VIRY.CZ

Logfile of random's system information tool 1.09 (written by random/random)
Run by Pc at 2013-09-24 00:11:06
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 7 GB (16%) free of 44 GB
Total RAM: 1983 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:11:16, on 24. 9. 2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16686)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\tsnpstd3.exe
C:\Windows\vsnpstd3.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\T-Mobile Communication Center\TMCC.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\YoWindow\yowindow.exe
C:\Users\Pc\AppData\Local\Pokki\Engine\pokki.exe
C:\Users\Pc\AppData\Local\Pokki\Engine\pokki.exe
C:\Users\Pc\AppData\Local\Pokki\Engine\pokki.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASC.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Opera\opera.exe
C:\Windows\system32\DllHost.exe
C:\Users\Pc\AppData\Local\Temp\{4936616A-6147-4461-A299-73F9D8AABDE0}\Setup.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Pc\AppData\Local\Opera\Opera\temporary_downloads\RSIT.exe
C:\Program Files\trend micro\Pc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.amazon.com/websearch/ref=bit ... 3_SK_ie_sp_
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, enhanced for Bing and MSN
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: AlxHelper - {F443A627-5009-4323-9C1D-7FD598D0D712} - C:\Program Files\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
O3 - Toolbar: Amazon Browser Bar - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [TMCC] "C:\Program Files\T-Mobile Communication Center\TMCC.exe" -m
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Pc\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Pokki] C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\LaunchDeskband.dll",RunLaunchDeskband
O4 - HKCU\..\Run: [BitTorrent] "C:\Users\Pc\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Advanced SystemCare 6] "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: YoWindow.lnk = C:\Program Files\YoWindow\yowindow.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Pc\Desktop\PartyPoker.lnk
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Pc\Desktop\PartyPoker.lnk
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
O23 - Service: Mobility Manager Service (FMMService) - Flarion Technologies, Inc. - C:\PROGRA~1\T-MOBI~1\drivers\113F4D~1\FMMSER~1.EXE
O23 - Service: FOFDM DHCP Timing - Paradoxx Software - C:\PROGRA~1\T-MOBI~1\FOFDMD~1.EXE
O23 - Service: FOFDM Upgrade (FOFDMUpgrade) - Paradoxx Software - C:\PROGRA~1\T-MOBI~1\FOFDMU~1.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShow Producer\ScsiAccess.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Updater Service for AMZN - Unknown owner - C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe

--
End of file - 7257 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3189499562-1487113568-3171820617-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3189499562-1487113568-3171820617-1000UA1ce7f96d1ebc2d0.job
C:\Windows\tasks\RegClean Pro_DEFAULT.job
C:\Windows\tasks\RegClean Pro_UPDATES.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Pc\AppData\Roaming\Mozilla\Firefox\Profiles\uv7iealo.default

prefs.js - "browser.search.useDBForOrder" - false
prefs.js - "browser.startup.homepage" - "http://www.amazon.com/websearch/ref=bit ... 3_SK_ff_sp_"
prefs.js - "keyword.URL" - "http://www.amazon.com/websearch/ref=bit ... ab_&query="

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.168 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@photodex.com/PhotodexPresenter]
"Description"=Photodex Presenter Plugin
"Path"=C:\Program Files\Photodex Presenter\npPxPlay.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

C:\Users\Pc\AppData\Roaming\Mozilla\Firefox\Profiles\uv7iealo.default\extensions\
abb@amazon.com

C:\Users\Pc\AppData\Roaming\Mozilla\Firefox\Profiles\uv7iealo.default\searchplugins\
amazon.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-08-14 4533120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-03-19 56712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F443A627-5009-4323-9C1D-7FD598D0D712}]
AlxHelper Class - C:\Program Files\Amazon Browser Bar\AmazonBrowserBar.3.0.dll [2012-08-15 2162272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EA582743-9076-4178-9AA6-7393FDF4D5CE} - Amazon Browser Bar - C:\Program Files\Amazon Browser Bar\AmazonBrowserBar.3.0.dll [2012-08-15 2162272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2006-11-22 90191]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2006-11-22 7757824]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2006-11-22 81920]
"tsnpstd3"=C:\Windows\tsnpstd3.exe [2007-03-30 262144]
"snpstd3"=C:\Windows\vsnpstd3.exe [2006-09-18 843776]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-05-04 252136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TMCC"=C:\Program Files\T-Mobile Communication Center\TMCC.exe [2012-01-04 843776]
"Rainlendar2"=C:\Program Files\Rainlendar2\Rainlendar2.exe [2011-08-12 2433024]
"Google Update"=C:\Users\Pc\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-11 136176]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2013-06-03 19603048]
"Pokki"=C:\Users\Pc\AppData\Local\Pokki\Engine\LaunchDeskband.dll [2013-06-06 273688]
"BitTorrent"=C:\Users\Pc\AppData\Roaming\BitTorrent\BitTorrent.exe [2013-09-16 1133392]
"Advanced SystemCare 6"=C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe [2012-09-24 490880]

C:\Users\Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe
YoWindow.lnk - C:\Program Files\YoWindow\yowindow.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2013-05-31 204800]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Windows\system32\wmpsl64.exe"="C:\Windows\system32\wmpsl64.exe:*:Enabled:Windows Media Scheduler"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.divx"=divx.dll
"vidc.yv12"=divx.dll
"vidc.xvid"=xvidvfw.dll
"vidc.ffds"=ff_vfw.dll
"msacm.ac3filter"=ac3filter.acm
"msacm.divxa32"=DivXa32.acm
"msacm.lameacm"=LameACM.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2013-09-24 00:11:06 ----D---- C:\rsit
2013-09-24 00:06:46 ----SHD---- C:\Config.Msi
2013-09-23 23:58:06 ----D---- C:\ProgramData\IObit
2013-09-23 23:57:55 ----D---- C:\Users\Pc\AppData\Roaming\IObit
2013-09-23 23:57:37 ----D---- C:\Program Files\IObit
2013-09-23 22:16:23 ----D---- C:\Program Files\Amazon
2013-09-23 22:15:38 ----D---- C:\Program Files\Amazon Browser Bar
2013-09-23 22:15:11 ----D---- C:\Program Files\MyPC Backup
2013-09-23 22:13:46 ----D---- C:\Program Files\RegClean Pro
2013-09-23 21:55:02 ----D---- C:\Users\Pc\AppData\Roaming\ParetoLogic
2013-09-23 21:55:02 ----D---- C:\Users\Pc\AppData\Roaming\DriverCure
2013-09-23 21:54:31 ----D---- C:\ProgramData\ParetoLogic
2013-09-19 09:29:33 ----ASH---- C:\pagefile.sys
2013-09-16 10:42:04 ----HD---- C:\Windows\msdownld.tmp
2013-09-16 10:30:13 ----D---- C:\Program Files\Conduit
2013-09-16 10:28:09 ----D---- C:\Users\Pc\AppData\Roaming\BitTorrent
2013-09-14 06:23:51 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2013-09-13 13:26:23 ----D---- C:\Users\Pc\AppData\Roaming\GRETECH
2013-09-13 13:26:01 ----D---- C:\Users\Pc\AppData\Roaming\OpenCandy
2013-09-13 13:26:01 ----D---- C:\Program Files\GRETECH
2013-09-11 11:45:27 ----A---- C:\Windows\system32\jscript.dll
2013-09-11 11:45:26 ----A---- C:\Windows\system32\jscript9.dll
2013-09-11 11:45:25 ----A---- C:\Windows\system32\jsproxy.dll
2013-09-11 11:45:25 ----A---- C:\Windows\system32\iesetup.dll
2013-09-11 11:45:24 ----A---- C:\Windows\system32\ieui.dll
2013-09-11 11:45:23 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-11 11:45:23 ----A---- C:\Windows\system32\msfeeds.dll
2013-09-11 11:45:23 ----A---- C:\Windows\system32\iesysprep.dll
2013-09-11 11:45:23 ----A---- C:\Windows\system32\iernonce.dll
2013-09-11 11:45:23 ----A---- C:\Windows\system32\ie4uinit.exe
2013-09-11 11:45:22 ----A---- C:\Windows\system32\urlmon.dll
2013-09-11 11:45:22 ----A---- C:\Windows\system32\iertutil.dll
2013-09-11 11:45:20 ----A---- C:\Windows\system32\wininet.dll
2013-09-11 11:45:19 ----A---- C:\Windows\system32\ieframe.dll
2013-09-11 11:45:15 ----A---- C:\Windows\system32\mshtml.dll
2013-09-11 09:19:05 ----A---- C:\Windows\system32\shell32.dll
2013-09-11 09:19:04 ----A---- C:\Windows\system32\shdocvw.dll
2013-09-11 09:18:59 ----A---- C:\Windows\system32\KernelBase.dll
2013-09-11 09:18:59 ----A---- C:\Windows\system32\kernel32.dll
2013-09-11 09:18:58 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 09:18:58 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 09:18:58 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 09:18:58 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 09:18:58 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 09:18:58 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 09:18:58 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 09:18:58 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 09:18:58 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 09:18:58 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 09:18:58 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 09:18:58 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 09:18:58 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 09:18:58 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 09:18:58 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 09:18:58 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 09:18:58 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 09:18:58 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 09:18:58 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 09:18:58 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 09:18:58 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 09:18:58 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 09:18:58 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 09:18:58 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 09:18:58 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 09:18:58 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 09:18:58 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 09:18:58 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 09:18:58 ----A---- C:\Windows\system32\winsrv.dll
2013-09-11 09:18:58 ----A---- C:\Windows\system32\conhost.exe
2013-09-11 09:18:56 ----A---- C:\Windows\system32\win32k.sys
2013-09-03 11:22:15 ----D---- C:\Windows\Sun

======List of files/folders modified in the last 1 month======

2013-09-24 00:11:16 ----D---- C:\Program Files\trend micro
2013-09-24 00:11:08 ----D---- C:\Windows\temp
2013-09-24 00:07:21 ----SHD---- C:\Windows\Installer
2013-09-24 00:07:21 ----RD---- C:\Program Files
2013-09-24 00:07:04 ----D---- C:\Windows\system32\drivers
2013-09-24 00:04:28 ----D---- C:\Users\Pc\AppData\Roaming\Skype
2013-09-24 00:04:28 ----D---- C:\Users\Pc\AppData\Roaming\Azureus
2013-09-24 00:00:53 ----D---- C:\Windows\system32\config
2013-09-23 23:58:28 ----D---- C:\Windows\system32\Tasks
2013-09-23 23:58:06 ----D---- C:\ProgramData
2013-09-23 23:31:37 ----D---- C:\Users\Pc\AppData\Roaming\Media Player Classic
2013-09-23 23:30:18 ----D---- C:\Windows\debug
2013-09-23 23:30:18 ----D---- C:\Windows
2013-09-23 22:47:45 ----SHD---- C:\Windows\System32
2013-09-23 22:47:41 ----D---- C:\Users\Pc\AppData\Roaming\systweak
2013-09-23 22:20:52 ----D---- C:\Windows\system32\catroot2
2013-09-23 22:20:41 ----SHD---- C:\System Volume Information
2013-09-23 22:15:08 ----D---- C:\Windows\Tasks
2013-09-23 22:14:50 ----D---- C:\Windows\Prefetch
2013-09-23 22:06:10 ----D---- C:\Program Files\Common Files
2013-09-23 10:50:25 ----D---- C:\Users\Pc\AppData\Roaming\vlc
2013-09-21 23:19:24 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-09-21 23:19:23 ----D---- C:\Windows\inf
2013-09-19 02:06:46 ----D---- C:\Users\Pc\AppData\Roaming\Mozilla
2013-09-19 01:14:56 ----SD---- C:\Users\Pc\AppData\Roaming\Microsoft
2013-09-18 09:29:53 ----D---- C:\Windows\system32\NDF
2013-09-17 12:04:53 ----D---- C:\Windows\system32\catroot
2013-09-16 10:42:08 ----D---- C:\Program Files\Internet Explorer
2013-09-16 09:08:45 ----D---- C:\Windows\system32\DriverStore
2013-09-13 20:22:54 ----D---- C:\ProgramData\Microsoft Help
2013-09-11 16:21:33 ----D---- C:\Windows\winsxs
2013-09-11 16:18:34 ----D---- C:\Windows\system32\cs-CZ
2013-09-11 11:42:04 ----D---- C:\Windows\system32\MRT
2013-09-11 11:39:48 ----A---- C:\Windows\system32\MRT.exe
2013-09-06 21:45:02 ----D---- C:\Program Files\PokerStars
2013-08-25 02:10:05 ----D---- C:\Program Files\Mozilla Maintenance Service

