2/2
========== Purity Check ==========
========== Custom Scans ==========
< >
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,522 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
< >
< MD5 for: AGP440.SYS >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2010.11.21 05:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010.11.21 05:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2010.11.21 05:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010.11.21 05:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe
< MD5 for: CDROM.SYS >
[2010.11.21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010.11.21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010.11.21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache86\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\erdnt\cache64\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: CRYPTSVC.DLL >
[2012.06.02 06:52:32 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=063DD65889D21035311463337BD268E7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_788c7cc71232cc19\cryptsvc.dll
[2010.11.21 05:24:16 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[2013.05.13 06:45:55 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=3897DFF247D9ED0006190349DE264E14 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_77d8a461f934afb8\cryptsvc.dll
[2013.07.09 16:47:30 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=434CCE8E7150CD1324C5FAA088D1D061 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_d45f6e88cac8f85b\cryptsvc.dll
[2013.10.05 04:25:30 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=509D31797A4B8A3D6ED78A330B19A919 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_d46d4138cabe2596\cryptsvc.dll
[2013.07.09 07:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=6B400F211BEE880A37A1ED0368776BF4 -- C:\Windows\erdnt\cache64\cryptsvc.dll
[2013.07.09 07:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=6B400F211BEE880A37A1ED0368776BF4 -- C:\Windows\SysNative\cryptsvc.dll
[2013.07.09 07:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=6B400F211BEE880A37A1ED0368776BF4 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_d431528fb165f7bc\cryptsvc.dll
[2013.07.09 15:57:37 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=6DB499DEFCC827317C5371164A7CDB27 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_7840d305126b8725\cryptsvc.dll
[2013.07.09 06:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=7CA1BECEA5DE2643ADDAD32670E7A4C9 -- C:\Windows\erdnt\cache86\cryptsvc.dll
[2013.07.09 06:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=7CA1BECEA5DE2643ADDAD32670E7A4C9 -- C:\Windows\SysWOW64\cryptsvc.dll
[2013.07.09 06:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=7CA1BECEA5DE2643ADDAD32670E7A4C9 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_7812b70bf9088686\cryptsvc.dll
[2012.06.04 09:52:35 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=7E7D2DACF65D750D466F36BD3D09AE20 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_d4ab184aca903d4f\cryptsvc.dll
[2013.05.11 07:18:23 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=8122252F0A4ACFA92FA0C1D50D18493B -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_d4a24ea4ca968363\cryptsvc.dll
[2012.06.02 06:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=96C0E38905CFD788313BE8E11DAE3F2F -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_77ddc9e5f93000db\cryptsvc.dll
[2012.06.02 07:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=9C01375BE382E834CC26D1B7EAF2C4FE -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_d3fc6569b18d7211\cryptsvc.dll
[2010.11.21 05:24:32 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2013.05.11 06:59:05 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=AC04D05309BB2C418D0D80B9FB014642 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_7883b3211239122d\cryptsvc.dll
[2013.05.13 07:51:01 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=D8129C49798CBBFB2E4351D4B7B8EF9C -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_d3f73fe5b19220ee\cryptsvc.dll
[2013.10.05 03:52:03 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=F2D9242C3BBD1C36467FCAE1AE01733F -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_784ea5b51260b460\cryptsvc.dll
< MD5 for: EXPLORER.EXE >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
< MD5 for: HAL.DLL >
[2010.11.21 05:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\SysNative\hal.dll
[2010.11.21 05:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll
< MD5 for: IASTORV.SYS >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
< MD5 for: ISAPNP.SYS >
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\drivers\isapnp.sys
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\isapnp.sys
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\isapnp.sys
< MD5 for: LSASS.EXE >
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
[2011.11.17 08:20:34 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0A10B74FBB437FF9A23F1D5DE4446A83 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe
[2013.09.25 03:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=4D71227301DD8D09097B9E4CC6527E5A -- C:\Windows\erdnt\cache64\lsass.exe
[2013.09.25 03:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=4D71227301DD8D09097B9E4CC6527E5A -- C:\Windows\SysNative\lsass.exe
[2013.09.25 03:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=4D71227301DD8D09097B9E4CC6527E5A -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18270_none_042b9307739f26ed\lsass.exe
[2012.08.24 19:43:36 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=77119F1F9B492B260030C34F9BE327FA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22099_none_04a88ce28cc4eb33\lsass.exe
[2012.06.04 09:51:10 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=79C908CAA6F43021EB05F4C733A927D1 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_04f609a88c8c279c\lsass.exe
[2011.11.17 08:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe
[2011.11.17 08:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_044756c773895c5e\lsass.exe
[2011.11.17 08:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17940_none_044c26dd7386a58a\lsass.exe
[2013.09.25 03:08:17 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=F021DAFB1F87616FCEBA159C2ED7042F -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22465_none_04c503168cb026a0\lsass.exe
< MD5 for: NDIS.SYS >
[2012.08.22 20:06:07 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=5E74508FCB5820B29EEAFE24E6035BCF -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.22097_none_06232d534c0a8d67\ndis.sys
[2012.08.22 20:12:40 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=760E38053BF56E501D562B70AD796B88 -- C:\Windows\erdnt\cache64\ndis.sys
[2012.08.22 20:12:40 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=760E38053BF56E501D562B70AD796B88 -- C:\Windows\SysNative\drivers\ndis.sys
[2012.08.22 20:12:40 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=760E38053BF56E501D562B70AD796B88 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_05dc9a6832ba428a\ndis.sys
[2010.11.21 05:23:55 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys
< MD5 for: NETLOGON.DLL >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\erdnt\cache64\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\erdnt\cache86\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
< MD5 for: NVRAID.SYS >
[2011.03.11 08:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\Windows\SysNative\drivers\nvraid.sys
[2011.03.11 08:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvraid.sys
[2011.03.11 08:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvraid.sys
[2010.11.21 05:23:47 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=5D9FD91F3D38DC9DA01E3CB5FA89CD48 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvraid.sys
[2010.11.21 05:23:47 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=5D9FD91F3D38DC9DA01E3CB5FA89CD48 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvraid.sys
[2011.03.11 08:19:21 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=666CA16F17914C1CD3616CF16DE0A6EA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvraid.sys
< MD5 for: NVSTOR.SYS >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache86\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\erdnt\cache64\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: SMSS.EXE >
[2009.07.14 03:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe
[2013.03.19 04:57:17 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=498E2A20E145199709CD100CDBA8603D -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22280_none_0a9a7b3b492b4d05\smss.exe
[2013.08.02 07:06:34 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=CB5DA3E44456D1084BCD87F5B1B3152B -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22411_none_0ae72ec548f19d13\smss.exe
[2013.03.19 05:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=F0371DE302FFFF8F086661611BE60848 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18113_none_0a5f8ec22fd235a9\smss.exe
[2013.08.02 02:59:09 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=F0970A4BC8395659C22BF53D0FADF16F -- C:\Windows\SysNative\smss.exe
[2013.08.02 02:59:09 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=F0970A4BC8395659C22BF53D0FADF16F -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18229_none_0a5ac2782fd4e6cb\smss.exe
< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: TCPIP.SYS >
[2012.10.03 19:56:54 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[2011.09.29 19:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[2013.05.08 08:14:42 | 001,900,392 | ---- | M] (Microsoft Corporation) MD5=3E94650745D4DAB67E161F5F32CEA597 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22319_none_11d29984961f0be0\tcpip.sys
[2010.11.21 05:24:08 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2012.03.30 12:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2013.05.08 08:39:01 | 001,910,632 | ---- | M] (Microsoft Corporation) MD5=9849EA3843A2ADBDD1497E97A85D8CAE -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18148_none_11278ac57d1aa96b\tcpip.sys
[2012.03.30 13:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2013.07.06 07:20:38 | 001,900,992 | ---- | M] (Microsoft Corporation) MD5=B27F13153343BC37A27EAE01634D94E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_1190b9b296509a2f\tcpip.sys
[2013.01.03 08:00:54 | 001,913,192 | ---- | M] (Microsoft Corporation) MD5=B62A953F2BF3922C8764A29C34A22899 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_112187237d20143a\tcpip.sys
[2013.01.04 07:47:43 | 001,901,416 | ---- | M] (Microsoft Corporation) MD5=B8C1AAC0523E1C33AEB0EF7572144BA2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_11dd678a9616f2c8\tcpip.sys
[2012.10.03 19:44:29 | 001,902,472 | ---- | M] (Microsoft Corporation) MD5=D5707FC2300AA5B04B7BFE86D40C0133 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys
[2013.07.06 08:03:53 | 001,910,208 | ---- | M] (Microsoft Corporation) MD5=DB74544B75566C974815E79A62433F29 -- C:\Windows\erdnt\cache64\tcpip.sys
[2013.07.06 08:03:53 | 001,910,208 | ---- | M] (Microsoft Corporation) MD5=DB74544B75566C974815E79A62433F29 -- C:\Windows\SysNative\drivers\tcpip.sys
[2013.07.06 08:03:53 | 001,910,208 | ---- | M] (Microsoft Corporation) MD5=DB74544B75566C974815E79A62433F29 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_114dcae97cfeb81b\tcpip.sys
[2011.09.29 18:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys
< MD5 for: USERINIT.EXE >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
< MD5 for: WS2_32.DLL >
[2010.11.21 05:24:28 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- C:\Windows\erdnt\cache64\ws2_32.dll
[2010.11.21 05:24:28 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- C:\Windows\SysNative\ws2_32.dll
[2010.11.21 05:24:28 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_50ddb631e4f59005\ws2_32.dll
[2010.11.21 05:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\erdnt\cache86\ws2_32.dll
[2010.11.21 05:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\SysWOW64\ws2_32.dll
[2010.11.21 05:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll
< >
< %systemroot%*.* /U /s >
[3 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[7 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[2 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2012.12.19 23:27:23 | 000,000,000 | ---D | M] -- C:\Users\Mirča\AppData\Roaming\Adobe
[2012.04.13 21:44:51 | 000,000,000 | ---D | M] -- C:\Users\Mirča\AppData\Roaming\AnvSoft
[2016.04.11 13:27:59 | 000,000,000 | ---D | M] -- C:\Users\Mirča\AppData\Roaming\Apple Computer
[2013.09.06 10:59:25 | 000,000,000 | ---D | M] -- C:\Users\Mirča\AppData\Roaming\Appset
[2012.02.16 15:58:52 | 000,000,000 | ---D | M] -- C:\Users\Mirča\AppData\Roaming\ATI
[2016.04.12 23:07:15 | 000,000,000 | ---D | M] -- C:\Users\Mirča\AppData\Roaming\AVAST Software
[2013.01.01 20:42:48 | 000,000,000 | ---D | M] -- C:\Users\Mirča\AppData\Roaming\BSplayer
[2012.02.16 15:16:00 | 000,000,000 | ---D | M] -- C:\Users\Mirča\AppData\Roaming\BSplayer Pro
[2016.04.14 02:12:36 | 000,000,000 | ---D | M] -- C:\Users\Mirča\AppData\Roaming\dlg
[2016.04.11 11:49:57 | 000,000,000 | ---D | M] -- C:\Users\Mirča\AppData\Roaming\Dropbox
[2012.04.13 21:46:20 | 000,000,000 | ---D | M] -- C:\Users\Mirča\AppData\Roaming\dvdcss
[2013.01.07 04:18:01 | 000,000,000 | ---D | M] -- C:\Users\Mirča\AppData\Roaming\Foxit Software
[2013.05.02 19:37:12 | 000,000,000 | ---D | M] -- C:\Users\Mirča\AppData\Roaming\ICQ-Profile
[2012.02.16 15:10:18 | 000,000,000 | ---D | M] -- C:\Users\Mirča\AppData\Roaming\Identities
[2016.04.10 23:15:35 | 000,000,000 | ---D | M] -- C:\Users\Mirča\AppData\Roaming\LolClient
[2012.02.16 15:23:25 | 000,000,000 | ---D | M] -- C:\Users\Mirča\AppData\Roaming\Macromedia
[2011.04.12 10:45:35 | 000,000,000 | ---D | M] -- C:\Users\Mirča\AppData\Roaming\Media Center Programs
[2015.03.22 19:39:52 | 000,000,000 | --SD | M] -- C:\Users\Mirča\AppData\Roaming\Microsoft
[2012.02.16 15:16:40 | 000,000,000 | ---D | M] -- C:\Users\Mirča\AppData\Roaming\Mozilla
[2012.03.03 01:33:17 | 000,000,000 | ---D | M] -- C:\Users\Mirča\AppData\Roaming\Nero
[2012.02.16 15:40:33 | 000,000,000 | ---D | M] -- C:\Users\Mirča\AppData\Roaming\OpenOffice.org
[2014.05.06 15:16:16 | 000,000,000 | ---D | M] -- C:\Users\Mirča\AppData\Roaming\PDF Architect 2
[2016.04.11 13:29:01 | 000,000,000 | ---D | M] -- C:\Users\Mirča\AppData\Roaming\ProductData
[2013.08.13 14:12:27 | 000,000,000 | ---D | M] -- C:\Users\Mirča\AppData\Roaming\Python-Eggs
[2016.04.10 20:40:59 | 000,000,000 | ---D | M] -- C:\Users\Mirča\AppData\Roaming\Riot Games
[2013.11.27 23:16:42 | 000,000,000 | ---D | M] -- C:\Users\Mirča\AppData\Roaming\Skype
[2016.04.17 21:15:37 | 000,000,000 | ---D | M] -- C:\Users\Mirča\AppData\Roaming\uTorrent
[2012.02.16 15:27:59 | 000,000,000 | ---D | M] -- C:\Users\Mirča\AppData\Roaming\Win7codecs
[2012.07.31 00:45:18 | 000,000,000 | ---D | M] -- C:\Users\Mirča\AppData\Roaming\Windows Live Writer
< %APPDATA%\*.exe /s >
[2009.08.11 22:21:26 | 000,087,552 | ---- | M] () -- C:\Users\Mirča\AppData\Roaming\BSplayer\AC3 Filter\ac3config.exe
[2009.08.11 22:21:30 | 000,090,112 | ---- | M] () -- C:\Users\Mirča\AppData\Roaming\BSplayer\AC3 Filter\spdif_test.exe
[2010.03.22 15:52:04 | 000,697,690 | ---- | M] () -- C:\Users\Mirča\AppData\Roaming\BSplayer\AC3 Filter\unins000.exe
[2010.02.23 18:01:52 | 001,185,871 | ---- | M] () -- C:\Users\Mirča\AppData\Roaming\BSplayer\FFDShow\unins000.exe
[2010.08.14 11:42:54 | 000,113,152 | ---- | M] () -- C:\Users\Mirča\AppData\Roaming\BSplayer\Haali media splitter\dsmux.exe
[2010.08.14 11:45:10 | 000,358,400 | ---- | M] () -- C:\Users\Mirča\AppData\Roaming\BSplayer\Haali media splitter\gdsmux.exe
[2010.08.14 11:42:06 | 000,137,728 | ---- | M] () -- C:\Users\Mirča\AppData\Roaming\BSplayer\Haali media splitter\mkv2vfr.exe
[2010.09.30 16:30:22 | 000,042,305 | ---- | M] () -- C:\Users\Mirča\AppData\Roaming\BSplayer\Haali media splitter\uninstall.exe
[2016.03.12 02:19:08 | 025,577,864 | ---- | M] (Dropbox, Inc.) -- C:\Users\Mirča\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2016.03.12 02:19:26 | 000,173,032 | ---- | M] (Dropbox, Inc.) -- C:\Users\Mirča\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
[2016.02.23 20:23:42 | 000,018,392 | ---- | M] () -- C:\Users\Mirča\AppData\Roaming\Dropbox\bin\QtWebEngineProcess.exe
[2016.03.12 02:18:50 | 000,029,992 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Users\Mirča\AppData\Roaming\Dropbox\bin\driver_amd64\dbxsvc.exe
[2016.03.12 02:18:52 | 000,029,480 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Users\Mirča\AppData\Roaming\Dropbox\bin\driver_x86\dbxsvc.exe
[2012.07.30 23:54:26 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Mirča\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.05.31 12:55:28 | 000,117,427 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Mirča\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions\digitaleditions.exe
[2012.02.16 15:48:55 | 000,010,134 | R--- | M] () -- C:\Users\Mirča\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2016.04.11 13:23:44 | 001,959,424 | ---- | M] (BitTorrent Inc.) -- C:\Users\Mirča\AppData\Roaming\uTorrent\uTorrent.exe
[2016.04.11 13:12:04 | 001,774,432 | ---- | M] (BitTorrent Inc.) -- C:\Users\Mirča\AppData\Roaming\uTorrent\updates\3.4.5_41073.exe
[2016.04.11 13:23:44 | 001,959,424 | ---- | M] (BitTorrent Inc.) -- C:\Users\Mirča\AppData\Roaming\uTorrent\updates\3.4.6_42094.exe
[2016.04.11 13:23:28 | 000,336,896 | ---- | M] (BitTorrent Inc.) -- C:\Users\Mirča\AppData\Roaming\uTorrent\updates\3.4.5_41073\utorrentie.exe
[2016.04.11 13:58:44 | 000,340,480 | ---- | M] (BitTorrent Inc.) -- C:\Users\Mirča\AppData\Roaming\uTorrent\updates\3.4.6_42094\utorrentie.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
< %SYSTEMDRIVE%\*.exe >
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2010.11.21 05:24:51 | 001,475,584 | ---- | M] (Microsoft Corporation)
"CCleaner Monitoring" = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR -- [2016.03.11 22:29:36 | 008,686,296 | ---- | M] (Piriform Ltd)
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
No captured output from command...
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
No captured output from command...
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
No captured output from command...
< >
< type c:\boot.ini >> test.txt /c >
No captured output from command...
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2016.05.06 15:22:23 | 000,000,512 | ---- | M] () MD5=4AF48861B51843D6CBA9A2BAD2B69F35 -- C:\PhysicalMBR.bin
< >
< *crack* /s >
[2016.04.11 13:23:47 | 000,015,805 | ---- | M] () -- \Users\Mirča\AppData\Roaming\uTorrent\Advanced System Care Pro v8.4.0.811 DC 31.08.2015 Final + Crack {B@tman}.torrent
< *keygen* /s >
< *AntiWPA* /s >
< *loader* /s >
[2015.09.15 14:25:52 | 000,060,688 | ---- | M] () -- \Program Files (x86)\Common Files\Apple\Apple Application Support\YSLoader.exe
[2015.05.04 17:43:18 | 000,000,300 | ---- | M] () -- \Program Files (x86)\PasswordBox\Application\ext\build\js\cs-loader.js
[2014.05.11 21:20:36 | 000,006,418 | ---- | M] () -- \Program Files (x86)\PasswordBox\Firefox\resources\addon-sdk\lib\sdk\content\loader.js
[2014.05.11 21:20:36 | 000,002,446 | ---- | M] () -- \Program Files (x86)\PasswordBox\Firefox\resources\addon-sdk\lib\sdk\l10n\loader.js
[2014.05.11 21:20:36 | 000,003,942 | ---- | M] () -- \Program Files (x86)\PasswordBox\Firefox\resources\addon-sdk\lib\sdk\windows\loader.js
[2014.05.11 21:20:36 | 000,017,838 | ---- | M] () -- \Program Files (x86)\PasswordBox\Firefox\resources\addon-sdk\lib\toolkit\loader.js
[2009.06.02 02:16:58 | 000,114,688 | ---- | M] () -- \Program Files (x86)\WinRAR\RarExtLoader.exe
[2016.04.12 23:04:25 | 000,087,480 | ---- | M] () -- \Program Files\AVAST Software\Avast\aswWrcIELoader32.exe
[2016.04.12 23:04:26 | 000,103,016 | ---- | M] () -- \Program Files\AVAST Software\Avast\aswWrcIELoader64.exe
[2016.04.12 23:03:47 | 000,060,128 | ---- | M] () -- \Program Files\AVAST Software\Avast\ie_loader.exe
[49 \Program Files\AVAST Software\Avast\*.tmp files -> \Program Files\AVAST Software\Avast\*.tmp -> ]
[2016.04.12 23:04:32 | 000,019,136 | ---- | M] () -- \Program Files\AVAST Software\Avast\setup\CRT\avast.vc140.crt\amd64\api-ms-win-core-libraryloader-l1-1-0.dll
[2016.04.12 23:04:36 | 000,019,136 | ---- | M] () -- \Program Files\AVAST Software\Avast\setup\CRT\avast.vc140.crt\x86\api-ms-win-core-libraryloader-l1-1-0.dll
[2016.04.12 23:03:50 | 000,067,832 | ---- | M] () -- \Program Files\AVAST Software\Avast\x64\ie_loader.exe
[6 \Program Files\AVAST Software\Avast\x64\*.tmp files -> \Program Files\AVAST Software\Avast\x64\*.tmp -> ]
[2016.03.30 14:48:20 | 001,755,262 | ---- | M] () -- \Program Files\AVAST Software\SZBrowser\1.48.2066.98\resources\bundled_extensions\video-downloader.crx
[2016.03.30 14:48:20 | 001,755,262 | ---- | M] () -- \Program Files\AVAST Software\SZBrowser\1.48.2066.98_0\resources\bundled_extensions\video-downloader.crx
[2016.03.30 14:48:20 | 001,755,262 | ---- | M] () -- \Program Files\AVAST Software\SZBrowser\resources\bundled_extensions\video-downloader.crx
[2015.09.15 14:25:30 | 000,077,072 | ---- | M] () -- \Program Files\Common Files\Apple\Apple Application Support\YSLoader.exe
[2012.12.04 17:00:50 | 000,072,638 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.gif
[2012.12.04 17:00:50 | 000,003,032 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.png
[2012.12.04 17:00:50 | 000,009,772 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\retina\loader@2x.png
[2012.12.04 17:00:50 | 000,072,638 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.gif
[2012.12.04 17:00:50 | 000,003,032 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.png
[2012.12.04 17:00:50 | 000,009,772 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\retina\loader@2x.png
[2016.02.12 11:35:36 | 000,003,605 | ---- | M] () -- \Users\Mirča\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\loader.gif
[2015.03.11 23:00:27 | 000,000,300 | ---- | M] () -- \Users\Mirča\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\Mirča - iPhone\DiagnosticLogs\LanguageAssetLoader\LanguageAssetLoader_2014_10_08_08_20_04-0700.log
[2015.03.11 23:00:27 | 000,000,681 | ---- | M] () -- \Users\Mirča\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\Mirča - iPhone\DiagnosticLogs\LanguageAssetLoader\LanguageAssetLoader_2015_01_07_08_37_27-0800.log
[2016.02.23 20:21:16 | 000,014,800 | ---- | M] () -- \Users\Mirča\AppData\Roaming\Dropbox\bin\_win32sysloader.pyd
[2016.02.23 20:09:46 | 000,004,328 | ---- | M] () -- \Users\Mirča\AppData\Roaming\Dropbox\bin\QtQuick\Controls\Private\TableViewItemDelegateLoader.qml
[2016.02.23 20:09:46 | 000,004,726 | ---- | M] () -- \Users\Mirča\AppData\Roaming\Dropbox\bin\QtQuick\Controls\Private\TreeViewItemDelegateLoader.qml
[2016.04.15 18:07:22 | 000,014,692 | ---- | M] () -- \Windows\Prefetch\ASWWRCIELOADER32.EXE-BB2E4DE4.pf
[2016.04.15 18:07:22 | 000,013,834 | ---- | M] () -- \Windows\Prefetch\ASWWRCIELOADER64.EXE-123116A5.pf
[2016.05.06 15:19:44 | 000,028,588 | ---- | M] () -- \Windows\Prefetch\RAREXTLOADER.EXE-9DB10833.pf
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2016.04.12 23:23:10 | 000,019,136 | ---- | M] () -- \Windows\winsxs\amd64_avast.vc140.crt_fcc99ee6193ebbca_14.0.23918.0_none_53c8344321b452ba\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009.07.14 03:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 07:21:03 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 19:38:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_68a2edab92971725\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 04:12:19 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 07:12:44 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_691eb3faabbf8f66\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 19:35:00 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_6957a248ab947a6d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 07:39:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_69239340abbb38d0\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 07:32:07 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22209_none_6971452eab80a50e\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 08:20:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_695e76beab8ff095\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.04.12 10:34:35 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2011.04.12 10:34:35 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.efi.mui_35ee487d
[2011.04.12 10:34:35 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.exe.mui_3bc5b827
[2011.04.12 10:34:35 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.efi.mui_f412814e
[2011.04.12 10:34:35 | 000,030,288 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.exe.mui_ff8b5358
[2012.02.16 15:34:06 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2012.02.16 15:34:06 | 000,642,944 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.efi_75834aa0
[2012.02.16 15:34:06 | 000,605,552 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.exe_75835076
[2012.02.16 15:34:06 | 000,566,208 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.efi_85cd069f
[2012.02.16 15:34:06 | 000,518,672 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.exe_85cd1215
[2009.07.14 04:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 04:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2011.04.12 10:33:23 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2010.11.21 05:16:35 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89.manifest
[2011.02.05 19:34:23 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2011.02.05 15:09:57 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e.manifest
[2009.07.14 04:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2016.04.12 23:23:09 | 000,019,136 | ---- | M] () -- \Windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.23918.0_none_9b756b1a36307bc0\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:15:45 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:40:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_0c845227da39a5ef\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:36:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_0d001876f3621e30\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:29:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_0d3906c4f3370937\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:46:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_0d04f7bcf35dc79a\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 06:43:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22209_none_0d52a9aaf32333d8\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 07:53:29 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_0d3fdb3af3327f5f\api-ms-win-core-libraryloader-l1-1-0.dll
< *minodlogin* /s >
< *tnod* /s >
[2015.01.20 23:35:48 | 000,001,655 | ---- | M] () -- \Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit.resources\WebInspectorUI\Images\DOMTextNode.svg
[2015.01.20 23:35:30 | 000,001,655 | ---- | M] () -- \Program Files\Common Files\Apple\Apple Application Support\WebKit.resources\WebInspectorUI\Images\DOMTextNode.svg
< *AutoKMS* /s >
< *activator* /s >
< *serial* /s >
[2014.02.13 23:57:42 | 000,434,368 | ---- | M] () -- \Program Files (x86)\Microsoft Silverlight\5.1.30214.0\System.Runtime.Serialization.dll
[2014.03.23 11:42:05 | 001,164,288 | ---- | M] () -- \Program Files (x86)\Microsoft Silverlight\5.1.30214.0\System.Runtime.Serialization.ni.dll
[2012.10.05 12:53:23 | 000,970,752 | ---- | M] () -- \Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2011.04.12 10:34:17 | 000,090,112 | ---- | M] () -- \Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[2014.02.14 00:30:04 | 000,434,368 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.1.30214.0\System.Runtime.Serialization.dll
[2014.03.23 11:42:31 | 001,546,240 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.1.30214.0\System.Runtime.Serialization.ni.dll
[2012.10.05 12:52:37 | 000,847,872 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2011.04.12 10:34:17 | 000,090,112 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[2011.04.12 10:34:11 | 000,011,776 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.06.10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2010.11.13 04:02:06 | 000,090,112 | ---- | M] () -- \Windows\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
[2012.10.05 12:53:23 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2014.03.01 12:29:38 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\553e7bfc9cac5e4feaa83d8ee1e187bd\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.03.01 12:40:24 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f177ea74036d5fdc6c6b9c967dc877cf\System.Runtime.Serialization.ni.dll
[2014.03.01 03:44:47 | 000,396,288 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\8653acb87b4a219a84e4ce58df35e62a\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.03.01 12:35:56 | 003,073,536 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\b73fbf8a2db2192752ad2b13744a393b\System.Runtime.Serialization.ni.dll
[2014.03.01 03:41:41 | 000,311,296 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\046c2851963b30d0e14194051c03de33\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.03.01 12:42:23 | 002,659,328 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\be0a1bb51a0d8fb41140c8111ed56d19\System.Runtime.Serialization.ni.dll
[2014.03.01 12:44:35 | 000,009,216 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\bc1a3b2de28e513e09fe7322c122144f\System.Xml.Serialization.ni.dll
[2014.03.01 03:37:13 | 000,376,832 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\a6d5113221e92b37937dfa2725f37bf4\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.03.01 03:36:05 | 003,425,792 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\af2a6a583c4d46286e1454717cf4a0a8\System.Runtime.Serialization.ni.dll
[2014.03.01 03:40:23 | 000,010,240 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Serializ#\3655ae42bc2ca97104be3466dc2d33cc\System.Xml.Serialization.ni.dll
[2010.03.18 14:16:28 | 001,026,936 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.Runtime.Serialization.dll.amd64
[2010.03.18 14:16:28 | 001,026,936 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.Runtime.Serialization.dll.x86
[2014.03.01 03:26:47 | 000,122,264 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2014.03.01 03:26:46 | 001,039,040 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2014.03.01 03:26:48 | 000,011,120 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
[2009.06.10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2011.04.12 10:34:11 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2012.10.05 12:53:24 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2013.09.11 06:06:54 | 001,039,040 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2010.03.18 14:16:28 | 000,122,264 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2011.04.06 17:48:20 | 000,011,120 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll
[2009.06.10 22:40:06 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2011.04.12 10:34:10 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2012.10.05 12:52:38 | 000,847,872 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2013.09.11 06:06:54 | 001,039,040 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.dll
[2010.03.18 14:16:28 | 000,122,264 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2011.04.06 17:48:20 | 000,011,120 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.Serialization.dll
[2009.07.14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2011.04.12 10:34:07 | 000,005,120 | ---- | M] () -- \Windows\System32\cs-CZ\serialui.dll.mui
[2009.07.14 02:00:40 | 000,094,208 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_amd64_neutral_fdcfb86ce78678d1\serial.sys
[2009.06.10 22:37:50 | 000,038,400 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_amd64_neutral_6fb75ea318f84fe5\grserial.sys
[2009.07.14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\SysWOW64\serialui.dll
[2011.04.12 10:34:07 | 000,005,120 | ---- | M] () -- \Windows\SysWOW64\cs-CZ\serialui.dll.mui
[2011.04.12 10:34:10 | 000,011,776 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_1e527062c1f59d5f\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2011.04.12 10:34:12 | 000,005,120 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_aa5fd338fd5bcb23\serialui.dll.mui
[2009.07.14 03:41:54 | 000,017,920 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360\serialui.dll
[2011.04.12 10:34:17 | 000,090,112 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_bb9a1800691e639c\System.RunTime.Serialization.Resources.dll
[2011.04.12 10:34:13 | 000,009,728 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_20ab142d65ed6acc\serial.sys.mui
[2009.07.14 02:00:40 | 000,094,208 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_548ca258d20f4ada\serial.sys
[2009.06.10 22:40:06 | 000,131,072 | ---- | M] () -- \Windows\winsxs\amd64_netfx-system.runtim..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_a9d1bee515273f56\System.Runtime.Serialization.Formatters.Soap.dll
[2009.06.10 22:37:50 | 000,038,400 | ---- | M] () -- \Windows\winsxs\amd64_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_ce9ed3064deed3aa\grserial.sys
[2010.11.21 05:24:53 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17514_none_5918bfde74e3f722\System.Runtime.Serialization.dll
[2012.10.05 12:52:38 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17966_none_591d933074dfaa5b\System.Runtime.Serialization.dll
[2012.10.05 12:56:11 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.22126_none_424bee728e8a9f53\System.Runtime.Serialization.dll
[2010.11.21 05:24:53 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_93efcca8c8dbf1bb\System.Runtime.Serialization.dll
[2012.10.05 12:52:37 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_93f49ffac8d7a4f4\System.Runtime.Serialization.dll
[2012.10.05 12:56:11 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_7d22fb3ce28299ec\System.Runtime.Serialization.dll
[2012.02.16 15:34:06 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8.manifest
[2012.02.16 15:34:06 | 000,017,792 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8_kdcom.dll_db5e7744
[2011.04.12 10:34:36 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_aa5fd338fd5bcb23_serialui.dll.mui_7d29d2a3
[2009.07.14 04:57:29 | 000,017,920 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360_serialui.dll_bea29328
[2011.04.12 10:34:35 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed_serialui.dll.mui_7d29d2a3
[2009.07.14 04:58:37 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a_serialui.dll_bea29328
[2009.07.14 04:15:17 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_6daa7ec5c65bf5bc.manifest
[2011.02.05 19:35:45 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8.manifest
[2011.02.05 15:11:05 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.21655_none_703aeff2dc87a23b.manifest
[2009.07.14 04:11:30 | 000,000,868 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.1.7600.16385_none_88b1c48f2026fe3f.manifest
[2010.11.21 05:17:50 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17514_none_5918bfde74e3f722.manifest
[2012.10.05 20:18:30 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17966_none_591d933074dfaa5b.manifest
[2012.10.05 20:10:31 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.22126_none_424bee728e8a9f53.manifest
[2010.11.21 05:17:50 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_93efcca8c8dbf1bb.manifest
[2012.10.05 20:19:07 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_93f49ffac8d7a4f4.manifest
[2012.10.05 20:11:10 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_7d22fb3ce28299ec.manifest
[2010.11.21 05:17:50 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c.manifest
[2012.10.05 19:15:39 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17966_none_a683f56a74d63285.manifest
[2012.10.05 19:17:50 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22126_none_8fb250ac8e81277d.manifest
[2011.04.12 10:33:41 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0.manifest
[2012.10.05 22:12:17 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17966_cs-cz_342f3c238422529f.manifest
[2012.10.05 21:59:28 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22126_cs-cz_1d5d97659dcd4797.manifest
[2010.11.21 05:17:50 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f.manifest
[2012.10.05 19:15:03 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17966_none_d6c72b049c7d33b8.manifest
[2012.10.05 19:17:15 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22126_none_bff58646b62828b0.manifest
[2010.11.21 05:18:20 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1.manifest
[2012.10.05 19:19:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_dba1d6d1dd53cdfa.manifest
[2012.10.05 19:22:10 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_c4d03213f6fec2f2.manifest
[2009.06.10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll
[2011.04.12 10:34:11 | 000,011,776 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.1.7600.16385_cs-cz_d5c3552dd9b47144\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010.11.21 05:24:53 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c\System.Runtime.Serialization.dll
[2012.10.05 12:53:24 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17966_none_a683f56a74d63285\System.Runtime.Serialization.dll
[2012.10.05 12:56:07 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22126_none_8fb250ac8e81277d\System.Runtime.Serialization.dll
[2011.04.12 10:34:17 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0\System.RunTime.Serialization.Resources.dll
[2010.11.13 04:02:06 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17966_cs-cz_342f3c238422529f\System.RunTime.Serialization.Resources.dll
[2010.11.13 04:37:37 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22126_cs-cz_1d5d97659dcd4797\System.RunTime.Serialization.Resources.dll
[2010.11.21 05:24:53 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f\System.Runtime.Serialization.dll
[2012.10.05 12:53:23 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17966_none_d6c72b049c7d33b8\System.Runtime.Serialization.dll
[2012.10.05 12:56:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22126_none_bff58646b62828b0\System.Runtime.Serialization.dll
[2011.04.12 10:34:11 | 000,011,776 | ---- | M] () -- \Windows\winsxs\wow64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_28a71ab4f6565f5a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2011.04.12 10:34:07 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed\serialui.dll.mui
[2009.07.14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a\serialui.dll
[2011.04.12 10:34:17 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_5f7b7c7cb0c0f266\System.RunTime.Serialization.Resources.dll
[2010.11.21 05:25:11 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1\System.Runtime.Serialization.dll
[2012.10.05 12:53:23 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_dba1d6d1dd53cdfa\System.Runtime.Serialization.dll
[2012.10.05 12:56:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_c4d03213f6fec2f2\System.Runtime.Serialization.dll
< *w7lxe* /s >
< End of report >
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Malware
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
markyzamek
- Návštěvník
- Příspěvky: 39
- Registrován: 13 led 2013 14:21
Re: Malware
Extras zde:
OTL Extras logfile created on: 6.5.2016 15:20:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mirča\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16844)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
7,75 Gb Total Physical Memory | 4,53 Gb Available Physical Memory | 58,48% Memory free
23,25 Gb Paging File | 19,23 Gb Available in Paging File | 82,71% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 7935 16000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 43,85 Gb Total Space | 7,62 Gb Free Space | 17,37% Space Free | Partition Type: NTFS
Drive D: | 421,82 Gb Total Space | 305,93 Gb Free Space | 72,53% Space Free | Partition Type: NTFS
Computer Name: MIRČA-PC | User Name: Mirča | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3000822321-160099729-2533544899-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programs\Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C3424F-398E-4E34-9446-CA8286673557}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{0434A5BE-3BB6-4764-AD67-6E6BF573BA08}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{07DB931A-3CD3-432D-9F40-F3078AF09E74}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0F6B71F7-257C-4321-83A0-5E1B0FA4D4AB}" = lport=6881 | protocol=6 | dir=in | name=war thunder |
"{11D2728E-4C4B-4A3D-92BE-135F753F603C}" = lport=7852 | protocol=6 | dir=in | name=war thunder |
"{1CF12F6C-E214-43E4-B2EE-F96413D4864D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2A737E84-A8B5-4C00-8C7E-7309334ACBDB}" = lport=20010 | protocol=17 | dir=in | name=war thunder |
"{2DE75F17-DCC1-42BF-8CC9-509C77933B0A}" = rport=138 | protocol=17 | dir=out | app=system |
"{2EB4C755-439D-46A6-9AD3-644F97CB2FC0}" = lport=27022 | protocol=6 | dir=in | name=war thunder |
"{3CD9813A-0673-40CD-9EF9-4E766CF8428E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4322E4CF-00AB-427D-A853-2D7DAA8D9A2E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{48E9C9DF-CE67-4C1F-8E20-8186E8400A68}" = lport=139 | protocol=6 | dir=in | app=system |
"{495C0EC7-05DA-4B38-A8A0-BFCA587AFD70}" = lport=80 | protocol=6 | dir=in | name=war thunder |
"{4BF68683-C9E9-41C8-9A03-DA60980EF2BD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{53C795CF-4D0E-46F9-82E5-0427AC440226}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5472525C-7E0F-46B3-AC8D-30B9B4501F4E}" = lport=33333 | protocol=6 | dir=in | name=war thunder |
"{5BCE2BF9-1C0E-4EC9-85F5-E8275A88ACB6}" = lport=138 | protocol=17 | dir=in | app=system |
"{69CB4DC2-A381-41D9-9A24-4FACC217EB53}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6DC90CDA-CF6E-4186-B5E4-2636ADB7226B}" = rport=445 | protocol=6 | dir=out | app=system |
"{6E5D0A23-EEC2-480F-BB2B-CEEBCC82FB7E}" = lport=445 | protocol=6 | dir=in | app=system |
"{8421278D-72E3-44D3-8CED-CE1F6C139E73}" = lport=137 | protocol=17 | dir=in | app=system |
"{84858EBB-D143-4CE6-A726-3DED751E0845}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{A041BD7B-BEF1-4338-9248-6C3C60838D61}" = rport=10243 | protocol=6 | dir=out | app=system |
"{AA861098-AEEA-4AAB-9CE6-F2FA5A3BFA8C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ABDA3A64-8A55-4E40-8DC7-A9DDCB7A77A0}" = rport=139 | protocol=6 | dir=out | app=system |
"{AF81789F-2B71-44E4-AEB1-0AB5724B482E}" = lport=20443 | protocol=6 | dir=in | name=war thunder |
"{B0398EF9-2696-4448-BCA3-887D4A8B3391}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B0D7305E-624E-48CD-955E-8DF5AC51333A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B196DF1E-0A55-49A8-A23A-653558AA2261}" = lport=8090 | protocol=6 | dir=in | name=war thunder |
"{CC280D40-FE74-4501-8643-422A5CF2DBBC}" = lport=7853 | protocol=6 | dir=in | name=war thunder |
"{CFDA4534-0813-46DE-9E6B-26490E959DF8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D1E0DEAD-F286-4801-9AE5-F2A2F38C8674}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D5426B00-B4DF-4096-9B4A-36BCBAEF19E4}" = lport=3478 | protocol=17 | dir=in | name=war thunder |
"{DD00D6DE-8CB3-4CB5-8552-D06BFB4BCE4D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DDE2E986-2FAB-4EC6-9ED1-BA58063F2A8F}" = lport=7850 | protocol=6 | dir=in | name=war thunder |
"{EBE1F4F4-51AA-4C65-A10F-70F54ABE52ED}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F4CF4052-F224-4E65-80DE-CEFB7E807CDE}" = lport=443 | protocol=6 | dir=in | name=war thunder |
"{FA866713-9604-4EA3-8AC6-FA62B572B9D7}" = rport=137 | protocol=17 | dir=out | app=system |
"{FD683AA8-411D-472D-94B9-98DC50DE8E61}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10074123-BBCA-4E2D-AB67-91BAE8978B92}" = protocol=6 | dir=out | app=system |
"{11F7D2BA-EF25-41CF-95F6-9C8E854F53D3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{12EC1520-51E9-4916-9249-FA093F199D51}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{14B65846-73D1-4A64-8072-0D1570000EBB}" = protocol=17 | dir=out | app=c:\users\mirča\appdata\roaming\utorrent\utorrent.exe |
"{1DB1DF5D-E49A-4FEC-B261-D9EB2D519FAB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1F4BC46B-893C-461C-BE3E-0109267B8696}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1F7D9FDF-CCAB-4502-B635-37595D3F2D7C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2D713A78-7C43-43BF-9EF3-45E869C4FD00}" = protocol=6 | dir=out | app=c:\users\mirča\appdata\roaming\utorrent\utorrent.exe |
"{34264714-367E-4501-928C-8540F05FFB05}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{363D5241-9D61-4740-91E6-98B6C6D928DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5AE9A353-2865-45EF-A1C9-8BDCFB4F985A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5BAB9C8D-FF21-4900-94D9-BDC903D0F5B7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5F150E6E-BE66-4AEB-9A80-8E52D5A986A2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{5F411353-E396-4803-8E81-24C147FFD128}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{600168E5-B6EB-4E9B-B849-7168708E6940}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{698E96B7-1980-4791-A09F-2D880025BA12}" = protocol=6 | dir=in | app=d:\programs\firefox\firefox.exe |
"{788ED956-C113-4543-8094-EAC8EB16D480}" = protocol=6 | dir=in | app=c:\users\mirča\appdata\roaming\dropbox\bin\dropbox.exe |
"{78B43DC7-5A59-48F6-B99F-86A163DF47D5}" = dir=in | app=d:\programs\skype\phone\skype.exe |
"{7EDCB811-0102-4CD5-B111-FDBF5DF6197D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8F535CF6-EFAC-4059-A367-7A33645EEDFC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{96D44055-F7BD-41A1-B331-0BCDF427F102}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9DC73D1F-1D09-4DD4-A774-C333EA6ABA27}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A0A4A6A4-7204-4ED6-85D6-220567BB71FC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A5E953E2-DC24-4437-AC7C-1FB426C111C7}" = protocol=17 | dir=in | app=c:\users\mirča\appdata\roaming\dropbox\bin\dropbox.exe |
"{AA41A18F-2CEC-40E1-A90C-5FB21A70025E}" = protocol=17 | dir=in | app=c:\users\mirča\appdata\roaming\utorrent\utorrent.exe |
"{B0DC2E86-D7C7-45DC-8F26-F08BA3EFA153}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{B5586ED8-79C2-4533-8EC3-19619826E7E3}" = protocol=17 | dir=in | app=c:\users\mirča\appdata\roaming\utorrent\utorrent.exe |
"{B65CB7C5-6749-4086-AEB6-8F5077DF0EE5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C49BA4E7-B860-4CED-8CDE-15AED5E02A9B}" = protocol=17 | dir=in | app=d:\programs\firefox\firefox.exe |
"{E26EF53A-D9E1-431E-BCAE-6BE704CEF574}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E818E24B-616E-46A2-BC6C-0D340F77F511}" = protocol=6 | dir=in | app=c:\users\mirča\appdata\roaming\utorrent\utorrent.exe |
"{EEAAEA7B-323B-4F5B-8D33-9A0B5EC091F5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EEAE8847-C699-4645-83D5-B9183D941AED}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F2FB6BE5-B004-4FF0-9636-AF26110806AF}" = protocol=6 | dir=in | app=c:\users\mirča\appdata\roaming\utorrent\utorrent.exe |
"{F7919890-68BE-45E8-AD87-30230805DE15}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FD6B2B64-645B-4F64-B2AE-33BE4CCBCEE8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"TCP Query User{8A4DCDF9-5723-4EB4-BB2E-B0448343F7FA}D:\programs\firefox\plugin-container.exe" = protocol=6 | dir=in | app=d:\programs\firefox\plugin-container.exe |
"TCP Query User{B17320EF-7413-4A4B-816A-011AE566672D}C:\users\mirča\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\mirča\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{11283836-1A01-40CB-A6B8-15618DF4DBF5}C:\users\mirča\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\mirča\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{F0427129-EB91-49D3-B364-2BF9F92158D7}D:\programs\firefox\plugin-container.exe" = protocol=17 | dir=in | app=d:\programs\firefox\plugin-container.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{034B6AC8-DCF6-585B-2AFD-3FF0D4A559BB}" = AMD Accelerated Video Transcoding
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series" = Canon MP280 series MP Drivers
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{30921AC4-6875-F7DF-B48B-2BB68C000BB6}" = AMD Media Foundation Decoders
"{37FCE154-7F59-74F0-3A35-BF503CEB230B}" = AMD Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}" = Bonjour
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6C676266-91E4-DC71-E661-13494AC29A3E}" = ccc-utility64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88509E20-3936-4D88-A1C0-B274C7BB5151}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{999DB5B3-EE44-8837-2B51-4AF44CD1FD22}" = AMD Drag and Drop Transcoding
"{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}" = Podpora aplikací Apple (64bitová)
"{CB1032F6-1108-30C7-01C9-C0C132D13BEE}" = AMD Fuel
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}" = Apple Mobile Device Support
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F14E5B-E07A-2A1E-6788-580773CE1486}" = CCC Help English
"{0A036215-0A8D-6FBE-7EA3-7AED4F9E162A}" = CCC Help Turkish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15A05AAA-37E7-D516-5BE9-C960C2170403}" = CCC Help Czech
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{21E9850E-58C2-FA88-D5AD-B64D253B8F82}" = CCC Help Thai
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{25A7270E-1B63-DFD1-ACBC-88852A305398}" = CCC Help Chinese Traditional
"{28164BD8-81EA-639A-85E9-E659E3EE6DA7}" = Catalyst Control Center InstallProxy
"{2E69E784-F84A-9A18-7D8E-4EB8504EEE1E}" = CCC Help Danish
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}" = Podpora aplikací Apple (32bitová)
"{362614E4-9ABB-E7A7-CDDC-239AB168060A}" = CCC Help Japanese
"{4745F6F8-09DA-CC39-EC19-0E8D764CF2B7}" = CCC Help Chinese Standard
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4FA31DE2-B613-24BB-1738-B655C00B1C9D}" = CCC Help Hungarian
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{58771CF6-F212-CC4D-61B1-45CC70B6375C}" = CCC Help Dutch
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D5CE5F1-CBB0-9ED4-1A1E-91DDCD6225FD}" = CCC Help Italian
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{707210B0-29F1-C550-BA96-6ECDA245CF24}" = CCC Help Spanish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{79BF4901-1EC4-4726-B3C2-A7859706C6E7}" = League of Legends
"{812B956B-37AB-24B9-4527-78A6D3ECE7F8}" = CCC Help Korean
"{83293709-B863-0EF6-00DA-B026D486E8B5}" = CCC Help Polish
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = The Sims Medieval
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{88B2ABCF-9C00-47C1-8FC4-369B98845DD7}" = Catalyst Control Center - Branding
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{911904DE-EBB6-BC8E-D5BD-762B7DB42C46}" = CCC Help Greek
"{9903011B-5F1D-A2A1-8078-EE62B3324CCE}" = CCC Help Portuguese
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A7F1628-2126-34A5-852D-2B93328BCF3F}" = CCC Help German
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{AC76BA86-7AD7-1029-7B44-A81000000003}" = Adobe Reader 8.1.0 - Czech
"{AE6C422B-DADB-D547-411C-E9E56DF03D16}" = CCC Help Russian
"{B09567CC-E43F-10F1-752D-549AC7FB0C43}" = CCC Help Finnish
"{B170B91D-E8E3-A6A3-D129-D8E36FEA8A0B}" = CCC Help Norwegian
"{BD96ABD3-D1D4-5513-6C60-11476D6DCFC5}" = Catalyst Control Center Localization All
"{C39C7876-4D21-8A38-0A42-B5C8858EC6C7}" = CCC Help French
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C70C90D2-D197-40E9-B712-6828BDA5F74A}" = PdfMerge
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4236B82-213F-679E-09A2-9AEB5EF4CADC}" = Catalyst Control Center Graphics Previews Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5B94160-4A07-4956-9C73-8C5EEFEF180F}" = OpenOffice.org 3.3
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EBBD4FE6-91DA-C397-6D56-FE85DBF24FCF}" = AMD VISION Engine Control Center
"{FCEFDA6B-63CD-BB17-B845-478A42E24D39}" = CCC Help Swedish
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}" = Apple Software Update
"Adobe AIR" = Adobe AIR
"Adobe Flash Player NPAPI" = Adobe Flash Player 21 NPAPI
"Avast" = Avast Free Antivirus
"AVerMedia A827 series driver" = AVerMedia A827 series driver 1.0.64.85
"BSPlayerf" = BS.Player FREE
"CloneDVD2" = CloneDVD2
"CrystalDiskInfo_is1" = CrystalDiskInfo 6.8.2
"Digital Editions" = Adobe Digital Editions
"Foxit Reader_is1" = Foxit Reader 5.1
"Google Chrome" = Google Chrome
"HD Tune_is1" = HD Tune 2.55
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platforma Ovladače zařízení
"InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"League of Legends 3.0.1" = League of Legends
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware verze 2.2.1.1043
"Mozilla Firefox 45.0.2 (x86 cs)" = Mozilla Firefox 45.0.2 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SafeZone 1.48.2066.98" = SafeZone Stable 1.48.2066.98
"VirtualCloneDrive" = VirtualCloneDrive
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3000822321-160099729-2533544899-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"uTorrent" = µTorrent
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 28.4.2014 3:09:33 | Computer Name = Mirča-PC | Source = WinMgmt | ID = 10
Description =
Error - 28.4.2014 8:24:06 | Computer Name = Mirča-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.4.2014 2:09:20 | Computer Name = Mirča-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.4.2014 15:18:16 | Computer Name = Mirča-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.4.2014 16:15:31 | Computer Name = Mirča-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: FlashPlayerPlugin_13_0_0_206.exe, verze:
13.0.0.206, časové razítko: 0x53519bd9 Název chybujícího modulu: FlashPlayerPlugin_13_0_0_206.exe,
verze: 13.0.0.206, časové razítko: 0x53519bd9 Kód výjimky: 0x40000015 Posun chyby:
0x00017fd0 ID chybujícího procesu: 0x12d4 Čas spuštění chybující aplikace: 0x01cf63e057315a3a
Cesta
k chybující aplikaci: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
Cesta
k chybujícímu modulu: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
ID
zprávy: 030d1ea3-cfdb-11e3-a31a-8c89a57d5c8d
Error - 30.4.2014 5:28:31 | Computer Name = Mirča-PC | Source = WinMgmt | ID = 10
Description =
Error - 30.4.2014 5:29:54 | Computer Name = Mirča-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: rundll32.exe_xrWCbgnd.dll, verze: 6.1.7600.16385,
časové razítko: 0x4a5bc9e0 Název chybujícího modulu: xrWCbgnd.dll, verze: 4.33.7.3,
časové razítko: 0x4a5bdfc1 Kód výjimky: 0xc0000005 Posun chyby: 0x000000000000992a
ID
chybujícího procesu: 0x4e0 Čas spuštění chybující aplikace: 0x01cf6456b61496fc Cesta
k chybující aplikaci: C:\Windows\System32\rundll32.exe Cesta k chybujícímu modulu:
C:\Windows\System32\xrWCbgnd.dll ID zprávy: fc228e87-d049-11e3-b9e8-8c89a57d5c8d
Error - 2.5.2014 14:29:40 | Computer Name = Mirča-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: FlashPlayerPlugin_13_0_0_206.exe, verze:
13.0.0.206, časové razítko: 0x53519bd9 Název chybujícího modulu: FlashPlayerPlugin_13_0_0_206.exe,
verze: 13.0.0.206, časové razítko: 0x53519bd9 Kód výjimky: 0x40000015 Posun chyby:
0x00017fd0 ID chybujícího procesu: 0x250 Čas spuštění chybující aplikace: 0x01cf65303399b630
Cesta
k chybující aplikaci: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
Cesta
k chybujícímu modulu: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
ID
zprávy: b89914d1-d227-11e3-b9e8-8c89a57d5c8d
Error - 3.5.2014 4:04:23 | Computer Name = Mirča-PC | Source = WinMgmt | ID = 10
Description =
Error - 3.5.2014 18:01:06 | Computer Name = Mirča-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 6.5.2016 9:32:05 | Computer Name = Mirča-PC | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\DR0 má chybný blok.
Error - 6.5.2016 9:32:08 | Computer Name = Mirča-PC | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\DR0 má chybný blok.
Error - 6.5.2016 9:32:10 | Computer Name = Mirča-PC | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\DR0 má chybný blok.
Error - 6.5.2016 9:33:06 | Computer Name = Mirča-PC | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\DR0 má chybný blok.
Error - 6.5.2016 9:33:08 | Computer Name = Mirča-PC | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\DR0 má chybný blok.
Error - 6.5.2016 9:33:10 | Computer Name = Mirča-PC | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\DR0 má chybný blok.
Error - 6.5.2016 9:33:12 | Computer Name = Mirča-PC | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\DR0 má chybný blok.
Error - 6.5.2016 9:33:15 | Computer Name = Mirča-PC | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\DR0 má chybný blok.
Error - 6.5.2016 9:33:17 | Computer Name = Mirča-PC | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\DR0 má chybný blok.
Error - 6.5.2016 9:33:19 | Computer Name = Mirča-PC | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\DR0 má chybný blok.
< End of report >
OTL Extras logfile created on: 6.5.2016 15:20:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mirča\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16844)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
7,75 Gb Total Physical Memory | 4,53 Gb Available Physical Memory | 58,48% Memory free
23,25 Gb Paging File | 19,23 Gb Available in Paging File | 82,71% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 7935 16000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 43,85 Gb Total Space | 7,62 Gb Free Space | 17,37% Space Free | Partition Type: NTFS
Drive D: | 421,82 Gb Total Space | 305,93 Gb Free Space | 72,53% Space Free | Partition Type: NTFS
Computer Name: MIRČA-PC | User Name: Mirča | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3000822321-160099729-2533544899-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programs\Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C3424F-398E-4E34-9446-CA8286673557}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{0434A5BE-3BB6-4764-AD67-6E6BF573BA08}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{07DB931A-3CD3-432D-9F40-F3078AF09E74}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0F6B71F7-257C-4321-83A0-5E1B0FA4D4AB}" = lport=6881 | protocol=6 | dir=in | name=war thunder |
"{11D2728E-4C4B-4A3D-92BE-135F753F603C}" = lport=7852 | protocol=6 | dir=in | name=war thunder |
"{1CF12F6C-E214-43E4-B2EE-F96413D4864D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2A737E84-A8B5-4C00-8C7E-7309334ACBDB}" = lport=20010 | protocol=17 | dir=in | name=war thunder |
"{2DE75F17-DCC1-42BF-8CC9-509C77933B0A}" = rport=138 | protocol=17 | dir=out | app=system |
"{2EB4C755-439D-46A6-9AD3-644F97CB2FC0}" = lport=27022 | protocol=6 | dir=in | name=war thunder |
"{3CD9813A-0673-40CD-9EF9-4E766CF8428E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4322E4CF-00AB-427D-A853-2D7DAA8D9A2E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{48E9C9DF-CE67-4C1F-8E20-8186E8400A68}" = lport=139 | protocol=6 | dir=in | app=system |
"{495C0EC7-05DA-4B38-A8A0-BFCA587AFD70}" = lport=80 | protocol=6 | dir=in | name=war thunder |
"{4BF68683-C9E9-41C8-9A03-DA60980EF2BD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{53C795CF-4D0E-46F9-82E5-0427AC440226}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5472525C-7E0F-46B3-AC8D-30B9B4501F4E}" = lport=33333 | protocol=6 | dir=in | name=war thunder |
"{5BCE2BF9-1C0E-4EC9-85F5-E8275A88ACB6}" = lport=138 | protocol=17 | dir=in | app=system |
"{69CB4DC2-A381-41D9-9A24-4FACC217EB53}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6DC90CDA-CF6E-4186-B5E4-2636ADB7226B}" = rport=445 | protocol=6 | dir=out | app=system |
"{6E5D0A23-EEC2-480F-BB2B-CEEBCC82FB7E}" = lport=445 | protocol=6 | dir=in | app=system |
"{8421278D-72E3-44D3-8CED-CE1F6C139E73}" = lport=137 | protocol=17 | dir=in | app=system |
"{84858EBB-D143-4CE6-A726-3DED751E0845}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{A041BD7B-BEF1-4338-9248-6C3C60838D61}" = rport=10243 | protocol=6 | dir=out | app=system |
"{AA861098-AEEA-4AAB-9CE6-F2FA5A3BFA8C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ABDA3A64-8A55-4E40-8DC7-A9DDCB7A77A0}" = rport=139 | protocol=6 | dir=out | app=system |
"{AF81789F-2B71-44E4-AEB1-0AB5724B482E}" = lport=20443 | protocol=6 | dir=in | name=war thunder |
"{B0398EF9-2696-4448-BCA3-887D4A8B3391}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B0D7305E-624E-48CD-955E-8DF5AC51333A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B196DF1E-0A55-49A8-A23A-653558AA2261}" = lport=8090 | protocol=6 | dir=in | name=war thunder |
"{CC280D40-FE74-4501-8643-422A5CF2DBBC}" = lport=7853 | protocol=6 | dir=in | name=war thunder |
"{CFDA4534-0813-46DE-9E6B-26490E959DF8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D1E0DEAD-F286-4801-9AE5-F2A2F38C8674}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D5426B00-B4DF-4096-9B4A-36BCBAEF19E4}" = lport=3478 | protocol=17 | dir=in | name=war thunder |
"{DD00D6DE-8CB3-4CB5-8552-D06BFB4BCE4D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DDE2E986-2FAB-4EC6-9ED1-BA58063F2A8F}" = lport=7850 | protocol=6 | dir=in | name=war thunder |
"{EBE1F4F4-51AA-4C65-A10F-70F54ABE52ED}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F4CF4052-F224-4E65-80DE-CEFB7E807CDE}" = lport=443 | protocol=6 | dir=in | name=war thunder |
"{FA866713-9604-4EA3-8AC6-FA62B572B9D7}" = rport=137 | protocol=17 | dir=out | app=system |
"{FD683AA8-411D-472D-94B9-98DC50DE8E61}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10074123-BBCA-4E2D-AB67-91BAE8978B92}" = protocol=6 | dir=out | app=system |
"{11F7D2BA-EF25-41CF-95F6-9C8E854F53D3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{12EC1520-51E9-4916-9249-FA093F199D51}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{14B65846-73D1-4A64-8072-0D1570000EBB}" = protocol=17 | dir=out | app=c:\users\mirča\appdata\roaming\utorrent\utorrent.exe |
"{1DB1DF5D-E49A-4FEC-B261-D9EB2D519FAB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1F4BC46B-893C-461C-BE3E-0109267B8696}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1F7D9FDF-CCAB-4502-B635-37595D3F2D7C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2D713A78-7C43-43BF-9EF3-45E869C4FD00}" = protocol=6 | dir=out | app=c:\users\mirča\appdata\roaming\utorrent\utorrent.exe |
"{34264714-367E-4501-928C-8540F05FFB05}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{363D5241-9D61-4740-91E6-98B6C6D928DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5AE9A353-2865-45EF-A1C9-8BDCFB4F985A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5BAB9C8D-FF21-4900-94D9-BDC903D0F5B7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5F150E6E-BE66-4AEB-9A80-8E52D5A986A2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{5F411353-E396-4803-8E81-24C147FFD128}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{600168E5-B6EB-4E9B-B849-7168708E6940}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{698E96B7-1980-4791-A09F-2D880025BA12}" = protocol=6 | dir=in | app=d:\programs\firefox\firefox.exe |
"{788ED956-C113-4543-8094-EAC8EB16D480}" = protocol=6 | dir=in | app=c:\users\mirča\appdata\roaming\dropbox\bin\dropbox.exe |
"{78B43DC7-5A59-48F6-B99F-86A163DF47D5}" = dir=in | app=d:\programs\skype\phone\skype.exe |
"{7EDCB811-0102-4CD5-B111-FDBF5DF6197D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8F535CF6-EFAC-4059-A367-7A33645EEDFC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{96D44055-F7BD-41A1-B331-0BCDF427F102}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9DC73D1F-1D09-4DD4-A774-C333EA6ABA27}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A0A4A6A4-7204-4ED6-85D6-220567BB71FC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A5E953E2-DC24-4437-AC7C-1FB426C111C7}" = protocol=17 | dir=in | app=c:\users\mirča\appdata\roaming\dropbox\bin\dropbox.exe |
"{AA41A18F-2CEC-40E1-A90C-5FB21A70025E}" = protocol=17 | dir=in | app=c:\users\mirča\appdata\roaming\utorrent\utorrent.exe |
"{B0DC2E86-D7C7-45DC-8F26-F08BA3EFA153}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{B5586ED8-79C2-4533-8EC3-19619826E7E3}" = protocol=17 | dir=in | app=c:\users\mirča\appdata\roaming\utorrent\utorrent.exe |
"{B65CB7C5-6749-4086-AEB6-8F5077DF0EE5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C49BA4E7-B860-4CED-8CDE-15AED5E02A9B}" = protocol=17 | dir=in | app=d:\programs\firefox\firefox.exe |
"{E26EF53A-D9E1-431E-BCAE-6BE704CEF574}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E818E24B-616E-46A2-BC6C-0D340F77F511}" = protocol=6 | dir=in | app=c:\users\mirča\appdata\roaming\utorrent\utorrent.exe |
"{EEAAEA7B-323B-4F5B-8D33-9A0B5EC091F5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EEAE8847-C699-4645-83D5-B9183D941AED}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F2FB6BE5-B004-4FF0-9636-AF26110806AF}" = protocol=6 | dir=in | app=c:\users\mirča\appdata\roaming\utorrent\utorrent.exe |
"{F7919890-68BE-45E8-AD87-30230805DE15}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FD6B2B64-645B-4F64-B2AE-33BE4CCBCEE8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"TCP Query User{8A4DCDF9-5723-4EB4-BB2E-B0448343F7FA}D:\programs\firefox\plugin-container.exe" = protocol=6 | dir=in | app=d:\programs\firefox\plugin-container.exe |
"TCP Query User{B17320EF-7413-4A4B-816A-011AE566672D}C:\users\mirča\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\mirča\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{11283836-1A01-40CB-A6B8-15618DF4DBF5}C:\users\mirča\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\mirča\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{F0427129-EB91-49D3-B364-2BF9F92158D7}D:\programs\firefox\plugin-container.exe" = protocol=17 | dir=in | app=d:\programs\firefox\plugin-container.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{034B6AC8-DCF6-585B-2AFD-3FF0D4A559BB}" = AMD Accelerated Video Transcoding
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series" = Canon MP280 series MP Drivers
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{30921AC4-6875-F7DF-B48B-2BB68C000BB6}" = AMD Media Foundation Decoders
"{37FCE154-7F59-74F0-3A35-BF503CEB230B}" = AMD Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}" = Bonjour
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6C676266-91E4-DC71-E661-13494AC29A3E}" = ccc-utility64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88509E20-3936-4D88-A1C0-B274C7BB5151}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{999DB5B3-EE44-8837-2B51-4AF44CD1FD22}" = AMD Drag and Drop Transcoding
"{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}" = Podpora aplikací Apple (64bitová)
"{CB1032F6-1108-30C7-01C9-C0C132D13BEE}" = AMD Fuel
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}" = Apple Mobile Device Support
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F14E5B-E07A-2A1E-6788-580773CE1486}" = CCC Help English
"{0A036215-0A8D-6FBE-7EA3-7AED4F9E162A}" = CCC Help Turkish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15A05AAA-37E7-D516-5BE9-C960C2170403}" = CCC Help Czech
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{21E9850E-58C2-FA88-D5AD-B64D253B8F82}" = CCC Help Thai
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{25A7270E-1B63-DFD1-ACBC-88852A305398}" = CCC Help Chinese Traditional
"{28164BD8-81EA-639A-85E9-E659E3EE6DA7}" = Catalyst Control Center InstallProxy
"{2E69E784-F84A-9A18-7D8E-4EB8504EEE1E}" = CCC Help Danish
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}" = Podpora aplikací Apple (32bitová)
"{362614E4-9ABB-E7A7-CDDC-239AB168060A}" = CCC Help Japanese
"{4745F6F8-09DA-CC39-EC19-0E8D764CF2B7}" = CCC Help Chinese Standard
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4FA31DE2-B613-24BB-1738-B655C00B1C9D}" = CCC Help Hungarian
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{58771CF6-F212-CC4D-61B1-45CC70B6375C}" = CCC Help Dutch
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D5CE5F1-CBB0-9ED4-1A1E-91DDCD6225FD}" = CCC Help Italian
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{707210B0-29F1-C550-BA96-6ECDA245CF24}" = CCC Help Spanish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{79BF4901-1EC4-4726-B3C2-A7859706C6E7}" = League of Legends
"{812B956B-37AB-24B9-4527-78A6D3ECE7F8}" = CCC Help Korean
"{83293709-B863-0EF6-00DA-B026D486E8B5}" = CCC Help Polish
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = The Sims Medieval
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{88B2ABCF-9C00-47C1-8FC4-369B98845DD7}" = Catalyst Control Center - Branding
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{911904DE-EBB6-BC8E-D5BD-762B7DB42C46}" = CCC Help Greek
"{9903011B-5F1D-A2A1-8078-EE62B3324CCE}" = CCC Help Portuguese
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A7F1628-2126-34A5-852D-2B93328BCF3F}" = CCC Help German
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{AC76BA86-7AD7-1029-7B44-A81000000003}" = Adobe Reader 8.1.0 - Czech
"{AE6C422B-DADB-D547-411C-E9E56DF03D16}" = CCC Help Russian
"{B09567CC-E43F-10F1-752D-549AC7FB0C43}" = CCC Help Finnish
"{B170B91D-E8E3-A6A3-D129-D8E36FEA8A0B}" = CCC Help Norwegian
"{BD96ABD3-D1D4-5513-6C60-11476D6DCFC5}" = Catalyst Control Center Localization All
"{C39C7876-4D21-8A38-0A42-B5C8858EC6C7}" = CCC Help French
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C70C90D2-D197-40E9-B712-6828BDA5F74A}" = PdfMerge
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4236B82-213F-679E-09A2-9AEB5EF4CADC}" = Catalyst Control Center Graphics Previews Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5B94160-4A07-4956-9C73-8C5EEFEF180F}" = OpenOffice.org 3.3
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EBBD4FE6-91DA-C397-6D56-FE85DBF24FCF}" = AMD VISION Engine Control Center
"{FCEFDA6B-63CD-BB17-B845-478A42E24D39}" = CCC Help Swedish
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}" = Apple Software Update
"Adobe AIR" = Adobe AIR
"Adobe Flash Player NPAPI" = Adobe Flash Player 21 NPAPI
"Avast" = Avast Free Antivirus
"AVerMedia A827 series driver" = AVerMedia A827 series driver 1.0.64.85
"BSPlayerf" = BS.Player FREE
"CloneDVD2" = CloneDVD2
"CrystalDiskInfo_is1" = CrystalDiskInfo 6.8.2
"Digital Editions" = Adobe Digital Editions
"Foxit Reader_is1" = Foxit Reader 5.1
"Google Chrome" = Google Chrome
"HD Tune_is1" = HD Tune 2.55
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platforma Ovladače zařízení
"InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"League of Legends 3.0.1" = League of Legends
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware verze 2.2.1.1043
"Mozilla Firefox 45.0.2 (x86 cs)" = Mozilla Firefox 45.0.2 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SafeZone 1.48.2066.98" = SafeZone Stable 1.48.2066.98
"VirtualCloneDrive" = VirtualCloneDrive
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3000822321-160099729-2533544899-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"uTorrent" = µTorrent
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 28.4.2014 3:09:33 | Computer Name = Mirča-PC | Source = WinMgmt | ID = 10
Description =
Error - 28.4.2014 8:24:06 | Computer Name = Mirča-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.4.2014 2:09:20 | Computer Name = Mirča-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.4.2014 15:18:16 | Computer Name = Mirča-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.4.2014 16:15:31 | Computer Name = Mirča-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: FlashPlayerPlugin_13_0_0_206.exe, verze:
13.0.0.206, časové razítko: 0x53519bd9 Název chybujícího modulu: FlashPlayerPlugin_13_0_0_206.exe,
verze: 13.0.0.206, časové razítko: 0x53519bd9 Kód výjimky: 0x40000015 Posun chyby:
0x00017fd0 ID chybujícího procesu: 0x12d4 Čas spuštění chybující aplikace: 0x01cf63e057315a3a
Cesta
k chybující aplikaci: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
Cesta
k chybujícímu modulu: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
ID
zprávy: 030d1ea3-cfdb-11e3-a31a-8c89a57d5c8d
Error - 30.4.2014 5:28:31 | Computer Name = Mirča-PC | Source = WinMgmt | ID = 10
Description =
Error - 30.4.2014 5:29:54 | Computer Name = Mirča-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: rundll32.exe_xrWCbgnd.dll, verze: 6.1.7600.16385,
časové razítko: 0x4a5bc9e0 Název chybujícího modulu: xrWCbgnd.dll, verze: 4.33.7.3,
časové razítko: 0x4a5bdfc1 Kód výjimky: 0xc0000005 Posun chyby: 0x000000000000992a
ID
chybujícího procesu: 0x4e0 Čas spuštění chybující aplikace: 0x01cf6456b61496fc Cesta
k chybující aplikaci: C:\Windows\System32\rundll32.exe Cesta k chybujícímu modulu:
C:\Windows\System32\xrWCbgnd.dll ID zprávy: fc228e87-d049-11e3-b9e8-8c89a57d5c8d
Error - 2.5.2014 14:29:40 | Computer Name = Mirča-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: FlashPlayerPlugin_13_0_0_206.exe, verze:
13.0.0.206, časové razítko: 0x53519bd9 Název chybujícího modulu: FlashPlayerPlugin_13_0_0_206.exe,
verze: 13.0.0.206, časové razítko: 0x53519bd9 Kód výjimky: 0x40000015 Posun chyby:
0x00017fd0 ID chybujícího procesu: 0x250 Čas spuštění chybující aplikace: 0x01cf65303399b630
Cesta
k chybující aplikaci: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
Cesta
k chybujícímu modulu: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
ID
zprávy: b89914d1-d227-11e3-b9e8-8c89a57d5c8d
Error - 3.5.2014 4:04:23 | Computer Name = Mirča-PC | Source = WinMgmt | ID = 10
Description =
Error - 3.5.2014 18:01:06 | Computer Name = Mirča-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 6.5.2016 9:32:05 | Computer Name = Mirča-PC | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\DR0 má chybný blok.
Error - 6.5.2016 9:32:08 | Computer Name = Mirča-PC | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\DR0 má chybný blok.
Error - 6.5.2016 9:32:10 | Computer Name = Mirča-PC | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\DR0 má chybný blok.
Error - 6.5.2016 9:33:06 | Computer Name = Mirča-PC | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\DR0 má chybný blok.
Error - 6.5.2016 9:33:08 | Computer Name = Mirča-PC | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\DR0 má chybný blok.
Error - 6.5.2016 9:33:10 | Computer Name = Mirča-PC | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\DR0 má chybný blok.
Error - 6.5.2016 9:33:12 | Computer Name = Mirča-PC | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\DR0 má chybný blok.
Error - 6.5.2016 9:33:15 | Computer Name = Mirča-PC | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\DR0 má chybný blok.
Error - 6.5.2016 9:33:17 | Computer Name = Mirča-PC | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\DR0 má chybný blok.
Error - 6.5.2016 9:33:19 | Computer Name = Mirča-PC | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\DR0 má chybný blok.
< End of report >
Re: Malware
Vypnete antivir, at nebrani programu v praci.
Znovu spustte OTL jako spravceDo spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands)
Kód: Vybrat vše
:commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[Purity]
[CreateRestorePoint]
:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
:otl
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3000822321-160099729-2533544899-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKU\S-1-5-21-3000822321-160099729-2533544899-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
FF - prefs.js..browser.search.isUS: false
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[3 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[7 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[2 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
Po restartu se objevi novy log, ten sem dejte.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
-
markyzamek
- Návštěvník
- Příspěvky: 39
- Registrován: 13 led 2013 14:21
Re: Malware
All processes killed
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Mirča
->Temp folder emptied: 63488 bytes
->Temporary Internet Files folder emptied: 923278 bytes
->FireFox cache emptied: 128479350 bytes
->Google Chrome cache emptied: 238492740 bytes
->Flash cache emptied: 176775 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 422299 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 352,00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Mirča
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-3000822321-160099729-2533544899-1001\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3000822321-160099729-2533544899-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Prefs.js: false removed from browser.search.isUS
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP87C5.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPADFA.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP1323.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP40D6.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPCCD1.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPF3DF.tmp folder deleted successfully.
C:\Windows\Installer\MSI4ACA.tmp deleted successfully.
C:\Windows\Installer\MSI5C62.tmp deleted successfully.
OTL by OldTimer - Version 3.2.69.0 log created on 05062016_204357
Files\Folders moved on Reboot...
C:\Users\Mirča\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Mirča\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20160412231940.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20160412231941.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20160412231953.log scheduled to be moved on reboot.
File move failed. C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Mirča
->Temp folder emptied: 63488 bytes
->Temporary Internet Files folder emptied: 923278 bytes
->FireFox cache emptied: 128479350 bytes
->Google Chrome cache emptied: 238492740 bytes
->Flash cache emptied: 176775 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 422299 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 352,00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Mirča
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-3000822321-160099729-2533544899-1001\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3000822321-160099729-2533544899-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Prefs.js: false removed from browser.search.isUS
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP87C5.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPADFA.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP1323.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP40D6.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPCCD1.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPF3DF.tmp folder deleted successfully.
C:\Windows\Installer\MSI4ACA.tmp deleted successfully.
C:\Windows\Installer\MSI5C62.tmp deleted successfully.
OTL by OldTimer - Version 3.2.69.0 log created on 05062016_204357
Files\Folders moved on Reboot...
C:\Users\Mirča\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Mirča\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20160412231940.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20160412231941.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20160412231953.log scheduled to be moved on reboot.
File move failed. C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Re: Malware
Nastala nejaka zmena?
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
-
markyzamek
- Návštěvník
- Příspěvky: 39
- Registrován: 13 led 2013 14:21
Re: Malware
Zdá se to lepší, ale video se ještě občas sekne - při HD (někdy zvuk jede dál).
Přijde mi, jako kdyby to bylo spojené s načítáním videa, které je ale načtené cca 1 minutu dopředu.
PC je napojené na ethernet a notebook na wifi stíhá načítat bez problému, takže pomalým připojením to není.
Stále se také objevuje ta neplynulost chodu počítače, když se načítá webová stránka, či webový prohlížeč, načítání fotek, prohlížení fotek (trvá než se otevře nebo načte další).
Momentálně se mi při psaní objevuje i sekání při psaní. Animované emotikony zde v nabídce se při pohybu sekají.
Přijde mi, jako kdyby to bylo spojené s načítáním videa, které je ale načtené cca 1 minutu dopředu.
PC je napojené na ethernet a notebook na wifi stíhá načítat bez problému, takže pomalým připojením to není.
Stále se také objevuje ta neplynulost chodu počítače, když se načítá webová stránka, či webový prohlížeč, načítání fotek, prohlížení fotek (trvá než se otevře nebo načte další).
Momentálně se mi při psaní objevuje i sekání při psaní. Animované emotikony zde v nabídce se při pohybu sekají.
Re: Malware
Kdyz pominu poskozeny disk, tak v logu vidim stopy Advanced SystemCare. Tento "skvely" programek umi udelat takovou paseku, ze je nekdy nutny i reinstal. Je zavrtany napriklad i v mozille.
Stahnete si instalatory mozilly a chrome a ulozte je treba na plochu.
Odinstalujte mozzilu i chrome a to komplet, vcetne nastaveni a profilu.
Pokud nechcete prijit o zalozky, muzete si je zazalohovat. Ale jen zalozky, pripadne hesla, jinak nic, nebo si to tam natahate zpatky.
Mozillu pomoci http://www.stahuj.centrum.cz/utility_a_ ... mozbackup/
Chrome pomoci http://www.slunecnice.cz/sw/google-chrome-backup/
Pak je zkuste nainstalovat zpatky a vyzkousejte, jestli nastala nejaka zmena.
Stahnete si instalatory mozilly a chrome a ulozte je treba na plochu. Odinstalujte mozzilu i chrome a to komplet, vcetne nastaveni a profilu. Pokud nechcete prijit o zalozky, muzete si je zazalohovat. Ale jen zalozky, pripadne hesla, jinak nic, nebo si to tam natahate zpatky.
Mozillu pomoci http://www.stahuj.centrum.cz/utility_a_ ... mozbackup/
Chrome pomoci http://www.slunecnice.cz/sw/google-chrome-backup/
Pak je zkuste nainstalovat zpatky a vyzkousejte, jestli nastala nejaka zmena.Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
-
markyzamek
- Návštěvník
- Příspěvky: 39
- Registrován: 13 led 2013 14:21
Re: Malware
Bohužel vše beze změny.
Re: Malware
Vyzkousejte, zda jsou ty problemy i v nouzovem rezimu s praci v siti.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
-
markyzamek
- Návštěvník
- Příspěvky: 39
- Registrován: 13 led 2013 14:21
Re: Malware
V nouzovém režimu je to lepší, ale stále to není plynulé.
Při spuštění pouze jedné webové stránky (www.forum.viry.cz) je to v pořádku, ale když zapnu video na youtube, facebook a stream, abych trochu zatížil systém, tak se to začne sekat. Psaní textu jde relativně plynule pořád.
Při spuštění pouze jedné webové stránky (www.forum.viry.cz) je to v pořádku, ale když zapnu video na youtube, facebook a stream, abych trochu zatížil systém, tak se to začne sekat. Psaní textu jde relativně plynule pořád.
Re: Malware
Postupujte podle navodu kolegy
vyosek píše:
- Ulozte nejlepe na plochu
- Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
- Probehne vytvoreni zalohy a nasledne prohledavani
- Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte
Postupujte podle navodu kolegy
vyosek píše:
- Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
- Do okna vlozte skript nize
Kód: Vybrat vše
autoclean; autoclean; resethosts; emptyclsid; IEdefaults; FFdefaults; CHRdefaults; emptyIEcache; emptyFFcache; emptyCHRcache; emptyalltemp; emptyflash; emptyjava; emptyrecycle.bin;- Nasledne kliknete na Run Script
- PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
-
markyzamek
- Návštěvník
- Příspěvky: 39
- Registrován: 13 led 2013 14:21
Re: Malware
log z JRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Professional x64
Ran by Mirźa (Administrator) on so 07.05.2016 at 20:14:42,15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 17
Successfully deleted: C:\Users\Mirźa\AppData\Local\{03A7672E-1B59-44E9-9464-A90D3BB573E6} (Empty Folder)
Successfully deleted: C:\Users\Mirźa\AppData\Local\{110C8B3F-E584-44B3-BAC8-9CDB5BE019DF} (Empty Folder)
Successfully deleted: C:\Users\Mirźa\AppData\Local\{8E1E5668-492F-4E88-BD79-35021DDD9F80} (Empty Folder)
Successfully deleted: C:\Users\Mirźa\AppData\Local\{BA8FF4DE-49EC-416F-88F2-6A121D4E71AF} (Empty Folder)
Successfully deleted: C:\Users\Mirźa\AppData\Local\{BB8D6EA9-0661-4651-A375-605A530F79A8} (Empty Folder)
Successfully deleted: C:\Users\Mirźa\AppData\Local\{CA4962CB-2576-4A0F-9B9F-1C379DDF3E20} (Empty Folder)
Successfully deleted: C:\Users\Mirźa\AppData\Local\{F27FE237-ACF5-47D7-8593-E26CFAA7A94D} (Empty Folder)
Successfully deleted: C:\Users\Mirźa\AppData\Local\{FC461035-CFCA-494F-81C2-B37E1FE77ED7} (Empty Folder)
Successfully deleted: C:\Users\Mirźa\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\Users\Mirźa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4X5FESX7 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mirźa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EMDB4QKZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mirźa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RTV8C9CL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mirźa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XX7WV0ZE (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4X5FESX7 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EMDB4QKZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RTV8C9CL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XX7WV0ZE (Temporary Internet Files Folder)
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on so 07.05.2016 at 20:17:34,37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Professional x64
Ran by Mirźa (Administrator) on so 07.05.2016 at 20:14:42,15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 17
Successfully deleted: C:\Users\Mirźa\AppData\Local\{03A7672E-1B59-44E9-9464-A90D3BB573E6} (Empty Folder)
Successfully deleted: C:\Users\Mirźa\AppData\Local\{110C8B3F-E584-44B3-BAC8-9CDB5BE019DF} (Empty Folder)
Successfully deleted: C:\Users\Mirźa\AppData\Local\{8E1E5668-492F-4E88-BD79-35021DDD9F80} (Empty Folder)
Successfully deleted: C:\Users\Mirźa\AppData\Local\{BA8FF4DE-49EC-416F-88F2-6A121D4E71AF} (Empty Folder)
Successfully deleted: C:\Users\Mirźa\AppData\Local\{BB8D6EA9-0661-4651-A375-605A530F79A8} (Empty Folder)
Successfully deleted: C:\Users\Mirźa\AppData\Local\{CA4962CB-2576-4A0F-9B9F-1C379DDF3E20} (Empty Folder)
Successfully deleted: C:\Users\Mirźa\AppData\Local\{F27FE237-ACF5-47D7-8593-E26CFAA7A94D} (Empty Folder)
Successfully deleted: C:\Users\Mirźa\AppData\Local\{FC461035-CFCA-494F-81C2-B37E1FE77ED7} (Empty Folder)
Successfully deleted: C:\Users\Mirźa\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\Users\Mirźa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4X5FESX7 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mirźa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EMDB4QKZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mirźa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RTV8C9CL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mirźa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XX7WV0ZE (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4X5FESX7 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EMDB4QKZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RTV8C9CL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XX7WV0ZE (Temporary Internet Files Folder)
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on so 07.05.2016 at 20:17:34,37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
markyzamek
- Návštěvník
- Příspěvky: 39
- Registrován: 13 led 2013 14:21
Re: Malware
Zoek stále jede a už dlouho se nic neděje:
Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Mirźa on so 07.05.2016 at 20:19:38,03.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\MIRA~1\Desktop\zoek.exe [Scan all users] [Script inserted]
===== Runcheck 20:20:09,14 =====
--- Create Environment Variables 20:20:10,84
--- Create System Restore Point 20:20:18,83
--- Checking Input 20:20:30,16
--- Reset Hosts File 20:21:00,34
--- AU AppData Check 20:21:01,14
--- Remove From Windows Installer 20:21:05,15
--- Empty Folders Check 20:23:26,83
--- Registry HKLM Software Check 20:23:26,84
--- IE Startpage Check 20:23:53,06
--- Program Files DB Check 20:24:10,56
--- C:\Users\Default\AppData\ DB Check 20:25:07,16
--- C:\Users\Default User\AppData\ DB Check 20:25:07,16
--- C:\Users\Public\AppData\ DB Check 20:25:07,16
--- C:\Users\MIRA~1\AppData\ DB Check 20:25:07,16
--- C:\Windows\SysNative\config\systemprofile\AppData\ DB Check 20:25:07,16
--- C:\Windows\sysWoW64\config\systemprofile\AppData\ DB Check 20:25:07,16
--- C:\Windows\serviceprofiles\networkservice\AppData\ DB Check 20:25:07,16
--- C:\Windows\serviceprofiles\Localservice\AppData\ DB Check 20:25:07,16
--- C:\Users\MIRA~1 DB Check 20:28:24,04
--- C:\PROGRA~3 DB Check 20:28:45,24
--- C:\Users\Default\AppData\Local DB Check 20:28:58,31
--- C:\Users\Default User\AppData\Local DB Check 20:28:58,31
--- C:\Users\Public\AppData\Local DB Check 20:28:58,31
--- C:\Users\MIRA~1\AppData\Local DB Check 20:28:58,31
--- C:\Windows\SysNative\config\systemprofile\AppData\Local DB Check 20:28:58,31
--- C:\Windows\sysWoW64\config\systemprofile\AppData\Local DB Check 20:28:58,31
--- C:\Windows\serviceprofiles\networkservice\AppData\Local DB Check 20:28:58,31
--- C:\Windows\serviceprofiles\Localservice\AppData\Local DB Check 20:28:58,31
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 20:31:14,57
--- C:\Users\MIRA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs DB Check 20:31:27,57
--- Tasks DB Check 20:31:35,71
--- Downloads DB Check 20:31:41,14
--- C:\Users\MIRA~1\AppData\LocalLow DB Check 20:31:46,58
--- C:\Windows\SysNative\config\systemprofile\AppData\LocalLow DB Check 20:31:46,58
--- C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow DB Check 20:31:46,58
--- C:\Windows\serviceprofiles\networkservice\AppData\LocalLow DB Check 20:31:46,58
--- C:\Windows\serviceprofiles\Localservice\AppData\LocalLow DB Check 20:31:46,58
--- Tasks2 DB Check 20:32:45,32
--- Documents DB Check 20:33:26,22
--- C:\Users\MIRA~1\AppData\Roaming\Mozilla\Firefox\Profiles\ejtt4vyi.default DB Check 20:33:36,00
--- C:\Users\Public\Desktop DB Check 20:33:39,15
--- C:\Users\MIRA~1\Desktop DB Check 20:33:47,00
--- Services DB Check 20:33:58,75
--- FF prefs.js DB Check 20:34:33,04
--- Emptyclsid 20:35:26,89
--- Del by CLSID 20:35:31,01
--- Delete Services 20:36:40,40
--- Firefox Fix 20:36:44,12
--- Delete files\folders 20:36:46,25
--- Create Backups 20:36:46,46
--- Firefox Extensions 20:36:56,61
Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Mirźa on so 07.05.2016 at 20:19:38,03.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\MIRA~1\Desktop\zoek.exe [Scan all users] [Script inserted]
===== Runcheck 20:20:09,14 =====
--- Create Environment Variables 20:20:10,84
--- Create System Restore Point 20:20:18,83
--- Checking Input 20:20:30,16
--- Reset Hosts File 20:21:00,34
--- AU AppData Check 20:21:01,14
--- Remove From Windows Installer 20:21:05,15
--- Empty Folders Check 20:23:26,83
--- Registry HKLM Software Check 20:23:26,84
--- IE Startpage Check 20:23:53,06
--- Program Files DB Check 20:24:10,56
--- C:\Users\Default\AppData\ DB Check 20:25:07,16
--- C:\Users\Default User\AppData\ DB Check 20:25:07,16
--- C:\Users\Public\AppData\ DB Check 20:25:07,16
--- C:\Users\MIRA~1\AppData\ DB Check 20:25:07,16
--- C:\Windows\SysNative\config\systemprofile\AppData\ DB Check 20:25:07,16
--- C:\Windows\sysWoW64\config\systemprofile\AppData\ DB Check 20:25:07,16
--- C:\Windows\serviceprofiles\networkservice\AppData\ DB Check 20:25:07,16
--- C:\Windows\serviceprofiles\Localservice\AppData\ DB Check 20:25:07,16
--- C:\Users\MIRA~1 DB Check 20:28:24,04
--- C:\PROGRA~3 DB Check 20:28:45,24
--- C:\Users\Default\AppData\Local DB Check 20:28:58,31
--- C:\Users\Default User\AppData\Local DB Check 20:28:58,31
--- C:\Users\Public\AppData\Local DB Check 20:28:58,31
--- C:\Users\MIRA~1\AppData\Local DB Check 20:28:58,31
--- C:\Windows\SysNative\config\systemprofile\AppData\Local DB Check 20:28:58,31
--- C:\Windows\sysWoW64\config\systemprofile\AppData\Local DB Check 20:28:58,31
--- C:\Windows\serviceprofiles\networkservice\AppData\Local DB Check 20:28:58,31
--- C:\Windows\serviceprofiles\Localservice\AppData\Local DB Check 20:28:58,31
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 20:31:14,57
--- C:\Users\MIRA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs DB Check 20:31:27,57
--- Tasks DB Check 20:31:35,71
--- Downloads DB Check 20:31:41,14
--- C:\Users\MIRA~1\AppData\LocalLow DB Check 20:31:46,58
--- C:\Windows\SysNative\config\systemprofile\AppData\LocalLow DB Check 20:31:46,58
--- C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow DB Check 20:31:46,58
--- C:\Windows\serviceprofiles\networkservice\AppData\LocalLow DB Check 20:31:46,58
--- C:\Windows\serviceprofiles\Localservice\AppData\LocalLow DB Check 20:31:46,58
--- Tasks2 DB Check 20:32:45,32
--- Documents DB Check 20:33:26,22
--- C:\Users\MIRA~1\AppData\Roaming\Mozilla\Firefox\Profiles\ejtt4vyi.default DB Check 20:33:36,00
--- C:\Users\Public\Desktop DB Check 20:33:39,15
--- C:\Users\MIRA~1\Desktop DB Check 20:33:47,00
--- Services DB Check 20:33:58,75
--- FF prefs.js DB Check 20:34:33,04
--- Emptyclsid 20:35:26,89
--- Del by CLSID 20:35:31,01
--- Delete Services 20:36:40,40
--- Firefox Fix 20:36:44,12
--- Delete files\folders 20:36:46,25
--- Create Backups 20:36:46,46
--- Firefox Extensions 20:36:56,61
Re: Malware
No ja z domu nepoznam, jestli jeste pracuje, nebo se to kouslo. Tak bud jeste pockate, nebo ho zkuste spustit znovu 
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
-
markyzamek
- Návštěvník
- Příspěvky: 39
- Registrován: 13 led 2013 14:21
Re: Malware
Už jsem ho vypl. Při zapnutí se opět načte tam, kde skončil a stojí dál.
Přispějete na provoz fóra?
