1\lsass.exe
[2014.02.06 17:00:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=AFF8A58280863629CA4FFA9E0B259F1E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090\lsass.exe
[2014.02.06 17:09:10 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=BA9A67672E025078C77967731BCFC560 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\lsass.exe
[2014.12.03 02:23:58 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=C4AA089041242987308AE2A7B30E910A -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.23555_none_a88981cd73333d3e\lsass.exe
[2014.02.06 15:24:48 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=C731B1FE449D4E9CEA358C9D55B69BE9 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\lsass.exe
[2014.02.06 15:24:46 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=CB7E838C140B4087B2DA323F2D4523C5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22518_none_a6d1618975e9b345\lsass.exe
[2014.02.06 15:24:47 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=D09A5DA84B7C9CA9B02EBCD7FAE41C8D -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21125_none_a4dd285578ce285b\lsass.exe
[2014.02.06 17:00:01 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\lsass.exe
[2014.02.06 17:00:01 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\lsass.exe
[2014.02.06 17:00:01 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18005_none_a83603ce59ed0382\lsass.exe
[2011.11.16 15:57:04 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=EBFAEB786C46B407930811F94F08877D -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22742_none_a8916b6f732db5f5\lsass.exe
[2014.02.06 17:00:01 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=F4C62B07E5BF96F1FDCA9DB393ECED22 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da1761c2def\lsass.exe

< MD5 for: NDIS.SYS >
[2009.04.11 00:32:50 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\System32\drivers\ndis.sys
[2009.04.11 00:32:50 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[2006.11.02 11:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys
[2008.01.19 00:43:32 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys

< MD5 for: NETLOGON.DLL >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 00:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 00:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008.01.19 00:43:02 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvraid.sys
[2008.01.19 00:43:02 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\drivers\nvraid.sys
[2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008.01.19 00:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 00:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 00:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: SMSS.EXE >
[2013.07.08 03:18:50 | 000,064,512 | ---- | M] (Microsoft Corporation) MD5=18CE0D0DCB7AF0D3E67ECF12BDE1382D -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6002.23154_none_ae7897262f9a96cf\smss.exe
[2015.03.13 02:10:36 | 000,064,512 | ---- | M] (Microsoft Corporation) MD5=363FBAC6FECBD86D1795EE69B342DA30 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6002.23654_none_ae78a0a42f9a8892\smss.exe
[2008.01.19 00:33:32 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=6701DDAF68BEDE6BBEEA9D514D73A35B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6001.18000_none_ac3aa7fd19319fba\smss.exe
[2015.07.21 16:15:47 | 000,064,512 | ---- | M] (Microsoft Corporation) MD5=97BDD5240706720FA47B7F8F904EE87E -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6002.23762_none_ae6bd20a2fa46efc\smss.exe
[2009.04.11 00:28:06 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=98AF15A94CD6AC37248E72E5FE789B35 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6002.18005_none_ae26210916536b06\smss.exe
[2015.01.09 02:18:11 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=B5C66E0B251D954D6CED30E4FDB07792 -- C:\Windows\System32\smss.exe
[2015.01.09 02:18:11 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=B5C66E0B251D954D6CED30E4FDB07792 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6002.19279_none_adde5fc11688a7e8\smss.exe
[2013.03.09 03:28:08 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=BE7480C91E89EB82FC080F772C220AE4 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6002.18805_none_ae2630391653543e\smss.exe
[2006.11.02 11:45:45 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=CAA75757BB3695478C23CB0624342A61 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6000.16386_none_aa03e6011c468ee6\smss.exe
[2015.07.18 16:16:27 | 000,064,512 | ---- | M] (Microsoft Corporation) MD5=E999B040E681E143171F3F8925899934 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6002.23761_none_ae6ad1c02fa555a5\smss.exe
[2015.02.26 02:16:47 | 000,064,512 | ---- | M] (Microsoft Corporation) MD5=EF4707EB97B522B1FBC447654DC4F1F2 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6002.23636_none_ae9041102f88835e\smss.exe

< MD5 for: SVCHOST.EXE >
[2006.11.02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008.01.19 00:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008.01.19 00:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: TCPIP.SYS >
[2009.04.11 00:33:04 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
[2014.02.06 15:29:24 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[2014.02.06 15:29:19 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
[2014.02.06 17:02:23 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=2C1F7005AA3B62721BFDB307BD5F5010 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
[2014.02.06 17:02:22 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
[2014.02.06 15:29:24 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[2014.02.06 17:02:23 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
[2014.02.06 17:02:24 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
[2014.02.06 17:08:39 | 000,806,400 | ---- | M] (Microsoft Corporation) MD5=52A8BD6294F7D1443C6184C67AE13AF4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4\tcpip.sys
[2014.02.06 17:08:40 | 000,803,328 | ---- | M] (Microsoft Corporation) MD5=5DF77458AA92FDB36FCE79C60F74AB5D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a\tcpip.sys
[2014.02.06 15:29:22 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
[2013.07.05 05:20:37 | 000,914,880 | ---- | M] (Microsoft Corporation) MD5=6D0D344F643E28B31262AC2682109A3C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.23152_none_b55a00e77cd1055d\tcpip.sys
[2014.02.06 15:29:19 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
[2014.02.06 17:02:22 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=93A5655CD9CD2F080EF1CB71A3666215 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
[2014.04.05 05:23:10 | 000,915,392 | ---- | M] (Microsoft Corporation) MD5=A4196D394207369E1431E8681B373312 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.23370_none_b54264477ce304df\tcpip.sys
[2014.04.05 04:42:27 | 000,905,664 | ---- | M] (Microsoft Corporation) MD5=C7B0746FCD576D7EEBA6A2530B0B2966 -- C:\Windows\System32\drivers\tcpip.sys
[2014.04.05 04:42:27 | 000,905,664 | ---- | M] (Microsoft Corporation) MD5=C7B0746FCD576D7EEBA6A2530B0B2966 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.19080_none_b4adf3c463cd86b8\tcpip.sys
[2013.07.05 06:53:33 | 000,905,664 | ---- | M] (Microsoft Corporation) MD5=D18D53974FD715D50FC76F9FFE1C830D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18880_none_b4ae19bc63cd564f\tcpip.sys
[2006.11.02 10:58:38 | 000,802,816 | ---- | M] (Microsoft Corporation) MD5=D944522B048A5FEB7700B5170D3D9423 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_5f4ed3e0926e99e4\tcpip.sys
[2014.02.06 17:02:23 | 000,910,216 | ---- | M] (Microsoft Corporation) MD5=D9F5DD5BBC8348E8F8220CCBF14C022E -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
[2008.01.19 00:43:40 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
[2014.02.06 15:29:22 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.04.11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.01.19 00:37:10 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\System32\ws2_32.dll
[2008.01.19 00:37:10 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll
[2006.11.02 11:46:14 | 000,178,688 | ---- | M] (Microsoft Corporation) MD5=D99A071C1018BB3D4ABAAD4B62048AC2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6000.16386_none_f080eec6d16af4f0\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[6 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[189 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\twain_32\*.tmp files -> C:\Windows\twain_32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2014.02.20 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\602Installer
[2014.02.20 12:32:35 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\602XML
[2014.02.09 01:22:06 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\Adobe
[2014.11.07 14:47:50 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\AnvSoft
[2014.11.06 12:30:23 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\anyburn
[2014.11.06 10:31:21 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\Ashampoo
[2014.02.06 17:26:48 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\ATI
[2015.03.04 16:47:52 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\AVG
[2015.08.10 15:53:42 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\avidemux
[2015.08.04 14:46:23 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\Bigasoft Total Video Converter 5
[2015.01.28 11:58:06 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\calibre
[2015.03.16 14:56:25 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\Canneverbe Limited
[2015.08.19 14:19:01 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\DAEMON Tools Lite
[2015.08.09 16:32:48 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\dvdcss
[2014.07.19 20:32:17 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\fofix
[2014.11.05 17:26:51 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\Free Burning Studio
[2014.07.19 19:16:03 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\fretsonfire
[2015.05.24 18:37:56 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\HP
[2015.05.30 16:02:10 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\HpUpdate
[2014.06.26 12:57:39 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\ICQ-Profile
[2014.02.13 16:59:00 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\ICQM
[2014.02.06 12:56:59 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\Identities
[2015.07.09 19:55:09 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\Image Zone Express
[2014.02.06 13:19:27 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\Macromedia
[2015.03.08 12:40:16 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\Maxthon3
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\Media Center Programs
[2015.06.12 18:03:58 | 000,000,000 | --SD | M] -- C:\Users\Kopac\AppData\Roaming\Microsoft
[2015.08.26 11:00:06 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\MiniLyrics
[2015.04.07 16:42:06 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\Miranda
[2014.02.06 13:02:41 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\Mozilla
[2015.03.17 12:38:54 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\Nero
[2014.11.05 17:26:54 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\New Version Available
[2015.08.04 22:17:13 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\Nico Mak Computing
[2015.08.17 11:04:13 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\Opera Software
[2014.08.26 10:15:20 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\Printer Info Cache
[2015.04.06 07:30:37 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\QIP
[2014.02.08 00:31:30 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\Seznam.cz
[2014.02.20 12:32:42 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\Software602
[2014.02.11 14:54:27 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\SolidDocuments
[2014.02.11 12:13:28 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\SomePDF
[2014.02.07 13:31:08 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\Thunderbird
[2014.02.06 15:10:56 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\TuneUp Software
[2015.08.26 00:01:58 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\vlc
[2014.10.01 19:59:08 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\Winamp
[2014.02.06 14:05:27 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\WinRAR
[2014.02.11 12:43:20 | 000,000,000 | ---D | M] -- C:\Users\Kopac\AppData\Roaming\Wondershare

< %APPDATA%\*.exe /s >
[2015.02.25 16:50:57 | 001,071,160 | ---- | M] (Power Software Ltd) -- C:\Users\Kopac\AppData\Roaming\anyburn\Upgrade\anyburn_setup.exe
[2014.02.13 16:59:00 | 033,664,344 | ---- | M] (ICQ) -- C:\Users\Kopac\AppData\Roaming\ICQM\icq.exe
[2014.02.13 16:59:04 | 039,431,496 | ---- | M] (ICQ) -- C:\Users\Kopac\AppData\Roaming\ICQM\icqsetup.exe
[2014.02.13 16:59:00 | 004,739,616 | ---- | M] () -- C:\Users\Kopac\AppData\Roaming\ICQM\ICQ\dll\mailrusputnik.exe
[2015.05.08 14:50:52 | 001,799,448 | ---- | M] (Maxthon International ltd.) -- C:\Users\Kopac\AppData\Roaming\Maxthon3\Public\MxUp\MxUp.exe
[2013.08.21 17:20:08 | 000,253,440 | ---- | M] (Microsoft) -- C:\Users\Kopac\AppData\Roaming\TuneUp Software\TuneUp Utilities 2014\StartUp Manager\Disabled objects\Adsystem.exe
[2014.01.04 13:31:42 | 002,083,568 | ---- | M] (Wondershare ) -- C:\Users\Kopac\AppData\Roaming\Wondershare\Wondershare Helper Compact\Wondershare Helper Compact.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2015.08.26 12:49:04 | 000,004,896 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2015.08.26 12:49:04 | 000,004,896 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CCleaner Monitoring" = "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR -- [2015.07.17 20:33:20 | 006,453,528 | ---- | M] (Piriform Ltd)

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< >

< type c:\boot.ini >> test.txt /c >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2015.08.26 12:12:23 | 000,000,512 | ---- | M] () MD5=8F239AE2F71121409D1FC39CF1EF66DD -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2015.08.26 12:08:19 | 275,597,778 | ---- | M] () -- \Filmy\Seriály\South Park\15. série\05.-SPORTOVNÍ-ASOCIACE-PRO-DĚTI-ZÁVISLÉ-NA-CRACKU.avi
[2003.12.05 14:52:40 | 000,000,796 | ---- | M] () -- \Hry\Rockstar Games\GTA San Andreas\data\Decision\Craig\crack1.ped

< *keygen* /s >

< *AntiWPA* /s >

< *loader* /s >
[2011.04.15 17:29:28 | 000,000,118 | ---- | M] () -- \Hry\DiRT 3\audio\audio_loader.xml
[2014.09.03 01:27:24 | 000,268,432 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll
[2014.09.03 01:27:24 | 000,019,096 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2014.12.16 14:07:11 | 001,451,816 | ---- | M] () -- \Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kasperskylab.kis.ui.loader.dll
[2013.05.14 11:59:38 | 000,221,376 | ---- | M] () -- \Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kas_loader.dll
[2014.02.17 11:31:36 | 000,340,672 | ---- | M] () -- \Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\prloader.dll
[2014.02.17 11:31:38 | 000,203,456 | ---- | M] () -- \Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\remote_eka_prague_loader.dll
[1 \Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\*.tmp files -> \Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\*.tmp -> ]
[2013.06.17 12:55:30 | 000,001,557 | ---- | M] () -- \Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\skin\resources\neutral\images\scale-100\common\loader_16.gif
[2013.06.17 12:55:30 | 000,000,419 | ---- | M] () -- \Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\skin\resources\neutral\images\scale-100\common\loader_16.png
[2013.06.17 12:55:30 | 000,006,377 | ---- | M] () -- \Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\skin\resources\neutral\images\scale-100\common\loader_32.gif
[2013.06.17 12:55:30 | 000,001,276 | ---- | M] () -- \Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\skin\resources\neutral\images\scale-100\common\loader_32.png
[2013.06.17 12:55:30 | 000,009,568 | ---- | M] () -- \Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\skin\resources\neutral\images\scale-100\common\loader_48.gif
[2013.06.17 12:55:30 | 000,001,805 | ---- | M] () -- \Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\skin\resources\neutral\images\scale-100\common\loader_48.png
[2013.06.17 12:55:30 | 000,020,462 | ---- | M] () -- \Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\skin\resources\neutral\images\scale-100\common\loader_96.gif
[2013.06.17 12:55:30 | 000,004,009 | ---- | M] () -- \Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\skin\resources\neutral\images\scale-100\common\loader_96.png
[2013.06.17 12:55:30 | 000,002,793 | ---- | M] () -- \Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\skin\resources\neutral\images\scale-100\scan\btn_loader.png
[2013.06.17 12:55:30 | 000,001,459 | ---- | M] () -- \Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\skin\resources\neutral\images\scale-100\scan\loader\loader_0001.png
[2013.06.17 12:55:30 | 000,001,423 | ---- | M] () -- \Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\skin\resources\neutral\images\scale-100\scan\loader\loader_00010.png
[2013.06.17 12:55:30 | 000,001,453 | ---- | M] () -- \Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\skin\resources\neutral\images\scale-100\scan\loader\loader_00011.png
[2013.06.17 12:55:30 | 000,001,464 | ---- | M] () -- \Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\skin\resources\neutral\images\scale-100\scan\loader\loader_00012.png
[2013.06.17 12:55:30 | 000,001,487 | ---- | M] () -- \Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\skin\resources\neutral\images\scale-100\scan\loader\loader_00013.png
[2013.06.17 12:55:30 | 000,001,480 | ---- | M] () -- \Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\skin\resources\neutral\images\scale-100\scan\loader\loader_00014.png
[2013.06.17 12:55:30 | 000,001,455 | ---- | M] () -- \Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\skin\resources\neutral\images\scale-100\scan\loader\loader_00015.png
[2013.06.17 12:55:30 | 000,001,408 | ---- | M] () -- \Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\skin\resources\neutral\images\scale-100\scan\loader\loader_00016.png
[2013.06.17 12:55:30 | 000,001,472 | ---- | M] () -- \Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\skin\resources\neutral\images\scale-100\scan\loader\loader_0002.png
[2013.06.17 12:55:30 | 000,001,480 | ---- | M] () -- \Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\skin\resources\neutral\images\scale-100\scan\loader\loader_0003.png
[2013.06.17 12:55:30 | 000,001,471 | ---- | M] () -- \Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\skin\resources\neutral\images\scale-100\scan\loader\loader_0004.png
[2013.06.17 12:55:30 | 000,001,439 | ---- | M] () -- \Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\skin\resources\neutral\images\scale-100\scan\loader\loader_0005.png
[2013.06.17 12:55:30 | 000,001,413 | ---- | M] () -- \Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\skin\resources\neutral\images\scale-100\scan\loader\loader_0006.png
[2013.06.17 12:55:30 | 000,001,367 | ---- | M] () -- \Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\skin\resources\neutral\images\scale-100\scan\loader\loader_0007.png
[2013.06.17 12:55:30 | 000,001,274 | ---- | M] () -- \Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\skin\resources\neutral\images\scale-100\scan\loader\loader_0008.png
[2013.06.17 12:55:30 | 000,001,390 | ---- | M] () -- \Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\skin\resources\neutral\images\scale-100\scan\loader\loader_0009.png
[2013.06.17 12:55:32 | 000,006,957 | ---- | M] () -- \Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\skin\resources\neutral\templates\images\safe_banking\preloader.gif
[2015.02.09 11:56:20 | 000,076,088 | ---- | M] () -- \Program Files\Maxthon\Bin\MxAppLoader.exe
[2015.02.09 11:56:20 | 000,668,440 | ---- | M] () -- \Program Files\Maxthon\Bin\MxDownloader.dll
[2015.02.09 11:56:24 | 000,086,768 | ---- | M] () -- \Program Files\Maxthon\Core\Webkit\Npplugins\gameloader.exe
[2015.06.08 20:01:18 | 000,002,381 | ---- | M] () -- \Program Files\Mozilla Thunderbird\distribution\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}\components\calBackendLoader.js
[2013.03.05 08:29:10 | 000,001,706 | ---- | M] () -- \Program Files\Winamp\MiniLyrics\Skins\Metal\iPodLyricsDownloader.java
[2013.04.29 15:19:12 | 000,007,217 | ---- | M] () -- \Program Files\Winamp\MiniLyrics\Skins\Metal\iPodLyricsDownloader.xml
[2013.03.05 08:29:10 | 000,000,462 | ---- | M] () -- \Program Files\Winamp\MiniLyrics\Skins\Metal\iPodLyricsDownloader_theme.xml
[2013.04.29 15:19:12 | 000,004,840 | ---- | M] () -- \Program Files\Winamp\MiniLyrics\Skins\MiniLyrics\iPodLyricsDownloader.xml
[2013.03.05 08:29:10 | 000,000,462 | ---- | M] () -- \Program Files\Winamp\MiniLyrics\Skins\MiniLyrics\iPodLyricsDownloader_theme.xml
[2014.02.06 14:04:01 | 000,001,033 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\MiniLyrics\iPod Lyrics Downloader.lnk
[2014.02.06 14:04:01 | 000,001,033 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\MiniLyrics\iPod Lyrics Downloader.lnk
[2015.07.11 17:48:17 | 000,002,381 | ---- | M] () -- \Users\Kopac\AppData\Roaming\Thunderbird\Profiles\2iaz538s.default\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}\components\calBackendLoader.js
[2015.07.11 17:48:17 | 000,000,249 | ---- | M] () -- \Users\Kopac\AppData\Roaming\Thunderbird\Profiles\2iaz538s.default\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}\components\calBackendLoader.manifest
[2013.03.09 09:17:04 | 000,019,080 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\FL_VSTOLoaderUI_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8
[2010.03.24 21:12:34 | 000,018,264 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\FL_VSTOLoaderUI_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8.923C1899_09AE_418B_B39D_A7A9EB6A7951
[2013.03.09 09:17:04 | 000,268,440 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\VSTOLoader_dll_x86.3643236F_FC70_11D3_A536_0090278A1BB8
[2010.03.24 21:12:34 | 000,249,680 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\VSTOLoader_dll_x86.3643236F_FC70_11D3_A536_0090278A1BB8.923C1899_09AE_418B_B39D_A7A9EB6A7951
[2008.01.19 00:34:06 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009.07.20 09:34:54 | 000,070,936 | ---- | M] () -- \Windows\System32\PhysXLoader.dll
[2 \Windows\System32\*.tmp files -> \Windows\System32\*.tmp -> ]
[2014.02.06 18:22:04 | 000,003,402 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6001.18000_cs-cz_33426ea9fd097a15.manifest
[2014.02.06 18:22:04 | 000,027,648 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6001.18000_cs-cz_33426ea9fd097a15_winload.exe.mui_3bc5b827
[2014.02.06 18:22:04 | 000,019,968 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6001.18000_cs-cz_33426ea9fd097a15_winresume.exe.mui_ff8b5358
[2014.02.06 19:12:11 | 000,004,864 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6002.18005_none_5d12333e69c8ab94.manifest
[2014.02.06 19:12:11 | 000,986,600 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6002.18005_none_5d12333e69c8ab94_winload.exe_75835076
[2014.02.06 19:12:11 | 000,926,184 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6002.18005_none_5d12333e69c8ab94_winresume.exe_85cd1215
[2014.02.06 18:20:58 | 000,003,885 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.0.6001.18000_none_6b332839511be4b2.manifest
[2014.02.06 18:20:58 | 000,021,048 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.0.6001.18000_none_6b332839511be4b2_spldr.sys_98bd87a0
[2014.02.06 13:52:47 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16646_de-de_cb9c6772f81a418b.manifest
[2014.02.06 13:52:31 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16646_en-us_748d3d6be6f84d50.manifest
[2014.02.06 13:52:57 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16646_es-es_74589a4fe71f3ef5.manifest
[2014.02.06 13:52:32 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16646_fr-fr_1710104ed9f15557.manifest
[2014.02.06 13:53:19 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16646_it-it_01380695b1233ad5.manifest
[2014.02.06 13:53:23 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16646_ja-jp_a35d85a2a43e4cb0.manifest
[2014.02.06 13:53:40 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16646_nl-nl_2d992eca70004957.manifest
[2014.02.06 13:52:47 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20782_de-de_cbf6c366115bebbd.manifest
[2014.02.06 13:52:31 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20782_en-us_74e7995f0039f782.manifest
[2014.02.06 13:52:57 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20782_es-es_74b2f6430060e927.manifest
[2014.02.06 13:52:31 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20782_fr-fr_176a6c41f332ff89.manifest
[2014.02.06 13:53:19 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20782_it-it_01926288ca64e507.manifest
[2014.02.06 13:53:23 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20782_ja-jp_a3b7e195bd7ff6e2.manifest
[2014.02.06 13:53:39 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20782_nl-nl_2df38abd8941f389.manifest
[2008.01.19 05:14:52 | 000,003,402 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6001.18000_cs-cz_33426ea9fd097a15.manifest
[2014.02.06 13:52:24 | 000,004,858 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.16646_none_591b3d986f9b5725.manifest
[2014.02.06 13:52:23 | 000,004,858 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.20782_none_5975998b88dd0157.manifest
[2008.01.19 01:00:00 | 000,004,864 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.18000_none_5b26ba326ca6e048.manifest
[2014.02.06 13:52:10 | 000,004,864 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.18027_none_5b181c606cb0c98b.manifest
[2014.02.06 13:52:09 | 000,004,864 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.22125_none_5b9fb89785d036a7.manifest
[2009.04.11 01:12:44 | 000,004,864 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6002.18005_none_5d12333e69c8ab94.manifest
[2006.11.02 12:13:06 | 000,003,970 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.0.6000.16386_none_68fc663d5430d3de.manifest
[2008.01.19 01:05:22 | 000,003,885 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.0.6001.18000_none_6b332839511be4b2.manifest
[2006.11.02 14:34:33 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.0.6000.16386_none_43bd59f592b7be86\dmloader.dll
[2008.01.19 00:34:06 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.0.6001.18000_none_45f41bf18fa2cf5a\dmloader.dll
[2008.01.19 00:34:06 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.0.6002.18005_none_47df94fd8cc49aa6\dmloader.dll

OTL.txt 2. část
-------------------
< *minodlogin* /s >

< *tnod* /s >
[2014.01.09 14:41:18 | 000,000,389 | ---- | M] () -- \Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\Cleaner\esetnod32av4.ini
[2014.01.09 14:41:18 | 000,000,397 | ---- | M] () -- \Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\Cleaner\esetnod32av4_x64.ini
[2014.01.09 14:41:18 | 000,000,385 | ---- | M] () -- \Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\Cleaner\esetnod32smarts4.ini
[2014.01.09 14:41:18 | 000,000,420 | ---- | M] () -- \Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\Cleaner\esetnod32smarts4_424_x64sp.ini
[2014.01.09 14:41:18 | 000,000,395 | ---- | M] () -- \Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\Cleaner\esetnod32smarts4_x64.ini

< *AutoKMS* /s >
[2014.07.12 10:08:39 | 000,000,161 | ---- | M] () -- \Windows\AutoKMS.ini
[2015.04.03 13:07:36 | 002,820,608 | ---- | M] () -- \Windows\AutoKMS\AutoKMS.exe
[2015.08.19 11:16:27 | 000,047,433 | ---- | M] () -- \Windows\AutoKMS\AutoKMS.log

< *activator* /s >
[2015.08.17 11:03:25 | 000,004,293 | ---- | M] () -- \Users\Kopac\AppData\Local\AVG\AWL2015\log\ProgramDeactivator.log

< *serial* /s >
[2013.11.06 21:11:52 | 016,313,447 | ---- | M] () -- \Mp3\CD\The Exploited\1996 - Beat the Bastards\13 Serial Killer.mp3
[2015.07.28 01:47:54 | 000,434,368 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.1.40728.0\System.Runtime.Serialization.dll
[2015.08.13 00:24:22 | 001,164,288 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.1.40728.0\System.Runtime.Serialization.ni.dll
[2015.06.08 20:01:18 | 000,002,957 | ---- | M] () -- \Program Files\Mozilla Thunderbird\distribution\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}\calendar-js\calIcsSerializer.js
[2014.07.10 00:14:57 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2009.02.18 19:11:24 | 000,090,112 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[2010.04.14 19:20:46 | 000,415,592 | ---- | M] () -- \Program Files\Windows Live\Mesh\System.Runtime.Serialization.dll
[2010.04.14 19:20:46 | 000,141,168 | ---- | M] () -- \Program Files\Windows Live\Mesh\System.Runtime.Serialization.Json.dll
[2010.04.14 19:20:46 | 000,321,376 | ---- | M] () -- \Program Files\Windows Live\Mesh\System.Xml.Serialization.dll
[2014.10.29 12:06:59 | 000,032,768 | ---- | M] () -- \Users\Kopac\AppData\Local\HF Designer\{EFDF6883-8A79-40F4-A665-312BA3768A0A}\Cache\Locations!IX_VolumeSerialNumber_Location.ind
[2014.10.29 12:06:58 | 000,032,768 | ---- | M] () -- \Users\Kopac\AppData\Local\HF Designer\{EFDF6883-8A79-40F4-A665-312BA3768A0A}\mdbu\Locations!IX_VolumeSerialNumber_Location.ind
[2014.10.29 12:06:59 | 000,008,192 | ---- | M] () -- \Users\Kopac\AppData\Local\HF Designer\{EFDF6883-8A79-40F4-A665-312BA3768A0A}\mdbu\Media!IX_VolumeSerialNumber.ind
[2015.07.11 17:45:50 | 000,002,957 | ---- | M] () -- \Users\Kopac\AppData\Roaming\Thunderbird\Profiles\2iaz538s.default\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}\calendar-js\calIcsSerializer.js
[2015.08.20 00:00:25 | 000,002,957 | ---- | M] () -- \Users\Kopac\AppData\Roaming\Thunderbird\Profiles\2iaz538s.default\extensions\staged\{e2fda1a4-762b-4020-b5ad-a41df1933103}\calendar-js\calIcsSerializer.js
[2009.03.31 12:04:52 | 000,011,776 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2014.06.24 00:18:10 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2009.02.18 19:11:24 | 000,090,112 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
[2014.07.10 00:14:57 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2014.10.16 14:15:19 | 000,311,296 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\0c230d2ecb6492180563ea1811cae3d6\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.10.16 14:16:29 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\0da6b8070bd799d25d8a0add408201e8\System.Runtime.Serialization.ni.dll
[2015.02.08 23:18:50 | 000,306,176 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#\a94049de665f1854ea5df1a857b2c68f\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2015.02.08 23:18:50 | 000,000,440 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#\a94049de665f1854ea5df1a857b2c68f\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux
[2015.02.08 23:18:49 | 002,855,424 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\187177229c00aec6dec613ea4b9ff209\System.Runtime.Serialization.ni.dll
[2015.02.08 23:18:49 | 000,000,996 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\187177229c00aec6dec613ea4b9ff209\System.Runtime.Serialization.ni.dll.aux
[2015.02.08 23:22:27 | 000,025,600 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.84e525b7#\ad0261438ff8f46e093faa717226ebef\System.Xml.Serialization.ni.dll
[2015.02.08 23:22:27 | 000,000,284 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.84e525b7#\ad0261438ff8f46e093faa717226ebef\System.Xml.Serialization.ni.dll.aux
[2014.04.12 01:48:40 | 001,051,888 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\65FC11932FE9AB9348A62CB73DDC6058\4.5.51209\System.Runtime.Serialization.dll.x86
[2014.04.12 01:48:40 | 001,051,888 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\65FC11932FE9AB9348A62CB73DDC6058\4.5.51209\System.Runtime.Serialization.dll_gac_x86
[2013.09.11 23:33:38 | 000,027,920 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\v4.0_4.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2014.04.12 01:48:40 | 000,133,432 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2014.04.12 00:08:06 | 000,029,472 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Json\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Json.dll
[2014.04.12 00:08:06 | 000,029,512 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Primitives.dll
[2013.09.11 23:33:38 | 000,113,864 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.RunTime.Serialization.resources\v4.0_4.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.resources.dll
[2014.04.12 00:08:06 | 000,029,976 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Xml\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Xml.dll
[2014.07.23 01:17:44 | 001,050,840 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2014.04.12 00:08:06 | 000,045,800 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
[2014.04.12 00:08:06 | 000,029,928 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.XmlSerializer\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Xml.XmlSerializer.dll
[2014.06.24 00:18:10 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2009.03.31 12:04:52 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2014.07.10 00:14:57 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2014.07.23 01:17:44 | 001,050,840 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2014.04.12 01:48:40 | 000,133,432 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2014.04.12 00:08:06 | 000,029,472 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Json.dll
[2014.04.12 00:08:06 | 000,029,512 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Primitives.dll
[2014.04.12 00:08:06 | 000,029,976 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Xml.dll
[2014.04.12 00:08:06 | 000,045,800 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll
[2014.04.12 00:08:06 | 000,029,928 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.XmlSerializer.dll
[2013.09.11 23:33:38 | 000,027,920 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2013.09.11 23:33:38 | 000,113,864 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\cs\System.RunTime.Serialization.resources.dll
[2008.01.19 00:36:22 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2 \Windows\System32\*.tmp files -> \Windows\System32\*.tmp -> ]
[2007.01.08 23:04:49 | 000,005,632 | ---- | M] () -- \Windows\System32\cs-CZ\serialui.dll.mui
[2008.01.18 22:49:36 | 000,083,456 | ---- | M] () -- \Windows\System32\drivers\serial.sys
[2007.01.08 23:04:55 | 000,004,096 | ---- | M] () -- \Windows\System32\drivers\cs-CZ\grserial.sys.mui
[2007.01.08 23:04:55 | 000,010,240 | ---- | M] () -- \Windows\System32\drivers\cs-CZ\serial.sys.mui
[2008.01.18 22:49:36 | 000,083,456 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\hiddigi.inf_33048ac2\serial.sys
[2006.11.02 10:51:30 | 000,083,456 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\hiddigi.inf_9d4661e2\serial.sys
[2006.11.02 09:41:49 | 001,010,560 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\mdmmotsm.inf_91bbdacd\smserial.sys
[2008.01.18 22:49:36 | 000,083,456 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_44880ea7\serial.sys
[2006.11.02 10:51:30 | 000,083,456 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_ac874de4\serial.sys
[2006.11.02 10:51:28 | 000,031,232 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_a24cc104\grserial.sys
[2008.01.18 22:49:34 | 000,031,232 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_bec36faa\grserial.sys
[2014.02.06 19:12:14 | 000,003,462 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.0.6002.18005_none_13a1062aa9ccba61.manifest
[2014.02.06 19:12:14 | 000,017,384 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.0.6002.18005_none_13a1062aa9ccba61_kdcom.dll_db5e7744
[2014.02.06 18:21:05 | 000,005,632 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.0.6001.18000_cs-cz_4e6ae191e3aac47c_serialui.dll.mui_7d29d2a3
[2014.02.06 19:12:22 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.0.6002.18005_none_f6ed1a9a1bcc8805_serialui.dll_bea29328
[2006.11.02 14:33:50 | 000,003,028 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.0.6000.16386_none_d24e4473b7df83f3.manifest
[2014.02.06 16:45:51 | 000,003,028 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.0.6000.16708_none_d2461403b7e6edc1.manifest
[2014.02.06 16:45:50 | 000,003,028 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.0.6000.20864_none_bb7eca1fd1887f4d.manifest
[2008.01.19 01:05:26 | 000,003,028 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.0.6001.18000_none_d222c62fb8372cbf.manifest
[2014.02.06 16:41:35 | 000,003,028 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.0.6001.18096_none_d22b4019b82faa94.manifest
[2014.02.06 16:41:35 | 000,003,028 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.0.6001.22208_none_bb54690bd1df5a1e.manifest
[2009.04.11 01:16:00 | 000,003,028 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.0.6002.18005_none_d1fe4b6bb888c0d3.manifest
[2010.04.12 20:29:50 | 000,003,028 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.0.6002.18239_none_d200f0e1b88673fe.manifest
[2012.10.08 18:24:13 | 000,003,028 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.0.6002.18707_none_d1fe1cdfb888f64c.manifest
[2014.07.02 00:20:17 | 000,003,028 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.0.6002.19134_none_d20164d3b885f0af.manifest
[2014.07.14 03:48:49 | 000,003,028 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.0.6002.19142_none_d20292adb884d6c4.manifest
[2010.04.12 21:40:05 | 000,003,028 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.0.6002.22380_none_bb39189bd2286c0e.manifest
[2012.10.08 17:03:48 | 000,003,028 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.0.6002.22945_none_bb34a4b3d22c88bd.manifest
[2014.07.01 23:23:31 | 000,003,028 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.0.6002.23436_none_bb33903bd22d8499.manifest
[2014.07.14 02:50:45 | 000,003,028 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.0.6002.23445_none_bb34a74dd22c844f.manifest
[2007.01.08 23:01:12 | 000,002,584 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.0.6000.16386_cs-cz_5ff98b2cc72ba40d.manifest
[2006.11.02 14:39:55 | 000,000,633 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.0.6000.16386_en-us_bb16054302d6ef1f.manifest
[2014.02.06 16:42:30 | 000,000,633 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.0.6000.16708_en-us_bb0dd4d302de58ed.manifest
[2014.02.06 13:30:56 | 000,002,584 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.0.6000.16730_cs-cz_5ff511dac72f8cd8.manifest
[2014.02.06 16:42:30 | 000,000,633 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.0.6000.20864_en-us_a4468aef1c7fea79.manifest
[2014.02.06 13:30:56 | 000,002,584 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.0.6000.20895_cs-cz_492cfaeee0d2050d.manifest
[2008.01.19 05:14:26 | 000,002,584 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.0.6001.18000_cs-cz_5fce0ce8c7834cd9.manifest
[2014.02.06 14:48:50 | 000,000,633 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.0.6001.18096_en-us_baf300e9032715c0.manifest
[2014.02.06 13:30:34 | 000,002,584 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.0.6001.18121_cs-cz_5fcff690c7819979.manifest
[2014.02.06 14:48:48 | 000,000,633 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.0.6001.22208_en-us_a41c29db1cd6c54a.manifest
[2014.02.06 13:30:34 | 000,002,584 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.0.6001.22243_cs-cz_490422d4e1275f6f.manifest
[2009.04.11 12:04:50 | 000,002,584 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.0.6002.18005_cs-cz_5fa99224c7d4e0ed.manifest
[2010.04.13 00:15:50 | 000,002,584 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.0.6002.18239_cs-cz_5fac379ac7d29418.manifest
[2010.04.12 19:44:55 | 000,000,633 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.0.6002.18239_en-us_bac8b1b1037ddf2a.manifest
[2012.10.08 21:37:20 | 000,002,584 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.0.6002.18707_cs-cz_5fa96398c7d51666.manifest
[2012.10.08 18:20:22 | 000,000,633 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.0.6002.18707_en-us_bac5ddaf03806178.manifest
[2014.07.02 01:14:29 | 000,002,584 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.0.6002.19134_cs-cz_5facab8cc7d210c9.manifest
[2014.07.02 00:10:09 | 000,000,633 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.0.6002.19134_en-us_bac925a3037d5bdb.manifest
[2014.07.14 05:31:05 | 000,002,584 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.0.6002.19142_cs-cz_5fadd966c7d0f6de.manifest
[2014.07.14 03:42:29 | 000,000,633 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.0.6002.19142_en-us_baca537d037c41f0.manifest
[2010.04.13 00:51:48 | 000,002,584 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.0.6002.22380_cs-cz_48e45f54e1748c28.manifest
[2010.04.12 20:41:31 | 000,000,633 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.0.6002.22380_en-us_a400d96b1d1fd73a.manifest
[2012.10.08 18:22:39 | 000,002,584 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.0.6002.22945_cs-cz_48dfeb6ce178a8d7.manifest
[2012.10.08 17:00:20 | 000,000,633 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.0.6002.22945_en-us_a3fc65831d23f3e9.manifest
[2014.07.02 01:23:06 | 000,002,584 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.0.6002.23436_cs-cz_48ded6f4e179a4b3.manifest
[2014.07.01 23:17:43 | 000,000,633 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.0.6002.23436_en-us_a3fb510b1d24efc5.manifest
[2014.07.14 05:15:40 | 000,002,584 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.0.6002.23445_cs-cz_48dfee06e178a469.manifest
[2014.07.14 02:39:45 | 000,000,633 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.0.6002.23445_en-us_a3fc681d1d23ef7b.manifest
[2006.11.02 14:33:50 | 000,003,227 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.0.6000.16386_none_02917a0ddf868526.manifest
[2014.02.06 16:45:50 | 000,003,227 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.0.6000.16708_none_0289499ddf8deef4.manifest
[2014.02.06 16:45:49 | 000,003,227 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.0.6000.20864_none_ebc1ffb9f92f8080.manifest
[2008.01.19 01:04:20 | 000,003,227 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.0.6001.18000_none_0265fbc9dfde2df2.manifest
[2014.02.06 16:41:34 | 000,003,227 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.0.6001.18096_none_026e75b3dfd6abc7.manifest
[2014.02.06 16:41:33 | 000,003,227 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.0.6001.22208_none_eb979ea5f9865b51.manifest
[2009.04.11 01:15:32 | 000,003,227 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.0.6002.18005_none_02418105e02fc206.manifest
[2010.04.12 20:29:29 | 000,003,227 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.0.6002.18239_none_0244267be02d7531.manifest
[2012.10.08 18:23:59 | 000,003,227 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.0.6002.18707_none_02415279e02ff77f.manifest
[2014.07.02 00:20:09 | 000,003,227 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.0.6002.19134_none_02449a6de02cf1e2.manifest
[2014.07.14 03:48:41 | 000,003,227 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.0.6002.19142_none_0245c847e02bd7f7.manifest
[2010.04.12 21:39:45 | 000,003,227 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.0.6002.22380_none_eb7c4e35f9cf6d41.manifest
[2012.10.08 17:03:34 | 000,003,227 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.0.6002.22945_none_eb77da4df9d389f0.manifest
[2014.07.01 23:23:24 | 000,003,227 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.0.6002.23436_none_eb76c5d5f9d485cc.manifest
[2014.07.14 02:50:38 | 000,003,227 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.0.6002.23445_none_eb77dce7f9d38582.manifest
[2006.11.02 12:18:20 | 000,003,462 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.0.6000.16386_none_0f7ecb22afbfde41.manifest
[2008.01.19 01:01:04 | 000,003,462 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.0.6001.18000_none_11b58d1eacaaef15.manifest
[2009.04.11 01:13:32 | 000,003,462 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.0.6002.18005_none_13a1062aa9ccba61.manifest
[2006.11.02 12:02:09 | 000,001,406 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.0.6000.16386_none_2a8610ec098ae6c4.manifest
[2006.11.02 14:33:50 | 000,003,062 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.0.6000.16386_none_076c25db205d1f68.manifest
[2014.02.06 16:44:22 | 000,003,062 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.0.6000.16708_none_0763f56b20648936.manifest
[2014.02.06 16:44:22 | 000,003,062 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.0.6000.20864_none_f09cab873a061ac2.manifest
[2008.01.19 01:13:44 | 000,003,062 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.0.6001.18000_none_0740a79720b4c834.manifest
[2014.02.06 16:40:33 | 000,003,062 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.0.6001.18096_none_0749218120ad4609.manifest
[2014.02.06 16:40:32 | 000,003,062 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.0.6001.22208_none_f0724a733a5cf593.manifest
[2009.04.11 01:18:56 | 000,003,062 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.0.6002.18005_none_071c2cd321065c48.manifest
[2010.04.12 20:32:33 | 000,003,062 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.0.6002.18239_none_071ed24921040f73.manifest
[2012.10.08 18:26:11 | 000,003,062 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.0.6002.18707_none_071bfe47210691c1.manifest
[2014.07.02 00:21:17 | 000,003,062 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.0.6002.19134_none_071f463b21038c24.manifest
[2014.07.14 03:49:45 | 000,003,062 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.0.6002.19142_none_0720741521027239.manifest
[2010.04.12 21:42:39 | 000,003,062 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.0.6002.22380_none_f056fa033aa60783.manifest
[2012.10.08 17:05:32 | 000,003,062 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.0.6002.22945_none_f052861b3aaa2432.manifest
[2014.07.01 23:24:24 | 000,003,062 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.0.6002.23436_none_f05171a33aab200e.manifest
[2014.07.14 02:51:36 | 000,003,062 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.0.6002.23445_none_f05288b53aaa1fc4.manifest
[2006.10.20 03:14:53 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.0.6000.16386_none_483e6ea12378b3a8\System.Runtime.Serialization.Formatters.Soap.dll
[2014.02.06 14:39:49 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.0.6000.16720_none_4838f505237d831c\System.Runtime.Serialization.Formatters.Soap.dll
[2014.02.06 14:39:49 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.0.6000.20883_none_31710ba93d1fc80f\System.Runtime.Serialization.Formatters.Soap.dll
[2008.01.05 04:27:00 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.0.6001.18000_none_4812f05d23d05c74\System.Runtime.Serialization.Formatters.Soap.dll
[2014.02.06 14:39:03 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.0.6001.18111_none_4813d9bb23cf8fbd\System.Runtime.Serialization.Formatters.Soap.dll
[2014.02.06 14:39:03 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.0.6001.22230_none_31484a573d7508d0\System.Runtime.Serialization.Formatters.Soap.dll
[2009.03.29 22:42:20 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.0.6002.18005_none_47ee75992421f088\System.Runtime.Serialization.Formatters.Soap.dll
[2014.06.24 00:18:10 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.0.6002.19134_none_47f18f01241f2064\System.Runtime.Serialization.Formatters.Soap.dll
[2014.06.24 00:18:07 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.0.6002.23436_none_3123ba693dc6b44e\System.Runtime.Serialization.Formatters.Soap.dll
[2007.01.08 23:03:07 | 000,011,776 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.0.6000.16386_cs-cz_0167850d1d10bca1\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2014.02.06 16:50:12 | 000,011,776 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.0.6000.16754_cs-cz_0164b12f1d133e9e\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2014.02.06 16:50:12 | 000,011,776 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.0.6000.20921_cs-cz_ea944dc536bd060d\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2008.01.05 04:27:20 | 000,011,776 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.0.6001.18000_cs-cz_013c06c91d68656d\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2014.02.06 16:49:57 | 000,011,776 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.0.6001.18145_cs-cz_013f95e51d654b3f\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2014.02.06 16:49:57 | 000,011,776 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.0.6001.22269_cs-cz_ea739499370b4477\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.03.31 12:04:52 | 000,011,776 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.0.6002.18005_cs-cz_01178c051db9f981\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.03.31 12:04:52 | 000,011,776 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.0.6002.19134_cs-cz_011aa56d1db7295d\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.03.31 12:04:52 | 000,011,776 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.0.6002.23436_cs-cz_ea4cd0d5375ebd47\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2006.11.02 14:36:03 | 000,888,832 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.0.6000.16386_none_d24e4473b7df83f3\System.Runtime.Serialization.dll
[2014.02.06 16:47:19 | 000,966,656 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.0.6000.16708_none_d2461403b7e6edc1\System.Runtime.Serialization.dll
[2014.02.06 16:47:19 | 000,966,656 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.0.6000.20864_none_bb7eca1fd1887f4d\System.Runtime.Serialization.dll
[2008.01.05 04:21:40 | 000,929,792 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.0.6001.18000_none_d222c62fb8372cbf\System.Runtime.Serialization.dll
[2014.02.06 16:47:09 | 000,966,656 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.0.6001.18096_none_d22b4019b82faa94\System.Runtime.Serialization.dll
[2014.02.06 16:47:09 | 000,966,656 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.0.6001.22208_none_bb54690bd1df5a1e\System.Runtime.Serialization.dll
[2009.02.18 12:38:44 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.0.6002.18005_none_d1fe4b6bb888c0d3\System.Runtime.Serialization.dll
[2010.04.12 14:21:15 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.0.6002.18239_none_d200f0e1b88673fe\System.Runtime.Serialization.dll
[2012.10.08 13:01:09 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.0.6002.18707_none_d1fe1cdfb888f64c\System.Runtime.Serialization.dll
[2014.06.27 00:17:19 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.0.6002.19134_none_d20164d3b885f0af\System.Runtime.Serialization.dll
[2014.07.10 00:14:57 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.0.6002.19142_none_d20292adb884d6c4\System.Runtime.Serialization.dll
[2010.04.12 14:22:49 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.0.6002.22380_none_bb39189bd2286c0e\System.Runtime.Serialization.dll
[2012.10.08 12:59:43 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.0.6002.22945_none_bb34a4b3d22c88bd\System.Runtime.Serialization.dll
[2014.06.21 00:17:55 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.0.6002.23436_none_bb33903bd22d8499\System.Runtime.Serialization.dll
[2014.07.11 00:16:50 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.0.6002.23445_none_bb34a74dd22c844f\System.Runtime.Serialization.dll
[2007.01.08 23:05:25 | 000,081,920 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.0.6000.16386_cs-cz_5ff98b2cc72ba40d\System.RunTime.Serialization.Resources.dll
[2014.02.06 16:50:59 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.0.6000.16730_cs-cz_5ff511dac72f8cd8\System.RunTime.Serialization.Resources.dll
[2014.02.06 16:50:59 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.0.6000.20895_cs-cz_492cfaeee0d2050d\System.RunTime.Serialization.Resources.dll
[2008.01.05 04:27:24 | 000,086,016 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.0.6001.18000_cs-cz_5fce0ce8c7834cd9\System.RunTime.Serialization.Resources.dll
[2014.02.06 16:50:50 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.0.6001.18121_cs-cz_5fcff690c7819979\System.RunTime.Serialization.Resources.dll
[2014.02.06 16:50:50 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.0.6001.22243_cs-cz_490422d4e1275f6f\System.RunTime.Serialization.Resources.dll
[2009.02.18 19:11:24 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.0.6002.18005_cs-cz_5fa99224c7d4e0ed\System.RunTime.Serialization.Resources.dll
[2009.02.18 19:11:24 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.0.6002.18239_cs-cz_5fac379ac7d29418\System.RunTime.Serialization.Resources.dll
[2009.02.18 19:11:24 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.0.6002.18707_cs-cz_5fa96398c7d51666\System.RunTime.Serialization.Resources.dll
[2009.02.18 19:11:24 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.0.6002.19134_cs-cz_5facab8cc7d210c9\System.RunTime.Serialization.Resources.dll
[2009.02.18 19:11:24 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.0.6002.19142_cs-cz_5fadd966c7d0f6de\System.RunTime.Serialization.Resources.dll
[2009.02.18 19:11:24 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.0.6002.22380_cs-cz_48e45f54e1748c28\System.RunTime.Serialization.Resources.dll
[2009.02.18 19:11:24 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.0.6002.22945_cs-cz_48dfeb6ce178a8d7\System.RunTime.Serialization.Resources.dll
[2009.02.18 19:11:24 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.0.6002.23436_cs-cz_48ded6f4e179a4b3\System.RunTime.Serialization.Resources.dll
[2009.02.18 19:11:24 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.0.6002.23445_cs-cz_48dfee06e178a469\System.RunTime.Serialization.Resources.dll
[2006.11.02 14:36:03 | 000,888,832 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.0.6000.16386_none_02917a0ddf868526\System.Runtime.Serialization.dll
[2014.02.06 16:47:19 | 000,966,656 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.0.6000.16708_none_0289499ddf8deef4\System.Runtime.Serialization.dll
[2014.02.06 16:47:19 | 000,966,656 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.0.6000.20864_none_ebc1ffb9f92f8080\System.Runtime.Serialization.dll
[2008.01.05 04:21:40 | 000,929,792 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.0.6001.18000_none_0265fbc9dfde2df2\System.Runtime.Serialization.dll
[2014.02.06 16:47:08 | 000,966,656 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.0.6001.18096_none_026e75b3dfd6abc7\System.Runtime.Serialization.dll
[2014.02.06 16:47:08 | 000,966,656 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.0.6001.22208_none_eb979ea5f9865b51\System.Runtime.Serialization.dll
[2009.02.18 12:38:40 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.0.6002.18005_none_02418105e02fc206\System.Runtime.Serialization.dll
[2010.04.12 14:21:01 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.0.6002.18239_none_0244267be02d7531\System.Runtime.Serialization.dll
[2012.10.08 13:01:03 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.0.6002.18707_none_02415279e02ff77f\System.Runtime.Serialization.dll
[2014.06.27 00:17:18 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.0.6002.19134_none_02449a6de02cf1e2\System.Runtime.Serialization.dll
[2014.07.10 00:14:57 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.0.6002.19142_none_0245c847e02bd7f7\System.Runtime.Serialization.dll
[2010.04.12 14:22:23 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.0.6002.22380_none_eb7c4e35f9cf6d41\System.Runtime.Serialization.dll
[2012.10.08 12:59:29 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.0.6002.22945_none_eb77da4df9d389f0\System.Runtime.Serialization.dll
[2014.06.21 00:17:55 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.0.6002.23436_none_eb76c5d5f9d485cc\System.Runtime.Serialization.dll
[2014.07.11 00:16:50 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.0.6002.23445_none_eb77dce7f9d38582\System.Runtime.Serialization.dll
[2007.01.08 23:04:55 | 000,010,240 | ---- | M] () -- \Windows\winsxs\x86_hiddigi.inf.resources_31bf3856ad364e35_6.0.6000.16386_cs-cz_f15fa7f9f28d5343\serial.sys.mui
[2008.01.18 22:49:36 | 000,083,456 | ---- | M] () -- \Windows\winsxs\x86_hiddigi.inf_31bf3856ad364e35_6.0.6001.18000_none_955c449145dbf667\serial.sys
[2007.01.08 23:04:20 | 000,011,776 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16386_cs-cz_bdf5a8f7ae6b024a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2014.02.06 16:50:08 | 000,011,776 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16754_cs-cz_be141fbfae547065\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2014.02.06 16:50:01 | 000,011,776 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20921_cs-cz_bebb2d56c75c6d7e\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2008.01.05 04:27:20 | 000,011,776 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18000_cs-cz_c02c6af3ab56131e\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2014.02.06 16:49:52 | 000,011,776 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18145_cs-cz_c0062e9bab71febc\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2014.02.06 16:49:45 | 000,011,776 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.22269_cs-cz_c07e2cb6c49c3bc4\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.03.31 12:04:52 | 000,011,776 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6002.18005_cs-cz_c217e3ffa877de6a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.03.31 12:04:52 | 000,011,776 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6002.19134_cs-cz_c1f65f0fa8912fae\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.03.31 12:04:52 | 000,011,776 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6002.23436_cs-cz_c282003ac1acfc74\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2007.01.08 23:04:49 | 000,005,632 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.0.6000.16386_cs-cz_4c341f95e6bfb3a8\serialui.dll.mui
[2007.01.08 23:04:49 | 000,005,632 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.0.6001.18000_cs-cz_4e6ae191e3aac47c\serialui.dll.mui
[2006.11.02 11:46:12 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.0.6000.16386_none_f2cadf9221bfabe5\serialui.dll
[2008.01.19 00:36:22 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.0.6001.18000_none_f501a18e1eaabcb9\serialui.dll
[2008.01.19 00:36:22 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.0.6002.18005_none_f6ed1a9a1bcc8805\serialui.dll
[2007.01.08 23:05:22 | 000,081,920 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6000.16386_cs-cz_5b3d50955593c887\System.RunTime.Serialization.Resources.dll
[2014.02.06 16:50:55 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6000.16730_cs-cz_5b6d660d55709964\System.RunTime.Serialization.Resources.dll
[2014.02.06 16:50:53 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6000.20895_cs-cz_5bbb24c26eba5f87\System.RunTime.Serialization.Resources.dll
[2008.01.05 04:27:24 | 000,086,016 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6001.18000_cs-cz_5d741291527ed95b\System.RunTime.Serialization.Resources.dll
[2014.02.06 16:50:49 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6001.18121_cs-cz_5d5f74e9528e27bb\System.RunTime.Serialization.Resources.dll
[2014.02.06 16:50:48 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6001.22243_cs-cz_5dd572706bba3215\System.RunTime.Serialization.Resources.dll
[2009.02.18 19:11:24 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6002.18005_cs-cz_5f5f8b9d4fa0a4a7\System.RunTime.Serialization.Resources.dll
[2009.02.18 19:11:24 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6002.19134_cs-cz_5f3e06ad4fb9f5eb\System.RunTime.Serialization.Resources.dll
[2009.02.18 19:11:24 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6002.23436_cs-cz_5fc9a7d868d5c2b1\System.RunTime.Serialization.Resources.dll
[2007.01.08 23:03:22 | 000,010,240 | ---- | M] () -- \Windows\winsxs\x86_msports.inf.resources_31bf3856ad364e35_6.0.6000.16386_cs-cz_c27f608a4f515351\serial.sys.mui
[2008.01.18 22:49:36 | 000,083,456 | ---- | M] () -- \Windows\winsxs\x86_msports.inf_31bf3856ad364e35_6.0.6001.18000_none_f897b0b1b85e4433\serial.sys
[2007.01.08 23:04:55 | 000,004,096 | ---- | M] () -- \Windows\winsxs\x86_smartcrd.inf.resources_31bf3856ad364e35_6.0.6000.16386_cs-cz_b4070b50f198e261\grserial.sys.mui
[2008.01.18 22:49:34 | 000,031,232 | ---- | M] () -- \Windows\winsxs\x86_smartcrd.inf_31bf3856ad364e35_6.0.6001.18000_none_72a9e15f343dcd03\grserial.sys
[2006.11.02 14:36:02 | 000,888,832 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.0.6000.16386_none_076c25db205d1f68\System.Runtime.Serialization.dll
[2014.02.06 16:47:13 | 000,966,656 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.0.6000.16708_none_0763f56b20648936\System.Runtime.Serialization.dll
[2014.02.06 16:47:13 | 000,966,656 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.0.6000.20864_none_f09cab873a061ac2\System.Runtime.Serialization.dll
[2008.01.05 04:21:40 | 000,929,792 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.0.6001.18000_none_0740a79720b4c834\System.Runtime.Serialization.dll
[2014.02.06 16:47:04 | 000,966,656 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.0.6001.18096_none_0749218120ad4609\System.Runtime.Serialization.dll
[2014.02.06 16:47:04 | 000,966,656 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.0.6001.22208_none_f0724a733a5cf593\System.Runtime.Serialization.dll
[2009.02.18 12:38:40 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.0.6002.18005_none_071c2cd321065c48\System.Runtime.Serialization.dll
[2010.04.12 14:21:01 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.0.6002.18239_none_071ed24921040f73\System.Runtime.Serialization.dll
[2012.10.08 13:01:03 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.0.6002.18707_none_071bfe47210691c1\System.Runtime.Serialization.dll
[2014.06.27 00:17:18 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.0.6002.19134_none_071f463b21038c24\System.Runtime.Serialization.dll
[2014.07.10 00:14:57 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.0.6002.19142_none_0720741521027239\System.Runtime.Serialization.dll
[2010.04.12 14:22:23 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.0.6002.22380_none_f056fa033aa60783\System.Runtime.Serialization.dll
[2012.10.08 12:59:29 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.0.6002.22945_none_f052861b3aaa2432\System.Runtime.Serialization.dll
[2014.06.21 00:17:55 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.0.6002.23436_none_f05171a33aab200e\System.Runtime.Serialization.dll
[2014.07.11 00:16:50 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.0.6002.23445_none_f05288b53aaa1fc4\System.Runtime.Serialization.dll

< *w7lxe* /s >

========== Files - Unicode (All) ==========
[2015.02.05 02:49:13 | 007,389,184 | ---- | M] ()(C:\Windows\System32\????????????????????????????????) -- C:\Windows\System32\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯⹹慤
[2014.03.25 12:30:31 | 007,389,184 | ---- | C] ()(C:\Windows\System32\????????????????????????????????) -- C:\Windows\System32\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯⹹慤

========== Alternate Data Streams ==========

@Alternate Data Stream - 6144 bytes -> C:\Windows\Cursors\arrow_n.cur:NEDTA.DAT

< End of report >

EXTRAS.txt
----------------
OTL Extras logfile created on: 26.8.2015 12:06:44 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kopac\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 0,88 Gb Available Physical Memory | 43,85% Memory free
4,24 Gb Paging File | 2,43 Gb Available in Paging File | 57,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225,07 Gb Total Space | 43,37 Gb Free Space | 19,27% Space Free | Partition Type: NTFS

Computer Name: KOPAC-PC | User Name: Kopac | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = OperaStable] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-3771582624-879338843-1209121951-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3B1B9729-F6AD-4B96-BE70-6FFC163A6181}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F3ECB6B0-4192-4CF6-AC97-483A5803708D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{075C2468-0119-410C-8BF3-CF60F1A8C027}" = protocol=17 | dir=in | app=c:\program files\maxthon\bin\maxthon.exe |
"{0C90CAC1-D580-4A14-9937-6C407477D20C}" = protocol=17 | dir=in | app=c:\hry\call of duty 4 - modern warfare\iw3mp.exe |
"{2583C45F-557A-4ECB-9FC5-62AB4583D634}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{2CBE6C03-BBCA-4438-94E8-6B11CC57DAF1}" = protocol=6 | dir=in | app=c:\program files\common files\soft602\langserv.exe |
"{683A4FEB-1048-4CA0-9E30-A98F41B40311}" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"{79C37850-6C41-440F-B264-C90551CC14EF}" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"{8712C1DB-E5D6-438F-8232-51C9436802BE}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{8F61E54F-D42F-4187-A0C5-A91B91B52204}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{970A45CA-BB5D-41D0-8EBE-EE8F5C976903}" = protocol=6 | dir=in | app=c:\program files\maxthon\bin\mxup.exe |
"{994095DB-6874-4AC4-AD4F-3A401B76E93E}" = protocol=17 | dir=in | app=c:\program files\common files\soft602\langserv.exe |
"{A83C82A1-BE3F-48ED-B2A5-EA6DE5129ED7}" = protocol=17 | dir=in | app=c:\program files\maxthon\bin\mxup.exe |
"{A982686A-B067-4599-A1B3-D9B726D1546C}" = protocol=17 | dir=in | app=c:\hry\dirt 3\dirt3_game.exe |
"{AA3FBF10-FCEB-4AC2-8B52-2C7A049585F9}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{D627FC4A-4907-4A35-83EE-655245DB4921}" = protocol=6 | dir=in | app=c:\hry\dirt 3\dirt3_game.exe |
"{D7D02B7E-129F-4236-A3BA-9758A6A4EAAF}" = protocol=6 | dir=in | app=c:\hry\war thunder\launcher.exe |
"{DDF6D14B-F5A7-43F5-8EA6-F6D3852FB64E}" = protocol=6 | dir=in | app=c:\program files\maxthon\bin\maxthon.exe |
"{F8691497-C4F9-45EE-9F8B-1C17E47E0B38}" = protocol=17 | dir=in | app=c:\hry\war thunder\launcher.exe |
"{FB9D9A61-EDD2-4074-B8CC-82215855F4B5}" = protocol=6 | dir=in | app=c:\hry\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{4F6A2195-3AC6-4C17-8F72-3FB3C5ED1549}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"TCP Query User{6462991F-5A38-4118-95C5-A35F0F746C12}D:\easysetupassistant\wr741n\easysetupassistant.exe" = protocol=6 | dir=in | app=d:\easysetupassistant\wr741n\easysetupassistant.exe |
"TCP Query User{E0D2A206-425C-4519-8094-7BD9578021B4}C:\hry\war thunder\aces.exe" = protocol=6 | dir=in | app=c:\hry\war thunder\aces.exe |
"UDP Query User{0CE6F29F-40E0-4F87-B086-F617754DFEF9}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"UDP Query User{8BBD497C-52E4-4794-91E3-B1902664C13B}C:\hry\war thunder\aces.exe" = protocol=17 | dir=in | app=c:\hry\war thunder\aces.exe |
"UDP Query User{9E971628-6981-41BC-9CC2-610D4B68F8D5}D:\easysetupassistant\wr741n\easysetupassistant.exe" = protocol=17 | dir=in | app=d:\easysetupassistant\wr741n\easysetupassistant.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F14E5B-E07A-2A1E-6788-580773CE1486}" = CCC Help English
"{0673921E-31CF-4521-95D2-B2221DFEC525}_is1" = Folder Security Personal 3.0
"{0891B708-EF3F-4D7E-9724-265245F46276}" = Windows Live Remote Service Resources
"{0A036215-0A8D-6FBE-7EA3-7AED4F9E162A}" = CCC Help Turkish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{123F4E9B-80E6-3A84-BDD4-3CB3AC59ABF0}" = Microsoft .NET Framework 4.5.1 (CSY)
"{15A05AAA-37E7-D516-5BE9-C960C2170403}" = CCC Help Czech
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1F123162-FE01-4F1E-9A36-92BB225EABDD}_is1" = Need for Speed: Most Wanted - Black Edition verze 1.3
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21E9850E-58C2-FA88-D5AD-B64D253B8F82}" = CCC Help Thai
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{22DD005D-0EF1-4E3E-92F8-49D89E31479A}" = 1400
"{25A7270E-1B63-DFD1-ACBC-88852A305398}" = CCC Help Chinese Traditional
"{28164BD8-81EA-639A-85E9-E659E3EE6DA7}" = Catalyst Control Center InstallProxy
"{28A25E3A-2855-4A39-B72B-50BF80FB86C5}" = Windows Live Family Safety
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2E69E784-F84A-9A18-7D8E-4EB8504EEE1E}" = CCC Help Danish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{362614E4-9ABB-E7A7-CDDC-239AB168060A}" = CCC Help Japanese
"{3911CF56-9EF2-39BA-846A-C27BD3CD0685}" = Microsoft .NET Framework 4.5.2
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{454F5782-A4C3-480E-A629-D435795DEFD8}" = Windows Live Remote Client Resources
"{4745F6F8-09DA-CC39-EC19-0E8D764CF2B7}" = CCC Help Chinese Standard
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4DC59BF3-0D72-3CE8-BFEF-1E8FAF689EB0}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{4FA31DE2-B613-24BB-1738-B655C00B1C9D}" = CCC Help Hungarian
"{5140890B-8A88-4E81-A5C3-7B9F92F74FD2}" = Eraser 6.2.0.2969
"{52FD4969-2C1C-4F9C-A71B-C6F04777FFAA}_is1" = Warcraft III - Complete Edition verze 1.26a
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58771CF6-F212-CC4D-61B1-45CC70B6375C}" = CCC Help Dutch
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6833245E-DD86-479A-882A-8360D62C8194}" = NVIDIA PhysX
"{6A3C2391-BCE2-4D28-A336-73B953B4502F}" = 1400Trb
"{6D5CE5F1-CBB0-9ED4-1A1E-91DDCD6225FD}" = CCC Help Italian
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F6873E3-5C92-4049-B511-231A138DD090}" = Kaspersky Internet Security
"{6FBE200D-1F00-40B7-BF48-FEB265AADE94}" = 1400_Help
"{707210B0-29F1-C550-BA96-6ECDA245CF24}" = CCC Help Spanish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{812B956B-37AB-24B9-4527-78A6D3ECE7F8}" = CCC Help Korean
"{83293709-B863-0EF6-00DA-B026D486E8B5}" = CCC Help Polish
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{88B2ABCF-9C00-47C1-8FC4-369B98845DD7}" = Catalyst Control Center - Branding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D5B19AA-3D3A-5870-C9A0-346EBC5DB21E}" = ccc-utility
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2010
"{90140000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2010
"{90140000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2010
"{90140000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2010
"{90140000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2010
"{90140000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2010
"{90140000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2010
"{90140000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2010
"{90140000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2010
"{90140000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2010
"{90140000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2010
"{90140000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2010
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{911904DE-EBB6-BC8E-D5BD-762B7DB42C46}" = CCC Help Greek
"{912D30CF-F39E-4B31-AD9A-123C6B794EE2}" = HP Update
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029" = Microsoft .NET Framework 4.5.1 (čeština)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9903011B-5F1D-A2A1-8078-EE62B3324CCE}" = CCC Help Portuguese
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A7F1628-2126-34A5-852D-2B93328BCF3F}" = CCC Help German
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A72CE741-1F32-4D79-BFFB-A714375C6750}_is1" = Bigasoft Total Video Converter 5.0.6.5658
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{AC76BA86-0804-1033-1959-001824147215}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1029-7B44-AA1000000001}" = Adobe Reader X (10.1.15) - Czech
"{AE6C422B-DADB-D547-411C-E9E56DF03D16}" = CCC Help Russian
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B09567CC-E43F-10F1-752D-549AC7FB0C43}" = CCC Help Finnish
"{B170B91D-E8E3-A6A3-D129-D8E36FEA8A0B}" = CCC Help Norwegian
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B448BC74-1CB7-7A57-3313-5E075AFB413E}" = AMD Catalyst Install Manager
"{B44F3823-52DD-45CA-A916-8B320778715D}" = Messenger Companion
"{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE
"{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable
"{B6190387-0036-4BEB-8D74-A0AFC5F14706}" = Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{BD96ABD3-D1D4-5513-6C60-11476D6DCFC5}" = Catalyst Control Center Localization All
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C1EA3034-6A86-4C18-A91F-SPSOTCZ7E0FE}_is1" = Čeština do hry South Park: Klacek Pravdy verze 1.0
"{C39C7876-4D21-8A38-0A42-B5C8858EC6C7}" = CCC Help French
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D4236B82-213F-679E-09A2-9AEB5EF4CADC}" = Catalyst Control Center Graphics Previews Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9FB7F91-9687-4B09-894D-072903CADEA4}" = Qualcomm USB Drivers For Windows
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{DE3B6562-0A58-49E0-836F-B895F3985958}" = Software602 Form Filler
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EBBD4FE6-91DA-C397-6D56-FE85DBF24FCF}" = Catalyst Control Center
"{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.444
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.221
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FC3C2B77-6800-48C6-A15D-9D1031130C16}" = HP Support Solutions Framework
"{FCEFDA6B-63CD-BB17-B845-478A42E24D39}" = CCC Help Swedish
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"Adobe Flash Player ActiveX" = Adobe Flash Player 18 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 18 NPAPI
"Adobe Flash Player PPAPI" = Adobe Flash Player 18 PPAPI
"AMP WinOFF" = AMP WinOFF 5.0.1
"android_driver_install_is1" = android_driver_install.exe
"AnyBurn" = AnyBurn
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"Defraggler" = Defraggler
"GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}" = Kaspersky Internet Security
"LastFM_is1" = Last.fm Scrobbler 2.1.37
"Maxthon3" = Maxthon Cloud Browser
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Miranda IM" = Miranda IM
"Monkey's Audio_is1" = Monkey's Audio
"Mozilla Firefox 40.0.2 (x86 cs)" = Mozilla Firefox 40.0.2 (x86 cs)
"Mozilla Thunderbird 38.0.1 (x86 cs)" = Mozilla Thunderbird 38.0.1 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Totalcmd" = Total Commander 64-bit (Remove or Repair)
"U291dGhwYXJrU3RpY2tvZlRydXRo_is1" = Southpark Stick of Truth
"VLC media player" = VLC media player
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 5.01 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3771582624-879338843-1209121951-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ICQ" = ICQ 8.2 (verze 6901)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 17.8.2015 16:32:03 | Computer Name = Kopac-PC | Source = .NET Runtime | ID = 1026
Description =

Error - 18.8.2015 4:57:16 | Computer Name = Kopac-PC | Source = .NET Runtime | ID = 1026
Description =

Error - 18.8.2015 11:28:01 | Computer Name = Kopac-PC | Source = .NET Runtime | ID = 1026
Description =

Error - 18.8.2015 11:34:12 | Computer Name = Kopac-PC | Source = .NET Runtime | ID = 1026
Description =

Error - 18.8.2015 13:09:54 | Computer Name = Kopac-PC | Source = .NET Runtime | ID = 1026
Description =

Error - 19.8.2015 5:15:54 | Computer Name = Kopac-PC | Source = .NET Runtime | ID = 1026
Description =

Error - 19.8.2015 7:10:20 | Computer Name = Kopac-PC | Source = VSS | ID = 8194
Description =

Error - 20.8.2015 5:41:57 | Computer Name = Kopac-PC | Source = Microsoft-Windows-RestartManager | ID = 10007
Description =

Error - 24.8.2015 17:51:35 | Computer Name = Kopac-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace Explorer.EXE, verze 6.0.6002.18005, časové razítko
0x49e01da5, chybující modul Explorer.EXE, verze 6.0.6002.18005, časové razítko
0x49e01da5, kód výjimky 0xc0000005, posun chyby 0x00048362, ID procesu 0x134, čas
spuštění aplikace 0x01d0deb6716f8101.

Error - 25.8.2015 2:08:30 | Computer Name = Kopac-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace Explorer.EXE, verze 6.0.6002.18005, časové razítko
0x49e01da5, chybující modul Explorer.EXE, verze 6.0.6002.18005, časové razítko
0x49e01da5, kód výjimky 0xc0000005, posun chyby 0x00048362, ID procesu 0x834, čas
spuštění aplikace 0x01d0defbc6fbb021.

[ System Events ]
Error - 25.8.2015 1:59:01 | Computer Name = Kopac-PC | Source = BTHUSB | ID = 327685
Description = Ovladač Bluetooth očekával událost HCI s určitou velikostí, ale neobdržel
ji.

Error - 25.8.2015 2:03:45 | Computer Name = Kopac-PC | Source = cdrom | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\CdRom0.

Error - 25.8.2015 10:57:23 | Computer Name = Kopac-PC | Source = BTHUSB | ID = 327685
Description = Ovladač Bluetooth očekával událost HCI s určitou velikostí, ale neobdržel
ji.

Error - 25.8.2015 10:57:27 | Computer Name = Kopac-PC | Source = BTHUSB | ID = 327685
Description = Ovladač Bluetooth očekával událost HCI s určitou velikostí, ale neobdržel
ji.

Error - 25.8.2015 15:39:06 | Computer Name = Kopac-PC | Source = BTHUSB | ID = 327685
Description = Ovladač Bluetooth očekával událost HCI s určitou velikostí, ale neobdržel
ji.

Error - 25.8.2015 15:39:10 | Computer Name = Kopac-PC | Source = BTHUSB | ID = 327685
Description = Ovladač Bluetooth očekával událost HCI s určitou velikostí, ale neobdržel
ji.

Error - 25.8.2015 15:39:39 | Computer Name = Kopac-PC | Source = cdrom | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\CdRom0.

Error - 26.8.2015 4:48:50 | Computer Name = Kopac-PC | Source = BTHUSB | ID = 327685
Description = Ovladač Bluetooth očekával událost HCI s určitou velikostí, ale neobdržel
ji.

Error - 26.8.2015 4:48:54 | Computer Name = Kopac-PC | Source = BTHUSB | ID = 327685
Description = Ovladač Bluetooth očekával událost HCI s určitou velikostí, ale neobdržel
ji.

Error - 26.8.2015 4:49:17 | Computer Name = Kopac-PC | Source = cdrom | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\CdRom0.

< End of report >

Vypnete antivir, at nebrani programu v praci.

Znovu spustte OTL jako spravce
Do spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[Purity]
[CreateRestorePoint]

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:otl
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3771582624-879338843-1209121951-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
[2015.08.17 22:38:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2015.08.17 22:38:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2015.05.26 18:59:14 | 000,000,292 | ---- | C] () -- C:\Windows\Tasks\WebReg psc 1400 series.job
[6 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[189 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\twain_32\*.tmp files -> C:\Windows\twain_32\*.tmp -> ]
[1 \Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\*.tmp files -> \Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\*.tmp -> ]

Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kopac
->Temp folder emptied: 13728832 bytes
->Temporary Internet Files folder emptied: 103128 bytes
->FireFox cache emptied: 25549231 bytes
->Flash cache emptied: 1537 bytes

User: Ostatní
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 5359793 bytes
->Flash cache emptied: 506 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1618992 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1607438 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 46,00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Kopac
->Flash cache emptied: 0 bytes

User: Ostatní
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3771582624-879338843-1209121951-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
C:\Program Files\Malwarebytes Anti-Malware folder moved successfully.
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine folder moved successfully.
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs folder moved successfully.
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration folder moved successfully.
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware folder moved successfully.
C:\ProgramData\Malwarebytes folder moved successfully.
File/Folder C:\Windows\System32\*.tmp not found.
C:\Windows\Tasks\WebReg psc 1400 series.job moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9311.tmp\Microsoft.VisualBasic.dll deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9311.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF9.tmp folder deleted successfully.
C:\Windows\Installer\MSI10D6.tmp- folder deleted successfully.
C:\Windows\Installer\MSI117C.tmp- folder deleted successfully.
C:\Windows\Installer\MSI11F0.tmp- folder deleted successfully.
C:\Windows\Installer\MSI13D2.tmp- folder deleted successfully.
C:\Windows\Installer\MSI1450.tmp- folder deleted successfully.
C:\Windows\Installer\MSI14A6.tmp- folder deleted successfully.
C:\Windows\Installer\MSI14D7.tmp- folder deleted successfully.
C:\Windows\Installer\MSI15.tmp- folder deleted successfully.
C:\Windows\Installer\MSI172E.tmp- folder deleted successfully.
C:\Windows\Installer\MSI1895.tmp- folder deleted successfully.
C:\Windows\Installer\MSI1A4D.tmp- folder deleted successfully.
C:\Windows\Installer\MSI1B32.tmp- folder deleted successfully.
C:\Windows\Installer\MSI1C0D.tmp- folder deleted successfully.
C:\Windows\Installer\MSI1E19.tmp- folder deleted successfully.
C:\Windows\Installer\MSI1FAC.tmp deleted successfully.
C:\Windows\Installer\MSI1FF4.tmp- folder deleted successfully.
C:\Windows\Installer\MSI202D.tmp- folder deleted successfully.
C:\Windows\Installer\MSI209F.tmp-\HD-ShortcutHandler.dll deleted successfully.
C:\Windows\Installer\MSI209F.tmp- folder deleted successfully.
C:\Windows\Installer\MSI20E7.tmp- folder deleted successfully.
C:\Windows\Installer\MSI21AA.tmp- folder deleted successfully.
C:\Windows\Installer\MSI2301.tmp- folder deleted successfully.
C:\Windows\Installer\MSI2429.tmp- folder deleted successfully.
C:\Windows\Installer\MSI2459.tmp- folder deleted successfully.
C:\Windows\Installer\MSI2759.tmp- folder deleted successfully.
C:\Windows\Installer\MSI28B.tmp- folder deleted successfully.
C:\Windows\Installer\MSI29A7.tmp- folder deleted successfully.
C:\Windows\Installer\MSI2A05.tmp- folder deleted successfully.
C:\Windows\Installer\MSI2D21.tmp- folder deleted successfully.
C:\Windows\Installer\MSI2DAB.tmp- folder deleted successfully.
C:\Windows\Installer\MSI2E1D.tmp- folder deleted successfully.
C:\Windows\Installer\MSI30F.tmp- folder deleted successfully.
C:\Windows\Installer\MSI3169.tmp- folder deleted successfully.
C:\Windows\Installer\MSI331B.tmp- folder deleted successfully.
C:\Windows\Installer\MSI35E0.tmp- folder deleted successfully.
C:\Windows\Installer\MSI36D2.tmp- folder deleted successfully.
C:\Windows\Installer\MSI3A97.tmp- folder deleted successfully.
C:\Windows\Installer\MSI3B55.tmp- folder deleted successfully.
C:\Windows\Installer\MSI3D3.tmp- folder deleted successfully.
C:\Windows\Installer\MSI3E3F.tmp- folder deleted successfully.
C:\Windows\Installer\MSI419D.tmp- folder deleted successfully.
C:\Windows\Installer\MSI41C9.tmp-\HD-Frontend-Native.dll deleted successfully.
C:\Windows\Installer\MSI41C9.tmp- folder deleted successfully.
C:\Windows\Installer\MSI41C8.tmp-\HD-ShortcutHandler.dll deleted successfully.
C:\Windows\Installer\MSI41C8.tmp- folder deleted successfully.
C:\Windows\Installer\MSI4265.tmp- folder deleted successfully.
C:\Windows\Installer\MSI44E7.tmp- folder deleted successfully.
C:\Windows\Installer\MSI4553.tmp- folder deleted successfully.
C:\Windows\Installer\MSI46BA.tmp- folder deleted successfully.
C:\Windows\Installer\MSI4768.tmp- folder deleted successfully.
C:\Windows\Installer\MSI47A6.tmp- folder deleted successfully.
C:\Windows\Installer\MSI4B0E.tmp- folder deleted successfully.
C:\Windows\Installer\MSI4BAA.tmp- folder deleted successfully.
C:\Windows\Installer\MSI4CE5.tmp- folder deleted successfully.
C:\Windows\Installer\MSI4DEE.tmp- folder deleted successfully.
C:\Windows\Installer\MSI4E8D.tmp- folder deleted successfully.
C:\Windows\Installer\MSI5196.tmp- folder deleted successfully.
C:\Windows\Installer\MSI5197.tmp- folder deleted successfully.
C:\Windows\Installer\MSI5491.tmp- folder deleted successfully.
C:\Windows\Installer\MSI554F.tmp- folder deleted successfully.
C:\Windows\Installer\MSI555E.tmp- folder deleted successfully.
C:\Windows\Installer\MSI581A.tmp- folder deleted successfully.
C:\Windows\Installer\MSI5868.tmp- folder deleted successfully.
C:\Windows\Installer\MSI5A4F.tmp- folder deleted successfully.
C:\Windows\Installer\MSI5B69.tmp- folder deleted successfully.
C:\Windows\Installer\MSI5BC3.tmp- folder deleted successfully.
C:\Windows\Installer\MSI5D29.tmp- folder deleted successfully.
C:\Windows\Installer\MSI5EC3.tmp- folder deleted successfully.
C:\Windows\Installer\MSI5F3F.tmp- folder deleted successfully.
C:\Windows\Installer\MSI5F6.tmp- folder deleted successfully.
C:\Windows\Installer\MSI61FD.tmp- folder deleted successfully.
C:\Windows\Installer\MSI62C8.tmp- folder deleted successfully.
C:\Windows\Installer\MSI64F7.tmp- folder deleted successfully.
C:\Windows\Installer\MSI65A.tmp- folder deleted successfully.
C:\Windows\Installer\MSI65A6.tmp- folder deleted successfully.
C:\Windows\Installer\MSI6623.tmp- folder deleted successfully.
C:\Windows\Installer\MSI6701.tmp- folder deleted successfully.
C:\Windows\Installer\MSI67E8.tmp- folder deleted successfully.
C:\Windows\Installer\MSI688B.tmp- folder deleted successfully.
C:\Windows\Installer\MSI68E2.tmp-\HD-ShortcutHandler.dll deleted successfully.
C:\Windows\Installer\MSI68E2.tmp- folder deleted successfully.
C:\Windows\Installer\MSI690D.tmp- folder deleted successfully.
C:\Windows\Installer\MSI6E02.tmp- folder deleted successfully.
C:\Windows\Installer\MSI6E2C.tmp- folder deleted successfully.
C:\Windows\Installer\MSI71C8.tmp- folder deleted successfully.
C:\Windows\Installer\MSI72A0.tmp- folder deleted successfully.
C:\Windows\Installer\MSI75D.tmp- folder deleted successfully.
C:\Windows\Installer\MSI7619.tmp- folder deleted successfully.
C:\Windows\Installer\MSI76E8.tmp-\HD-ShortcutHandler.dll deleted successfully.
C:\Windows\Installer\MSI76E8.tmp- folder deleted successfully.
C:\Windows\Installer\MSI7734.tmp- folder deleted successfully.
C:\Windows\Installer\MSI7889.tmp- folder deleted successfully.
C:\Windows\Installer\MSI79E5.tmp- folder deleted successfully.
C:\Windows\Installer\MSI7ADB.tmp- folder deleted successfully.
C:\Windows\Installer\MSI7CD8.tmp- folder deleted successfully.
C:\Windows\Installer\MSI8135.tmp- folder deleted successfully.
C:\Windows\Installer\MSI82A9.tmp- folder deleted successfully.
C:\Windows\Installer\MSI8432.tmp- folder deleted successfully.
C:\Windows\Installer\MSI8442.tmp-\HD-ShortcutHandler.dll deleted successfully.
C:\Windows\Installer\MSI8442.tmp- folder deleted successfully.
C:\Windows\Installer\MSI8477.tmp- folder deleted successfully.
C:\Windows\Installer\MSI8848.tmp- folder deleted successfully.
C:\Windows\Installer\MSI8903.tmp- folder deleted successfully.
C:\Windows\Installer\MSI8B23.tmp- folder deleted successfully.
C:\Windows\Installer\MSI8B3C.tmp- folder deleted successfully.
C:\Windows\Installer\MSI8B61.tmp- folder deleted successfully.
C:\Windows\Installer\MSI8D0A.tmp-\HD-ShortcutHandler.dll deleted successfully.
C:\Windows\Installer\MSI8D0A.tmp- folder deleted successfully.
C:\Windows\Installer\MSI8D67.tmp- folder deleted successfully.
C:\Windows\Installer\MSI8E4F.tmp-\HD-ShortcutHandler.dll deleted successfully.
C:\Windows\Installer\MSI8E4F.tmp- folder deleted successfully.
C:\Windows\Installer\MSI8F8.tmp- folder deleted successfully.
C:\Windows\Installer\MSI9001.tmp- folder deleted successfully.
C:\Windows\Installer\MSI9083.tmp- folder deleted successfully.
C:\Windows\Installer\MSI9246.tmp- folder deleted successfully.
C:\Windows\Installer\MSI9390.tmp- folder deleted successfully.
C:\Windows\Installer\MSI99E8.tmp- folder deleted successfully.
C:\Windows\Installer\MSI9B1E.tmp- folder deleted successfully.
C:\Windows\Installer\MSI9F70.tmp- folder deleted successfully.
C:\Windows\Installer\MSI9F9F.tmp- folder deleted successfully.
C:\Windows\Installer\MSI9FCC.tmp- folder deleted successfully.
C:\Windows\Installer\MSIA077.tmp- folder deleted successfully.
C:\Windows\Installer\MSIA30A.tmp-\HD-ShortcutHandler.dll deleted successfully.
C:\Windows\Installer\MSIA30A.tmp- folder deleted successfully.
C:\Windows\Installer\MSIA539.tmp- folder deleted successfully.
C:\Windows\Installer\MSIA6ED.tmp- folder deleted successfully.
C:\Windows\Installer\MSIA8BF.tmp- folder deleted successfully.
C:\Windows\Installer\MSIA906.tmp- folder deleted successfully.
C:\Windows\Installer\MSIA97E.tmp- folder deleted successfully.
C:\Windows\Installer\MSIA9E7.tmp- folder deleted successfully.
C:\Windows\Installer\MSIAAE4.tmp- folder deleted successfully.
C:\Windows\Installer\MSIAB93.tmp- folder deleted successfully.
C:\Windows\Installer\MSIAC7C.tmp- folder deleted successfully.
C:\Windows\Installer\MSIAD6A.tmp- folder deleted successfully.
C:\Windows\Installer\MSIAD94.tmp- folder deleted successfully.
C:\Windows\Installer\MSIAE7E.tmp- folder deleted successfully.
C:\Windows\Installer\MSIAEFA.tmp- folder deleted successfully.
C:\Windows\Installer\MSIAF7.tmp- folder deleted successfully.
C:\Windows\Installer\MSIB1BC.tmp- folder deleted successfully.
C:\Windows\Installer\MSIB241.tmp- folder deleted successfully.
C:\Windows\Installer\MSIB4E1.tmp- folder deleted successfully.
C:\Windows\Installer\MSIB519.tmp- folder deleted successfully.
C:\Windows\Installer\MSIB6DB.tmp- folder deleted successfully.
C:\Windows\Installer\MSIB86E.tmp- folder deleted successfully.
C:\Windows\Installer\MSIB89D.tmp- folder deleted successfully.
C:\Windows\Installer\MSIB8D1.tmp- folder deleted successfully.
C:\Windows\Installer\MSIB8E7.tmp- folder deleted successfully.
C:\Windows\Installer\MSIB8FA.tmp- folder deleted successfully.
C:\Windows\Installer\MSIB9E8.tmp- folder deleted successfully.
C:\Windows\Installer\MSIBBF7.tmp- folder deleted successfully.
C:\Windows\Installer\MSIBDE9.tmp- folder deleted successfully.
C:\Windows\Installer\MSIC1B3.tmp- folder deleted successfully.
C:\Windows\Installer\MSIC22C.tmp- folder deleted successfully.
C:\Windows\Installer\MSIC2FB.tmp- folder deleted successfully.
C:\Windows\Installer\MSIC665.tmp- folder deleted successfully.
C:\Windows\Installer\MSIC806.tmp- folder deleted successfully.
C:\Windows\Installer\MSIC80E.tmp- folder deleted successfully.
C:\Windows\Installer\MSIC80C.tmp- folder deleted successfully.
C:\Windows\Installer\MSICC9D.tmp- folder deleted successfully.
C:\Windows\Installer\MSICCAF.tmp- folder deleted successfully.
C:\Windows\Installer\MSICE22.tmp- folder deleted successfully.
C:\Windows\Installer\MSID323.tmp- folder deleted successfully.
C:\Windows\Installer\MSID506.tmp- folder deleted successfully.
C:\Windows\Installer\MSID639.tmp- folder deleted successfully.
C:\Windows\Installer\MSID72B.tmp- folder deleted successfully.
C:\Windows\Installer\MSID9C4.tmp-\HD-Frontend-Native.dll deleted successfully.
C:\Windows\Installer\MSID9C4.tmp- folder deleted successfully.
C:\Windows\Installer\MSID9DA.tmp- folder deleted successfully.
C:\Windows\Installer\MSIDA54.tmp- folder deleted successfully.
C:\Windows\Installer\MSIDCA0.tmp- folder deleted successfully.
C:\Windows\Installer\MSIDDCA.tmp- folder deleted successfully.
C:\Windows\Installer\MSIE104.tmp- folder deleted successfully.
C:\Windows\Installer\MSIE47C.tmp- folder deleted successfully.
C:\Windows\Installer\MSIE4ED.tmp- folder deleted successfully.
C:\Windows\Installer\MSIE585.tmp-\HD-Frontend-Native.dll deleted successfully.
C:\Windows\Installer\MSIE585.tmp- folder deleted successfully.
C:\Windows\Installer\MSIE661.tmp- folder deleted successfully.
C:\Windows\Installer\MSIE8EF.tmp- folder deleted successfully.
C:\Windows\Installer\MSIEA86.tmp- folder deleted successfully.
C:\Windows\Installer\MSIEAEB.tmp- folder deleted successfully.
C:\Windows\Installer\MSIEBEE.tmp- folder deleted successfully.
C:\Windows\Installer\MSIECB7.tmp- folder deleted successfully.
C:\Windows\Installer\MSIECE7.tmp-\HD-Frontend-Native.dll deleted successfully.
C:\Windows\Installer\MSIECE7.tmp- folder deleted successfully.
C:\Windows\Installer\MSIECF9.tmp- folder deleted successfully.
C:\Windows\Installer\MSIECF.tmp- folder deleted successfully.
C:\Windows\Installer\MSIEFF4.tmp- folder deleted successfully.
C:\Windows\Installer\MSIF004.tmp- folder deleted successfully.
C:\Windows\Installer\MSIF070.tmp- folder deleted successfully.
C:\Windows\Installer\MSIF0B1.tmp- folder deleted successfully.
C:\Windows\Installer\MSIF34E.tmp- folder deleted successfully.
C:\Windows\Installer\MSIF3CC.tmp- folder deleted successfully.
C:\Windows\Installer\MSIF43B.tmp- folder deleted successfully.
C:\Windows\Installer\MSIF502.tmp- folder deleted successfully.
C:\Windows\Installer\MSIF736.tmp- folder deleted successfully.
C:\Windows\Installer\MSIF75B.tmp- folder deleted successfully.
C:\Windows\Installer\MSIF7D6.tmp- folder deleted successfully.
C:\Windows\Installer\MSIFA15.tmp- folder deleted successfully.
C:\Windows\Installer\MSIFAFC.tmp- folder deleted successfully.
C:\Windows\Installer\MSIFD3B.tmp- folder deleted successfully.
C:\Windows\Installer\MSIFF51.tmp- folder deleted successfully.
C:\Windows\twain_32\hpqgnds2.tmp deleted successfully.
File delete failed. \Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dummy.tmp scheduled to be deleted on reboot.

OTL by OldTimer - Version 3.2.69.0 log created on 08262015_170823

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\TMP000000394CB0277B4126D9AB not found!
File move failed. \Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dummy.tmp scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace

Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

počítač se po ukončení nerestartoval... spíš přemýšlím o formátu hdd když už jsem vše důležitý zálohoval kvůli combofixu

----------------------------------------
ComboFix 15-09-01.01 - Kopac 02.09.2015 19:09:07.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2047.784 [GMT 2:00]
Spuštěný z: c:\users\Kopac\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kopac\AppData\Local\assembly\tmp
c:\users\Kopac\AppData\Local\MSGBOX.EXE
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-08-02 do 2015-09-02 )))))))))))))))))))))))))))))))
.
.
2015-09-02 17:21 . 2015-09-02 17:21 -------- d-----w- c:\users\Ostatní\AppData\Local\temp
2015-09-02 17:21 . 2015-09-02 17:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-09-01 07:52 . 2015-07-31 09:37 9234960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B4559931-D641-45A2-B73F-2F6DC70531B2}\mpengine.dll
2015-08-26 10:12 . 2015-08-26 10:12 512 ----a-w- C:\PhysicalMBR.bin
2015-08-20 10:57 . 2015-08-20 10:57 -------- d-----w- c:\users\Kopac\AppData\Local\Eraser 6
2015-08-20 10:54 . 2015-08-20 10:54 -------- d-----w- c:\program files\Eraser
2015-08-20 10:04 . 2015-08-21 08:45 -------- d-----w- c:\program files\Recuva
2015-08-19 18:15 . 2015-08-14 23:07 758000 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2015-08-19 18:15 . 2015-08-14 23:07 151184 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2015-08-19 18:15 . 2015-08-14 22:55 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2015-08-19 12:14 . 2015-08-31 10:26 -------- d-----w- c:\program files\CCleaner
2015-08-19 12:12 . 2015-08-19 14:04 -------- d-----w- c:\program files\Defraggler
2015-08-17 11:41 . 2015-08-19 09:28 -------- d-----w- c:\program files\trend micro
2015-08-13 16:12 . 2015-08-13 16:12 -------- d-----w- c:\users\Kopac\AppData\Local\CrashRpt
2015-08-12 22:24 . 2015-07-21 20:55 1206192 ----a-w- c:\windows\system32\ntdll.dll
2015-08-12 22:24 . 2015-07-21 16:07 56256 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-08-12 22:24 . 2015-07-21 16:07 140224 ----a-w- c:\windows\system32\drivers\ecache.sys
2015-08-12 22:24 . 2015-07-21 16:03 10752 ----a-w- c:\windows\system32\msmmsp.dll
2015-08-12 22:24 . 2015-07-21 16:03 49664 ----a-w- c:\windows\system32\csrsrv.dll
2015-08-12 22:24 . 2015-07-21 16:07 3605440 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-08-12 22:24 . 2015-07-21 16:03 564224 ----a-w- c:\windows\system32\emdmgmt.dll
2015-08-12 22:24 . 2015-07-21 16:07 3553216 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-08-12 22:20 . 2015-07-31 19:27 103120 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 22:19 . 2015-07-09 14:20 304640 ----a-w- c:\windows\system32\drivers\srv.sys
2015-08-12 22:17 . 2015-07-10 19:37 2067968 ----a-w- c:\windows\system32\mstscax.dll
2015-08-12 19:36 . 2015-07-18 16:03 68608 ----a-w- c:\windows\system32\basesrv.dll
2015-08-12 19:27 . 2015-07-10 19:37 1402368 ----a-w- c:\windows\system32\msxml6.dll
2015-08-12 19:27 . 2015-07-10 19:37 1253376 ----a-w- c:\windows\system32\msxml3.dll
2015-08-12 19:24 . 2015-07-31 21:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2015-08-12 19:24 . 2015-07-31 21:46 189952 ----a-w- c:\windows\system32\d3d10core.dll
2015-08-12 19:24 . 2015-07-31 21:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2015-08-12 19:24 . 2015-07-31 20:40 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2015-08-12 19:24 . 2015-07-31 22:08 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-08-12 19:24 . 2015-07-31 21:46 1029120 ----a-w- c:\windows\system32\d3d10.dll
2015-08-12 19:24 . 2015-07-31 20:41 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2015-08-12 19:24 . 2015-07-31 20:35 682496 ----a-w- c:\windows\system32\d2d1.dll
2015-08-12 19:24 . 2015-07-31 20:33 2066944 ----a-w- c:\windows\system32\win32k.sys
2015-08-12 19:24 . 2015-07-31 20:33 297472 ----a-w- c:\windows\system32\atmfd.dll
2015-08-12 19:24 . 2015-07-31 20:33 1072640 ----a-w- c:\windows\system32\DWrite.dll
2015-08-12 19:24 . 2015-07-31 20:33 802304 ----a-w- c:\windows\system32\FntCache.dll
2015-08-12 19:22 . 2015-07-01 15:57 199680 ----a-w- c:\windows\system32\WebClnt.dll
2015-08-12 19:22 . 2015-07-09 14:25 151040 ----a-w- c:\windows\system32\notepad.exe
2015-08-12 19:22 . 2015-07-09 14:25 151040 ----a-w- c:\windows\notepad.exe
2015-08-09 14:29 . 2015-08-09 14:32 -------- d-----w- c:\users\Kopac\AppData\Roaming\dvdcss
2015-08-04 22:03 . 2015-08-04 22:03 877152 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-08-04 22:03 . 2015-08-04 22:03 538208 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
2015-08-04 12:46 . 2015-08-04 12:46 -------- d-----w- c:\users\Kopac\AppData\Roaming\Bigasoft Total Video Converter 5
2015-08-04 12:46 . 2015-08-04 12:46 -------- d-----w- c:\program files\Bigasoft
2015-08-04 12:24 . 2015-08-10 13:53 -------- d-----w- c:\users\Kopac\AppData\Roaming\avidemux
2015-08-04 12:17 . 2015-08-04 20:17 -------- d-----w- c:\users\Kopac\AppData\Roaming\Nico Mak Computing
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-12 10:05 . 2014-02-06 11:19 778440 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-08-12 10:05 . 2014-02-06 11:19 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-07-03 16:04 . 2015-07-16 07:14 1316864 ----a-w- c:\windows\system32\ole32.dll
2015-06-27 16:03 . 2015-07-16 05:32 783872 ----a-w- c:\windows\system32\rpcrt4.dll
2015-06-27 16:02 . 2015-07-16 05:32 218112 ----a-w- c:\windows\system32\msv1_0.dll
2015-06-27 16:02 . 2015-07-16 05:32 501248 ----a-w- c:\windows\system32\kerberos.dll
2015-06-27 16:01 . 2015-07-16 05:32 801280 ----a-w- c:\windows\system32\advapi32.dll
2015-06-27 14:21 . 2015-07-16 05:32 217088 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2015-06-27 14:21 . 2015-07-16 05:32 81408 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2015-06-23 23:29 . 2015-06-23 23:29 1217192 ----a-w- c:\windows\system32\FM20.DLL
2015-06-23 11:27 . 2014-02-06 13:31 246952 ------w- c:\windows\system32\MpSigStub.exe
2015-06-17 16:50 . 2015-07-16 07:14 2264576 ----a-w- c:\windows\system32\msi.dll
2015-06-17 15:09 . 2015-07-16 07:14 73216 ----a-w- c:\windows\system32\msiexec.exe
2015-06-12 16:01 . 2015-07-16 07:13 298496 ----a-w- c:\windows\system32\gdi32.dll
2015-06-12 13:13 . 2015-07-16 05:32 440768 ----a-w- c:\windows\system32\drivers\ksecdd.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-07-17 6453528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\AMD\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-29 642304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-18 22:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2015-04-13 15:42 1084328 ----a-w- c:\program files\Eraser\Eraser.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"Sony PC Companion"="c:\program files\Sony\Sony PC Companion\PCCompanion.exe" /Background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
S2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Kopac\AppData\Roaming\Mozilla\Firefox\Profiles\1gs9vc85.default-1440863219450\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-09-02 19:21
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
c:\windows\system32\Flocker.USR 444 bytes
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2015-09-02 19:28:35
ComboFix-quarantined-files.txt 2015-09-02 17:28
.
Před spuštěním: Volných bajtů: 79 981 142 016
Po spuštění: Volných bajtů: 79 450 771 456
.
- - End Of File - - C8FCD4892452B30128379BE1D409305A
5C616939100B85E558DA92B899A0FC36

No a budete tedy formatovat? Jestli ano, nema cenu log kontrolovat a sepisovat skript

asi nebudu někde jsem asi zašantročil divko s vistama

tak můžeš vytvářet

díky

Visty si muzete pujcit, pripadne i stahnout. Jen je pak musite aktivovat pomoci sveho licencniho klice.

Vypnete trvale Windows Defender

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Sony PC Companion"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"=-
"Windows Defender"=-
"HP Software Update"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000000

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

Reboot::

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace

Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

jo když ten klíč je napsanej na tom divku

ono se někde objeví
---------------------------------------------------
ComboFix 15-09-03.01 - Kopac 04.09.2015 13:09:01.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2047.883 [GMT 2:00]
Spuštěný z: c:\users\Kopac\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Kopac\Desktop\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-08-04 do 2015-09-04 )))))))))))))))))))))))))))))))
.
.
2015-09-04 11:21 . 2015-09-04 11:28 -------- d-----w- c:\users\Kopac\AppData\Local\temp
2015-09-04 11:21 . 2015-09-04 11:21 -------- d-----w- c:\users\Ostatní\AppData\Local\temp
2015-09-04 11:21 . 2015-09-04 11:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-09-03 15:06 . 2015-09-03 15:06 -------- d-----r- C:\MSOCache
2015-08-26 10:12 . 2015-08-26 10:12 512 ----a-w- C:\PhysicalMBR.bin
2015-08-20 10:57 . 2015-08-20 10:57 -------- d-----w- c:\users\Kopac\AppData\Local\Eraser 6
2015-08-20 10:54 . 2015-08-20 10:54 -------- d-----w- c:\program files\Eraser
2015-08-20 10:04 . 2015-08-21 08:45 -------- d-----w- c:\program files\Recuva
2015-08-19 18:15 . 2015-08-14 23:07 758000 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2015-08-19 18:15 . 2015-08-14 23:07 151184 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2015-08-19 18:15 . 2015-08-14 22:55 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2015-08-19 12:14 . 2015-08-31 10:26 -------- d-----w- c:\program files\CCleaner
2015-08-19 12:12 . 2015-08-19 14:04 -------- d-----w- c:\program files\Defraggler
2015-08-17 11:41 . 2015-08-19 09:28 -------- d-----w- c:\program files\trend micro
2015-08-13 16:12 . 2015-08-13 16:12 -------- d-----w- c:\users\Kopac\AppData\Local\CrashRpt
2015-08-12 22:24 . 2015-07-21 20:55 1206192 ----a-w- c:\windows\system32\ntdll.dll
2015-08-12 22:24 . 2015-07-21 16:07 56256 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-08-12 22:24 . 2015-07-21 16:07 140224 ----a-w- c:\windows\system32\drivers\ecache.sys
2015-08-12 22:24 . 2015-07-21 16:03 10752 ----a-w- c:\windows\system32\msmmsp.dll
2015-08-12 22:24 . 2015-07-21 16:03 49664 ----a-w- c:\windows\system32\csrsrv.dll
2015-08-12 22:24 . 2015-07-21 16:07 3605440 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-08-12 22:24 . 2015-07-21 16:03 564224 ----a-w- c:\windows\system32\emdmgmt.dll
2015-08-12 22:24 . 2015-07-21 16:07 3553216 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-08-12 22:20 . 2015-07-31 19:27 103120 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 22:19 . 2015-07-09 14:20 304640 ----a-w- c:\windows\system32\drivers\srv.sys
2015-08-12 22:17 . 2015-07-10 19:37 2067968 ----a-w- c:\windows\system32\mstscax.dll
2015-08-12 19:36 . 2015-07-18 16:03 68608 ----a-w- c:\windows\system32\basesrv.dll
2015-08-12 19:27 . 2015-07-10 19:37 1402368 ----a-w- c:\windows\system32\msxml6.dll
2015-08-12 19:27 . 2015-07-10 19:37 1253376 ----a-w- c:\windows\system32\msxml3.dll
2015-08-12 19:24 . 2015-07-31 21:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2015-08-12 19:24 . 2015-07-31 21:46 189952 ----a-w- c:\windows\system32\d3d10core.dll
2015-08-12 19:24 . 2015-07-31 21:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2015-08-12 19:24 . 2015-07-31 20:40 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2015-08-12 19:24 . 2015-07-31 22:08 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-08-12 19:24 . 2015-07-31 21:46 1029120 ----a-w- c:\windows\system32\d3d10.dll
2015-08-12 19:24 . 2015-07-31 20:41 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2015-08-12 19:24 . 2015-07-31 20:35 682496 ----a-w- c:\windows\system32\d2d1.dll
2015-08-12 19:24 . 2015-07-31 20:33 297472 ----a-w- c:\windows\system32\atmfd.dll
2015-08-12 19:24 . 2015-07-31 20:33 1072640 ----a-w- c:\windows\system32\DWrite.dll
2015-08-12 19:24 . 2015-07-31 20:33 802304 ----a-w- c:\windows\system32\FntCache.dll
2015-08-12 19:22 . 2015-07-09 14:25 151040 ----a-w- c:\windows\system32\notepad.exe
2015-08-12 19:22 . 2015-07-09 14:25 151040 ----a-w- c:\windows\notepad.exe
2015-08-09 14:29 . 2015-08-09 14:32 -------- d-----w- c:\users\Kopac\AppData\Roaming\dvdcss
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-12 10:05 . 2014-02-06 11:19 778440 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-08-12 10:05 . 2014-02-06 11:19 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-08-04 22:03 . 2015-08-04 22:03 877152 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-08-04 22:03 . 2015-08-04 22:03 538208 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
2015-07-31 20:33 . 2015-08-12 19:24 2066944 ----a-w- c:\windows\system32\win32k.sys
2015-07-31 09:37 . 2015-09-04 09:28 9234960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1254CA3E-6482-402D-9798-7718F302751E}\mpengine.dll
2015-07-22 20:46 . 2015-08-12 08:09 1129472 ----a-w- c:\windows\system32\wininet.dll
2015-07-22 20:44 . 2015-08-12 08:09 421888 ----a-w- c:\windows\system32\vbscript.dll
2015-07-03 16:04 . 2015-07-16 07:14 1316864 ----a-w- c:\windows\system32\ole32.dll
2015-07-01 15:57 . 2015-08-12 19:22 199680 ----a-w- c:\windows\system32\WebClnt.dll
2015-06-27 16:03 . 2015-07-16 05:32 783872 ----a-w- c:\windows\system32\rpcrt4.dll
2015-06-27 16:02 . 2015-07-16 05:32 218112 ----a-w- c:\windows\system32\msv1_0.dll
2015-06-27 16:02 . 2015-07-16 05:32 501248 ----a-w- c:\windows\system32\kerberos.dll
2015-06-27 16:01 . 2015-07-16 05:32 801280 ----a-w- c:\windows\system32\advapi32.dll
2015-06-27 14:21 . 2015-07-16 05:32 217088 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2015-06-27 14:21 . 2015-07-16 05:32 81408 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2015-06-23 23:29 . 2015-06-23 23:29 1217192 ----a-w- c:\windows\system32\FM20.DLL
2015-06-23 11:27 . 2014-02-06 13:31 246952 ------w- c:\windows\system32\MpSigStub.exe
2015-06-17 16:50 . 2015-07-16 07:14 2264576 ----a-w- c:\windows\system32\msi.dll
2015-06-17 15:09 . 2015-07-16 07:14 73216 ----a-w- c:\windows\system32\msiexec.exe
2015-06-12 16:01 . 2015-07-16 07:13 298496 ----a-w- c:\windows\system32\gdi32.dll
2015-06-12 13:13 . 2015-07-16 05:32 440768 ----a-w- c:\windows\system32\drivers\ksecdd.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\AMD\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-29 642304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-18 22:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2015-04-13 15:42 1084328 ----a-w- c:\program files\Eraser\Eraser.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
.
S2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Přidat do součásti Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Kopac\AppData\Roaming\Mozilla\Firefox\Profiles\1gs9vc85.default-1440863219450\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-09-04 13:29
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
c:\windows\system32\Flocker.USR 444 bytes
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atiesrxx.exe
c:\windows\system32\atieclxx.exe
c:\program files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
c:\program files\Hp\Common\HPSupportSolutionsFrameworkService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conime.exe
c:\program files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2015-09-04 13:38:02 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-09-04 11:37
ComboFix2.txt 2015-09-02 17:28
.
Před spuštěním: Volných bajtů: 72 543 088 640
Po spuštění: Volných bajtů: 71 910 068 224
.
- - End Of File - - 667342DB8A4E0678C7376EEC4253E911
5C616939100B85E558DA92B899A0FC36

Stale mate zapnuty Defender.

Najdete tento soubor c:\windows\system32\Flocker.USR a otestujte ho na virustotal a jotti http://forum.viry.cz/viewtopic.php?f=29&t=5846 Vysledky sem zkopirujte, nebo dejte odkaz.

Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

Prejmenujte ComboFix na Uninstall a spustte ho. CF by se mel odinstalovat.

vyosek píše: DelFix https://toolslib.net/downloads/finish/2/
Stahnete a spustte

Ponechte zatrzitkou pouze u volby Remove disinfection tools

Kliknete na Run

Nastala nejaka zmena?

Flocker.USR
Nemáte oprávnění k přístupu k tomuhle souboru.
Požádejte vlastníka nebo správce oprávnění pro povolení přístupu k souboru

Tohle napíše když ho chci nahrát na ty stránky, jotti a total, nemůžu ho ani nikam zkpírovat z toho system32, nic... jako správce... delfix v pohodě

Postupujte podle navodu kolegy

vyosek píše: Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe
Kliknete na volbu Change parametrs

V okne Additional Option zakliknete vsechny moznosti

Kliknete na OK

Utilite prikazte, at skenuje - klik na Start Scan

Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip

Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip

Pokud mate vsude Skip, kliknete na Continue

Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte

Postupujte podle navodu kolegy

vyosek píše: Stahnete Malwarebytes Anti-Rootkit http://www.bleepingcomputer.com/downloa ... i-rootkit/
Ulozte nejlepe na Plochu a rozbalte

Spustte kliknutim na mbar

Nyni postupne kliknete na Next a Update

Po dokonceni update (aktualizace) databaze kliknete opet na Next

Nechte zaskrtnute vsechny tri moznosti a klinete na Scan cimz spustite prohledavani PC

Po dokonceni skenu (cca 5 minutek) zkontrolujte, zda-li je u vsech nalezu (samozrejme pokud budou) zatrzitko

Tez zkontrolujte, jetsli je zatrzitko u Create Restore point

Nyni kliknete na CleanUp cimz nalezenou infekci odstranime

PC bude restartovan

Slozka mbar by mela obsahovat log (a zrejme se i sam otevre) mbar-log-rok-mesic-den (hodina-minuta-sekunda).txt, ten mi sem dejte

VIRY.CZ

Prosím o kontrolu logu RSIT

Re: Prosím o kontrolu logu RSIT

Re: Prosím o kontrolu logu RSIT

Re: Prosím o kontrolu logu RSIT

Re: Prosím o kontrolu logu RSIT

Re: Prosím o kontrolu logu RSIT

Re: Prosím o kontrolu logu RSIT

Re: Prosím o kontrolu logu RSIT

Re: Prosím o kontrolu logu RSIT

Re: Prosím o kontrolu logu RSIT

Re: Prosím o kontrolu logu RSIT

Re: Prosím o kontrolu logu RSIT

Re: Prosím o kontrolu logu RSIT

Re: Prosím o kontrolu logu RSIT

Re: Prosím o kontrolu logu RSIT

Re: Prosím o kontrolu logu RSIT