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvstor32;nvstor32; C:\Windows\system32\DRIVERS\nvstor32.sys [2006-12-22 93696]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-25 242240]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2012-10-08 46056]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2009-07-14 1035776]
R3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2013-07-28 73216]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-01-15 1032104]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2006-11-14 11648]
R3 O2MDRDR;O2MDRDR; C:\Windows\system32\DRIVERS\o2media.sys [2008-07-15 51288]
R3 O2SDRDR;O2SDRDR; C:\Windows\system32\DRIVERS\o2sd.sys [2008-06-12 43608]
R3 rt61x86;Ralink RT61 Wireless Driver for Windows Vista; C:\Windows\system32\DRIVERS\netr61.sys [2009-07-17 335872]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [2013-07-28 102784]
S3 ewusbmbb;HUAWEI USB-WWAN miniport; C:\Windows\system32\DRIVERS\ewusbwwan.sys [2013-07-28 349184]
S3 FlrnUSB;Leadtek USB Network Interface; C:\Windows\system32\DRIVERS\LtkUSB.sys [2012-01-10 42984]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2013-07-28 194816]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 84992]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\Windows\system32\DRIVERS\snpstd3.sys [2007-05-17 10246400]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdvancedSystemCareService6;Advanced SystemCare Service 6; C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe [2012-10-12 1026432]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 FMMService;Mobility Manager Service; C:\PROGRA~1\T-MOBI~1\drivers\113F4D~1\FMMSER~1.EXE [2012-01-10 40960]
R2 FOFDM DHCP Timing;FOFDM DHCP Timing; C:\PROGRA~1\T-MOBI~1\FOFDMD~1.EXE [2011-02-16 81920]
R2 FOFDMUpgrade;FOFDM Upgrade; C:\PROGRA~1\T-MOBI~1\FOFDMU~1.EXE [2011-02-16 188416]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 NAUpdate;@C:\Program Files\Nero\Update\NASvc.exe,-200; C:\Program Files\Nero\Update\NASvc.exe [2010-05-04 503080]
R2 o2flash;O2Micro Flash Memory Card Service; C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe [2007-02-12 65536]
R2 ScsiAccess;ScsiAccess; C:\Program Files\Photodex\ProShow Producer\ScsiAccess.exe [2013-03-02 186760]
R2 Skype C2C Service;Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-08-14 3291008]
R2 Updater Service for AMZN;Updater Service for AMZN; C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe [2013-03-21 222368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-06-03 162408]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-20 257416]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-10 136120]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-08-23 117656]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-01-13 1343400]

-----------------EOF-----------------

Zdravim

Se nedivte, kdyz tam nemate antivir


Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

Používal som skusobnu verziu ESET, potom som si dal microsoft antivirus, zacal blbnut pc, ale nic nenaslo, tak som ho odinstaloval, že to skusim zrychliť nejakym program typu (speed up my pc, reg clean pro) a jeden z tych programov mi pri kontrole ukazal nieco z nazvom trojan atd. Tak som stiahol avast , prescanoval pocitac ale nic nenaslo. Idem spravit čo ste napisali.

OTL logfile created on: 24. 9. 2013 9:37:31 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pc\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

1,94 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 43,51% Memory free
3,87 Gb Paging File | 2,60 Gb Available in Paging File | 67,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 43,33 Gb Total Space | 7,16 Gb Free Space | 16,53% Space Free | Partition Type: NTFS
Drive D: | 68,36 Gb Total Space | 19,85 Gb Free Space | 29,04% Space Free | Partition Type: NTFS

Computer Name: PC-PC | User Name: Pc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/24 09:28:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pc\Desktop\OTL.exe
PRC - [2013/09/15 11:10:14 | 000,064,008 | ---- | M] (Google) -- C:\Users\Pc\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2013/08/30 09:47:34 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/08/30 09:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/08/14 11:10:26 | 003,291,008 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/07/05 21:26:15 | 000,879,456 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2013/06/06 03:02:22 | 007,519,512 | ---- | M] (Pokki) -- C:\Users\Pc\AppData\Local\Pokki\Engine\pokki.exe
PRC - [2013/03/21 20:24:12 | 000,222,368 | ---- | M] () -- C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe
PRC - [2013/03/02 20:10:56 | 000,186,760 | ---- | M] () -- C:\Program Files\Photodex\ProShow Producer\scsiaccess.exe
PRC - [2012/11/23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/03/13 21:00:48 | 000,856,576 | ---- | M] (Repkasoft) -- C:\Program Files\YoWindow\yowindow.exe
PRC - [2012/01/10 21:52:53 | 000,040,960 | ---- | M] (Flarion Technologies, Inc.) -- C:\Program Files\T-Mobile Communication Center\drivers\113f4d83611fc2aa951f28af158322ff\FMMService.exe
PRC - [2012/01/04 20:31:18 | 000,843,776 | ---- | M] (Slovak Telekom a.s.) -- C:\Program Files\T-Mobile Communication Center\TMCC.exe
PRC - [2011/08/12 07:45:18 | 002,433,024 | ---- | M] () -- C:\Program Files\Rainlendar2\Rainlendar2.exe
PRC - [2011/05/04 14:59:48 | 000,506,088 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/02/16 16:14:36 | 000,188,416 | ---- | M] (Paradoxx Software) -- C:\Program Files\T-Mobile Communication Center\FOFDMUpgrade.exe
PRC - [2011/02/16 16:14:36 | 000,081,920 | ---- | M] (Paradoxx Software) -- C:\Program Files\T-Mobile Communication Center\FofdmDhcp.exe
PRC - [2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2009/02/23 20:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2007/03/30 18:44:20 | 000,262,144 | ---- | M] (SONIX) -- C:\Windows\tsnpstd3.exe
PRC - [2007/02/12 17:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2006/09/18 15:12:12 | 000,843,776 | ---- | M] () -- C:\Windows\vsnpstd3.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/05 21:26:23 | 000,835,584 | ---- | M] () -- C:\Program Files\Opera\gstreamer\gstreamer.dll
MOD - [2013/07/05 21:26:23 | 000,312,832 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstoggdec.dll
MOD - [2013/07/05 21:26:23 | 000,158,208 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
MOD - [2013/07/05 21:26:23 | 000,101,888 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwebmdec.dll
MOD - [2013/07/05 21:26:23 | 000,096,256 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstcoreplugins.dll
MOD - [2013/07/05 21:26:23 | 000,094,208 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioresample.dll
MOD - [2013/07/05 21:26:23 | 000,093,696 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioconvert.dll
MOD - [2013/07/05 21:26:23 | 000,073,728 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwavparse.dll
MOD - [2013/07/05 21:26:23 | 000,067,072 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdirectsound.dll
MOD - [2013/07/05 21:26:23 | 000,062,976 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdecodebin2.dll
MOD - [2013/07/05 21:26:23 | 000,057,344 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstautodetect.dll
MOD - [2013/07/05 21:26:23 | 000,038,912 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwaveform.dll
MOD - [2013/06/06 03:02:24 | 001,517,848 | ---- | M] () -- C:\Users\Pc\AppData\Local\Pokki\ocdeskband_0.dll
MOD - [2013/01/26 04:53:28 | 000,716,288 | ---- | M] () -- C:\Users\Pc\AppData\Local\Pokki\Engine\libGLESv2.dll
MOD - [2013/01/26 04:53:28 | 000,569,856 | ---- | M] () -- C:\Users\Pc\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll
MOD - [2013/01/26 04:53:28 | 000,130,048 | ---- | M] () -- C:\Users\Pc\AppData\Local\Pokki\Engine\libEGL.dll
MOD - [2013/01/26 00:07:56 | 001,400,846 | ---- | M] () -- C:\Users\Pc\AppData\Local\Pokki\Engine\avcodec-54.dll
MOD - [2013/01/26 00:07:54 | 000,222,734 | ---- | M] () -- C:\Users\Pc\AppData\Local\Pokki\Engine\avformat-54.dll
MOD - [2013/01/26 00:07:54 | 000,151,054 | ---- | M] () -- C:\Users\Pc\AppData\Local\Pokki\Engine\avutil-51.dll
MOD - [2012/01/04 20:33:54 | 002,752,512 | ---- | M] () -- C:\Program Files\T-Mobile Communication Center\default.tms
MOD - [2011/08/12 07:45:26 | 000,198,144 | ---- | M] () -- C:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll
MOD - [2011/08/12 07:45:18 | 002,433,024 | ---- | M] () -- C:\Program Files\Rainlendar2\Rainlendar2.exe
MOD - [2010/12/12 12:58:14 | 000,502,784 | ---- | M] () -- C:\Program Files\Rainlendar2\wxmsw28u_xrc_vc_rny.dll
MOD - [2010/12/12 12:58:00 | 000,131,584 | ---- | M] () -- C:\Program Files\Rainlendar2\wxbase28u_xml_vc_rny.dll
MOD - [2010/12/12 12:57:56 | 000,485,376 | ---- | M] () -- C:\Program Files\Rainlendar2\wxmsw28u_html_vc_rny.dll
MOD - [2010/12/12 12:57:44 | 000,707,584 | ---- | M] () -- C:\Program Files\Rainlendar2\wxmsw28u_adv_vc_rny.dll
MOD - [2010/12/12 12:57:36 | 002,633,216 | ---- | M] () -- C:\Program Files\Rainlendar2\wxmsw28u_core_vc_rny.dll
MOD - [2010/12/12 12:56:46 | 001,205,760 | ---- | M] () -- C:\Program Files\Rainlendar2\wxbase28u_vc_rny.dll
MOD - [2010/05/23 20:20:08 | 000,012,288 | ---- | M] () -- C:\Program Files\Rainlendar2\lfs.dll
MOD - [2010/05/23 20:20:04 | 000,126,976 | ---- | M] () -- C:\Program Files\Rainlendar2\lua51.dll
MOD - [2008/09/30 21:30:57 | 000,294,912 | ---- | M] () -- C:\Program Files\WinRAR\Rarlng.dll
MOD - [2008/09/16 21:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2006/09/18 15:12:12 | 000,843,776 | ---- | M] () -- C:\Windows\vsnpstd3.exe


========== Services (SafeList) ==========

SRV - [2013/09/20 16:58:45 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/30 09:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/08/23 18:48:25 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/08/14 11:10:26 | 003,291,008 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/06/03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/03/21 20:24:12 | 000,222,368 | ---- | M] () [Auto | Running] -- C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe -- (Updater Service for AMZN)
SRV - [2013/03/02 20:10:56 | 000,186,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShow Producer\scsiaccess.exe -- (ScsiAccess)
SRV - [2012/01/13 11:29:47 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/01/10 21:52:53 | 000,040,960 | ---- | M] (Flarion Technologies, Inc.) [Auto | Running] -- C:\Program Files\T-Mobile Communication Center\drivers\113f4d83611fc2aa951f28af158322ff\FMMService.exe -- (FMMService)
SRV - [2011/02/16 16:14:36 | 000,188,416 | ---- | M] (Paradoxx Software) [Auto | Running] -- C:\Program Files\T-Mobile Communication Center\FOFDMUpgrade.exe -- (FOFDMUpgrade)
SRV - [2011/02/16 16:14:36 | 000,081,920 | ---- | M] (Paradoxx Software) [Auto | Running] -- C:\Program Files\T-Mobile Communication Center\FofdmDhcp.exe -- (FOFDM DHCP Timing)
SRV - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2007/02/12 17:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - [2013/08/30 09:48:13 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/08/30 09:48:13 | 000,177,864 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/08/30 09:48:13 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/08/30 09:48:12 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/08/30 09:48:12 | 000,061,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/08/30 09:48:12 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/08/30 09:48:11 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/08/30 09:48:11 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/07/28 16:48:59 | 000,349,184 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbwwan.sys -- (ewusbmbb)
DRV - [2013/07/28 16:48:59 | 000,194,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2013/07/28 16:48:57 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2013/07/28 16:48:57 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2012/10/08 09:21:08 | 000,046,056 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV - [2012/01/25 23:35:16 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/01/10 21:52:53 | 000,042,984 | ---- | M] (Qualcomm Flarion Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LtkUSB.sys -- (FlrnUSB)
DRV - [2010/11/20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/17 18:02:02 | 000,335,872 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr61.sys -- (rt61x86)
DRV - [2009/07/14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/06/10 23:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/07/15 17:38:36 | 000,051,288 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008/06/12 10:28:56 | 000,043,608 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2007/05/17 19:01:40 | 010,246,400 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3)
DRV - [2007/01/15 18:35:18 | 001,032,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2006/12/22 21:07:10 | 000,093,696 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2006/11/14 11:04:48 | 000,011,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-3189499562-1487113568-3171820617-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3189499562-1487113568-3171820617-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.amazon.com/websearch/ref=bit ... 3_SK_ie_sp_
IE - HKU\S-1-5-21-3189499562-1487113568-3171820617-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 74 BA 60 2C D2 CC 01 [binary data]
IE - HKU\S-1-5-21-3189499562-1487113568-3171820617-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3189499562-1487113568-3171820617-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3189499562-1487113568-3171820617-1000\..\SearchScopes,DefaultScope = {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF}
IE - HKU\S-1-5-21-3189499562-1487113568-3171820617-1000\..\SearchScopes\{048B70D7-D14B-4CFD-B1B4-A5182A8A3374}: "URL" = http://www.google.com/search?q={searchT ... f8&oe=utf8
IE - HKU\S-1-5-21-3189499562-1487113568-3171820617-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE10SR
IE - HKU\S-1-5-21-3189499562-1487113568-3171820617-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKU\S-1-5-21-3189499562-1487113568-3171820617-1000\..\SearchScopes\{8F0D6F38-3FB8-45D0-8431-506BB8E9070C}: "URL" = http://search.softonic.com/MON00005/tb_ ... &cc=&r=748
IE - HKU\S-1-5-21-3189499562-1487113568-3171820617-1000\..\SearchScopes\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF}: "URL" = http://www.amazon.com/websearch/ref=bit ... earchTerms}
IE - HKU\S-1-5-21-3189499562-1487113568-3171820617-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Amazon "
FF - prefs.js..browser.search.order.1: "Amazon "
FF - prefs.js..browser.search.selectedEngine: "Amazon "
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: "http://www.amazon.com/websearch/ref=bit ... 3_SK_ff_sp_"
FF - prefs.js..extensions.enabledAddons: abb%40amazon.com:3.0.20121130
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..keyword.URL: "http://www.amazon.com/websearch/ref=bit ... ab_&query="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files\Photodex Presenter\npPxPlay.dll ( )
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Pc\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Pc\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Pc\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Pc\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Pc\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/09/24 00:40:02 | 000,000,000 | ---D | M]

[2013/05/22 10:29:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pc\AppData\Roaming\Mozilla\Extensions
[2013/09/23 22:16:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pc\AppData\Roaming\Mozilla\Firefox\Profiles\uv7iealo.default\extensions
[2013/09/23 22:16:20 | 000,000,000 | ---D | M] ("Amazon Browser Bar") -- C:\Users\Pc\AppData\Roaming\Mozilla\Firefox\Profiles\uv7iealo.default\extensions\abb@amazon.com
[2013/09/23 22:47:53 | 000,002,324 | ---- | M] () -- C:\Users\Pc\AppData\Roaming\Mozilla\Firefox\Profiles\uv7iealo.default\searchplugins\amazon.xml
[2013/08/23 18:47:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/08/23 18:47:03 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/23 18:47:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/23 18:47:00 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/23 18:48:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - homepage: http://www.amazon.com/websearch/ref=bit ... 3_SK_cr_sp_
CHR - default_search_provider: Amazon (Enabled)
CHR - default_search_provider: search_url = http://www.amazon.com/websearch/ref=bit ... earchTerms}
CHR - default_search_provider: suggest_url = http://suggestqueries.google.com/comple ... put=chrome,
CHR - homepage: http://www.amazon.com/websearch/ref=bit ... 3_SK_cr_sp_
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Pc\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Pc\AppData\Local\Google\Chrome\Application\29.0.1547.76\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Pc\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Pc\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll
CHR - plugin: Freemake np-plugin for google chrome (Enabled) = C:\Users\Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll
CHR - plugin: Babylon ToolBar (Enabled) = C:\Users\Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Pc\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Pc\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Photodex Presenter Plugin (Enabled) = C:\Users\Pc\AppData\Roaming\Mozilla\plugins\npPxPlay.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Pc\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - Extension: BitTorrentControl_v12 = C:\Users\Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf\10.16.70.1_0\
CHR - Extension: Skype Click to Call = C:\Users\Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Amazon for Chrome = C:\Users\Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam\2.2.2012.272_0\

O1 HOSTS File: ([2012/10/04 21:06:58 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (AlxHelper Class) - {F443A627-5009-4323-9C1D-7FD598D0D712} - C:\Program Files\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Amazon Browser Bar) - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe (SONIX)
O4 - HKU\S-1-5-21-3189499562-1487113568-3171820617-1000..\Run: [BitTorrent] C:\Users\Pc\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-21-3189499562-1487113568-3171820617-1000..\Run: [Pokki] C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\LaunchDeskband.dll",RunLaunchDeskband File not found
O4 - HKU\S-1-5-21-3189499562-1487113568-3171820617-1000..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe ()
O4 - HKU\S-1-5-21-3189499562-1487113568-3171820617-1000..\Run: [TMCC] C:\Program Files\T-Mobile Communication Center\TMCC.exe (Slovak Telekom a.s.)
O4 - HKLM..\RunOnce: [20130923] C:\Program Files\AVAST Software\Avast\setup\emupdate\dabbbe97-cd7e-48c6-87c3-6b6b134c8753.exe (AVAST Software)
O4 - Startup: C:\Users\Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Users\Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YoWindow.lnk = C:\Program Files\YoWindow\yowindow.exe (Repkasoft)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3189499562-1487113568-3171820617-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3189499562-1487113568-3171820617-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3189499562-1487113568-3171820617-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Pc\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Pc\Desktop\PartyPoker.lnk ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3278A9DB-2B02-4EFA-A4AB-CB730232B8E9}: DhcpNameServer = 195.34.133.21 212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69635B54-7AAB-4E01-86CD-EE5678464A07}: DhcpNameServer = 194.154.227.17 195.91.0.17
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B458D37-D6B3-4DDB-B6D2-C668CE83981C}: DhcpNameServer = 195.34.133.21 212.186.211.21
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.divxa32 - C:\Windows\System32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.divx - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.xvid - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2013/09/24 09:28:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Pc\Desktop\OTL.exe
[2013/09/24 09:25:05 | 000,000,000 | ---D | C] -- C:\Users\Pc\AppData\Roaming\Apple Computer
[2013/09/24 00:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/09/24 00:40:42 | 000,369,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/09/24 00:40:42 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/09/24 00:40:38 | 000,061,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013/09/24 00:40:35 | 000,056,080 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/09/24 00:40:32 | 000,770,344 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/09/24 00:40:24 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/09/24 00:40:22 | 000,229,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/09/24 00:39:24 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/09/24 00:38:57 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/09/24 00:37:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/09/24 00:11:06 | 000,000,000 | ---D | C] -- C:\rsit
[2013/09/24 00:06:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/09/23 23:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2013/09/23 23:57:55 | 000,000,000 | ---D | C] -- C:\Users\Pc\AppData\Roaming\IObit
[2013/09/23 23:57:37 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2013/09/23 22:17:34 | 000,000,000 | ---D | C] -- C:\Users\Pc\AppData\Local\Amazon Browser Bar
[2013/09/23 22:16:23 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2013/09/23 22:15:38 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon Browser Bar
[2013/09/23 22:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\MyPC Backup
[2013/09/23 22:15:09 | 000,000,000 | ---D | C] -- C:\Users\Pc\AppData\Local\Programs
[2013/09/23 22:14:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
[2013/09/23 22:13:46 | 000,000,000 | ---D | C] -- C:\Program Files\RegClean Pro
[2013/09/23 21:55:02 | 000,000,000 | ---D | C] -- C:\Users\Pc\AppData\Roaming\ParetoLogic
[2013/09/23 21:55:02 | 000,000,000 | ---D | C] -- C:\Users\Pc\AppData\Roaming\DriverCure
[2013/09/23 21:54:31 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2013/09/21 23:17:45 | 000,000,000 | ---D | C] -- C:\Users\Pc\Desktop\Niko video
[2013/09/16 17:20:27 | 000,000,000 | ---D | C] -- C:\Users\Pc\Desktop\USB
[2013/09/16 12:25:33 | 000,000,000 | ---D | C] -- C:\Users\Pc\AppData\Local\Macromedia
[2013/09/16 10:30:15 | 000,000,000 | ---D | C] -- C:\Users\Pc\AppData\Local\CRE
[2013/09/16 10:30:13 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2013/09/16 10:28:09 | 000,000,000 | ---D | C] -- C:\Users\Pc\AppData\Roaming\BitTorrent
[2013/09/14 06:23:51 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/09/13 13:27:20 | 000,000,000 | ---D | C] -- C:\Users\Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki
[2013/09/13 13:27:13 | 000,000,000 | ---D | C] -- C:\Users\Pc\AppData\Local\Pokki
[2013/09/13 13:26:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
[2013/09/13 13:26:23 | 000,000,000 | ---D | C] -- C:\Users\Pc\AppData\Roaming\GRETECH
[2013/09/13 13:26:01 | 000,000,000 | ---D | C] -- C:\Users\Pc\AppData\Roaming\OpenCandy
[2013/09/13 13:26:01 | 000,000,000 | ---D | C] -- C:\Program Files\GRETECH
[2013/09/12 21:22:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\partypoker
[2013/09/11 11:45:27 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/09/11 11:45:26 | 002,876,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/09/11 11:45:25 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/09/11 11:45:25 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/09/11 11:45:24 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/09/11 11:45:23 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/09/11 11:45:23 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/09/11 11:45:23 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/09/11 11:45:23 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/09/11 11:45:23 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/09/11 09:18:58 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013/09/11 09:18:58 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/09/11 09:18:58 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/09/11 09:18:58 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/09/11 09:18:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/11 09:18:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/11 09:18:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/11 09:18:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/09/11 09:18:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/09/11 09:18:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/11 09:18:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/09/11 09:18:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/11 09:18:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/11 09:18:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/11 09:18:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/09/11 09:18:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/11 09:18:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/11 09:18:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/09/11 09:18:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/09/11 09:18:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/09/11 09:18:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/11 09:18:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/09/11 09:18:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/09/11 09:18:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/09/11 09:18:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/11 09:18:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/11 09:18:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/11 09:18:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/09/11 09:18:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/11 09:18:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/09/11 09:18:56 | 002,348,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/09/03 11:22:15 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/24 09:42:45 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013/09/24 09:39:38 | 054,522,511 | ---- | M] () -- C:\Users\Pc\Desktop\VyVolení-2013---Denní-rekapitulace-23.9..ts
[2013/09/24 09:28:33 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/24 09:28:33 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/24 09:28:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pc\Desktop\OTL.exe
[2013/09/24 09:23:25 | 000,156,100 | ---- | M] () -- C:\Windows\System32\FontInfo.bin
[2013/09/24 09:23:25 | 000,043,600 | ---- | M] () -- C:\Windows\System32\GlyphInfo.bin
[2013/09/24 09:18:54 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2013/09/24 09:18:54 | 000,000,258 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2013/09/24 09:18:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/24 09:18:27 | 1559,830,528 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/24 01:58:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/24 01:06:04 | 000,000,934 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3189499562-1487113568-3171820617-1000UA1ce7f96d1ebc2d0.job
[2013/09/24 00:40:43 | 000,002,079 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/09/24 00:40:24 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/09/24 00:11:48 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/09/23 22:14:38 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2013/09/23 09:06:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3189499562-1487113568-3171820617-1000Core.job
[2013/09/23 07:43:22 | 561,049,669 | ---- | M] () -- C:\Users\Pc\Desktop\2013-09-21-vyvoleni-dom-snov-HD.flv
[2013/09/22 20:33:49 | 705,582,824 | ---- | M] () -- C:\Users\Pc\Desktop\2013-09-20-vyvoleni-dom-snov-HD.flv
[2013/09/22 07:39:17 | 721,706,534 | ---- | M] () -- C:\Users\Pc\Desktop\2013-09-19-vyvoleni-dom-snov-HD.flv
[2013/09/21 23:19:24 | 000,626,048 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2013/09/21 23:19:24 | 000,618,912 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/09/21 23:19:24 | 000,122,632 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2013/09/21 23:19:24 | 000,107,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/09/21 20:38:15 | 001,335,599 | ---- | M] () -- C:\Users\Pc\Documents\VyVolení---Duel-20.09.2013-(pátek).mp4
[2013/09/20 16:58:42 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/09/20 16:58:42 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/09/18 20:13:19 | 000,001,177 | ---- | M] () -- C:\Users\Pc\Desktop\Stažené soubory – zástupce.lnk
[2013/09/16 10:29:08 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2013/09/13 20:22:34 | 000,002,639 | ---- | M] () -- C:\Users\Pc\Desktop\Microsoft Office Excel 2007.lnk
[2013/09/13 13:26:33 | 000,001,159 | ---- | M] () -- C:\Users\Public\Desktop\GOM Player.lnk
[2013/09/12 21:22:29 | 000,001,527 | ---- | M] () -- C:\Users\Pc\Desktop\partypoker.lnk
[2013/09/12 15:34:13 | 000,000,864 | ---- | M] () -- C:\Users\Pc\Desktop\NFL.lnk
[2013/09/12 14:04:16 | 003,907,532 | ---- | M] () -- C:\Users\Pc\Desktop\Naughty Boy - La La La ft. Sam Smith.mp3
[2013/09/11 23:52:17 | 000,010,240 | ---- | M] () -- C:\Users\Pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/11 16:21:13 | 000,302,600 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/08/30 09:48:13 | 000,369,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/08/30 09:48:13 | 000,177,864 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/08/30 09:48:13 | 000,056,080 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/08/30 09:48:12 | 000,770,344 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/08/30 09:48:12 | 000,061,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013/08/30 09:48:12 | 000,049,376 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/08/30 09:48:11 | 000,066,336 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/08/30 09:48:11 | 000,029,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/08/30 09:47:40 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/08/30 09:47:32 | 000,229,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/24 09:42:45 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013/09/24 09:39:37 | 046,368,287 | ---- | C] () -- C:\Users\Pc\Desktop\VyVolení-2013---Denní-rekapitulace-23.9..ts
[2013/09/24 00:40:43 | 000,002,079 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/09/24 00:40:31 | 000,177,864 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/09/24 00:40:30 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/09/23 22:15:08 | 000,000,258 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2013/09/23 22:15:07 | 000,000,266 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2013/09/23 22:14:38 | 000,001,012 | ---- | C] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2013/09/23 07:43:22 | 561,049,669 | ---- | C] () -- C:\Users\Pc\Desktop\2013-09-21-vyvoleni-dom-snov-HD.flv
[2013/09/22 08:23:31 | 705,582,824 | ---- | C] () -- C:\Users\Pc\Desktop\2013-09-20-vyvoleni-dom-snov-HD.flv
[2013/09/22 06:19:48 | 721,706,534 | ---- | C] () -- C:\Users\Pc\Desktop\2013-09-19-vyvoleni-dom-snov-HD.flv
[2013/09/21 19:29:03 | 001,335,599 | ---- | C] () -- C:\Users\Pc\Documents\VyVolení---Duel-20.09.2013-(pátek).mp4
[2013/09/16 16:17:18 | 000,001,177 | ---- | C] () -- C:\Users\Pc\Desktop\Stažené soubory – zástupce.lnk
[2013/09/16 10:29:08 | 000,000,877 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2013/09/14 06:24:28 | 000,000,914 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/13 13:26:33 | 000,001,159 | ---- | C] () -- C:\Users\Public\Desktop\GOM Player.lnk
[2013/09/12 15:34:15 | 000,000,864 | ---- | C] () -- C:\Users\Pc\Desktop\NFL.lnk
[2013/09/12 14:04:16 | 003,907,532 | ---- | C] () -- C:\Users\Pc\Desktop\Naughty Boy - La La La ft. Sam Smith.mp3
[2013/03/03 00:06:23 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2012/12/05 15:57:28 | 000,010,240 | ---- | C] () -- C:\Users\Pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/10 09:55:09 | 000,156,100 | ---- | C] () -- C:\Windows\System32\FontInfo.bin
[2012/03/10 09:55:09 | 000,043,600 | ---- | C] () -- C:\Windows\System32\GlyphInfo.bin
[2012/03/10 09:54:32 | 000,135,168 | ---- | C] () -- C:\Windows\System32\ltact.dll
[2012/02/26 21:42:21 | 000,843,776 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2012/02/26 21:42:21 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[2012/02/26 21:42:19 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd3.dll
[2012/02/26 21:42:19 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2012/02/26 21:42:19 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
[2012/02/26 21:42:19 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll
[2012/02/07 01:33:58 | 000,000,610 | ---- | C] () -- C:\Windows\SIERRA.INI
[2012/02/06 11:02:51 | 000,000,190 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/01/15 21:28:46 | 000,012,884 | ---- | C] () -- C:\Users\Pc\AppData\Roaming\nvModes.001
[2012/01/15 13:53:23 | 000,012,884 | ---- | C] () -- C:\Users\Pc\AppData\Roaming\nvModes.dat
[2012/01/14 15:19:14 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012/01/14 15:16:08 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

========== ZeroAccess Check ==========

[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/09/24 00:04:28 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\Azureus
[2013/09/24 09:22:18 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\BitTorrent
[2013/05/29 10:46:19 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\BSplayer
[2012/02/23 01:02:21 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\BSplayer Pro
[2013/02/15 10:00:42 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\cef-cache
[2013/09/24 00:04:28 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\DAEMON Tools Lite
[2013/09/23 21:55:02 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\DriverCure
[2012/11/17 00:14:34 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\ESET
[2013/09/23 23:57:55 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\IObit
[2012/09/11 07:55:16 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\nemo
[2012/08/24 14:39:03 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\Netscape
[2013/09/13 13:26:01 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\OpenCandy
[2012/01/13 21:52:51 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\Opera
[2012/01/10 21:53:58 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\Paradoxx
[2013/09/23 21:55:02 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\ParetoLogic
[2012/08/21 12:10:08 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\Party
[2012/08/26 13:56:06 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\Photo DVD Maker
[2012/08/24 14:37:32 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\Photodex
[2013/09/23 22:47:41 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\systweak
[2012/09/10 23:31:39 | 000,000,000 | -HSD | M] -- C:\Users\Pc\AppData\Roaming\wyUpdate AU
[2012/08/26 14:25:53 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\Xilisoft
[2012/06/09 08:34:53 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\YourFileDownloader
[2012/04/15 15:40:26 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\YoWindow

========== Purity Check ==========



========== Custom Scans ==========

< >
[2009/07/14 06:53:46 | 000,032,580 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2012/01/11 21:19:58 | 000,000,882 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3189499562-1487113568-3171820617-1000Core.job
[2013/07/13 09:01:38 | 000,000,934 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3189499562-1487113568-3171820617-1000UA1ce7f96d1ebc2d0.job
[2013/09/14 06:24:28 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013/09/23 22:15:07 | 000,000,266 | ---- | C] () -- C:\Windows\Tasks\RegClean Pro_UPDATES.job
[2013/09/23 22:15:08 | 000,000,258 | ---- | C] () -- C:\Windows\Tasks\RegClean Pro_DEFAULT.job

< >

< MD5 for: AGP440.SYS >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010/11/20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe
[2010/11/20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2010/11/20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010/11/20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010/11/20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2012/06/02 06:52:32 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=063DD65889D21035311463337BD268E7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_788c7cc71232cc19\cryptsvc.dll
[2012/04/24 06:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
[2012/04/24 06:28:22 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=21993009E0CCB9B4FA195F14D3408626 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
[2013/05/13 06:45:55 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=3897DFF247D9ED0006190349DE264E14 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_77d8a461f934afb8\cryptsvc.dll
[2013/07/09 15:57:37 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=6DB499DEFCC827317C5371164A7CDB27 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_7840d305126b8725\cryptsvc.dll
[2013/07/09 06:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=7CA1BECEA5DE2643ADDAD32670E7A4C9 -- C:\Windows\System32\cryptsvc.dll
[2013/07/09 06:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=7CA1BECEA5DE2643ADDAD32670E7A4C9 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_7812b70bf9088686\cryptsvc.dll
[2012/06/02 06:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=96C0E38905CFD788313BE8E11DAE3F2F -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_77ddc9e5f93000db\cryptsvc.dll
[2010/11/20 14:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2013/05/11 06:59:05 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=AC04D05309BB2C418D0D80B9FB014642 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_7883b3211239122d\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe

< MD5 for: HAL.DLL >
[2010/11/20 14:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\System32\hal.dll
[2010/11/20 14:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll

< MD5 for: IASTORV.SYS >
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\drivers\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009/07/14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\drivers\isapnp.sys
[2009/07/14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\isapnp.sys
[2009/07/14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\isapnp.sys

< MD5 for: LSASS.EXE >
[2011/11/17 07:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=81951F51E318AECC2D68559E47485CC4 -- C:\Windows\System32\lsass.exe
[2011/11/17 07:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=81951F51E318AECC2D68559E47485CC4 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_a84828d7bb1480d7\lsass.exe
[2011/11/17 07:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=81951F51E318AECC2D68559E47485CC4 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_a828bb43bb2beb28\lsass.exe
[2009/07/14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_a851f4adbb0d5141\lsass.exe
[2012/06/02 06:51:22 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=FA7B950E4CA6AA260C4EABA19E03644D -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_a8d76e24d42eb666\lsass.exe
[2011/11/17 07:24:04 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=FBCB2DFA40862DAA7B1534C9538208A5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_a8a284cad4562b09\lsass.exe

< MD5 for: NDIS.SYS >
[2010/11/20 14:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\System32\drivers\ndis.sys
[2010/11/20 14:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_a9ce95b27a512623\ndis.sys

< MD5 for: NETLOGON.DLL >
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll

< MD5 for: NVRAID.SYS >
[2010/11/20 14:30:06 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=AF2EEC9580C1D32FB7EAF105D9784061 -- C:\Windows\System32\drivers\nvraid.sys
[2010/11/20 14:30:06 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=AF2EEC9580C1D32FB7EAF105D9784061 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvraid.sys
[2010/11/20 14:30:06 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=AF2EEC9580C1D32FB7EAF105D9784061 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvraid.sys

< MD5 for: NVRD32.SYS >
[2006/12/22 21:07:04 | 000,122,880 | ---- | M] (NVIDIA Corporation) MD5=7D58CA2B284B41351F5176EACA1173C6 -- C:\Users\Pc\Documents\Ref_1500G_Vista32\IDE\WinVista\sataraid\nvrd32.sys
[2006/12/22 21:07:04 | 000,122,880 | ---- | M] (NVIDIA Corporation) MD5=7D58CA2B284B41351F5176EACA1173C6 -- C:\Windows\System32\drivers\nvrd32.sys
[2006/12/22 21:07:04 | 000,122,880 | ---- | M] (NVIDIA Corporation) MD5=7D58CA2B284B41351F5176EACA1173C6 -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_x86_neutral_4dc60d9985d10dc6\nvrd32.sys

< MD5 for: NVSTOR.SYS >
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\drivers\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys

< MD5 for: NVSTOR32.SYS >
[2006/12/22 21:28:56 | 000,100,648 | ---- | M] (NVIDIA Corporation) MD5=4C93D50BCA15B3BFCAB07306B258B248 -- C:\Users\Pc\Documents\Ref_1500G_Vista32\IDE\WinVista\sata_ide\nvstor32.sys
[2006/12/22 21:28:56 | 000,100,648 | ---- | M] (NVIDIA Corporation) MD5=4C93D50BCA15B3BFCAB07306B258B248 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_x86_neutral_aefb8be3da4ad5c9\nvstor32.sys
[2006/12/22 21:07:10 | 000,093,696 | ---- | M] (NVIDIA Corporation) MD5=5FBF62A83B551F757112B4A0C27432EC -- C:\Users\Pc\Documents\Ref_1500G_Vista32\IDE\WinVista\sataraid\nvstor32.sys
[2006/12/22 21:07:10 | 000,093,696 | ---- | M] (NVIDIA Corporation) MD5=5FBF62A83B551F757112B4A0C27432EC -- C:\Windows\System32\drivers\nvstor32.sys
[2006/12/22 21:07:10 | 000,093,696 | ---- | M] (NVIDIA Corporation) MD5=5FBF62A83B551F757112B4A0C27432EC -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_x86_neutral_4dc60d9985d10dc6\nvstor32.sys

< MD5 for: SCECLI.DLL >
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

< MD5 for: SMSS.EXE >
[2013/03/19 04:43:41 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=0294CC751D7FAEB13621EEFB8A749429 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22280_none_ae7bdfb790cddbcf\smss.exe
[2009/07/14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_ac10fe207a85352b\smss.exe
[2013/07/08 05:02:28 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=634E0B45780F502304592C5615A31089 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22379_none_ae8fb42390bda114\smss.exe
[2013/03/19 04:49:16 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=DE91DCC7BC55E940979097E98F743205 -- C:\Windows\System32\smss.exe
[2013/03/19 04:49:16 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=DE91DCC7BC55E940979097E98F743205 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18113_none_ae40f33e7774c473\smss.exe
[2013/05/06 05:02:20 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=EC745C0949B101129AB6D39CD63808A6 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22318_none_aecf9361908de017\smss.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: TCPIP.SYS >
[2012/08/22 19:05:21 | 001,306,992 | ---- | M] (Microsoft Corporation) MD5=23790A44D9A6B67F8690C34D4F516446 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_b55b785ade04500f\tcpip.sys
[2011/04/25 06:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2010/11/20 14:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2011/09/29 18:17:18 | 001,303,920 | ---- | M] (Microsoft Corporation) MD5=3C1C41E317710F74CEC1E7F0D5325993 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_b5a84e10ddca7566\tcpip.sys
[2013/01/04 06:56:23 | 001,308,504 | ---- | M] (Microsoft Corporation) MD5=4A95845C5F33A4DDEB6AEF6367FB6520 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_b5becc06ddb98192\tcpip.sys
[2013/07/06 07:05:35 | 001,293,760 | ---- | M] (Microsoft Corporation) MD5=4E8B9BE71B807B3BAEDB7F4243F85E3C -- C:\Windows\System32\drivers\tcpip.sys
[2013/07/06 07:05:35 | 001,293,760 | ---- | M] (Microsoft Corporation) MD5=4E8B9BE71B807B3BAEDB7F4243F85E3C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_b52f2f65c4a146e5\tcpip.sys
[2013/07/06 06:57:37 | 001,309,120 | ---- | M] (Microsoft Corporation) MD5=528F7CC60391DD0FAB0344F32F051FDF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_b5721e2eddf328f9\tcpip.sys
[2013/05/08 08:15:22 | 001,309,032 | ---- | M] (Microsoft Corporation) MD5=6088D01FAD49729EA0A5A3D9B9BA8B84 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22319_none_b5b3fe00ddc19aaa\tcpip.sys
[2011/09/29 18:03:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_b4d1ffa1c4e682b5\tcpip.sys
[2011/04/25 08:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2013/01/03 07:05:20 | 001,293,672 | ---- | M] (Microsoft Corporation) MD5=7C0507D2391AF5933600CBCED799F277 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_b502eb9fc4c2a304\tcpip.sys
[2012/03/30 12:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_b52e5147c4a202d7\tcpip.sys
[2012/03/30 11:04:23 | 001,306,480 | ---- | M] (Microsoft Corporation) MD5=88FCDB9923EFECA207B3CEBD24407126 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_b583df0adde66104\tcpip.sys
[2012/08/22 19:16:54 | 001,292,144 | ---- | M] (Microsoft Corporation) MD5=A5EBB8F648000E88B7D9390B514976BF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_b514e56fc4b40532\tcpip.sys
[2013/05/08 07:38:00 | 001,293,672 | ---- | M] (Microsoft Corporation) MD5=D32FDAC73FCD76B85389C39BC1087F2A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18148_none_b508ef41c4bd3835\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

< MD5 for: WS2_32.DLL >
[2010/11/20 14:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\System32\ws2_32.dll
[2010/11/20 14:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[8 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[2 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2012/01/10 14:48:55 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\Adobe
[2013/09/24 09:25:05 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\Apple Computer
[2013/09/24 00:04:28 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\Azureus
[2013/09/24 09:22:18 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\BitTorrent
[2013/05/29 10:46:19 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\BSplayer
[2012/02/23 01:02:21 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\BSplayer Pro
[2013/02/15 10:00:42 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\cef-cache
[2013/09/24 00:04:28 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\DAEMON Tools Lite
[2012/01/18 23:19:47 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\DivX
[2013/09/23 21:55:02 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\DriverCure
[2012/11/17 00:14:34 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\ESET
[2013/09/13 13:26:23 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\GRETECH
[2012/01/09 18:46:56 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\Identities
[2012/01/09 19:39:11 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\InstallShield
[2013/09/23 23:57:55 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\IObit
[2012/01/09 20:10:45 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\Macromedia
[2009/07/14 11:20:06 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\Media Center Programs
[2013/09/24 01:06:53 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\Media Player Classic
[2013/09/19 01:14:56 | 000,000,000 | --SD | M] -- C:\Users\Pc\AppData\Roaming\Microsoft
[2013/09/19 02:06:46 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\Mozilla
[2012/01/11 12:27:48 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\Mozilla-Cache
[2012/09/11 07:55:16 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\nemo
[2012/01/18 22:40:31 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\Nero
[2012/08/24 14:39:03 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\Netscape
[2013/09/13 13:26:01 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\OpenCandy
[2012/01/13 21:52:51 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\Opera
[2012/01/10 21:53:58 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\Paradoxx
[2013/09/23 21:55:02 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\ParetoLogic
[2012/08/21 12:10:08 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\Party
[2012/08/26 13:56:06 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\Photo DVD Maker
[2012/08/24 14:37:32 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\Photodex
[2012/02/06 11:08:30 | 000,000,000 | RH-D | M] -- C:\Users\Pc\AppData\Roaming\SecuROM
[2013/09/24 09:20:41 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\Skype
[2013/09/23 22:47:41 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\systweak
[2013/09/23 10:50:25 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\vlc
[2012/01/10 14:46:32 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\WinRAR
[2012/09/10 23:31:39 | 000,000,000 | -HSD | M] -- C:\Users\Pc\AppData\Roaming\wyUpdate AU
[2012/08/26 14:25:53 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\Xilisoft
[2012/06/09 08:34:53 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\YourFileDownloader
[2012/04/15 15:40:26 | 000,000,000 | ---D | M] -- C:\Users\Pc\AppData\Roaming\YoWindow

< %APPDATA%\*.exe /s >
[2012/11/04 00:50:14 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Pc\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
[2013/09/16 10:29:08 | 001,133,392 | ---- | M] (BitTorrent Inc.) -- C:\Users\Pc\AppData\Roaming\BitTorrent\BitTorrent.exe
[2009/08/11 22:21:26 | 000,087,552 | ---- | M] () -- C:\Users\Pc\AppData\Roaming\BSplayer\AC3 Filter\ac3config.exe
[2009/08/11 22:21:30 | 000,090,112 | ---- | M] () -- C:\Users\Pc\AppData\Roaming\BSplayer\AC3 Filter\spdif_test.exe
[2010/03/22 15:52:04 | 000,697,690 | ---- | M] () -- C:\Users\Pc\AppData\Roaming\BSplayer\AC3 Filter\unins000.exe
[2010/02/23 18:01:52 | 001,185,871 | ---- | M] () -- C:\Users\Pc\AppData\Roaming\BSplayer\FFDShow\unins000.exe
[2010/08/14 11:42:54 | 000,113,152 | ---- | M] () -- C:\Users\Pc\AppData\Roaming\BSplayer\Haali media splitter\dsmux.exe
[2010/08/14 11:45:10 | 000,358,400 | ---- | M] () -- C:\Users\Pc\AppData\Roaming\BSplayer\Haali media splitter\gdsmux.exe
[2010/08/14 11:42:06 | 000,137,728 | ---- | M] () -- C:\Users\Pc\AppData\Roaming\BSplayer\Haali media splitter\mkv2vfr.exe
[2010/09/30 16:30:22 | 000,042,305 | ---- | M] () -- C:\Users\Pc\AppData\Roaming\BSplayer\Haali media splitter\uninstall.exe
[2013/02/28 02:20:24 | 032,965,272 | ---- | M] (SweetLabs,Inc.) -- C:\Users\Pc\AppData\Roaming\OpenCandy\E0DEB1CCE2824399BA629F59081557D5\version512e990dafdb7.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2013/09/24 09:28:33 | 000,014,224 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/24 09:28:33 | 000,014,224 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/24 00:40:24 | 000,002,577 | ---- | M] () -- C:\Windows\system32\config.nt
[2013/09/24 10:13:05 | 000,001,998 | ---- | M] () -- C:\Windows\system32\fmmservice.log
[2013/09/24 09:23:25 | 000,156,100 | ---- | M] () -- C:\Windows\system32\FontInfo.bin
[2013/09/24 09:23:25 | 000,043,600 | ---- | M] () -- C:\Windows\system32\GlyphInfo.bin
[2013/09/24 10:14:05 | 000,010,010 | ---- | M] () -- C:\Windows\system32\PcCard0.log
[2013/09/21 23:19:24 | 000,122,632 | ---- | M] () -- C:\Windows\system32\perfc005.dat
[2013/09/21 23:19:24 | 000,107,232 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2013/09/21 23:19:24 | 000,626,048 | ---- | M] () -- C:\Windows\system32\perfh005.dat
[2013/09/21 23:19:24 | 000,618,912 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2013/09/21 23:19:24 | 001,477,890 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"TMCC" = "C:\Program Files\T-Mobile Communication Center\TMCC.exe" -m -- [2012/01/04 20:31:18 | 000,843,776 | ---- | M] (Slovak Telekom a.s.)
"Rainlendar2" = C:\Program Files\Rainlendar2\Rainlendar2.exe -- [2011/08/12 07:45:18 | 002,433,024 | ---- | M] ()
"Google Update" = "C:\Users\Pc\AppData\Local\Google\Update\GoogleUpdate.exe" /c -- [2012/01/11 21:19:54 | 000,136,176 | ---- | M] (Google Inc.)
"Skype" = "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun -- [2013/06/03 16:27:20 | 019,603,048 | R--- | M] (Skype Technologies S.A.)
"Pokki" = C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\LaunchDeskband.dll",RunLaunchDeskband
"BitTorrent" = "C:\Users\Pc\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED -- [2013/09/16 10:29:08 | 001,133,392 | ---- | M] (BitTorrent Inc.)

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< >

< type c:\boot.ini >> test.txt /c >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2013/09/24 09:42:45 | 000,000,512 | ---- | M] () MD5=7551334CD8A8707F4E5E04F0F12DFA6E -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2013/06/05 12:22:34 | 000,213,474 | ---- | M] () -- \Poker\Gala Casino Poker\data\slots_pinkpanther40line\animations\bonus_crack\crack_intro.swf
[2013/06/05 12:23:01 | 000,028,809 | ---- | M] () -- \Poker\Gala Casino Poker\data\slots_pinkpanther40line\bonus\win_msg\bonus_crackpink_txt.png
[2013/06/05 12:23:11 | 000,002,094 | ---- | M] () -- \Poker\Gala Casino Poker\data\slots_pinkpanther40line\sounds\bonus\crack_the_pink_bonus\crack_mouse_over.mp3
[2013/06/05 12:23:11 | 000,025,082 | ---- | M] () -- \Poker\Gala Casino Poker\data\slots_pinkpanther40line\sounds\bonus\crack_the_pink_bonus\crack_open_door_2.mp3
[2013/06/05 12:23:11 | 000,122,884 | ---- | M] () -- \Poker\Gala Casino Poker\data\slots_pinkpanther40line\sounds\bonus\crack_the_pink_bonus\crack_open_door_bomb.mp3
[2013/06/05 12:23:11 | 000,109,927 | ---- | M] () -- \Poker\Gala Casino Poker\data\slots_pinkpanther40line\sounds\bonus\crack_the_pink_bonus\crack_pending_eff.mp3
[2013/05/20 12:36:07 | 000,213,474 | ---- | M] () -- \Poker\Poker 770\data\slots_pinkpanther40line\animations\bonus_crack\crack_intro.swf
[2013/05/20 12:37:21 | 000,028,809 | ---- | M] () -- \Poker\Poker 770\data\slots_pinkpanther40line\bonus\win_msg\bonus_crackpink_txt.png
[2013/05/20 12:37:56 | 000,002,094 | ---- | M] () -- \Poker\Poker 770\data\slots_pinkpanther40line\sounds\bonus\crack_the_pink_bonus\crack_mouse_over.mp3
[2013/05/20 12:37:56 | 000,025,082 | ---- | M] () -- \Poker\Poker 770\data\slots_pinkpanther40line\sounds\bonus\crack_the_pink_bonus\crack_open_door_2.mp3
[2013/05/20 12:37:57 | 000,122,884 | ---- | M] () -- \Poker\Poker 770\data\slots_pinkpanther40line\sounds\bonus\crack_the_pink_bonus\crack_open_door_bomb.mp3
[2013/05/20 12:37:57 | 000,109,927 | ---- | M] () -- \Poker\Poker 770\data\slots_pinkpanther40line\sounds\bonus\crack_the_pink_bonus\crack_pending_eff.mp3
[2012/08/31 04:38:20 | 000,002,967 | ---- | M] () -- \Programs\PartyGaming\PartyCasino\language\en_US\images\flashlobby\lobby\safecrackerkeno.swf
[2012/08/31 04:38:26 | 000,012,201 | ---- | M] () -- \Programs\PartyGaming\PartyCasino\language\en_US\images\flashlobby\lobby\safecrackerkeno_popup.swf
[2012/01/11 12:37:44 | 000,001,247 | ---- | M] () -- \Programs\PartyGaming\PartyCasino\language\en_US\images\games\cardgames\blackjack\bjbar_safecrackerkeno_icon.jpg
[2012/10/08 22:43:38 | 000,002,308 | ---- | M] () -- \Programs\PartyGaming\PartyPoker\Images\pp_crackthewall_14c45139fdc84d41b0d72168c5f929ab.jpg
[2012/10/29 23:59:49 | 000,000,000 | ---- | M] () -- \Programs\PartyGaming\PartyPoker\Images\pp_ttcrack_3ec50a67950db0c885301ea070b1df48.jpg
[2013/09/23 21:52:41 | 000,009,087 | ---- | M] () -- \Users\Pc\AppData\Roaming\BitTorrent\ParetoLogic RegCure Pro 3.1.0.0 With Crack Free [DownSoftsFree]{h33t}.rar.torrent

< *keygen* /s >

< *AntiWPA* /s >

< *loader* /s >
[2013/06/06 10:44:42 | 000,564,536 | ---- | M] () -- \Poker\Gala Casino Poker\data\loader.dll
[2013/06/05 12:16:32 | 000,002,715 | ---- | M] () -- \Poker\Gala Casino Poker\data\loader.gam
[2013/06/05 12:16:32 | 000,002,608 | ---- | M] () -- \Poker\Gala Casino Poker\widgetbar\widgets\themecloud\resources\html\img\ajax-loader.gif
[2013/09/06 21:30:05 | 000,564,536 | ---- | M] () -- \Poker\Poker 770\data\loader.dll
[2013/05/16 12:56:13 | 000,002,707 | ---- | M] () -- \Poker\Poker 770\data\loader.gam
[2013/05/16 12:58:21 | 000,005,265 | ---- | M] () -- \Poker\Poker 770\data\mgames\[en]\as2\movies\shared\loader.swf
[2013/05/16 12:56:13 | 000,002,608 | ---- | M] () -- \Poker\Poker 770\widgetbar\widgets\themecloud\resources\html\img\ajax-loader.gif
[2006/10/26 14:40:34 | 000,057,344 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006/10/26 14:40:34 | 000,005,120 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2013/02/09 03:39:28 | 000,000,934 | ---- | M] () -- \Program Files\Google\Picasa3\runtime\gpuploader_main.fen
[2008/06/20 20:13:32 | 000,044,032 | ---- | M] () -- \Program Files\WinRAR\RarExtLoader.exe
[2012/12/04 18:00:50 | 000,072,638 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.gif
[2012/12/04 18:00:50 | 000,003,032 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.png
[2012/12/04 18:00:50 | 000,009,772 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\retina\loader@2x.png
[2012/11/23 17:44:32 | 000,002,713 | ---- | M] () -- \Programs\PartyGaming\components\uriloader.xpt
[2012/01/11 12:40:26 | 000,002,688 | ---- | M] () -- \Programs\PartyGaming\PartyCasino\language\en_US\images\fcgames\cardgames\blackjack\multihandbj\Loader.swf
[2012/01/11 12:41:42 | 000,002,688 | ---- | M] () -- \Programs\PartyGaming\PartyCasino\language\en_US\images\fcgames\roulette\Loader.swf
[2012/12/21 19:03:30 | 000,000,857 | ---- | M] () -- \Programs\PartyGaming\PartyPoker\preloader.html
[2013/08/12 04:54:22 | 000,004,666 | ---- | M] () -- \Programs\PartyGaming\PartyPoker\Images\loader.gif
[2012/12/21 19:04:18 | 000,002,086 | ---- | M] () -- \Programs\PartyGaming\PartyPoker\Images\rounded_loader.gif
[2011/11/12 08:26:54 | 000,000,804 | ---- | M] () -- \Programs\PartyGaming\PartyPoker\Images\tableloadertint_bg.png
[2013/08/12 04:50:50 | 000,001,863 | ---- | M] () -- \Programs\PartyGaming\PartyPoker\Images\OneClickLobby\preloader.swf
[2013/08/12 03:41:02 | 000,032,170 | ---- | M] () -- \Programs\PartyGaming\PartyPoker\Uninstall\Preloader.jpg
[2012/11/23 12:56:13 | 000,007,277 | ---- | M] () -- \Programs\PartyGaming\SmartUpgrader\Preloader.jpg
[2012/11/23 12:56:13 | 000,004,416 | ---- | M] () -- \Programs\PartyGaming\SmartUpgrader\PreloaderIEImage.JPG
[2012/12/04 18:00:50 | 000,072,638 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.gif
[2012/12/04 18:00:50 | 000,003,032 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.png
[2012/12/04 18:00:50 | 000,009,772 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\retina\loader@2x.png
[2013/09/16 20:08:37 | 000,004,504 | ---- | M] () -- \Users\Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf\10.16.70.1_0\js\chromeBackstageLoader.js
[2013/09/16 20:08:37 | 000,003,100 | ---- | M] () -- \Users\Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf\10.16.70.1_0\js\pluginLoader.js
[2013/09/16 20:08:31 | 000,000,847 | ---- | M] () -- \Users\Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf\10.16.70.1_0\tb\al\ac\img\ajax-loader.gif
[2013/09/16 20:08:32 | 000,001,135 | ---- | M] () -- \Users\Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf\10.16.70.1_0\tb\al\ac\img\loader-icon.png
[2013/09/16 20:08:30 | 000,003,208 | ---- | M] () -- \Users\Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf\10.16.70.1_0\tb\al\ui\gf\img\loader.gif
[2013/09/16 20:08:23 | 000,001,849 | ---- | M] () -- \Users\Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf\10.16.70.1_0\tb\al\wa\TWITTER\resources\ajax-loader.gif
[2012/01/25 23:35:56 | 000,057,728 | ---- | M] () -- \Users\Pc\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\dt_dadget_loader.png
[2012/01/25 23:35:59 | 000,057,728 | ---- | M] () -- \Users\Pc\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\dt_dadget_loader.png
[2012/01/25 23:36:02 | 000,057,728 | ---- | M] () -- \Users\Pc\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\dt_dadget_loader.png
[2012/01/25 23:36:05 | 000,057,728 | ---- | M] () -- \Users\Pc\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin3\dt_dadget_loader.png
[2012/01/25 23:36:08 | 000,057,728 | ---- | M] () -- \Users\Pc\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin4\dt_dadget_loader.png
[2012/01/25 23:36:10 | 000,061,770 | ---- | M] () -- \Users\Pc\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin5\dt_dadget_loader.png
[2012/01/25 23:36:12 | 000,061,770 | ---- | M] () -- \Users\Pc\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin6\dt_dadget_loader.png
[2013/01/25 23:52:18 | 000,004,613 | ---- | M] () -- \Users\Pc\AppData\Local\Pokki\Engine\frames\frame\loader.gif
[2013/09/20 09:19:35 | 000,004,613 | ---- | M] () -- \Users\Pc\AppData\Local\Pokki\Pokkies\f22abfeae27a67446927d078890381efc546d3e1\801b6d4b93aa86beaaa8f479dd09a5434c4cd08a\img\store\loader.gif
[2012/01/27 21:29:08 | 000,009,051 | ---- | M] () -- \Users\Pc\AppData\Roaming\DAEMON Tools Lite\MediaInfo\img\loader.gif
[2012/01/27 21:29:08 | 000,011,274 | ---- | M] () -- \Users\Pc\AppData\Roaming\DAEMON Tools Lite\MediaInfo\img\logo_loader_page.jpg
[2012/01/27 21:29:08 | 000,004,856 | ---- | M] () -- \Users\Pc\AppData\Roaming\DAEMON Tools Lite\MediaInfo\js\app\MediaInfo\ImageInfoLoader.js
[2013/09/23 22:10:50 | 000,057,556 | ---- | M] () -- \Windows\Prefetch\SOFTONICDOWNLOADER_FOR_REGCLE-109129F9.pf
[2009/07/14 14:25:34 | 002,202,645 | R--- | M] () -- \Windows\Setup\SCRIPTS\Windows7Loader.exe
[2013/08/02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009/07/14 06:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2009/07/14 10:43:57 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2009/07/14 10:43:57 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winload.exe.mui_3bc5b827
[2009/07/14 10:43:57 | 000,030,272 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winresume.exe.mui_ff8b5358
[2012/02/12 15:12:37 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2012/02/12 15:12:37 | 000,508,904 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winload.exe_75835076
[2012/02/12 15:12:37 | 000,442,720 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winresume.exe_85cd1215
[2009/07/14 04:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009/07/14 04:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2009/07/14 10:42:11 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2010/11/20 06:02:40 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2009/07/14 03:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009/07/14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 06:15:45 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 18:40:37 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_0c845227da39a5ef\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 06:36:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_0d001876f3621e30\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 18:29:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_0d3906c4f3370937\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/04 06:43:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22209_none_0d52a9aaf32333d8\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/02 07:53:29 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_0d3fdb3af3327f5f\api-ms-win-core-libraryloader-l1-1-0.dll

< *minodlogin* /s >

< *tnod* /s >

< *AutoKMS* /s >

< *activator* /s >

< *serial* /s >
[2008/01/24 14:44:12 | 000,065,536 | ---- | M] () -- \Program Files\LEAD Technologies\LEADTOOLS ePrint 5 Professional\Redist\Dll\Common\ltserial.dll
[2012/11/27 13:22:04 | 000,005,687 | ---- | M] () -- \Program Files\PokerStars\gx\tokenserial.jpg
[2012/10/05 12:53:23 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2010/11/05 03:53:39 | 000,090,112 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[2013/05/23 11:08:26 | 000,000,068 | ---- | M] () -- \Users\Pc\AppData\Local\Google\Picasa2\cache\cacheindex_serial.pmp
[2011/11/12 13:56:20 | 000,000,389 | ---- | M] () -- \Users\Pc\Desktop\Photo DVD Maker Pro.v.8.32\Serial.txt
[2009/07/14 10:43:23 | 000,011,776 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009/06/10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2010/11/13 03:55:26 | 000,090,112 | ---- | M] () -- \Windows\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
[2012/10/05 12:53:23 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2013/08/14 20:28:18 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\d462f459c4353e2c628e6def1430aed7\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2013/08/14 20:32:04 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e043ad64456256a8ee5b934e227d9782\System.Runtime.Serialization.ni.dll
[2013/08/14 18:13:00 | 002,646,528 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\748b71b8465f174ea84b5d781d7e352b\System.Runtime.Serialization.ni.dll
[2013/08/14 18:13:08 | 000,311,296 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\b76a18847d4b4b5955455db8c387ec3b\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2012/08/05 00:35:31 | 000,017,840 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\v4.0_4.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2013/08/14 18:07:52 | 000,122,264 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2012/08/05 00:35:30 | 000,099,208 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.RunTime.Serialization.resources\v4.0_4.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.resources.dll
[2013/08/14 18:07:47 | 001,026,936 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2009/06/10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2010/11/05 03:53:33 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2012/10/05 12:53:24 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2010/03/18 13:16:28 | 001,026,936 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2010/03/18 13:16:28 | 000,122,264 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2010/06/15 02:33:16 | 000,017,840 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010/06/15 02:33:16 | 000,099,208 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\cs\System.RunTime.Serialization.resources.dll
[2009/07/14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2009/07/14 10:43:17 | 000,005,120 | ---- | M] () -- \Windows\System32\cs-CZ\serialui.dll.mui
[2009/07/14 01:45:33 | 000,083,456 | ---- | M] () -- \Windows\System32\drivers\serial.sys
[2009/07/14 10:43:30 | 000,009,728 | ---- | M] () -- \Windows\System32\drivers\cs-CZ\serial.sys.mui
[2009/07/14 00:13:45 | 001,068,032 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\mdmmotsm.inf_x86_neutral_c1415d9789c54b89\smserial.sys
[2009/07/14 01:45:33 | 000,083,456 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_x86_neutral_c1a802e06677f73f\serial.sys
[2009/07/14 00:09:18 | 000,031,232 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_x86_neutral_63e72c669d043f14\grserial.sys
[2009/07/14 04:18:03 | 000,002,762 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486.manifest
[2009/07/14 04:18:03 | 000,015,952 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486_kdcom.dll_db5e7744
[2009/07/14 10:43:55 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed_serialui.dll.mui_7d29d2a3
[2009/07/14 04:18:51 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a_serialui.dll_bea29328
[2010/11/20 06:06:16 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c.manifest
[2012/10/05 19:15:39 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17966_none_a683f56a74d63285.manifest
[2012/10/05 19:17:50 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22126_none_8fb250ac8e81277d.manifest
[2009/07/14 10:42:43 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0.manifest
[2012/10/05 21:04:43 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17966_cs-cz_342f3c238422529f.manifest
[2012/10/05 21:02:24 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22126_cs-cz_1d5d97659dcd4797.manifest
[2010/11/20 06:05:38 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f.manifest
[2012/10/05 19:15:03 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17966_none_d6c72b049c7d33b8.manifest
[2012/10/05 19:17:15 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22126_none_bff58646b62828b0.manifest
[2009/07/14 03:49:26 | 000,002,762 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486.manifest
[2009/07/14 03:45:27 | 000,000,866 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.1.7600.16385_none_2c93290b67c98d09.manifest
[2010/11/20 06:10:46 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1.manifest
[2012/10/05 19:19:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_dba1d6d1dd53cdfa.manifest
[2012/10/05 19:22:10 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_c4d03213f6fec2f2.manifest
[2009/06/10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll
[2009/07/14 10:43:23 | 000,011,776 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.1.7600.16385_cs-cz_d5c3552dd9b47144\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010/11/05 03:52:39 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c\System.Runtime.Serialization.dll
[2012/10/05 12:53:24 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17966_none_a683f56a74d63285\System.Runtime.Serialization.dll
[2012/10/05 12:56:07 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22126_none_8fb250ac8e81277d\System.Runtime.Serialization.dll
[2009/07/14 10:43:37 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0\System.RunTime.Serialization.Resources.dll
[2010/11/13 03:55:26 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17966_cs-cz_342f3c238422529f\System.RunTime.Serialization.Resources.dll
[2010/11/13 04:37:50 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22126_cs-cz_1d5d97659dcd4797\System.RunTime.Serialization.Resources.dll
[2010/11/05 03:52:27 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f\System.Runtime.Serialization.dll
[2012/10/05 12:53:23 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17966_none_d6c72b049c7d33b8\System.Runtime.Serialization.dll
[2012/10/05 12:56:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22126_none_bff58646b62828b0\System.Runtime.Serialization.dll
[2009/07/14 00:13:45 | 001,068,032 | ---- | M] () -- \Windows\winsxs\x86_mdmmotsm.inf_31bf3856ad364e35_6.1.7600.16385_none_7a97936f8a972896\smserial.sys
[2010/11/05 03:53:33 | 000,011,776 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_c233d4df09982c29\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009/07/14 10:43:17 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed\serialui.dll.mui
[2009/07/14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a\serialui.dll
[2010/11/05 03:53:39 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_5f7b7c7cb0c0f266\System.RunTime.Serialization.Resources.dll
[2009/07/14 10:43:30 | 000,009,728 | ---- | M] () -- \Windows\winsxs\x86_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_c48c78a9ad8ff996\serial.sys.mui
[2009/07/14 01:45:33 | 000,083,456 | ---- | M] () -- \Windows\winsxs\x86_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_f86e06d519b1d9a4\serial.sys
[2009/07/14 00:09:18 | 000,031,232 | ---- | M] () -- \Windows\winsxs\x86_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_7280378295916274\grserial.sys
[2010/11/05 03:52:27 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1\System.Runtime.Serialization.dll
[2012/10/05 12:53:23 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_dba1d6d1dd53cdfa\System.Runtime.Serialization.dll
[2012/10/05 12:56:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_c4d03213f6fec2f2\System.Runtime.Serialization.dll

< *w7lxe* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 81 bytes -> C:\Program Files\RedStarPoker:MID
@Alternate Data Stream - 81 bytes -> C:\Program Files\Red Star Poker 2.0:MID
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:A31FAD21

< End of report >

OTL Extras logfile created on: 24. 9. 2013 9:37:31 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pc\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

1,94 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 43,51% Memory free
3,87 Gb Paging File | 2,60 Gb Available in Paging File | 67,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 43,33 Gb Total Space | 7,16 Gb Free Space | 16,53% Space Free | Partition Type: NTFS
Drive D: | 68,36 Gb Total Space | 19,85 Gb Free Space | 29,04% Space Free | Partition Type: NTFS

Computer Name: PC-PC | User Name: Pc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-3189499562-1487113568-3171820617-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Windows\system32\wmpsl64.exe" = C:\Windows\system32\wmpsl64.exe:*:Enabled:Windows Media Scheduler

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14FC07D1-4CC1-4D99-A876-221276BFCFB5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{27DF227F-0433-472F-A950-A508DC486497}" = rport=445 | protocol=6 | dir=out | app=system |
"{2FAAEAD5-8A2A-496B-A4DB-4E86CD8DD3F5}" = lport=445 | protocol=6 | dir=in | app=system |
"{425CF372-D281-4C9F-878A-7745A23C3F55}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{6B44E120-4AC8-40EC-B4F2-2142BF190CD7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6C56EC88-2D16-4F9B-9124-DA5475DC17AC}" = rport=137 | protocol=17 | dir=out | app=system |
"{87E65949-AF53-4D17-B407-19276F9A99CE}" = lport=138 | protocol=17 | dir=in | app=system |
"{8E723F92-41BF-4FD0-BA6B-66BEDAD76DA8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{91EB6622-AAC7-4EC5-BA42-8617961DC746}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9CD2B6DD-452A-42B9-BB79-99AF37364909}" = rport=138 | protocol=17 | dir=out | app=system |
"{A4C8EC6A-47B4-4002-8503-41794C8D37B2}" = lport=139 | protocol=6 | dir=in | app=system |
"{C3793442-233C-498B-AF57-CD13690D17D5}" = lport=137 | protocol=17 | dir=in | app=system |
"{D3DB2A2E-6033-4093-98F5-A1A207AE713C}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02947416-4AD6-405F-B2F7-7593DE8F963B}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{07C1DEA7-1D58-4760-9521-C951945C7FEA}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{0B160B08-849D-4ABB-827B-4C21A7FB4B2D}" = protocol=17 | dir=in | app=c:\users\pc\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{103023EF-6219-45A0-A706-3508D8BB6FFE}" = protocol=6 | dir=in | app=c:\users\pc\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{1FD39122-7991-4EAF-98F1-322403E5A226}" = protocol=17 | dir=in | app=c:\users\pc\appdata\roaming\bittorrent\bittorrent.exe |
"{2992E944-0927-4A28-8226-C62E7DEB018A}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |
"{2B7DA343-5410-4540-9683-88532B5F9BDF}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{2BCB7677-2125-4D64-8488-C772D1F86322}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{3D255B12-68CF-4E6C-9BC9-C58187D6AB2E}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |
"{57F89B70-FE47-4BE3-89DE-5185679E1892}" = protocol=17 | dir=in | app=c:\users\pc\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{5EB7BCEB-3702-4E02-82F3-A674C405EFD7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6573A9DF-1055-4050-B2BE-6119F85C1503}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{6E1B6AD4-C008-49EF-A798-972E93A383F8}" = protocol=6 | dir=in | app=c:\users\pc\appdata\roaming\bittorrent\bittorrent.exe |
"{70F13BE2-760E-440A-9A24-5B886918EA07}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{785E4E83-C29A-4381-8A46-582900BD6751}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{793A840F-5063-432D-8FBE-48C4494532C8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A4B8D65E-0CC5-4C15-A8CC-EEC42B6BCA0B}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{B2AC0C73-B39F-425F-B120-7D851F659800}" = protocol=6 | dir=in | app=c:\users\pc\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{BC52FC9C-56A8-4015-8B31-F8A6AB3DBB74}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{BCCC99A3-CEB7-4390-869A-76A4F5E757BA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C579DB72-FAD7-42BF-836D-874619FED675}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{C85B2C70-BE07-44F3-AC19-E1B9C0EE5C74}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C8842E32-D736-4B29-B32D-1BD57E60ABB3}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{D66B103F-48D3-443A-90A8-5B594292BE4F}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{D66FF800-E549-4439-9B45-3BAFA024E853}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |
"{DBA237D0-75E1-4604-BC0A-99D2C1AAC8F5}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |
"{E3D4E049-A403-474C-863E-3FFF78530C84}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EDAFF9F1-09DC-4614-A9FA-77AD2F53875A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{1E98944E-73B3-4AE7-AB53-203F4527415D}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{B0BADAEA-7BA3-4659-802B-C829801D987C}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{4CB4864D-E7A9-4868-986C-2319B642FD61}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{F0FD5242-1329-4060-A52B-9B90EA07DB54}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0CB3C535-1171-4A20-B549-E2CB5DEB9723}" = MySQL Connector/ODBC 3.51
"{0F667427-AD37-4089-A4A2-15AF5E44CACD}" = O2Micro Flash Memory Card Reader Driver (x86)
"{0FB871A9-C617-4415-BB5D-619A8D946115}" = Microsoft Antimalware Service SK-SK Language Pack
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java(TM) 7
"{28FB74E9-7D5D-4E21-B57E-CEFBE76AC24C}" = LEADTOOLS ePrint 5 Professional
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client SK-SK Language Pack
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7
"{774C0434-9948-4DEE-A14E-69CDD316E36C}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{87131DB9-73D1-3FD7-9B25-0F12491F02A9}" = Google Talk Plugin
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-041B-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Slovak) 2007
"{90120000-0016-041B-0000-0000000FF1CE}_STANDARD_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-041B-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Slovak) 2007
"{90120000-0018-041B-0000-0000000FF1CE}_STANDARD_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-041B-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Slovak) 2007
"{90120000-001A-041B-0000-0000000FF1CE}_STANDARD_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-041B-0000-0000000FF1CE}" = Microsoft Office Word MUI (Slovak) 2007
"{90120000-001B-041B-0000-0000000FF1CE}_STANDARD_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_STANDARD_{0B7A4B67-2A38-42B1-9857-662FAB361E08}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040E-0000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2007
"{90120000-001F-040E-0000-0000000FF1CE}_STANDARD_{0AD4BB83-13B4-4C9D-9BAC-7F64E0B2D5D7}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_STANDARD_{FDF9A959-241A-4662-A8DE-7DED9C22D160}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-041B-0000-0000000FF1CE}" = Microsoft Office Proofing (Slovak) 2007
"{90120000-006E-041B-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Slovak) 2007
"{90120000-006E-041B-0000-0000000FF1CE}_STANDARD_{8382BA92-20E3-47B6-971B-F673F0492D4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9180B851-7FC1-42E4-948C-D55B39F3CE41}_is1" = T-Mobile Communication Center 3.81.02.99
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = StarCam Clip
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon Browser Bar" = Amazon Browser Bar
"avast" = avast! Free Antivirus
"BitTorrent" = BitTorrent
"BSPlayerf" = BS.Player FREE
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DAEMON Tools Lite" = DAEMON Tools Lite
"Gala Casino Poker" = Gala Casino Poker
"GOM Player" = GOM Player
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Mozilla Firefox 22.0 (x86 cs)" = Mozilla Firefox 22.0 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyGuard Live" = MyGuard Live
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Opera 12.16.1860" = Opera 12.16
"PartyPoker" = partypoker
"Photo DVD Maker Professional" = Photo DVD Maker Professional 8.32
"Photo SlideShow Maker" = Photo SlideShow Maker
"Photodex Presenter" = Photodex Presenter
"Picasa 3" = Picasa 3
"Poker 770" = Poker 770
"PokerStars" = PokerStars
"ProShow Producer" = ProShow Producer
"PS3 Media Server" = PS3 Media Server
"Rainlendar2" = Rainlendar2 (remove only)
"RegClean Pro_is1" = RegClean Pro
"Sierra Utilities" = Sierra Utilities
"STANDARD" = Microsoft Office Standard 2007
"VLC media player" = VLC media player 2.0.5
"Windows 7 - Codec Pack" = Windows 7 Codec Pack 3.1.0
"WinRAR archiver" = WinRAR archivátor
"yowindow" = YoWindow

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3189499562-1487113568-3171820617-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Pokki" = Pokki

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 24. 1. 2013 5:26:36 | Computer Name = Pc-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro c:\program files\t-mobile communication
center\DPInst_x64.exe se nezdařilo. Závislé sestavení Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 25. 1. 2013 19:35:26 | Computer Name = Pc-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro c:\program files\Vuze\AzureusUpdater.exe
se nezdařilo. Závislé sestavení Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 25. 1. 2013 19:35:29 | Computer Name = Pc-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro C:\Program Files\Common Files\Adobe
AIR\Versions\1.0\Adobe AIR.dll se nezdařilo. Chyba v souboru manifestu nebo zásady
C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll na řádku 3. Hodnota
MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR atributu version
v prvku assemblyIdentity je neplatná.

Error - 25. 1. 2013 19:36:25 | Computer Name = Pc-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro c:\program files\t-mobile communication
center\DPInst_x64.exe se nezdařilo. Závislé sestavení Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 27. 1. 2013 14:43:04 | Computer Name = Pc-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro c:\program files\Vuze\AzureusUpdater.exe
se nezdařilo. Závislé sestavení Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 27. 1. 2013 14:43:13 | Computer Name = Pc-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro C:\Program Files\Common Files\Adobe
AIR\Versions\1.0\Adobe AIR.dll se nezdařilo. Chyba v souboru manifestu nebo zásady
C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll na řádku 3. Hodnota
MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR atributu version
v prvku assemblyIdentity je neplatná.

Error - 27. 1. 2013 14:46:35 | Computer Name = Pc-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro c:\program files\t-mobile communication
center\DPInst_x64.exe se nezdařilo. Závislé sestavení Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 29. 1. 2013 4:16:27 | Computer Name = Pc-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro c:\program files\Vuze\AzureusUpdater.exe
se nezdařilo. Závislé sestavení Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 29. 1. 2013 4:16:32 | Computer Name = Pc-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro C:\Program Files\Common Files\Adobe
AIR\Versions\1.0\Adobe AIR.dll se nezdařilo. Chyba v souboru manifestu nebo zásady
C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll na řádku 3. Hodnota
MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR atributu version
v prvku assemblyIdentity je neplatná.

Error - 29. 1. 2013 4:18:21 | Computer Name = Pc-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro c:\program files\t-mobile communication
center\DPInst_x64.exe se nezdařilo. Závislé sestavení Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

[ Media Center Events ]
Error - 20. 3. 2012 4:07:11 | Computer Name = Pc-PC | Source = MCUpdate | ID = 0
Description = 9:07:11 - Chyba při připojování k Internetu 9:07:11 - Nelze kontaktovat
server..

Error - 20. 3. 2012 4:07:17 | Computer Name = Pc-PC | Source = MCUpdate | ID = 0
Description = 9:07:16 - Chyba při připojování k Internetu 9:07:16 - Nelze kontaktovat
server..

Error - 29. 4. 2012 3:24:02 | Computer Name = Pc-PC | Source = MCUpdate | ID = 0
Description = 9:24:02 - Chyba při připojování k Internetu 9:24:02 - Nelze kontaktovat
server..

Error - 29. 4. 2012 3:24:15 | Computer Name = Pc-PC | Source = MCUpdate | ID = 0
Description = 9:24:07 - Chyba při připojování k Internetu 9:24:07 - Nelze kontaktovat
server..

Error - 10. 5. 2012 3:13:24 | Computer Name = Pc-PC | Source = MCUpdate | ID = 0
Description = 9:13:24 - Chyba při připojování k Internetu 9:13:24 - Nelze kontaktovat
server..

Error - 10. 5. 2012 3:13:35 | Computer Name = Pc-PC | Source = MCUpdate | ID = 0
Description = 9:13:29 - Chyba při připojování k Internetu 9:13:29 - Nelze kontaktovat
server..

Error - 14. 5. 2012 3:50:17 | Computer Name = Pc-PC | Source = MCUpdate | ID = 0
Description = 9:50:17 - Chyba při připojování k Internetu 9:50:17 - Nelze kontaktovat
server..

Error - 14. 5. 2012 3:50:29 | Computer Name = Pc-PC | Source = MCUpdate | ID = 0
Description = 9:50:23 - Chyba při připojování k Internetu 9:50:23 - Nelze kontaktovat
server..

Error - 15. 5. 2012 7:24:23 | Computer Name = Pc-PC | Source = MCUpdate | ID = 0
Description = 13:24:23 - Chyba při připojování k Internetu 13:24:23 - Nelze kontaktovat
server..

Error - 15. 5. 2012 7:24:34 | Computer Name = Pc-PC | Source = MCUpdate | ID = 0
Description = 13:24:28 - Chyba při připojování k Internetu 13:24:28 - Nelze kontaktovat
server..

[ OSession Events ]
Error - 14. 5. 2012 4:06:09 | Computer Name = Pc-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 597
seconds with 360 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 22. 9. 2013 19:08:03 | Computer Name = Pc-PC | Source = volsnap | ID = 393252
Description = Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného
uživatelem se nepodařilo zvětšit úložiště stínové kopie.

Error - 23. 9. 2013 3:41:34 | Computer Name = Pc-PC | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (9:38:06, ?23. ?9. ?2013) bylo neočekávané.

Error - 23. 9. 2013 3:47:19 | Computer Name = Pc-PC | Source = Service Control Manager | ID = 7022
Description = Služba Windows Update přestala během spouštění reagovat.

Error - 23. 9. 2013 4:20:31 | Computer Name = Pc-PC | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (10:17:20, ?23. ?9. ?2013) bylo neočekávané.

Error - 23. 9. 2013 16:33:38 | Computer Name = Pc-PC | Source = Microsoft Antimalware | ID = 5008
Description =

Error - 23. 9. 2013 16:34:14 | Computer Name = Pc-PC | Source = Service Control Manager | ID = 7031
Description = Služba Microsoft Antimalware Service byla nečekaně ukončena. Stalo
se to 1 krát. Následující opravná akce bude spuštěna za 15000 milisekund: Restartovat
službu.

Error - 23. 9. 2013 17:58:17 | Computer Name = Pc-PC | Source = Service Control Manager | ID = 7030
Description = Služba Advanced SystemCare Service 6 je označena jako interaktivní
služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní
služby. Tato služba nebude fungovat správně.

Error - 23. 9. 2013 18:21:25 | Computer Name = Pc-PC | Source = Service Control Manager | ID = 7009
Description = Při čekání na připojení služby Služba Zasílání zpráv o chybách systému
Windows bylo dosaženo časového limitu (30000 ms).

Error - 23. 9. 2013 18:22:57 | Computer Name = Pc-PC | Source = volsnap | ID = 393252
Description = Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného
uživatelem se nepodařilo zvětšit úložiště stínové kopie.

Error - 24. 9. 2013 3:22:18 | Computer Name = Pc-PC | Source = DCOM | ID = 10010
Description =


< End of report >

Jen se jeste zeptam, jak je to s legalitou systemu? Ultimate neni zrovna bezna domaci verze


Udelejte !!!kompletni!!! kontrolu s MBAM http://forum.viry.cz/viewtopic.php?f=29&t=115222 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

čo sa týka systemu tak už ani presne neviem ako to bolo, ale myslim, ze odislo nieco ohladom ventilatora, tak ho dal nas rodinny znamy do opravy a prisiel s tymto systemom. Myslim, ze to bolo cez znameho co pracuje pre nejaku statnu instituciu, stalo nas to cele tusim 2000 kč, ale neviem presne ako to bolo.

OTL Extras logfile created on: 24. 9. 2013 9:37:31 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pc\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

1,94 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 43,51% Memory free
3,87 Gb Paging File | 2,60 Gb Available in Paging File | 67,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 43,33 Gb Total Space | 7,16 Gb Free Space | 16,53% Space Free | Partition Type: NTFS
Drive D: | 68,36 Gb Total Space | 19,85 Gb Free Space | 29,04% Space Free | Partition Type: NTFS

Computer Name: PC-PC | User Name: Pc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-3189499562-1487113568-3171820617-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Windows\system32\wmpsl64.exe" = C:\Windows\system32\wmpsl64.exe:*:Enabled:Windows Media Scheduler

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14FC07D1-4CC1-4D99-A876-221276BFCFB5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{27DF227F-0433-472F-A950-A508DC486497}" = rport=445 | protocol=6 | dir=out | app=system |
"{2FAAEAD5-8A2A-496B-A4DB-4E86CD8DD3F5}" = lport=445 | protocol=6 | dir=in | app=system |
"{425CF372-D281-4C9F-878A-7745A23C3F55}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{6B44E120-4AC8-40EC-B4F2-2142BF190CD7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6C56EC88-2D16-4F9B-9124-DA5475DC17AC}" = rport=137 | protocol=17 | dir=out | app=system |
"{87E65949-AF53-4D17-B407-19276F9A99CE}" = lport=138 | protocol=17 | dir=in | app=system |
"{8E723F92-41BF-4FD0-BA6B-66BEDAD76DA8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{91EB6622-AAC7-4EC5-BA42-8617961DC746}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9CD2B6DD-452A-42B9-BB79-99AF37364909}" = rport=138 | protocol=17 | dir=out | app=system |
"{A4C8EC6A-47B4-4002-8503-41794C8D37B2}" = lport=139 | protocol=6 | dir=in | app=system |
"{C3793442-233C-498B-AF57-CD13690D17D5}" = lport=137 | protocol=17 | dir=in | app=system |
"{D3DB2A2E-6033-4093-98F5-A1A207AE713C}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02947416-4AD6-405F-B2F7-7593DE8F963B}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{07C1DEA7-1D58-4760-9521-C951945C7FEA}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{0B160B08-849D-4ABB-827B-4C21A7FB4B2D}" = protocol=17 | dir=in | app=c:\users\pc\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{103023EF-6219-45A0-A706-3508D8BB6FFE}" = protocol=6 | dir=in | app=c:\users\pc\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{1FD39122-7991-4EAF-98F1-322403E5A226}" = protocol=17 | dir=in | app=c:\users\pc\appdata\roaming\bittorrent\bittorrent.exe |
"{2992E944-0927-4A28-8226-C62E7DEB018A}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |
"{2B7DA343-5410-4540-9683-88532B5F9BDF}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{2BCB7677-2125-4D64-8488-C772D1F86322}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{3D255B12-68CF-4E6C-9BC9-C58187D6AB2E}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |
"{57F89B70-FE47-4BE3-89DE-5185679E1892}" = protocol=17 | dir=in | app=c:\users\pc\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{5EB7BCEB-3702-4E02-82F3-A674C405EFD7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6573A9DF-1055-4050-B2BE-6119F85C1503}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{6E1B6AD4-C008-49EF-A798-972E93A383F8}" = protocol=6 | dir=in | app=c:\users\pc\appdata\roaming\bittorrent\bittorrent.exe |
"{70F13BE2-760E-440A-9A24-5B886918EA07}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{785E4E83-C29A-4381-8A46-582900BD6751}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{793A840F-5063-432D-8FBE-48C4494532C8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A4B8D65E-0CC5-4C15-A8CC-EEC42B6BCA0B}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{B2AC0C73-B39F-425F-B120-7D851F659800}" = protocol=6 | dir=in | app=c:\users\pc\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{BC52FC9C-56A8-4015-8B31-F8A6AB3DBB74}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{BCCC99A3-CEB7-4390-869A-76A4F5E757BA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C579DB72-FAD7-42BF-836D-874619FED675}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{C85B2C70-BE07-44F3-AC19-E1B9C0EE5C74}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C8842E32-D736-4B29-B32D-1BD57E60ABB3}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{D66B103F-48D3-443A-90A8-5B594292BE4F}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{D66FF800-E549-4439-9B45-3BAFA024E853}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |
"{DBA237D0-75E1-4604-BC0A-99D2C1AAC8F5}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |
"{E3D4E049-A403-474C-863E-3FFF78530C84}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EDAFF9F1-09DC-4614-A9FA-77AD2F53875A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{1E98944E-73B3-4AE7-AB53-203F4527415D}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{B0BADAEA-7BA3-4659-802B-C829801D987C}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{4CB4864D-E7A9-4868-986C-2319B642FD61}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{F0FD5242-1329-4060-A52B-9B90EA07DB54}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0CB3C535-1171-4A20-B549-E2CB5DEB9723}" = MySQL Connector/ODBC 3.51
"{0F667427-AD37-4089-A4A2-15AF5E44CACD}" = O2Micro Flash Memory Card Reader Driver (x86)
"{0FB871A9-C617-4415-BB5D-619A8D946115}" = Microsoft Antimalware Service SK-SK Language Pack
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java(TM) 7
"{28FB74E9-7D5D-4E21-B57E-CEFBE76AC24C}" = LEADTOOLS ePrint 5 Professional
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client SK-SK Language Pack
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7
"{774C0434-9948-4DEE-A14E-69CDD316E36C}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{87131DB9-73D1-3FD7-9B25-0F12491F02A9}" = Google Talk Plugin
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-041B-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Slovak) 2007
"{90120000-0016-041B-0000-0000000FF1CE}_STANDARD_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-041B-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Slovak) 2007
"{90120000-0018-041B-0000-0000000FF1CE}_STANDARD_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-041B-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Slovak) 2007
"{90120000-001A-041B-0000-0000000FF1CE}_STANDARD_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-041B-0000-0000000FF1CE}" = Microsoft Office Word MUI (Slovak) 2007
"{90120000-001B-041B-0000-0000000FF1CE}_STANDARD_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_STANDARD_{0B7A4B67-2A38-42B1-9857-662FAB361E08}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040E-0000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2007
"{90120000-001F-040E-0000-0000000FF1CE}_STANDARD_{0AD4BB83-13B4-4C9D-9BAC-7F64E0B2D5D7}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_STANDARD_{FDF9A959-241A-4662-A8DE-7DED9C22D160}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-041B-0000-0000000FF1CE}" = Microsoft Office Proofing (Slovak) 2007
"{90120000-006E-041B-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Slovak) 2007
"{90120000-006E-041B-0000-0000000FF1CE}_STANDARD_{8382BA92-20E3-47B6-971B-F673F0492D4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9180B851-7FC1-42E4-948C-D55B39F3CE41}_is1" = T-Mobile Communication Center 3.81.02.99
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = StarCam Clip
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon Browser Bar" = Amazon Browser Bar
"avast" = avast! Free Antivirus
"BitTorrent" = BitTorrent
"BSPlayerf" = BS.Player FREE
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DAEMON Tools Lite" = DAEMON Tools Lite
"Gala Casino Poker" = Gala Casino Poker
"GOM Player" = GOM Player
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Mozilla Firefox 22.0 (x86 cs)" = Mozilla Firefox 22.0 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyGuard Live" = MyGuard Live
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Opera 12.16.1860" = Opera 12.16
"PartyPoker" = partypoker
"Photo DVD Maker Professional" = Photo DVD Maker Professional 8.32
"Photo SlideShow Maker" = Photo SlideShow Maker
"Photodex Presenter" = Photodex Presenter
"Picasa 3" = Picasa 3
"Poker 770" = Poker 770
"PokerStars" = PokerStars
"ProShow Producer" = ProShow Producer
"PS3 Media Server" = PS3 Media Server
"Rainlendar2" = Rainlendar2 (remove only)
"RegClean Pro_is1" = RegClean Pro
"Sierra Utilities" = Sierra Utilities
"STANDARD" = Microsoft Office Standard 2007
"VLC media player" = VLC media player 2.0.5
"Windows 7 - Codec Pack" = Windows 7 Codec Pack 3.1.0
"WinRAR archiver" = WinRAR archivátor
"yowindow" = YoWindow

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3189499562-1487113568-3171820617-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Pokki" = Pokki

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 24. 1. 2013 5:26:36 | Computer Name = Pc-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro c:\program files\t-mobile communication
center\DPInst_x64.exe se nezdařilo. Závislé sestavení Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 25. 1. 2013 19:35:26 | Computer Name = Pc-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro c:\program files\Vuze\AzureusUpdater.exe
se nezdařilo. Závislé sestavení Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 25. 1. 2013 19:35:29 | Computer Name = Pc-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro C:\Program Files\Common Files\Adobe
AIR\Versions\1.0\Adobe AIR.dll se nezdařilo. Chyba v souboru manifestu nebo zásady
C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll na řádku 3. Hodnota
MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR atributu version
v prvku assemblyIdentity je neplatná.

Error - 25. 1. 2013 19:36:25 | Computer Name = Pc-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro c:\program files\t-mobile communication
center\DPInst_x64.exe se nezdařilo. Závislé sestavení Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 27. 1. 2013 14:43:04 | Computer Name = Pc-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro c:\program files\Vuze\AzureusUpdater.exe
se nezdařilo. Závislé sestavení Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 27. 1. 2013 14:43:13 | Computer Name = Pc-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro C:\Program Files\Common Files\Adobe
AIR\Versions\1.0\Adobe AIR.dll se nezdařilo. Chyba v souboru manifestu nebo zásady
C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll na řádku 3. Hodnota
MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR atributu version
v prvku assemblyIdentity je neplatná.

Error - 27. 1. 2013 14:46:35 | Computer Name = Pc-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro c:\program files\t-mobile communication
center\DPInst_x64.exe se nezdařilo. Závislé sestavení Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 29. 1. 2013 4:16:27 | Computer Name = Pc-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro c:\program files\Vuze\AzureusUpdater.exe
se nezdařilo. Závislé sestavení Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 29. 1. 2013 4:16:32 | Computer Name = Pc-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro C:\Program Files\Common Files\Adobe
AIR\Versions\1.0\Adobe AIR.dll se nezdařilo. Chyba v souboru manifestu nebo zásady
C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll na řádku 3. Hodnota
MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR atributu version
v prvku assemblyIdentity je neplatná.

Error - 29. 1. 2013 4:18:21 | Computer Name = Pc-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro c:\program files\t-mobile communication
center\DPInst_x64.exe se nezdařilo. Závislé sestavení Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

[ Media Center Events ]
Error - 20. 3. 2012 4:07:11 | Computer Name = Pc-PC | Source = MCUpdate | ID = 0
Description = 9:07:11 - