VIRY.CZ

Ahojte vymazal som vsetky nepotrebne subory a strasne mam pomaly PC neviem co stym tak som sa obratil na vas.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Patrick at 2013-02-02 10:43:48
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 50 GB (56%) free of 90 GB
Total RAM: 3582 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:44:20, on 2. 2. 2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Patrick\Desktop\Downloads\RSIT.exe
C:\Program Files\AVG\AVG2013\avgcfgex.exe
C:\Program Files\trend micro\Patrick.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com/?l=dis&o=15383
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKCU\..\Run: [Google Update] "C:\Users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3534632487-2100141749-3601174974-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3534632487-2100141749-3601174974-1004\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3534632487-2100141749-3601174974-1004\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3534632487-2100141749-3601174974-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8345172E-7440-4A03-BE27-E2E9D58793C5}: NameServer = 95.131.129.241 95.131.128.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: DCService.exe - Unknown owner - C:\ProgramData\DatacardService\DCService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 7132 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3534632487-2100141749-3601174974-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3534632487-2100141749-3601174974-1001UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-02-01 461216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-02-01 170912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"AmIcoSinglun"=C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe [2012-06-28 277120]
"AVG_UI"=C:\Program Files\AVG\AVG2013\avgui.exe [2012-12-11 3147384]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2012-12-13 11734240]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-16 116648]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]
"Pando Media Booster"=C:\Program Files\Pando Networks\Media Booster\PMB.exe [2012-10-28 3093624]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2012-12-19 969104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2012-04-17 3671872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Platinum Hide IP]
C:\Program Files\PlatinumHideIP\PlatinumHideIP.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Patrick^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
C:\Users\Patrick\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-10-18 26643352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Patrick^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orezávač obrazovky a spúšťač programu OneNote 2007.lnk]
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro35Crusader]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutorun"=0
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"VIDC.FMVC"=fmcodec.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-02-02 10:43:48 ----D---- C:\rsit
2013-02-02 10:43:48 ----D---- C:\Program Files\trend micro
2013-02-01 18:31:59 ----D---- C:\Windows\system32\RTCOM
2013-02-01 18:31:44 ----A---- C:\Windows\system32\WavesLib.dll
2013-02-01 18:31:42 ----A---- C:\Windows\system32\SRSWOW.dll
2013-02-01 18:31:42 ----A---- C:\Windows\system32\SRSTSXT.dll
2013-02-01 18:31:42 ----A---- C:\Windows\system32\SRSTSHD.dll
2013-02-01 18:31:42 ----A---- C:\Windows\system32\SRSHP360.dll
2013-02-01 18:31:39 ----A---- C:\Windows\system32\RtkPgExt.dll
2013-02-01 18:31:39 ----A---- C:\Windows\system32\RtkCoLDR.dll
2013-02-01 18:31:39 ----A---- C:\Windows\system32\RtkCoInstII.dll
2013-02-01 18:31:39 ----A---- C:\Windows\system32\RtkApoApi.dll
2013-02-01 18:31:39 ----A---- C:\Windows\system32\drivers\RTKVHDA.sys
2013-02-01 18:31:38 ----A---- C:\Windows\system32\RtkAPO.dll
2013-02-01 18:31:37 ----A---- C:\Windows\system32\RTEEP32A.dll
2013-02-01 18:31:37 ----A---- C:\Windows\system32\RTEEL32A.dll
2013-02-01 18:31:37 ----A---- C:\Windows\system32\RTEEG32A.dll
2013-02-01 18:31:37 ----A---- C:\Windows\system32\RTEED32A.dll
2013-02-01 18:31:37 ----A---- C:\Windows\system32\RP3DHT32.dll
2013-02-01 18:31:37 ----A---- C:\Windows\system32\RP3DAA32.dll
2013-02-01 18:31:37 ----A---- C:\Windows\system32\drivers\RTAIODAT.DAT
2013-02-01 18:31:36 ----A---- C:\Windows\system32\MBWrp32.dll
2013-02-01 18:31:36 ----A---- C:\Windows\system32\MBppld32.dll
2013-02-01 18:31:36 ----A---- C:\Windows\system32\MBPPCn32.dll
2013-02-01 18:31:35 ----A---- C:\Windows\system32\MBAPO32.dll
2013-02-01 18:31:34 ----A---- C:\Windows\system32\MaxxAudioEQ.dll
2013-02-01 18:31:34 ----A---- C:\Windows\system32\MaxxAudioAPOShell.dll
2013-02-01 18:31:33 ----A---- C:\Windows\system32\MaxxAudioAPO20.dll
2013-02-01 18:31:33 ----A---- C:\Windows\system32\MaxxAudioAPO.dll
2013-02-01 18:31:29 ----A---- C:\Windows\system32\FMAPO.dll
2013-02-01 18:31:27 ----A---- C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2013-02-01 18:31:26 ----A---- C:\Windows\system32\AERTARen.dll
2013-02-01 18:31:26 ----A---- C:\Windows\system32\AERTACap.dll
2013-02-01 18:21:51 ----D---- C:\Program Files\Common Files\Java
2013-02-01 18:21:36 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
2013-02-01 18:19:06 ----A---- C:\Windows\system32\nvopencl.dll
2013-02-01 18:19:06 ----A---- C:\Windows\system32\nvoglv32.dll
2013-02-01 18:19:06 ----A---- C:\Windows\system32\nvcuvid.dll
2013-02-01 18:19:06 ----A---- C:\Windows\system32\nvcuvenc.dll
2013-02-01 18:19:06 ----A---- C:\Windows\system32\nvcuda.dll
2013-02-01 18:19:06 ----A---- C:\Windows\system32\nvcompiler.dll
2013-02-01 18:19:06 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2013-01-30 10:10:38 ----A---- C:\Windows\system32\RtNicProp32.dll
2013-01-30 10:10:38 ----A---- C:\Windows\system32\drivers\Rt86win7.sys
2013-01-26 11:38:01 ----D---- C:\Users\Patrick\AppData\Roaming\Youtube Downloader HD
2013-01-26 11:05:53 ----A---- C:\Windows\CZ SK IPTV v2.0.4 Uninstaller.exe
2013-01-26 09:26:14 ----D---- C:\ProgramData\Steam
2013-01-19 18:06:13 ----D---- C:\Users\Patrick\AppData\Roaming\Nemex
2013-01-19 18:06:01 ----D---- C:\Program Files\Nemex
2013-01-12 13:42:10 ----A---- C:\Windows\system32\nvStreaming.exe
2013-01-09 16:23:10 ----A---- C:\Windows\system32\usp10.dll
2013-01-09 16:23:09 ----A---- C:\Windows\system32\win32k.sys
2013-01-09 16:23:07 ----A---- C:\Windows\system32\win32spl.dll
2013-01-09 16:23:02 ----A---- C:\Windows\system32\msxml6.dll
2013-01-09 16:22:59 ----A---- C:\Windows\system32\KernelBase.dll
2013-01-09 16:22:58 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-09 16:22:58 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-01-09 16:22:58 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-01-09 16:22:58 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-01-09 16:22:58 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-09 16:22:58 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-09 16:22:58 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-09 16:22:58 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-01-09 16:22:58 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-01-09 16:22:58 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-09 16:22:58 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-09 16:22:58 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-01-09 16:22:58 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-09 16:22:58 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-01-09 16:22:58 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-01-09 16:22:58 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-01-09 16:22:58 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-09 16:22:58 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-09 16:22:58 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-09 16:22:58 ----A---- C:\Windows\system32\winsrv.dll
2013-01-09 16:22:58 ----A---- C:\Windows\system32\kernel32.dll
2013-01-09 16:22:58 ----A---- C:\Windows\system32\conhost.exe
2013-01-09 16:22:57 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-01-09 16:22:57 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-09 16:22:57 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-01-09 16:22:57 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-09 16:22:57 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-09 16:22:57 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-01-09 16:22:57 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-01-09 16:22:57 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-09 16:22:57 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-01-09 16:22:47 ----A---- C:\Windows\system32\Wpc.dll
2013-01-09 16:22:47 ----A---- C:\Windows\system32\gameux.dll
2013-01-09 16:22:43 ----A---- C:\Windows\system32\taskhost.exe
2013-01-09 16:22:43 ----A---- C:\Windows\system32\ncrypt.dll

======List of files/folders modified in the last 1 month======

2013-02-02 10:44:10 ----D---- C:\Users\Patrick\AppData\Roaming\uTorrent
2013-02-02 10:43:59 ----D---- C:\Windows\Temp
2013-02-02 10:43:48 ----D---- C:\Program Files
2013-02-02 10:41:53 ----D---- C:\Windows\System32
2013-02-02 10:41:53 ----D---- C:\Windows\inf
2013-02-02 10:41:53 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-02-02 10:37:13 ----D---- C:\ProgramData\NVIDIA
2013-02-02 10:35:56 ----D---- C:\Windows\system32\config
2013-02-02 10:35:40 ----AD---- C:\ProgramData\TEMP
2013-02-02 10:35:23 ----D---- C:\Users\Patrick\AppData\Roaming\AVG
2013-02-02 10:26:03 ----D---- C:\ProgramData\MFAData
2013-02-01 18:50:01 ----D---- C:\Users\Patrick\AppData\Roaming\Mirillis
2013-02-01 18:50:01 ----D---- C:\ProgramData\Mirillis
2013-02-01 18:49:31 ----D---- C:\Program Files\Mirillis
2013-02-01 18:40:03 ----SHD---- C:\Windows\Installer
2013-02-01 18:40:01 ----D---- C:\Program Files\Java
2013-02-01 18:39:42 ----SHD---- C:\System Volume Information
2013-02-01 18:38:38 ----D---- C:\Program Files\SpeedFan
2013-02-01 18:35:24 ----HD---- C:\Program Files\Temp
2013-02-01 18:32:04 ----D---- C:\Windows\system32\drivers
2013-02-01 18:31:58 ----D---- C:\Windows\system32\catroot
2013-02-01 18:31:57 ----D---- C:\Windows\system32\DriverStore
2013-02-01 18:31:25 ----HD---- C:\Program Files\InstallShield Installation Information
2013-02-01 18:31:22 ----D---- C:\Windows
2013-02-01 18:28:09 ----D---- C:\Windows\system32\catroot2
2013-02-01 18:24:38 ----D---- C:\Windows\Prefetch
2013-02-01 18:24:37 ----D---- C:\ProgramData\AmUStor
2013-02-01 18:24:37 ----D---- C:\Program Files\AmIcoSingLun
2013-02-01 18:21:51 ----D---- C:\Program Files\Common Files
2013-02-01 18:21:29 ----A---- C:\Windows\system32\npdeployJava1.dll
2013-02-01 18:21:29 ----A---- C:\Windows\system32\javaws.exe
2013-02-01 18:21:29 ----A---- C:\Windows\system32\javaw.exe
2013-02-01 18:21:29 ----A---- C:\Windows\system32\java.exe
2013-02-01 18:21:29 ----A---- C:\Windows\system32\deployJava1.dll
2013-02-01 18:21:08 ----D---- C:\Program Files\NVIDIA Corporation
2013-02-01 18:12:09 ----D---- C:\ProgramData\DriverGenius
2013-01-28 19:15:17 ----D---- C:\Users\Patrick\AppData\Roaming\Skype
2013-01-26 17:03:13 ----D---- C:\Users\Patrick\AppData\Roaming\vlc
2013-01-26 09:26:14 ----HD---- C:\ProgramData
2013-01-18 20:18:19 ----D---- C:\Windows\rescache
2013-01-10 18:04:37 ----RSD---- C:\Windows\assembly
2013-01-10 18:04:37 ----D---- C:\Windows\Microsoft.NET
2013-01-10 17:14:40 ----D---- C:\Windows\winsxs
2013-01-10 17:12:55 ----D---- C:\Windows\system32\cs-CZ
2013-01-09 18:30:26 ----A---- C:\Windows\system32\MRT.exe
2013-01-09 18:06:31 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2013-01-06 18:08:38 ----D---- C:\Windows\system32\NDF
2013-01-03 12:42:57 ----A---- C:\Windows\system32\nvwgf2um.dll
2013-01-03 12:42:57 ----A---- C:\Windows\system32\nvdispgenco32.dll
2013-01-03 12:42:57 ----A---- C:\Windows\system32\nvdispco32.dll
2013-01-03 12:42:57 ----A---- C:\Windows\system32\nvd3dum.dll
2013-01-03 12:42:57 ----A---- C:\Windows\system32\nvapi.dll
2013-01-03 09:38:31 ----A---- C:\Windows\system32\nvsvc.dll
2013-01-03 09:38:31 ----A---- C:\Windows\system32\nvcpl.dll
2013-01-03 09:37:58 ----A---- C:\Windows\system32\nvvsvc.exe
2013-01-03 09:37:58 ----A---- C:\Windows\system32\nvsvcr.dll
2013-01-03 09:37:58 ----A---- C:\Windows\system32\nvshext.dll
2013-01-03 09:37:58 ----A---- C:\Windows\system32\nvmctray.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSHX;AVGIDSHX; C:\Windows\system32\DRIVERS\avgidshx.sys [2012-10-15 55776]
R0 Avglogx;AVG Logging Driver; C:\Windows\system32\DRIVERS\avglogx.sys [2012-09-21 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx86.sys [2012-11-15 94048]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx86.sys [2012-09-14 35552]
R0 giveio;giveio; C:\Windows\system32\giveio.sys [1996-04-03 5248]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 speedfan;speedfan; C:\Windows\system32\speedfan.sys [2011-03-18 25240]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6x.sys [2012-09-04 50296]
R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdriverx.sys [2012-10-22 179936]
R1 AVGIDSShim;AVGIDSShim; C:\Windows\system32\DRIVERS\avgidsshimx.sys [2012-09-21 19936]
R1 Avgldx86;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx86.sys [2012-10-02 159712]
R1 Avgtdix;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdix.sys [2012-09-21 164832]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-06 242240]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2010-05-22 70656]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2012-12-26 2568800]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2012-12-27 614624]
R3 V0330VID;WebCam Vista/Live! Cam Chat VF0330; C:\Windows\system32\DRIVERS\V0330Vid.sys [2009-07-03 157728]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [2010-03-20 101504]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver; \??\C:\Windows\system32\drivers\hitmanpro35.sys [2012-07-03 16968]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2010-03-25 105984]
S3 lmimirr;lmimirr; C:\Windows\system32\drivers\lmimirr.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 14848]
S3 RimUsb;zařízení BlackBerry Smartphone; C:\Windows\system32\drivers\RimUsb.sys []
S3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2011-07-20 35328]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2009-07-14 8192]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\system32\drivers\Synth3dVsc.sys []
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2012-08-23 49664]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2012-08-20 104792]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\drivers\VBoxNetFlt.sys []
S3 VGPU;VGPU; C:\Windows\system32\drivers\VGPU.sys []
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avgfws;AVG Firewall; C:\Program Files\AVG\AVG2013\avgfws.exe [2012-12-10 1342024]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 DCService.exe;DCService.exe; C:\ProgramData\DatacardService\DCService.exe [2010-05-08 229376]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-01-03 634808]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-01-03 1259448]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2012-12-22 76888]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-12 383264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-09 251400]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-04-17 1343400]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.09 2013-02-02 10:44:21

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
-->MsiExec /X{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}
«Sleeping Dogs - Limited Edition»-->"d:\steamapps\common\SleepingDogs\unins000.exe"
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{47FA2C44-D148-4DBC-AF60-B91934AA4842}
Adobe Flash Player 11 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe -maintain activex
Adobe Flash Player 11 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_146_Plugin.exe -maintain plugin
Adobe Shockwave Player 11.6-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Aktualizace NVIDIA 1.10.8-->"C:\Windows\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.4\NVI2.DLL",UninstallPackage Display.Update
Alcor Micro USB Card Reader-->C:\Program Files\InstallShield Installation Information\{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}\Setup.exe -runfromtemp -l0x0409
Alcor Micro USB Card Reader-->C:\Program Files\InstallShield Installation Information\{FD1C729D-EDD3-4142-8980-7EA36F19D500}\setup.exe
aTube Catcher-->C:\Program Files\DsNET Corp\aTube Catcher 2.0\uninstall.exe
AVG 2013-->"C:\Program Files\AVG\AVG2013\avgmfapx.exe" /AppMode=SETUP /Uninstall
AVG 2013-->MsiExec.exe /I{731E713B-C13E-4527-B624-8A6DF2D33DAF}
AVG 2013-->MsiExec.exe /I{7FD093C2-3493-4B17-BB15-B129A7D1DC51}
AVG PC Tuneup 2011-->"C:\Program Files\AVG\AVG PC Tuneup 2011\unins000.exe"
Counter-Strike 1.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}\Setup.exe" -l0x19
Creative WebCam Vista/Live! Cam Chat (VF0330) Driver (1.12.01.00)-->C:\Windows\CtDrvIns.exe -uninstall -script VF0330.uns -unsext NT -plugin V0330Pin.dll -pluginres CtCamPin.crl -langid 0x041B
CZ SK IPTV v2.0.4-->"C:\Windows\CZ SK IPTV v2.0.4 Uninstaller.exe"
DAEMON Tools Lite-->C:\Program Files\DAEMON Tools Lite\uninst.exe
DMC Devi May Cry (c) Capcom version 1-->"D:\Program Files\DMC Devi May Cry\unins000.exe"
Facebook Video Calling 1.2.0.159-->MsiExec.exe /X{7CAC6A44-C3DE-4153-ACA6-7524602C789E}
Far Cry 3-->"C:\Program Files\InstallShield Installation Information\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}\setup.exe" -runfromtemp -l0x0409 -removeonly
Java 7 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217011FF}
jetAudio Basic VX-->"C:\Program Files\InstallShield Installation Information\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}\setup.exe" -runfromtemp -l0x0405 -removeonly
Max Payne 3-->"C:\Program Files\InstallShield Installation Information\{1AA94747-3BF6-4237-9E1A-7B3067738FE1}\Setup.exe" -runfromtemp -l0x0409 -removeonly
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1029 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->MsiExec.exe /X{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft .NET Framework 4 Extended CSY Language Pack-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ExtendedLP\Setup.exe /repair /x86 /lcid 1029 /parameterfolder ExtendedLP
Microsoft .NET Framework 4 Extended CSY Language Pack-->MsiExec.exe /X{A2DE62D8-EF1B-36CB-B461-B1E221ED8608}
Microsoft .NET Framework 4 Extended-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /parameterfolder Extended
Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{0A0CADCF-78DA-33C4-A350-CD51849B9702}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{59E4543A-D49D-4489-B445-473D763C79AF}
Microsoft Office Access MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0015-041B-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0016-041B-0000-0000000FF1CE}
Microsoft Office Groove MUI (Slovak) 2007-->MsiExec.exe /X{90120000-00BA-041B-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0044-041B-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Slovak) 2007-->MsiExec.exe /X{90120000-00A1-041B-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Slovak) 2007-->MsiExec.exe /X{90120000-001A-041B-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0018-041B-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Hungarian) 2007-->MsiExec.exe /X{90120000-001F-040E-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Slovak) 2007-->MsiExec.exe /X{90120000-002C-041B-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0019-041B-0000-0000000FF1CE}
Microsoft Office Shared MUI (Slovak) 2007-->MsiExec.exe /X{90120000-006E-041B-0000-0000000FF1CE}
Microsoft Office Word MUI (Slovak) 2007-->MsiExec.exe /X{90120000-001B-041B-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Mobile Partner-->C:\Program Files\Mobile Partner\uninst.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 7 Premium-->MsiExec.exe /X{91C0B95B-B83A-4828-A775-BBE2DD421051}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
nJoy 1.0.2.6-->"C:\Program Files\Nemex\nJoy\unins000.exe"
NVIDIA Ovladač 3D Vision 307.74-->"C:\Windows\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.4\NVI2.DLL",UninstallPackage Display.3DVision
NVIDIA Ovladač řídící jednotky 3D Vision 307.74-->"C:\Windows\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.4\NVI2.DLL",UninstallPackage Display.NVIRUSB
NVIDIA Ovladače grafiky 307.74-->"C:\Windows\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.4\NVI2.DLL",UninstallPackage Display.Driver
NVIDIA PhysX-->MsiExec.exe /X{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}
NVIDIA Stereoscopic 3D Driver-->"C:\Program Files\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
NVIDIA Systémový software PhysX 9.12.0604-->"C:\Windows\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.4\NVI2.DLL",UninstallPackage Display.PhysX
Opera 11.62-->"C:\Program Files\Opera\Opera.exe" /uninstall
Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe
PunkBuster Services-->d:\Program Files\Ubisoft\FarCry 3\bin\pbsvc_fc3.exe -u
Realtek Ethernet Controller Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Rockstar Games Social Club-->C:\Program Files\Rockstar Games\Social Club\uninstallRGSCRedistributable.exe
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DB31DEDD-BF95-31E7-A9B7-5480561CEFF3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {67A5F99B-5EBA-3812-8D2E-BC251490DD3F} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8DDEFC7E-0C61-3D11-AFC6-5414F2DAFD01} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {9EC88EA8-4ABE-393C-87BD-90EABB1C4C9B} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {86BB5A25-8CC3-33CE-A393-CF28901682B2} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {16EEC04A-B924-37E0-97CF-422DCEFC1B63} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {C4D978AA-2668-3404-96DE-96E2AFC62FD7} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {CD6D9B8A-BBC4-3FA7-B24D-D74CE90630CF} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FCBF8C05-F031-381A-8B7F-45403B55ADF5} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {ECBEE23D-AB7E-3DAA-B66B-CD52003198F1} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {788818B1-B191-3217-A210-7ACFDE19CE4A} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile CSY Language Pack (KB2518870)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder ClientLP
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {42A3562E-8B4E-39A4-B82D-CC12F82889E3} /parameterfolder Extended
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder Extended
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {FCBF8C05-F031-381A-8B7F-45403B55ADF5} /parameterfolder Extended
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {788818B1-B191-3217-A210-7ACFDE19CE4A} /parameterfolder Extended
Skype™ 5.8-->MsiExec.exe /X{1845470B-EB14-4ABC-835B-E36C693DC07D}
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
Splash PRO EX-->"C:\Program Files\Mirillis\Splash PRO EX\uninstall.exe"
Splash PRO-->MsiExec.exe /I{76CD7040-0755-4A39-8AA2-741A95E516C7}
swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726}
TeamSpeak 3 Client-->"C:\Program Files\TeamSpeak 3 Client\uninstall.exe"
Text-To-Speech-Runtime-->MsiExec.exe /X{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5E9CF3A4-ADB3-3080-A8BF-976A28340758} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {81EBB9D7-173C-32E3-B477-149C8DE075E4} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D9961AC-7C99-36A2-9EF0-34678AED5384} /parameterfolder Client
Update for Microsoft .NET Framework 4 Extended (KB2468871)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {5E9CF3A4-ADB3-3080-A8BF-976A28340758} /parameterfolder Extended
Update for Microsoft .NET Framework 4 Extended (KB2533523)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {81EBB9D7-173C-32E3-B477-149C8DE075E4} /parameterfolder Extended
Update for Microsoft .NET Framework 4 Extended (KB2600217)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {5D9961AC-7C99-36A2-9EF0-34678AED5384} /parameterfolder Extended
Visual Studio C++ 10.0 Runtime-->MsiExec.exe /I{4412F224-3849-4461-A3E9-DEEF8D252790}
VLC media player 2.0.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR 4.00 (32-bit)-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Youtube Downloader HD v. 2.9.6-->"D:\Program Files\Youtube Downloader HD\unins000.exe"

======System event log======

Computer Name: Patrick-PC
Event Code: 7036
Message: Stav služby Služba DPS (Diagnostic Policy Service) byl změněn na: Zastaveno
Record Number: 34088
Source Name: Service Control Manager
Time Written: 20120701195604.973089-000
Event Type: Informace
User:

Computer Name: Patrick-PC
Event Code: 7036
Message: Stav služby ESET Service byl změněn na: Zastaveno
Record Number: 34087
Source Name: Service Control Manager
Time Written: 20120701195604.973089-000
Event Type: Informace
User:

Computer Name: Patrick-PC
Event Code: 7036
Message: Stav služby Klient zásad skupiny byl změněn na: Zastaveno
Record Number: 34086
Source Name: Service Control Manager
Time Written: 20120701195604.817089-000
Event Type: Informace
User:

Computer Name: Patrick-PC
Event Code: 7036
Message: Stav služby Windows Update byl změněn na: Zastaveno
Record Number: 34085
Source Name: Service Control Manager
Time Written: 20120701195604.754689-000
Event Type: Informace
User:

Computer Name: Patrick-PC
Event Code: 27
Message: Automatické aktualizace jsou pozastaveny.
Record Number: 34084
Source Name: Microsoft-Windows-WindowsUpdateClient
Time Written: 20120701195604.598689-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: 37L4247D28-05
Event Code: 1001
Message: Chybný blok , typ 0
Název události: PnPDriverNotFound
Reakce: Není k dispozici
ID souboru CAB: 0

Podpis problému:
P1: x86
P2: USB\VID_041E&PID_405F&REV_0100
P3:
P4:
P5:
P6:
P7:
P8:
P9:
P10:

Připojené soubory:
C:\Windows\Temp\DMI6289.tmp.log.xml

Tyto soubory mohou být k dispozici zde:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x86_9ea46196ba837b773822a879147a59d0b719afe9_cab_056a62c7

Symbol analýzy:
Opětovné hledání řešení: 0
ID hlášení: 7e4f8e38-87ee-11e1-97a2-00241dd8bda8
Stav hlášení: 4
Record Number: 5
Source Name: Windows Error Reporting
Time Written: 20120416180339.000000-000
Event Type: Informace
User:

Computer Name: 37L4247D28-05
Event Code: 5617
Message: Windows Management Instrumentation Service subsystems initialized successfully
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20120416180201.000000-000
Event Type: Informace
User:

Computer Name: 37L4247D28-05
Event Code: 5615
Message: Windows Management Instrumentation Service started sucessfully
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20120416180159.000000-000
Event Type: Informace
User:

Computer Name: 37L4247D28-05
Event Code: 1531
Message: Služba Profil uživatele byla úspěšně spuštěna.

Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20120416180156.324889-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: 37L4247D28-05
Event Code: 4625
Message: Subsystém EventSystem zabraňuje vytváření duplicitních záznamů v protokolu událostí po dobu 86400 sekund. Tuto dobu lze změnit pomocí hodnoty REG_DWORD s názvem SuppressDuplicateDuration v následujícím klíči registru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 1
Source Name: Microsoft-Windows-EventSystem
Time Written: 20120416180156.000000-000
Event Type: Informace
User:

=====Security event log=====

Computer Name: Patrick-PC
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 2326
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120428083408.700657-000
Event Type: Úspěšný audit
User:

Computer Name: Patrick-PC
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: PATRICK-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Typ přihlášení: 5

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x244
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 2325
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120428083408.700657-000
Event Type: Úspěšný audit
User:

Computer Name: Patrick-PC
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-21-3534632487-2100141749-3601174974-1003
Název účtu: UpdatusUser
Doména účtu: Patrick-PC
ID přihlášení: 0x7a37c

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTakeOwnershipPrivilege
SeDebugPrivilege
SeImpersonatePrivilege
Record Number: 2324
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120428083405.809492-000
Event Type: Úspěšný audit
User:

Computer Name: Patrick-PC
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: PATRICK-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Typ přihlášení: 5

Nové přihlášení:
ID zabezpečení: S-1-5-21-3534632487-2100141749-3601174974-1003
Název účtu: UpdatusUser
Doména účtu: Patrick-PC
ID přihlášení: 0x7a37c
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x244
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Název pracovní stanice: PATRICK-PC
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 2323
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120428083405.809492-000
Event Type: Úspěšný audit
User:

Computer Name: Patrick-PC
Event Code: 4648
Message: Došlo k pokusu o přihlášení pomocí explicitního pověření.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: PATRICK-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Účet, jehož pověření bylo použito:
Název účtu: UpdatusUser
Doména účtu: Patrick-PC
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Cílový server:
Název cílového serveru: localhost
Další informace: localhost

Informace o procesu:
ID procesu: 0x244
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Síťová adresa: -
Port: -

Tato událost je generována, pokud se proces pokusí přihlásit k účtu explicitním zadáním pověření tohoto účtu. K tomu nejčastěji dochází v dávkových konfiguracích, například naplánovaných úlohách, nebo při použití příkazu RUNAS.
Record Number: 2322
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120428083405.809492-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a

-----------------EOF-----------------

Zdravim

Jak je to s legalitou systemu? Ultimate neni zrovna bezna domaci verze

Doporucuji odinstalovat Pando Media Booster

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

OTL logfile created on: 2. 2. 2013 14:10:01 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Patrick\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

3,50 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 33,61% Memory free
7,00 Gb Paging File | 3,85 Gb Available in Paging File | 54,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 87,90 Gb Total Space | 49,33 Gb Free Space | 56,12% Space Free | Partition Type: NTFS
Drive D: | 377,86 Gb Total Space | 140,85 Gb Free Space | 37,27% Space Free | Partition Type: NTFS

Computer Name: PATRICK-PC | User Name: Patrick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/02 13:35:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe
PRC - [2013/01/19 09:29:05 | 009,217,176 | ---- | M] (Blizzard Entertainment) -- D:\World of Warcraft\Wow.exe
PRC - [2013/01/12 13:42:44 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/01/03 12:42:57 | 001,259,448 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/01/03 09:38:31 | 001,821,624 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013/01/03 09:38:31 | 000,865,208 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/12/19 21:22:17 | 000,969,104 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2012/12/10 11:11:44 | 001,342,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgfws.exe
PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2012/10/22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/09/12 08:32:32 | 004,679,672 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files\SpeedFan\speedfan.exe
PRC - [2012/06/28 20:37:00 | 000,277,120 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/05/08 12:48:36 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe
PRC - [2010/05/08 12:48:26 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe

========== Modules (No Company Name) ==========

MOD - [2013/02/02 11:57:00 | 000,192,512 | ---- | M] () -- C:\Users\Patrick\AppData\Local\Temp\sfamcc00001.dll
MOD - [2013/02/02 11:57:00 | 000,158,720 | ---- | M] () -- C:\Users\Patrick\AppData\Local\Temp\sfareca00001.dll
MOD - [2013/02/02 10:46:41 | 012,459,888 | ---- | M] () -- C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.138\pepflashplayer.dll
MOD - [2013/01/26 03:35:06 | 000,460,240 | ---- | M] () -- C:\Users\Patrick\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppgooglenaclpluginchrome.dll
MOD - [2013/01/26 03:35:04 | 004,012,496 | ---- | M] () -- C:\Users\Patrick\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
MOD - [2013/01/26 03:34:19 | 000,597,968 | ---- | M] () -- C:\Users\Patrick\AppData\Local\Google\Chrome\Application\24.0.1312.57\libglesv2.dll
MOD - [2013/01/26 03:34:18 | 000,124,368 | ---- | M] () -- C:\Users\Patrick\AppData\Local\Google\Chrome\Application\24.0.1312.57\libegl.dll
MOD - [2013/01/26 03:34:16 | 001,552,848 | ---- | M] () -- C:\Users\Patrick\AppData\Local\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
MOD - [2011/03/02 12:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

========== Services (SafeList) ==========

SRV - [2013/01/12 13:42:44 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/01/09 18:06:32 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/03 12:42:57 | 001,259,448 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/12/10 11:11:44 | 001,342,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/04/17 20:00:29 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/05/08 12:48:36 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (VBoxNetFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (lmimirr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (AmUStor)
DRV - [2013/01/03 12:42:57 | 010,919,864 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/11/15 23:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/10/15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/09/21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/09/14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/09/04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2012/08/23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/08/20 16:32:30 | 000,104,792 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2012/07/06 16:08:33 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/07/03 20:09:06 | 000,016,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2011/03/18 17:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2010/11/20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/05/22 13:48:20 | 000,070,656 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010/03/25 09:08:38 | 000,105,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010/03/20 10:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2009/07/03 15:26:34 | 000,157,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\V0330Vid.sys -- (V0330VID)
DRV - [2009/03/18 15:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.as ... =CT3072253

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3534632487-2100141749-3601174974-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com/?l=dis&o=15383
IE - HKU\S-1-5-21-3534632487-2100141749-3601174974-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CF A3 41 24 FC 1B CD 01 [binary data]
IE - HKU\S-1-5-21-3534632487-2100141749-3601174974-1001\..\URLSearchHook: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - No CLSID value found
IE - HKU\S-1-5-21-3534632487-2100141749-3601174974-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3534632487-2100141749-3601174974-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-3534632487-2100141749-3601174974-1001\..\SearchScopes\{CE319505-077B-4AF7-A85A-378637694790}: "URL" = http://websearch.ask.com/redirect?clien ... C12FC8D34C
IE - HKU\S-1-5-21-3534632487-2100141749-3601174974-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3534632487-2100141749-3601174974-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com/?l=dis&o=15383
IE - HKU\S-1-5-21-3534632487-2100141749-3601174974-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CF A3 41 24 FC 1B CD 01 [binary data]
IE - HKU\S-1-5-21-3534632487-2100141749-3601174974-1004\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKU\S-1-5-21-3534632487-2100141749-3601174974-1004\..\URLSearchHook: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - No CLSID value found
IE - HKU\S-1-5-21-3534632487-2100141749-3601174974-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3534632487-2100141749-3601174974-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-3534632487-2100141749-3601174974-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.as ... =CT3072253
IE - HKU\S-1-5-21-3534632487-2100141749-3601174974-1004\..\SearchScopes\{CE319505-077B-4AF7-A85A-378637694790}: "URL" = http://websearch.ask.com/redirect?clien ... C12FC8D34C
IE - HKU\S-1-5-21-3534632487-2100141749-3601174974-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Patrick\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Patrick\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Patrick\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found

[2012/12/21 13:59:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\Mozilla\Extensions
[2012/12/21 13:59:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2012/12/19 21:31:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\extensions
[2012/04/16 19:52:57 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012/12/19 21:31:14 | 000,000,000 | ---D | M] (BitTorrentControl_v12) -- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Patrick\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Patrick\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Patrick\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Patrick\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Patrick\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: FB Refresh = C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdlfdaajmclngiomogmleihllaejcnni\2.0.1_0\
CHR - Extension: Turn Off the Lights = C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.30_0\
CHR - Extension: James White = C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3_0\
CHR - Extension: YouTube = C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: H\u013Eada\u0165 v Google = C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Photo Zoom for Facebook = C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0\
CHR - Extension: Air Hockey = C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcchbhjknakkndfpdbapmdkhbbgojkno\4.0.0_0\
CHR - Extension: Gmail = C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: FB Refresh = C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdlfdaajmclngiomogmleihllaejcnni\2.0.1_0\
CHR - Extension: Turn Off the Lights = C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.30_0\
CHR - Extension: James White = C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3_0\
CHR - Extension: YouTube = C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: H\u013Eada\u0165 v Google = C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Photo Zoom for Facebook = C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0\
CHR - Extension: Air Hockey = C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcchbhjknakkndfpdbapmdkhbbgojkno\4.0.0_0\
CHR - Extension: Gmail = C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\S-1-5-21-3534632487-2100141749-3601174974-1001..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-3534632487-2100141749-3601174974-1004..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-3534632487-2100141749-3601174974-1004..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3534632487-2100141749-3601174974-1004..\Run: [Facebook Update] "C:\Users\Patrick\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found
O4 - HKU\S-1-5-21-3534632487-2100141749-3601174974-1004..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe File not found
O4 - HKU\S-1-5-21-3534632487-2100141749-3601174974-1004..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3534632487-2100141749-3601174974-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3534632487-2100141749-3601174974-1004..\RunOnce: [spchecker] "C:\Program Files\AVG\AVG10\Notification\SPCheckerTE.exe" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3534632487-2100141749-3601174974-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-21-3534632487-2100141749-3601174974-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-3534632487-2100141749-3601174974-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-21-3534632487-2100141749-3601174974-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.11.2)
O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FB483E6-CC9D-4B19-849A-263258BB272B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8345172E-7440-4A03-BE27-E2E9D58793C5}: NameServer = 95.131.129.241 95.131.128.1
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1fe4fab3-884c-11e1-917c-00241dd8bda8}\Shell - "" = AutoRun
O33 - MountPoints2\{1fe4fab3-884c-11e1-917c-00241dd8bda8}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{d7061a8f-c73c-11e1-ba31-00241dd8bda8}\Shell - "" = AutoRun
O33 - MountPoints2\{d7061a8f-c73c-11e1-ba31-00241dd8bda8}\Shell\AutoRun\command - "" = J:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FMVC - C:\Windows\System32\fmcodec.DLL (Fox Magic Software)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2013/02/02 13:35:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe
[2013/02/02 11:32:12 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\dvdcss
[2013/02/02 10:43:48 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2013/02/02 10:43:48 | 000,000,000 | ---D | C] -- C:\rsit
[2013/02/01 18:31:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2013/02/01 18:31:44 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2013/02/01 18:31:42 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2013/02/01 18:31:42 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2013/02/01 18:31:42 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2013/02/01 18:31:42 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2013/02/01 18:31:40 | 001,592,544 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2013/02/01 18:31:39 | 002,486,928 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2013/02/01 18:31:39 | 000,761,056 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2013/02/01 18:31:39 | 000,105,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInstII.dll
[2013/02/01 18:31:39 | 000,013,416 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoLDR.dll
[2013/02/01 18:31:38 | 003,220,112 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2013/02/01 18:31:37 | 000,359,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
[2013/02/01 18:31:37 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2013/02/01 18:31:37 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2013/02/01 18:31:37 | 000,170,840 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
[2013/02/01 18:31:37 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
[2013/02/01 18:31:37 | 000,064,856 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
[2013/02/01 18:31:36 | 000,071,808 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\MBWrp32.dll
[2013/02/01 18:31:36 | 000,054,360 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\MBppld32.dll
[2013/02/01 18:31:36 | 000,050,776 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\MBPPCn32.dll
[2013/02/01 18:31:35 | 000,753,280 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\MBAPO32.dll
[2013/02/01 18:31:34 | 001,929,080 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2013/02/01 18:31:34 | 000,742,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPOShell.dll
[2013/02/01 18:31:33 | 000,232,792 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2013/02/01 18:31:33 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2013/02/01 18:31:29 | 002,367,072 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2013/02/01 18:31:27 | 000,090,624 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\System32\CONEQMSAPOGUILibrary.dll
[2013/02/01 18:31:26 | 000,176,736 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll
[2013/02/01 18:31:26 | 000,095,840 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll
[2013/02/01 18:21:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/02/01 18:21:36 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/02/01 18:19:06 | 019,914,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2013/02/01 18:19:06 | 017,560,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2013/02/01 18:19:06 | 010,919,864 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2013/02/01 18:19:06 | 007,753,688 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2013/02/01 18:19:06 | 006,161,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll
[2013/02/01 18:19:06 | 002,575,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2013/02/01 18:19:06 | 001,867,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2013/01/31 19:59:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/01/30 10:10:38 | 000,080,488 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\System32\RtNicProp32.dll
[2013/01/26 11:38:01 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Youtube Downloader HD
[2013/01/26 11:37:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Youtube Downloader HD
[2013/01/26 11:05:53 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CZ SK IPTV v2.0.4
[2013/01/26 09:26:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam
[2013/01/26 08:53:15 | 000,000,000 | ---D | C] -- C:\Users\Patrick\Desktop\KALI - Kto to povedal (SK 2012)
[2013/01/19 18:06:13 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Nemex
[2013/01/19 18:06:13 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\Nemex
[2013/01/19 18:06:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\nJoy
[2013/01/19 18:06:01 | 000,000,000 | ---D | C] -- C:\Program Files\Nemex
[2013/01/19 17:16:06 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013/01/12 13:42:10 | 000,432,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvStreaming.exe
[2013/01/09 16:23:09 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/01/09 16:22:58 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013/01/09 16:22:58 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/01/09 16:22:58 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 16:22:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 16:22:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 16:22:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 16:22:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 16:22:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 16:22:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 16:22:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 16:22:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 16:22:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 16:22:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 16:22:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 16:22:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 16:22:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 16:22:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 16:22:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 16:22:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 16:22:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 16:22:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 16:22:57 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 16:22:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 16:22:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 16:22:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 16:22:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 16:22:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 16:22:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 16:22:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 16:22:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 16:22:47 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2013/01/09 16:22:47 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll
[2013/01/09 16:22:47 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\System32\cero.rs
[2013/01/09 16:22:47 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs
[2013/01/09 16:22:47 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\System32\fpb.rs
[2013/01/09 16:22:47 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc-nz.rs
[2013/01/09 16:22:47 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\System32\pegibbfc.rs
[2013/01/09 16:22:47 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\System32\csrr.rs
[2013/01/09 16:22:47 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\System32\cob-au.rs
[2013/01/09 16:22:47 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\System32\usk.rs
[2013/01/09 16:22:47 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc.rs
[2013/01/09 16:22:47 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs
[2013/01/09 16:22:47 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-pt.rs
[2013/01/09 16:22:47 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-fi.rs
[2013/01/09 16:22:47 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi.rs
[2013/01/09 16:22:47 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\System32\djctq.rs
[2013/01/09 16:22:43 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013/01/09 16:22:43 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2013/01/06 18:08:38 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\ElevatedDiagnostics

========== Files - Modified Within 30 Days ==========

[2013/02/02 14:11:58 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013/02/02 14:06:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/02 13:47:07 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/02 13:47:07 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/02 13:35:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe
[2013/02/02 13:33:00 | 000,000,954 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3534632487-2100141749-3601174974-1001UA.job
[2013/02/02 12:01:06 | 000,658,086 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2013/02/02 12:01:06 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/02/02 12:01:06 | 000,139,772 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2013/02/02 12:01:06 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/02/02 11:56:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/02 11:56:33 | 2817,384,448 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/01 18:44:26 | 165,797,339 | ---- | M] () -- C:\Users\Patrick\Documents\EGO ft. Robert Burian - Žijeme len raz _OFFICIAL VIDEO__(1080p).mp4
[2013/02/01 18:21:30 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/02/01 18:21:29 | 000,859,552 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2013/02/01 18:21:29 | 000,780,192 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/02/01 18:21:29 | 000,261,024 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/02/01 18:21:29 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/02/01 18:21:29 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/02/01 15:33:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3534632487-2100141749-3601174974-1001Core.job
[2013/01/31 19:59:06 | 000,000,931 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/01/27 11:13:58 | 001,584,003 | ---- | M] () -- C:\Users\Patrick\Desktop\sleeping-dogs-keyart.jpg
[2013/01/26 11:37:56 | 000,000,780 | ---- | M] () -- C:\Users\Patrick\Desktop\Youtube Downloader HD.lnk
[2013/01/26 11:09:30 | 000,001,041 | ---- | M] () -- C:\Users\Patrick\Desktop\TV.lnk
[2013/01/26 11:05:53 | 000,164,305 | ---- | M] () -- C:\Windows\CZ SK IPTV v2.0.4 Uninstaller.exe
[2013/01/26 11:05:53 | 000,000,687 | ---- | M] () -- C:\Users\Patrick\Desktop\CZ SK IPTV v2.0.4.lnk
[2013/01/26 09:21:44 | 003,930,657 | ---- | M] () -- C:\Users\Patrick\Desktop\Kanye West Jay Z Niggas in Paris (Lyrics).mp3
[2013/01/26 09:20:02 | 004,029,528 | ---- | M] () -- C:\Users\Patrick\Desktop\Rick Ross So Sophisticated (Explicit) ft Meek Mill.mp3
[2013/01/26 09:00:01 | 000,000,757 | ---- | M] () -- C:\Users\Public\Desktop\DMC Devi May Cry.lnk
[2013/01/21 14:06:49 | 000,000,478 | ---- | M] () -- C:\Users\Patrick\Desktop\digi net – zástupce.lnk
[2013/01/20 14:08:15 | 000,001,085 | ---- | M] () -- C:\Users\Patrick\Desktop\sXe Wallhack v2.0 – zástupce.lnk
[2013/01/20 14:05:16 | 000,000,757 | ---- | M] () -- C:\Users\Patrick\Desktop\Counter-Strike 1.6 NS.lnk
[2013/01/19 18:06:02 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\nJoy For Android.lnk
[2013/01/19 17:47:49 | 004,125,921 | ---- | M] () -- C:\Users\Patrick\Desktop\TI Whatever You Like [OFFICIAL VIDEO].mp3
[2013/01/19 17:18:32 | 004,329,249 | ---- | M] () -- C:\Users\Patrick\Desktop\Suvereno Palcuj rit.mp3
[2013/01/19 17:18:00 | 002,995,031 | ---- | M] () -- C:\Users\Patrick\Desktop\Wiz Khalifa Snoop Dogg and Bruno Mars Young Wild and Free Lyrics.mp3
[2013/01/19 17:16:06 | 000,000,929 | ---- | M] () -- C:\Users\Patrick\Desktop\SpeedFan.lnk
[2013/01/19 17:16:05 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2013/01/19 17:15:10 | 003,041,690 | ---- | M] () -- C:\Users\Patrick\Desktop\Bacil Rakby Flow (feat Ladylicious).mp3
[2013/01/12 13:42:10 | 000,432,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvStreaming.exe
[2013/01/10 17:14:39 | 000,439,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/09 18:06:31 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/01/09 18:06:31 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2013/02/02 13:42:46 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013/02/01 18:43:00 | 165,797,339 | ---- | C] () -- C:\Users\Patrick\Documents\EGO ft. Robert Burian - Žijeme len raz _OFFICIAL VIDEO__(1080p).mp4
[2013/02/01 18:31:37 | 000,396,597 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2013/01/27 11:13:57 | 001,584,003 | ---- | C] () -- C:\Users\Patrick\Desktop\sleeping-dogs-keyart.jpg
[2013/01/26 11:37:56 | 000,000,780 | ---- | C] () -- C:\Users\Patrick\Desktop\Youtube Downloader HD.lnk
[2013/01/26 11:09:30 | 000,001,041 | ---- | C] () -- C:\Users\Patrick\Desktop\TV.lnk
[2013/01/26 11:05:53 | 000,164,305 | ---- | C] () -- C:\Windows\CZ SK IPTV v2.0.4 Uninstaller.exe
[2013/01/26 11:05:53 | 000,000,687 | ---- | C] () -- C:\Users\Patrick\Desktop\CZ SK IPTV v2.0.4.lnk
[2013/01/26 09:21:34 | 003,930,657 | ---- | C] () -- C:\Users\Patrick\Desktop\Kanye West Jay Z Niggas in Paris (Lyrics).mp3
[2013/01/26 09:19:51 | 004,029,528 | ---- | C] () -- C:\Users\Patrick\Desktop\Rick Ross So Sophisticated (Explicit) ft Meek Mill.mp3
[2013/01/26 09:00:01 | 000,000,757 | ---- | C] () -- C:\Users\Public\Desktop\DMC Devi May Cry.lnk
[2013/01/26 09:00:01 | 000,000,757 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DMC Devi May Cry.lnk
[2013/01/21 14:06:49 | 000,000,478 | ---- | C] () -- C:\Users\Patrick\Desktop\digi net – zástupce.lnk
[2013/01/20 14:08:15 | 000,001,085 | ---- | C] () -- C:\Users\Patrick\Desktop\sXe Wallhack v2.0 – zástupce.lnk
[2013/01/20 14:05:16 | 000,000,757 | ---- | C] () -- C:\Users\Patrick\Desktop\Counter-Strike 1.6 NS.lnk
[2013/01/19 18:06:02 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\nJoy For Android.lnk
[2013/01/19 17:47:39 | 004,125,921 | ---- | C] () -- C:\Users\Patrick\Desktop\TI Whatever You Like [OFFICIAL VIDEO].mp3
[2013/01/19 17:18:22 | 004,329,249 | ---- | C] () -- C:\Users\Patrick\Desktop\Suvereno Palcuj rit.mp3
[2013/01/19 17:17:52 | 002,995,031 | ---- | C] () -- C:\Users\Patrick\Desktop\Wiz Khalifa Snoop Dogg and Bruno Mars Young Wild and Free Lyrics.mp3
[2013/01/19 17:16:06 | 000,000,929 | ---- | C] () -- C:\Users\Patrick\Desktop\SpeedFan.lnk
[2013/01/19 17:15:01 | 003,041,690 | ---- | C] () -- C:\Users\Patrick\Desktop\Bacil Rakby Flow (feat Ladylicious).mp3
[2012/12/22 15:29:06 | 000,138,032 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012/12/22 15:20:19 | 000,281,688 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012/12/22 15:20:02 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012/07/03 20:06:59 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2012/05/27 10:01:53 | 000,000,076 | ---- | C] () -- C:\Users\Patrick\AppData\Roaming\mbam.context.scan
[2012/05/27 10:01:01 | 007,797,314 | ---- | C] () -- C:\Users\Patrick\AppData\Roaming\werfgsdfsdf.sam
[2012/05/27 10:01:01 | 000,229,376 | ---- | C] () -- C:\Users\Patrick\AppData\Roaming\chrtmp
[2012/05/13 17:01:39 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2012/04/18 11:03:04 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012/04/18 11:01:44 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012/04/16 19:31:55 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011/06/12 00:35:21 | 000,155,648 | ---- | C] () -- C:\Windows\System32\mstrcco-d.dll

========== ZeroAccess Check ==========

[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/12/11 19:17:11 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012/12/11 19:17:11 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013/02/02 10:35:23 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\AVG
[2012/11/17 12:38:59 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\AVG2013
[2012/04/16 20:18:00 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\COWON
[2012/06/10 13:50:27 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\C__Users_Patrick_AppData_Local_Temp_Rar$EX07.416_Platinum.Hide.IP.v3.1.1.6.Cracked-casper03_Cracked-casper03_PlatinumHideIP.exe
[2012/04/16 20:21:36 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DAEMON Tools Lite
[2012/11/17 12:13:59 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Dropbox
[2012/05/01 11:36:02 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\ESET
[2012/04/16 19:13:35 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\GHISLER
[2012/10/28 11:27:35 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\LolClient
[2012/05/13 17:04:43 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\MAGIX
[2013/02/01 18:50:01 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Mirillis
[2012/12/21 13:47:53 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\MPMAN
[2012/07/13 10:45:46 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Mumble
[2013/01/19 18:06:13 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Nemex
[2012/04/16 19:55:11 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Opera
[2012/06/10 13:50:49 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\PlatinumHideIP
[2012/08/28 10:41:21 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Sony
[2012/06/11 20:37:44 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\TeamViewer
[2012/12/20 14:19:11 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\TFP
[2012/12/21 13:58:59 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\TomTom
[2012/08/28 12:44:34 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\TS3Client
[2012/11/17 10:10:21 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\TuneUp Software
[2013/02/02 14:13:09 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\uTorrent
[2012/06/03 18:47:23 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\VoipBuster
[2013/01/26 11:38:14 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Youtube Downloader HD

========== Purity Check ==========

========== Custom Scans ==========

< >
[2009/07/14 05:53:46 | 000,032,530 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2012/06/14 20:06:11 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012/07/15 10:23:55 | 000,000,902 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3534632487-2100141749-3601174974-1001Core.job
[2012/07/15 10:23:56 | 000,000,954 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3534632487-2100141749-3601174974-1001UA.job

< >

< MD5 for: AGP440.SYS >
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\ProgramData\DriverGenius\Backup\Driver Backup 2-1-2013-181123\Kanál IDE#1\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\ProgramData\DriverGenius\Backup\Driver Backup 2-1-2013-181123\Kanál IDE#2\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\ProgramData\DriverGenius\Backup\Driver Backup 2-1-2013-181123\Kanál IDE#3\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\ProgramData\DriverGenius\Backup\Driver Backup 2-1-2013-181123\Kanál IDE#4\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\ProgramData\DriverGenius\Backup\Driver Backup 2-1-2013-181123\Kanál IDE#5\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\ProgramData\DriverGenius\Backup\Driver Backup 2-1-2013-181123\Kanál IDE\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\ProgramData\DriverGenius\Backup\Driver Backup 2-1-2013-181123\PCI Standardní dvoukanálový řadič IDE\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\All Users\DriverGenius\Backup\Driver Backup 2-1-2013-181123\Kanál IDE#1\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\All Users\DriverGenius\Backup\Driver Backup 2-1-2013-181123\Kanál IDE#2\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\All Users\DriverGenius\Backup\Driver Backup 2-1-2013-181123\Kanál IDE#3\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\All Users\DriverGenius\Backup\Driver Backup 2-1-2013-181123\Kanál IDE#4\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\All Users\DriverGenius\Backup\Driver Backup 2-1-2013-181123\Kanál IDE#5\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\All Users\DriverGenius\Backup\Driver Backup 2-1-2013-181123\Kanál IDE\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\All Users\DriverGenius\Backup\Driver Backup 2-1-2013-181123\PCI Standardní dvoukanálový řadič IDE\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009/07/14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2010/11/20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe
[2010/11/20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2009/07/14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
[2010/11/20 09:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\ProgramData\DriverGenius\Backup\Driver Backup 2-1-2013-181123\Jednotka CD-ROM#1\cdrom.sys
[2010/11/20 09:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\ProgramData\DriverGenius\Backup\Driver Backup 2-1-2013-181123\Jednotka CD-ROM\cdrom.sys
[2010/11/20 09:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Users\All Users\DriverGenius\Backup\Driver Backup 2-1-2013-181123\Jednotka CD-ROM#1\cdrom.sys
[2010/11/20 09:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Users\All Users\DriverGenius\Backup\Driver Backup 2-1-2013-181123\Jednotka CD-ROM\cdrom.sys
[2010/11/20 09:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010/11/20 09:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010/11/20 09:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2012/06/02 05:52:32 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=063DD65889D21035311463337BD268E7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_788c7cc71232cc19\cryptsvc.dll
[2012/04/24 05:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
[2012/04/24 05:28:22 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=21993009E0CCB9B4FA195F14D3408626 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
[2012/04/24 05:47:04 | 000,139,264 | ---- | M] (Microsoft Corporation) MD5=520A108A2657F4BCA7FCED9CA7D885DE -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_762f534bfbdf7203\cryptsvc.dll
[2012/06/02 05:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=96C0E38905CFD788313BE8E11DAE3F2F -- C:\Windows\System32\cryptsvc.dll
[2012/06/02 05:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=96C0E38905CFD788313BE8E11DAE3F2F -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_77ddc9e5f93000db\cryptsvc.dll
[2009/07/14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2010/11/20 13:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2012/06/02 05:41:59 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=EA8C26ECF1656D9647EF044F115EC6DA -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21225_none_76a05147150ffad1\cryptsvc.dll
[2012/06/02 05:45:21 | 000,139,264 | ---- | M] (Microsoft Corporation) MD5=F2FDE6C8DBAAD44CC58D1E07E4AF4EED -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17035_none_760be2a9fbfa79d1\cryptsvc.dll
[2012/04/24 05:33:53 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=F522279B4717E2BFF269C771FAC2B78E -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_7658a1151545269d\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: HAL.DLL >
[2010/11/20 13:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\System32\hal.dll
[2010/11/20 13:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll
[2009/07/14 02:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll

< MD5 for: IASTORV.SYS >
[2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009/07/14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\drivers\isapnp.sys
[2009/07/14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\isapnp.sys
[2009/07/14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\isapnp.sys
[2009/07/14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\isapnp.sys

< MD5 for: LSASS.EXE >
[2011/11/17 08:09:25 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=05F38CB7CAB3CE8E9A1812D517DA93EF -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_a69c8e86d7476262\lsass.exe
[2012/08/24 17:53:44 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=7ABC23F3D86880AD62ACEDC7479608F8 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22099_none_a889f15ed46779fd\lsass.exe
[2011/11/17 06:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=81951F51E318AECC2D68559E47485CC4 -- C:\Windows\System32\lsass.exe
[2011/11/17 06:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=81951F51E318AECC2D68559E47485CC4 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_a84828d7bb1480d7\lsass.exe
[2011/11/17 06:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=81951F51E318AECC2D68559E47485CC4 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_a828bb43bb2beb28\lsass.exe
[2011/11/17 06:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=81951F51E318AECC2D68559E47485CC4 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17940_none_a82d8b59bb293454\lsass.exe

[2012/06/02 05:40:31 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=A6034689ACF9D14973F8384AD5A5451E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21225_none_a6eb42a4d70be51e\lsass.exe
[2011/11/17 06:36:26 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=C2243FF9E9AAD0C30E8B1A0914DA15B6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_a66c9bbdbde5f8fa\lsass.exe
[2011/11/17 06:36:26 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=C2243FF9E9AAD0C30E8B1A0914DA15B6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.17035_none_a656d407bdf6641e\lsass.exe
[2009/07/14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\lsass.exe
[2009/07/14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\lsass.exe
[2009/07/14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\lsass.exe
[2009/07/14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_a851f4adbb0d5141\lsass.exe
[2012/06/02 05:51:22 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=FA7B950E4CA6AA260C4EABA19E03644D -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_a8d76e24d42eb666\lsass.exe
[2011/11/17 06:24:04 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=FBCB2DFA40862DAA7B1534C9538208A5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_a8a284cad4562b09\lsass.exe

< MD5 for: NDIS.SYS >
[2012/08/22 18:05:16 | 000,712,048 | ---- | M] (Microsoft Corporation) MD5=15B74B6283CEBCCE3054C1001CA01B5E -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.22097_none_aa0491cf93ad1c31\ndis.sys
[2009/07/14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys
[2012/08/22 18:16:46 | 000,712,048 | ---- | M] (Microsoft Corporation) MD5=8C9C922D71F1CD4DEF73F186416B7896 -- C:\Windows\System32\drivers\ndis.sys
[2012/08/22 18:16:46 | 000,712,048 | ---- | M] (Microsoft Corporation) MD5=8C9C922D71F1CD4DEF73F186416B7896 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_a9bdfee47a5cd154\ndis.sys
[2010/11/20 13:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_a9ce95b27a512623\ndis.sys

< MD5 for: NETLOGON.DLL >
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009/07/14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvraid.sys
[2010/11/20 13:30:06 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=AF2EEC9580C1D32FB7EAF105D9784061 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvraid.sys
[2010/11/20 13:30:06 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=AF2EEC9580C1D32FB7EAF105D9784061 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvraid.sys
[2011/03/11 06:39:00 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=B3E25EE28883877076E0E1FF877D02E0 -- C:\Windows\System32\drivers\nvraid.sys
[2011/03/11 06:39:00 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=B3E25EE28883877076E0E1FF877D02E0 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvraid.sys
[2011/03/11 06:39:00 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=B3E25EE28883877076E0E1FF877D02E0 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvraid.sys
[2011/03/11 06:28:10 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=E3B840350A72CA6F39BD2BEF85A2BCFB -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvraid.sys
[2011/03/11 06:44:01 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=F1B0BED906F97E16F6D0C3629D2F21C6 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvraid.sys
[2011/03/11 06:52:25 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=FCD5C3542A85EEBA7D0833B7E5086C10 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

< MD5 for: SMSS.EXE >
[2009/07/14 02:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\System32\smss.exe
[2009/07/14 02:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_ac10fe207a85352b\smss.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: TCPIP.SYS >
[2011/04/25 05:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2011/09/29 17:02:44 | 001,301,872 | ---- | M] (Microsoft Corporation) MD5=22F7E7CBCA308DEE3428B097D4F8A61C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_b38e8546e0cbe4a1\tcpip.sys
[2012/08/22 18:05:21 | 001,306,992 | ---- | M] (Microsoft Corporation) MD5=23790A44D9A6B67F8690C34D4F516446 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_b55b785ade04500f\tcpip.sys
[2011/04/25 05:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009/07/14 02:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010/11/20 13:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2011/09/29 17:17:18 | 001,303,920 | ---- | M] (Microsoft Corporation) MD5=3C1C41E317710F74CEC1E7F0D5325993 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_b5a84e10ddca7566\tcpip.sys
[2012/03/30 11:29:05 | 001,287,024 | ---- | M] (Microsoft Corporation) MD5=55E9965552741F3850CB22CBBA9671ED -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_b2f57423c7b8dea8\tcpip.sys
[2011/09/29 16:43:37 | 001,285,488 | ---- | M] (Microsoft Corporation) MD5=56C198AC82EFA622DD93E9E43575F79C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_b2f8731bc7b62d86\tcpip.sys
[2011/09/29 17:03:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_b4d1ffa1c4e682b5\tcpip.sys
[2011/04/25 07:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2012/03/30 11:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_b52e5147c4a202d7\tcpip.sys
[2011/04/25 05:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2012/03/30 10:04:23 | 001,306,480 | ---- | M] (Microsoft Corporation) MD5=88FCDB9923EFECA207B3CEBD24407126 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_b583df0adde66104\tcpip.sys
[2012/08/22 18:16:54 | 001,292,144 | ---- | M] (Microsoft Corporation) MD5=A5EBB8F648000E88B7D9390B514976BF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_b514e56fc4b40532\tcpip.sys
[2012/10/03 17:44:01 | 001,308,040 | ---- | M] (Microsoft Corporation) MD5=D490DD0A91B4EAC3B4EE08D11EE37C31 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_b5a428d6ddce3d9a\tcpip.sys
[2012/10/03 17:58:30 | 001,293,680 | ---- | M] (Microsoft Corporation) MD5=E23A56F843E2AEBBB209D0ACCA73C640 -- C:\Windows\System32\drivers\tcpip.sys
[2012/10/03 17:58:30 | 001,293,680 | ---- | M] (Microsoft Corporation) MD5=E23A56F843E2AEBBB209D0ACCA73C640 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_b4ef7439c4d0da52\tcpip.sys
[2012/03/30 11:08:19 | 001,303,408 | ---- | M] (Microsoft Corporation) MD5=E47C2844A1605A44178F4281E4D58B3D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_b38bb990e0ccc871\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< MD5 for: WS2_32.DLL >
[2010/11/20 13:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\System32\ws2_32.dll
[2010/11/20 13:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll
[2009/07/14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[4 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[17 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2012/04/16 19:58:28 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Adobe
[2012/04/16 20:30:54 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Ahead
[2013/02/02 10:35:23 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\AVG
[2012/11/17 12:38:59 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\AVG2013
[2012/04/16 20:18:00 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\COWON
[2012/06/10 13:50:27 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\C__Users_Patrick_AppData_Local_Temp_Rar$EX07.416_Platinum.Hide.IP.v3.1.1.6.Cracked-casper03_Cracked-casper03_PlatinumHideIP.exe
[2012/04/16 20:21:36 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DAEMON Tools Lite
[2012/11/17 12:13:59 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Dropbox
[2013/02/02 11:32:12 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\dvdcss
[2012/05/01 11:36:02 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\ESET
[2012/04/16 19:13:35 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\GHISLER
[2012/04/16 19:08:09 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Identities
[2012/10/28 11:27:35 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\LolClient
[2012/04/16 19:18:10 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Macromedia
[2012/05/13 17:04:43 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\MAGIX
[2012/05/27 09:31:04 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Malwarebytes
[2009/07/14 10:20:06 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Media Center Programs
[2012/07/07 16:20:19 | 000,000,000 | --SD | M] -- C:\Users\Patrick\AppData\Roaming\Microsoft
[2013/02/01 18:50:01 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Mirillis
[2012/12/21 13:59:00 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Mozilla
[2012/12/21 13:47:53 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\MPMAN
[2012/07/13 10:45:46 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Mumble
[2013/01/19 18:06:13 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Nemex
[2012/07/21 15:05:42 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\NVIDIA
[2012/04/16 19:55:11 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Opera
[2012/06/10 13:50:49 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\PlatinumHideIP
[2012/05/23 17:17:06 | 000,000,000 | RH-D | M] -- C:\Users\Patrick\AppData\Roaming\SecuROM
[2013/01/28 19:15:17 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Skype
[2012/08/28 10:41:21 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Sony
[2012/06/11 20:37:44 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\TeamViewer
[2012/12/20 14:19:11 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\TFP
[2012/12/21 13:58:59 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\TomTom
[2012/08/28 12:44:34 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\TS3Client
[2012/11/17 10:10:21 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\TuneUp Software
[2013/02/02 14:19:09 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\uTorrent
[2013/02/02 11:33:24 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\vlc
[2012/06/03 18:47:23 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\VoipBuster
[2012/04/17 13:44:30 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\WinRAR
[2013/01/26 11:38:14 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Youtube Downloader HD

< %APPDATA%\*.exe /s >
[2012/10/18 23:33:50 | 026,643,352 | ---- | M] (Dropbox, Inc.) -- C:\Users\Patrick\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012/10/18 23:34:02 | 000,181,800 | ---- | M] (Dropbox, Inc.) -- C:\Users\Patrick\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
[2012/10/18 23:33:52 | 000,874,424 | ---- | M] (Dropbox, Inc.) -- C:\Users\Patrick\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012/04/17 13:54:00 | 000,287,934 | R--- | M] () -- C:\Users\Patrick\AppData\Roaming\Microsoft\Installer\{76CD7040-0755-4A39-8AA2-741A95E516C7}\_1E02B3D8732010A792DC8B.exe
[2012/04/17 13:54:00 | 000,287,934 | R--- | M] () -- C:\Users\Patrick\AppData\Roaming\Microsoft\Installer\{76CD7040-0755-4A39-8AA2-741A95E516C7}\_21F3885A18D238E15AAE81.exe
[2012/04/17 13:54:00 | 000,287,934 | R--- | M] () -- C:\Users\Patrick\AppData\Roaming\Microsoft\Installer\{76CD7040-0755-4A39-8AA2-741A95E516C7}\_415493353D745EEA216D94.exe
[2012/04/17 13:54:00 | 000,287,934 | R--- | M] () -- C:\Users\Patrick\AppData\Roaming\Microsoft\Installer\{76CD7040-0755-4A39-8AA2-741A95E516C7}\_6FEFF9B68218417F98F549.exe
[2012/04/17 13:54:00 | 000,287,934 | R--- | M] () -- C:\Users\Patrick\AppData\Roaming\Microsoft\Installer\{76CD7040-0755-4A39-8AA2-741A95E516C7}\_806048DC66200FE6D24FF3.exe
[2012/04/17 13:54:00 | 000,287,934 | R--- | M] () -- C:\Users\Patrick\AppData\Roaming\Microsoft\Installer\{76CD7040-0755-4A39-8AA2-741A95E516C7}\_85972F4A73DF7EADFBAFC2.exe
[2012/04/17 13:54:00 | 000,287,934 | R--- | M] () -- C:\Users\Patrick\AppData\Roaming\Microsoft\Installer\{76CD7040-0755-4A39-8AA2-741A95E516C7}\_934312A2105DE40686D86A.exe
[2012/04/17 13:54:00 | 000,287,934 | R--- | M] () -- C:\Users\Patrick\AppData\Roaming\Microsoft\Installer\{76CD7040-0755-4A39-8AA2-741A95E516C7}\_A753214149FB4F8721C1CB.exe
[2012/04/17 13:54:00 | 000,287,934 | R--- | M] () -- C:\Users\Patrick\AppData\Roaming\Microsoft\Installer\{76CD7040-0755-4A39-8AA2-741A95E516C7}\_A7A1F24988209FFD6FF84A.exe
[2012/04/17 13:54:00 | 000,009,662 | R--- | M] () -- C:\Users\Patrick\AppData\Roaming\Microsoft\Installer\{76CD7040-0755-4A39-8AA2-741A95E516C7}\_BEBB5E99A95AE964AA69E4.exe
[2012/04/17 13:54:00 | 000,287,934 | R--- | M] () -- C:\Users\Patrick\AppData\Roaming\Microsoft\Installer\{76CD7040-0755-4A39-8AA2-741A95E516C7}\_C7EFEC170C2E3BE8B9D183.exe
[2012/04/17 13:54:00 | 000,287,934 | R--- | M] () -- C:\Users\Patrick\AppData\Roaming\Microsoft\Installer\{76CD7040-0755-4A39-8AA2-741A95E516C7}\_C97BCD3FB41E2A5E2FCE2B.exe
[2012/04/17 13:54:00 | 000,287,934 | R--- | M] () -- C:\Users\Patrick\AppData\Roaming\Microsoft\Installer\{76CD7040-0755-4A39-8AA2-741A95E516C7}\_CF15DB293FB3ABD44856FB.exe
[2012/04/17 13:54:00 | 000,287,934 | R--- | M] () -- C:\Users\Patrick\AppData\Roaming\Microsoft\Installer\{76CD7040-0755-4A39-8AA2-741A95E516C7}\_D707CE1C009F1381803C2C.exe
[2012/04/17 13:54:00 | 000,287,934 | R--- | M] () -- C:\Users\Patrick\AppData\Roaming\Microsoft\Installer\{76CD7040-0755-4A39-8AA2-741A95E516C7}\_DF59E0A380832CD0A0CD8F.exe
[2012/04/17 13:54:00 | 000,287,934 | R--- | M] () -- C:\Users\Patrick\AppData\Roaming\Microsoft\Installer\{76CD7040-0755-4A39-8AA2-741A95E516C7}\_E4E322390906EDEBB7DE99.exe
[2012/04/17 13:54:00 | 000,287,934 | R--- | M] () -- C:\Users\Patrick\AppData\Roaming\Microsoft\Installer\{76CD7040-0755-4A39-8AA2-741A95E516C7}\_FD8B6BA922FF5C34868F02.exe
[2012/07/24 11:57:26 | 000,009,662 | R--- | M] () -- C:\Users\Patrick\AppData\Roaming\Microsoft\Installer\{EB2D0427-7F4E-4866-AFCF-265497F7037C}\_0266CE72DA008A919CCB3B.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2013/02/02 13:47:07 | 000,014,224 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/02 13:47:07 | 000,014,224 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/01 18:21:29 | 000,780,192 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\deployJava1.dll
[2013/02/01 18:21:29 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\java.exe
[2013/02/01 18:21:29 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\javaw.exe
[2013/02/01 18:21:29 | 000,261,024 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\javaws.exe
[2013/02/01 18:21:29 | 000,859,552 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\npdeployJava1.dll
[2013/02/02 12:01:06 | 000,139,772 | ---- | M] () -- C:\Windows\system32\perfc005.dat
[2013/02/02 12:01:06 | 000,120,870 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2013/02/02 12:01:06 | 000,658,086 | ---- | M] () -- C:\Windows\system32\perfh005.dat
[2013/02/02 12:01:06 | 000,651,938 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2013/02/02 12:01:06 | 001,576,554 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI
[2013/02/01 18:21:30 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\WindowsAccessBridge.dll

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Google Update" = "C:\Users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe" /c -- [2012/04/16 19:13:26 | 000,116,648 | ---- | M] (Google Inc.)
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2010/11/20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation)
"uTorrent" = "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED -- [2012/12/19 21:22:17 | 000,969,104 | ---- | M] (BitTorrent, Inc.)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Disabled (Startup Manager)]
"DAEMON Tools Lite" = "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun -- [2012/04/17 16:19:40 | 003,671,872 | ---- | M] (DT Soft Ltd)
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" -- [2007/06/27 18:03:40 | 000,152,872 | ---- | M] (Nero AG)
"nJoy" = C:\Program Files\Nemex\nJoy\nJoy.exe -minimize -- [2011/10/18 00:17:40 | 002,239,488 | ---- | M] (Nemex)

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< >

< type c:\boot.ini >> test.txt /c >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2013/02/02 14:11:58 | 000,000,512 | ---- | M] () MD5=B356BF08E194732C31CE5B491B329F07 -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2012/06/07 14:13:52 | 004,345,680 | ---- | M] () -- \Users\Patrick\AppData\Local\VirtualStore\Program Files\Valve\cstrike\maps\cs_crackhouse.bsp

< *keygen* /s >
[2012/05/07 13:39:14 | 000,001,208 | ---- | M] () -- \Users\Patrick\AppData\Roaming\uTorrent\Key Generator.torrent

< *loader* /s >
[2007/06/27 18:03:00 | 000,177,448 | ---- | M] () -- \Program Files\Common Files\Ahead\Lib\NeGuideStoreLoader.dll
[2012/06/09 11:30:16 | 000,000,195 | ---- | M] () -- \Program Files\Common Files\Blizzard Entertainment\BlizzardDownloader.ini
[2006/10/26 12:40:34 | 000,057,344 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006/10/26 12:40:34 | 000,005,120 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2012/05/03 18:38:36 | 000,071,528 | ---- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2012/05/21 04:03:06 | 000,083,816 | ---- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader.dll
[2012/02/27 22:58:46 | 000,008,787 | ---- | M] () -- \Program Files\Rockstar Games\Social Club\UI\images\loaderLargeBlue.gif
[2012/02/27 22:58:46 | 000,008,787 | ---- | M] () -- \Program Files\Rockstar Games\Social Club\UI\images\loaderLargeGrey.gif
[2012/02/27 22:58:46 | 000,001,737 | ---- | M] () -- \Program Files\Rockstar Games\Social Club\UI\images\loaderSmallBlue.gif
[2012/02/27 22:58:46 | 000,001,737 | ---- | M] () -- \Program Files\Rockstar Games\Social Club\UI\images\loaderSmallGold.gif
[2013/01/26 11:37:56 | 000,000,780 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\Youtube Downloader HD\Youtube Downloader HD.lnk
[2012/01/31 22:01:14 | 000,072,638 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.gif
[2012/01/31 22:01:14 | 000,003,032 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.png
[2013/01/26 11:37:56 | 000,000,780 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\Youtube Downloader HD\Youtube Downloader HD.lnk
[2012/01/31 22:01:14 | 000,072,638 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.gif
[2012/01/31 22:01:14 | 000,003,032 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.png
[2012/05/19 23:48:47 | 000,000,194 | ---- | M] () -- \Users\Patrick\AppData\Local\VirtualStore\Program Files\Common Files\Blizzard Entertainment\BlizzardDownloader.ini
[2012/04/17 23:39:24 | 000,010,145 | ---- | M] () -- \Users\Patrick\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\modules\ExternalLibraryLoader.jsm
[2012/11/19 22:13:34 | 000,000,847 | ---- | M] () -- \Users\Patrick\AppData\Roaming\Mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}\chrome\CT3225826\content\tb\al\ac\img\ajax-loader.gif
[2012/11/19 22:13:34 | 000,001,135 | ---- | M] () -- \Users\Patrick\AppData\Roaming\Mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}\chrome\CT3225826\content\tb\al\ac\img\loader-icon.png
[2012/11/19 22:13:34 | 000,003,208 | ---- | M] () -- \Users\Patrick\AppData\Roaming\Mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}\chrome\CT3225826\content\tb\al\ui\gf\img\loader.gif
[2012/11/19 22:13:34 | 000,001,849 | ---- | M] () -- \Users\Patrick\AppData\Roaming\Mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}\chrome\CT3225826\content\tb\al\wa\TWITTER\resources\ajax-loader.gif
[2013/01/26 11:32:03 | 000,006,303 | ---- | M] () -- \Users\Patrick\AppData\Roaming\uTorrent\youtube downloader hd.exe.torrent
[2013/02/01 18:45:50 | 000,000,045 | ---- | M] () -- \Users\Patrick\AppData\Roaming\Youtube Downloader HD\YouTubeDownloaderHD.ini
[2013/01/26 11:37:56 | 000,000,780 | ---- | M] () -- \Users\Patrick\Desktop\Youtube Downloader HD.lnk
[2010/09/13 09:36:18 | 000,000,051 | ---- | M] () -- \Users\Patrick\Documents\TomTom\HOME\Backup\GO\Backup01\InternalMemory\bootloaderversion.txt
[2012/05/20 10:59:07 | 000,001,802 | ---- | M] () -- \Users\Public\Documents\Blizzard Entertainment\World of Warcraft\Logs\Downloader.log
[2012/04/16 20:25:27 | 000,082,784 | ---- | M] () -- \Windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
[2009/07/14 13:25:34 | 002,202,645 | R--- | M] () -- \Windows\Setup\SCRIPTS\Windows7Loader.exe
[2012/11/30 05:45:15 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2012/02/02 14:15:04 | 000,012,532 | ---- | M] () -- \Windows\System32\Adobe\Shockwave 11\shockwave_Projector_Loader.dcr
[2009/07/14 05:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2009/07/14 09:43:57 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2009/07/14 09:43:57 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winload.exe.mui_3bc5b827
[2009/07/14 09:43:57 | 000,030,272 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winresume.exe.mui_ff8b5358
[2012/05/02 18:44:17 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2012/05/02 18:44:17 | 000,508,904 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winload.exe_75835076
[2012/05/02 18:44:17 | 000,442,720 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winresume.exe_85cd1215
[2009/07/14 03:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009/07/14 03:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2009/07/14 09:42:11 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2009/07/14 02:47:46 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009/08/19 08:38:48 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2009/08/19 08:21:21 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20509_none_5be12f8ee6d3987e.manifest
[2010/11/20 04:02:40 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2009/07/14 02:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009/07/14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009/07/14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 05:19:58 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16850_none_0aa3bde9dd0fa7ea\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/08/18 12:09:17 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17107_none_0ae0ab79dce0fb26\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 17:45:38 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17135_none_0abe3b21dcfb1c4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 05:56:23 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17179_none_0a96fc99dd17f16b\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 05:12:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21010_none_0b587286f60d0b32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/08/20 18:42:56 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21306_none_0b6949e0f5ff7ec0\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 17:48:05 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21335_none_0b47d9d2f618b93c\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 05:44:10 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21386_none_0b12ca80f6405e48\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 05:15:45 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/08/20 18:32:13 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17932_none_0ca1c10dda240617\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 17:40:37 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_0c845227da39a5ef\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 05:45:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 05:36:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_0d001876f3621e30\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/08/20 18:23:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22091_none_0ce95442f3736a4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 17:29:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_0d3906c4f3370937\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 05:46:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_0d04f7bcf35dc79a\api-ms-win-core-libraryloader-l1-1-0.dll

< *minodlogin* /s >

< *tnod* /s >

< *AutoKMS* /s >

< *activator* /s >

< *serial* /s >
[2012/10/05 11:53:23 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2010/11/05 02:53:39 | 000,090,112 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[2009/07/14 00:45:33 | 000,083,456 | ---- | M] () -- \ProgramData\DriverGenius\Backup\Driver Backup 2-1-2013-181123\Komunikační port\serial.sys
[2009/07/14 00:45:33 | 000,083,456 | ---- | M] () -- \Users\All Users\DriverGenius\Backup\Driver Backup 2-1-2013-181123\Komunikační port\serial.sys
[2012/09/03 12:38:02 | 000,017,202 | ---- | M] () -- \Users\Patrick\AppData\Roaming\uTorrent\Age Of Empires 3 full DVD +crack + serial.iso.torrent
[2012/06/03 15:46:46 | 000,001,491 | ---- | M] () -- \Users\Patrick\AppData\Roaming\uTorrent\Ardamax Keylogger v3.7.8 + Serial - h33t.1.torrent
[2012/06/03 15:46:46 | 000,001,491 | ---- | M] () -- \Users\Patrick\AppData\Roaming\uTorrent\Ardamax Keylogger v3.7.8 + Serial - h33t.torrent
[2012/05/24 15:27:20 | 000,001,573 | ---- | M] () -- \Users\Patrick\AppData\Roaming\uTorrent\Magic Iso 5.4 + Serial.torrent
[2009/07/14 09:43:23 | 000,011,776 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009/06/10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2010/11/13 02:55:26 | 000,090,112 | ---- | M] () -- \Windows\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
[2012/10/05 11:53:23 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2013/01/10 17:16:30 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ad51da1b752b19c992fcefd56eb7c01\System.Runtime.Serialization.ni.dll
[2013/01/10 17:16:40 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\eb4fa29ea9ab56d453b36696edbe6423\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2013/01/10 18:01:11 | 002,647,040 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\48ee0e1de873152ec7e85d7456c1cc09\System.Runtime.Serialization.ni.dll
[2013/01/10 17:19:35 | 000,311,296 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\b8320ebc804bb3fc12cd164f9f0dce8b\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2013/01/10 18:03:43 | 000,009,216 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\b3367ead57bdfb24b2ac9f99b004cae5\System.Xml.Serialization.ni.dll
[2012/05/02 18:30:06 | 000,017,840 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\v4.0_4.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2013/01/09 18:36:00 | 000,122,264 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2012/05/02 18:30:06 | 000,099,208 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.RunTime.Serialization.resources\v4.0_4.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.resources.dll
[2013/01/09 18:35:59 | 001,026,936 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2013/01/09 18:36:05 | 000,011,120 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
[2009/06/10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2010/11/05 02:53:33 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2012/10/05 11:53:24 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2010/03/18 12:16:28 | 001,026,936 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2010/03/18 12:16:28 | 000,122,264 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2011/04/06 15:48:20 | 000,011,120 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll
[2010/06/15 01:33:16 | 000,017,840 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010/06/15 01:33:16 | 000,099,208 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\cs\System.RunTime.Serialization.resources.dll
[2009/07/14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2009/07/14 09:43:17 | 000,005,120 | ---- | M] () -- \Windows\System32\cs-CZ\serialui.dll.mui
[2012/12/08 18:19:19 | 000,000,000 | -H-- | M] () -- \Windows\System32\drivers\Msft_Kernel_RimSerial_01007.Wdf
[2011/07/20 14:13:16 | 000,035,328 | ---- | M] () -- \Windows\System32\drivers\RimSerial.sys
[2009/07/14 00:45:33 | 000,083,456 | ---- | M] () -- \Windows\System32\drivers\serial.sys
[2009/07/14 09:43:30 | 000,009,728 | ---- | M] () -- \Windows\System32\drivers\cs-CZ\serial.sys.mui
[2009/07/13 23:13:45 | 001,068,032 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\mdmmotsm.inf_x86_neutral_c1415d9789c54b89\smserial.sys
[2009/07/14 00:45:33 | 000,083,456 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_x86_neutral_c1a802e06677f73f\serial.sys
[2012/12/08 18:19:13 | 000,008,574 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\rimserial.inf_x86_neutral_cfa3552f34b187f9\RimSerial.cat
[2012/12/08 18:19:13 | 000,002,696 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\rimserial.inf_x86_neutral_cfa3552f34b187f9\rimserial.inf
[2012/12/08 18:19:15 | 000,009,484 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\rimserial.inf_x86_neutral_cfa3552f34b187f9\rimserial.PNF
[2011/07/20 14:13:16 | 000,035,328 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\rimserial.inf_x86_neutral_cfa3552f34b187f9\RimSerial.sys
[2009/07/13 23:09:18 | 000,031,232 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_x86_neutral_63e72c669d043f14\grserial.sys
[2009/07/14 03:18:03 | 000,002,762 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486.manifest
[2009/07/14 03:18:03 | 000,015,952 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486_kdcom.dll_db5e7744
[2009/07/14 09:43:55 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed_serialui.dll.mui_7d29d2a3
[2009/07/14 03:18:51 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a_serialui.dll_bea29328
[2009/07/14 02:52:33 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896.manifest
[2010/11/20 04:06:16 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c.manifest
[2012/10/05 18:15:39 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17966_none_a683f56a74d63285.manifest
[2012/10/05 18:17:50 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22126_none_8fb250ac8e81277d.manifest
[2009/07/14 09:42:43 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0.manifest
[2012/10/05 20:04:43 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17966_cs-cz_342f3c238422529f.manifest
[2012/10/05 20:02:24 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22126_cs-cz_1d5d97659dcd4797.manifest
[2009/07/14 02:51:52 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9.manifest
[2010/11/20 04:05:38 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f.manifest
[2012/10/05 18:15:03 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17966_none_d6c72b049c7d33b8.manifest
[2012/10/05 18:17:15 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22126_none_bff58646b62828b0.manifest
[2009/07/14 02:49:26 | 000,002,762 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486.manifest
[2009/07/14 02:45:27 | 000,000,866 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.1.7600.16385_none_2c93290b67c98d09.manifest
[2009/07/14 02:57:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b.manifest
[2010/11/20 04:10:46 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1.manifest
[2012/10/05 18:19:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_dba1d6d1dd53cdfa.manifest
[2012/10/05 18:22:10 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_c4d03213f6fec2f2.manifest
[2009/06/10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll
[2009/07/14 09:43:23 | 000,011,776 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.1.7600.16385_cs-cz_d5c3552dd9b47144\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009/06/10 22:14:06 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896\System.Runtime.Serialization.dll
[2010/11/05 02:52:39 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c\System.Runtime.Serialization.dll
[2012/10/05 11:53:24 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17966_none_a683f56a74d63285\System.Runtime.Serialization.dll
[2012/10/05 11:56:07 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22126_none_8fb250ac8e81277d\System.Runtime.Serialization.dll
[2009/07/14 09:43:37 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0\System.RunTime.Serialization.Resources.dll
[2010/11/13 02:55:26 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17966_cs-cz_342f3c238422529f\System.RunTime.Serialization.Resources.dll
[2010/11/13 03:37:50 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22126_cs-cz_1d5d97659dcd4797\System.RunTime.Serialization.Resources.dll
[2009/06/10 22:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9\System.Runtime.Serialization.dll
[2010/11/05 02:52:27 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f\System.Runtime.Serialization.dll
[2012/10/05 11:53:23 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17966_none_d6c72b049c7d33b8\System.Runtime.Serialization.dll
[2012/10/05 11:56:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22126_none_bff58646b62828b0\System.Runtime.Serialization.dll
[2009/07/13 23:13:45 | 001,068,032 | ---- | M] () -- \Windows\winsxs\x86_mdmmotsm.inf_31bf3856ad364e35_6.1.7600.16385_none_7a97936f8a972896\smserial.sys
[2009/07/14 09:43:15 | 000,011,776 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_c002c1170ca9a88f\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010/11/05 02:53:33 | 000,011,776 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_c233d4df09982c29\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009/07/14 09:43:17 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed\serialui.dll.mui
[2009/07/14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a\serialui.dll
[2009/07/14 09:43:37 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_5d4a68b4b3d26ecc\System.RunTime.Serialization.Resources.dll
[2010/11/05 02:53:39 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_5f7b7c7cb0c0f266\System.RunTime.Serialization.Resources.dll
[2009/07/14 09:43:30 | 000,009,728 | ---- | M] () -- \Windows\winsxs\x86_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_c48c78a9ad8ff996\serial.sys.mui
[2009/07/14 00:45:33 | 000,083,456 | ---- | M] () -- \Windows\winsxs\x86_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_f86e06d519b1d9a4\serial.sys
[2009/07/13 23:09:18 | 000,031,232 | ---- | M] () -- \Windows\winsxs\x86_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_7280378295916274\grserial.sys
[2009/06/10 22:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b\System.Runtime.Serialization.dll
[2010/11/05 02:52:27 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1\System.Runtime.Serialization.dll
[2012/10/05 11:53:23 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_dba1d6d1dd53cdfa\System.Runtime.Serialization.dll
[2012/10/05 11:56:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_c4d03213f6fec2f2\System.Runtime.Serialization.dll

< *w7lxe* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 209 bytes -> C:\ProgramData\TEMP:8927A071
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:B468194E

< End of report >

OTL Extras logfile created on: 2. 2. 2013 14:10:01 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Patrick\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

3,50 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 33,61% Memory free
7,00 Gb Paging File | 3,85 Gb Available in Paging File | 54,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 87,90 Gb Total Space | 49,33 Gb Free Space | 56,12% Space Free | Partition Type: NTFS
Drive D: | 377,86 Gb Total Space | 140,85 Gb Free Space | 37,27% Space Free | Partition Type: NTFS

Computer Name: PATRICK-PC | User Name: Patrick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07952664-73CC-47B8-ACF4-7C5AF484FB9D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1003D2C8-9EDE-4426-B25D-23F2B0EA2B05}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{13A8E24B-C5AF-49A8-A2B9-B9E3FACD7463}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{18B3AF2F-FA52-4ABE-919C-EFD3BC672B29}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4C8CD69C-296B-42F0-B341-AE89A487B532}" = rport=138 | protocol=17 | dir=out | app=system |
"{50E2CC56-786B-42AB-B9C0-6E8EA2D0363C}" = rport=445 | protocol=6 | dir=out | app=system |
"{595382DB-AFD4-447D-A105-693A6F4B86A5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5E5CFFC6-753E-446A-9415-C2100424FDA8}" = lport=138 | protocol=17 | dir=in | app=system |
"{6068256E-658E-46B0-AA86-68C57536205B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6572CE57-4173-49D8-8149-87951A359D6E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{68E75DD3-C443-4E33-9851-DC60F028A917}" = lport=139 | protocol=6 | dir=in | app=system |
"{6A1DDE9D-D441-42B3-820A-B16986C06BB3}" = lport=445 | protocol=6 | dir=in | app=system |
"{76C5052D-4C05-44A6-AAAD-1258BE5FF789}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9886AF6D-9A28-4AA6-A9A1-1E8AF57E229E}" = rport=137 | protocol=17 | dir=out | app=system |
"{C3BAA825-C0BC-422F-8589-A710F87287AA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CB5077C1-40FA-4D78-B4CB-72F288E34EBF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CD22F822-86E7-4497-94A7-8DDF17519EEF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DA421EFA-2F9C-48A4-90B8-2FE8981B2710}" = lport=137 | protocol=17 | dir=in | app=system |
"{DCF07F40-4B57-40C7-96EE-0F74FAC98A97}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{E56C91DE-6E8E-48C4-8EA0-D34EC32BEE5F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F26FFE3F-E2D0-4CCB-9E58-179F44E81961}" = rport=139 | protocol=6 | dir=out | app=system |
"{F2F089C6-30AD-4938-8BDE-6E6DD7FFC4BE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F22965-1C09-40D4-953C-CE3A77322914}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{0793AFA0-428E-4257-8B60-47C2744A37C5}" = protocol=17 | dir=in | app=d:\program files\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"{0DF890AB-0657-44CA-A0A3-BAA717B2C8AC}" = protocol=6 | dir=in | app=c:\users\patrick\appdata\roaming\dropbox\bin\dropbox.exe |
"{206F4BF9-14AC-4718-B50E-E18A868E245A}" = protocol=6 | dir=in | app=d:\program files\ubisoft\farcry 3\bin\fc3updater.exe |
"{2603574E-26A6-4DA9-884A-95EA16DA47D4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{28F0614E-9444-4FC6-817A-88E18CFC4A66}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2EA2448D-0D16-4AFD-B493-5F6E9DC04D56}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{30B6542C-A710-481E-907D-A25F9F5276C4}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{3B85033C-ECDE-49EA-8164-DE871EB02E64}" = protocol=17 | dir=in | app=d:\program files\ubisoft\farcry 3\bin\fc3updater.exe |
"{4371369D-C9DD-4A54-8D2B-B6C10E1E0E90}" = protocol=17 | dir=in | app=c:\users\patrick\appdata\roaming\dropbox\bin\dropbox.exe |
"{4AFF804F-83B0-42FB-9E5F-4D364631EE3E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{4C4B35A4-A678-4001-99C9-5F39F9AE8F00}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{4E52E1FC-5423-4F66-8121-CA3FB697356B}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{52ACB3CB-8B28-4082-A4CA-0F37E762579D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{52C27AF1-CB17-498E-AAFC-15D6A02ECB59}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{57A1A5DF-AC23-479F-8893-7C98AF8617BA}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{67160A4B-96A4-4127-BAFC-5CB4BD684A5C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6B8FD871-B5AF-4E49-98A0-303018416EEE}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{6CD8DDAB-422D-4C56-A14E-F30931BD5965}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{7713CB81-359C-4A87-AD47-CB3AF1C5E303}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7AF88146-BD40-4286-829B-2EB5BD2F168B}" = protocol=17 | dir=in | app=d:\program files\ubisoft\farcry 3\bin\fc3editor.exe |
"{805536CA-60BB-4841-BDD7-FA2A6077953A}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{82D851B1-B38F-4094-B239-99D2DACD5D0F}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{8A815082-E92F-436A-A424-F15247604D9A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8DBC1A51-4B8D-4888-B24D-9F1F059110C6}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{94C3BF0A-F6B1-4DEF-90BF-FAB4A4C39BE8}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{9C43C3F0-39D4-45F4-BE5B-B7643D772893}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AE2C43F4-465E-4925-8CB1-CBF8F7347519}" = protocol=6 | dir=in | app=d:\program files\ubisoft\farcry 3\bin\farcry3.exe |
"{B1029AE8-23FA-4233-8DDF-DB51A58EF6EA}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{B2139440-28F5-4369-B57C-345BFCB8865E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{B6E8B5FA-8C1A-4EC9-B924-3BA8FA8C87F0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B7B05356-022E-43C4-98E2-86F003C84C66}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BA121CC3-6D5D-4C27-A7A5-89207F9169B9}" = dir=in | app=c:\users\patrick\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{BC97C866-AE3A-4C17-A75F-D37D23A3D3A8}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{C0C1263F-C763-4783-96A4-114C7A965E4F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C76BE167-8225-4370-B086-0D03EFBCB48A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CAAE581A-AD8F-4C00-836E-BBCAFED6620A}" = dir=in | app=d:\program files\rockstar games\max payne 3\maxpayne3.exe |
"{CB3C1339-53EA-4A1C-931D-CB4DFCAB188D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CCD82B0F-FFAA-4D59-93CE-E51A7E7B0D59}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{CE0FC233-A0A8-4E06-90AA-1DD5364627F8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CE7F7787-E25C-4033-B2E2-1660B6B58667}" = protocol=17 | dir=in | app=d:\program files\ubisoft\farcry 3\bin\farcry3.exe |
"{D2F5DABD-13F0-40D7-AC28-354B3B835002}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D47B4E49-96F3-4884-8202-66B6B0AF9A96}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DC49B424-812E-4F91-92FA-14DDA0AC5F91}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DEC9D2B3-EAA4-4C21-BAB7-BB6EBD13D760}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E1178CD5-C086-4669-998C-D5CC41B7C8EB}" = protocol=6 | dir=out | app=system |
"{E338A363-45D2-46C4-8BCA-B3E8C4E92F09}" = protocol=6 | dir=in | app=d:\program files\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"{E52667D7-2C46-405F-9904-5F4150114A2D}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{E85A4ED6-2E06-48D1-BD33-F5FD8DA0F233}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EF43E6BD-3ACF-4FE0-A151-C4F53F139586}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F76611A0-0CE1-403F-B58D-E87207BFA555}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{F78E869E-8BF7-4393-AA38-48C9087FBEA5}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{FD6CB3C9-0DF9-4F78-8877-CC2B1B0F9EF3}" = protocol=6 | dir=in | app=d:\program files\ubisoft\farcry 3\bin\fc3editor.exe |
"TCP Query User{729D926E-4001-45D6-9F12-229C33319424}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{CBF4B925-B445-40CF-BEA4-58CFC708289E}C:\programdata\battle.net\agent\agent.749\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe |
"UDP Query User{686B3F9E-5B1A-403E-BC27-BAA0CC2EB4CE}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{83C2A2BF-B947-45A0-B9DB-499703A061F1}C:\programdata\battle.net\agent\agent.749\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 5.8
"{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}" = Alcor Micro USB Card Reader
"{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{731E713B-C13E-4527-B624-8A6DF2D33DAF}" = AVG 2013
"{76CD7040-0755-4A39-8AA2-741A95E516C7}" = Splash PRO
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7FD093C2-3493-4B17-BB15-B129A7D1DC51}" = AVG 2013
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{90120000-0015-041B-0000-0000000FF1CE}" = Microsoft Office Access MUI (Slovak) 2007
"{90120000-0016-041B-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Slovak) 2007
"{90120000-0018-041B-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Slovak) 2007
"{90120000-0019-041B-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Slovak) 2007
"{90120000-001A-041B-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Slovak) 2007
"{90120000-001B-041B-0000-0000000FF1CE}" = Microsoft Office Word MUI (Slovak) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040E-0000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-041B-0000-0000000FF1CE}" = Microsoft Office Proofing (Slovak) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-041B-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Slovak) 2007
"{90120000-006E-041B-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Slovak) 2007
"{90120000-00A1-041B-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Slovak) 2007
"{90120000-00BA-041B-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Slovak) 2007
"{91C0B95B-B83A-4828-A775-BBE2DD421051}" = Nero 7 Premium
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6
"{A2DE62D8-EF1B-36CB-B461-B1E221ED8608}" = Microsoft .NET Framework 4 Extended CSY Language Pack
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Ovladač 3D Vision 307.74
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 307.74
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Ovladače grafiky 307.74
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Ovladač řídící jednotky 3D Vision 307.74
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Systémový software PhysX 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizace NVIDIA 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B57D952C-5836-43E1-944B-2A6C58F6886A}_is1" = nJoy 1.0.2.6
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio Basic VX
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{E99EDC34-96B1-4297-B20B-BFB179D6523B}" = Alcor Micro USB Card Reader
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FD1C729D-EDD3-4142-8980-7EA36F19D500}" = Alcor Micro USB Card Reader
"«Sleeping Dogs - Limited Edition»_is1" = «Sleeping Dogs - Limited Edition»
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AmUStor" = Alcor Micro USB Card Reader
"aTube Catcher" = aTube Catcher
"AVG" = AVG 2013
"Creative VF0330" = Creative WebCam Vista/Live! Cam Chat (VF0330) Driver (1.12.01.00)
"CZ SK IPTV v2.0.4" = CZ SK IPTV v2.0.4
"DAEMON Tools Lite" = DAEMON Tools Lite
"DMC Devi May Cry (c) Capcom_is1" = DMC Devi May Cry (c) Capcom version 1
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}" = Alcor Micro USB Card Reader
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended CSY Language Pack" = Microsoft .NET Framework 4 Extended CSY Language Pack
"Mirillis Splash PRO EX" = Splash PRO EX
"Mobile Partner" = Mobile Partner
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 11.62.1347" = Opera 11.62
"PunkBusterSvc" = PunkBuster Services
"Rockstar Games Social Club" = Rockstar Games Social Club
"SpeedFan" = SpeedFan (remove only)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"World of Warcraft" = World of Warcraft
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 2.9.6

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3534632487-2100141749-3601174974-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3534632487-2100141749-3601174974-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Counter-Strike 1.6_is1" = Counter-Strike 1.6 v42
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1. 2. 2013 8:21:16 | Computer Name = Patrick-PC | Source = RasClient | ID = 20227
Description =

Error - 1. 2. 2013 13:08:32 | Computer Name = Patrick-PC | Source = MsiInstaller | ID = 11309
Description =

Error - 1. 2. 2013 13:08:33 | Computer Name = Patrick-PC | Source = MsiInstaller | ID = 11309
Description =

Error - 1. 2. 2013 13:08:36 | Computer Name = Patrick-PC | Source = MsiInstaller | ID = 11309
Description =

Error - 1. 2. 2013 13:21:06 | Computer Name = Patrick-PC | Source = MsiInstaller | ID = 11500
Description =

Error - 1. 2. 2013 13:27:14 | Computer Name = Patrick-PC | Source = RasClient | ID = 20227
Description =

Error - 1. 2. 2013 13:27:34 | Computer Name = Patrick-PC | Source = RasClient | ID = 20227
Description =

Error - 1. 2. 2013 13:59:26 | Computer Name = Patrick-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: SplashProEx.exe, verze: 1.13.1.0, časové
razítko: 0x50b65da3 Název chybujícího modulu: ntdll.dll, verze: 6.1.7601.17725,
časové razítko: 0x4ec49b60 Kód výjimky: 0xc0000374 Posun chyby: 0x000c380b ID chybujícího
procesu: 0x15e0 Čas spuštění chybující aplikace: 0x01ce00a503091115 Cesta k chybující
aplikaci: C:\Program Files\Mirillis\Splash PRO EX\SplashProEx.exe Cesta k chybujícímu
modulu: C:\Windows\SYSTEM32\ntdll.dll ID zprávy: 1dc335f9-6c99-11e2-a3be-00241dd8bda8

Error - 2. 2. 2013 5:38:05 | Computer Name = Patrick-PC | Source = RasClient | ID = 20227
Description =

Error - 2. 2. 2013 5:38:41 | Computer Name = Patrick-PC | Source = RasClient | ID = 20227
Description =

Error - 2. 2. 2013 5:39:35 | Computer Name = Patrick-PC | Source = RasClient | ID = 20227
Description =

[ OSession Events ]
Error - 26. 1. 2013 12:53:11 | Computer Name = Patrick-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 146 seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4. 9. 2012 11:15:25 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7038
Description = Služba nvUpdatusService se nemohla přihlásit jako .\UpdatusUser s
aktuálně konfigurovaným heslem z důvodu následující chyby: %%1330 Chcete-li zajistit
správnou konfiguraci služby, použijte modul snap-in Služby konzoly Microsoft Management
Console (MMC).

Error - 4. 9. 2012 11:15:25 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7000
Description = Služba NVIDIA Update Service Daemon neuspěla při spuštění v důsledku
následující chyby: %%1069

Error - 4. 9. 2012 15:02:29 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7038
Description = Služba nvUpdatusService se nemohla přihlásit jako .\UpdatusUser s
aktuálně konfigurovaným heslem z důvodu následující chyby: %%1330 Chcete-li zajistit
správnou konfiguraci služby, použijte modul snap-in Služby konzoly Microsoft Management
Console (MMC).

Error - 4. 9. 2012 15:02:29 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7000
Description = Služba NVIDIA Update Service Daemon neuspěla při spuštění v důsledku
následující chyby: %%1069

Error - 5. 9. 2012 8:11:21 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7038
Description = Služba nvUpdatusService se nemohla přihlásit jako .\UpdatusUser s
aktuálně konfigurovaným heslem z důvodu následující chyby: %%1330 Chcete-li zajistit
správnou konfiguraci služby, použijte modul snap-in Služby konzoly Microsoft Management
Console (MMC).

Error - 5. 9. 2012 8:11:21 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7000
Description = Služba NVIDIA Update Service Daemon neuspěla při spuštění v důsledku
následující chyby: %%1069

Error - 6. 9. 2012 13:51:21 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7038
Description = Služba nvUpdatusService se nemohla přihlásit jako .\UpdatusUser s
aktuálně konfigurovaným heslem z důvodu následující chyby: %%1330 Chcete-li zajistit
správnou konfiguraci služby, použijte modul snap-in Služby konzoly Microsoft Management
Console (MMC).

Error - 6. 9. 2012 13:51:21 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7000
Description = Služba NVIDIA Update Service Daemon neuspěla při spuštění v důsledku
následující chyby: %%1069

Error - 8. 9. 2012 13:45:45 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7038
Description = Služba nvUpdatusService se nemohla přihlásit jako .\UpdatusUser s
aktuálně konfigurovaným heslem z důvodu následující chyby: %%1330 Chcete-li zajistit
správnou konfiguraci služby, použijte modul snap-in Služby konzoly Microsoft Management
Console (MMC).

Error - 8. 9. 2012 13:45:45 | Computer Name = Patrick-PC | Source = Service Control Manager | ID = 7000
Description = Služba NVIDIA Update Service Daemon neuspěla při spuštění v důsledku
následující chyby: %%1069

< End of report >

Nejak jste zapomnel odpovedet na mou otazku.

Ale log to udelal za vas. Vidim tam crack na windows, takze neni co resit. Pravidla fora hovori jasne http://forum.viry.cz/viewtopic.php?f=12&t=115512

Pomáhat NELZE:
2) Pokud stroj uživatele prokazatelně obsahuje nelegální hostitelský čí ochranný software
(operační systém, antivir, firewall, atd.), je nutné navést uživatele k nápravě, např. skrze neplacený software,
a začít řešit, až v době kdy je PC "v pořádku". V případě že uživatel nechce na pravidla přistoupit,
je nutné jej vyzvat ať fórum opustí, a vrátí se až je splní.

ja mam tento windows od kedy som kupil PC tento windows tam bol od zaciatku .

To nic nemeni na tom, ze je ten system cracknuty. Pokud jste platil i za system, prodejce vas osidil.

10.3.2013 pro neaktivitu

http://forum.viry.cz/viewtopic.php?f=12&t=123975

VIRY.CZ

Zpomalený počítač

Zpomalený počítač

Re: Zpomalený počítač

Re: Zpomalený počítač

Re: Zpomalený počítač

Re: Zpomalený počítač

Re: Zpomalený počítač

Re: Zpomalený počítač

Re: Zpomalený počítač

Re: Zpomalený počítač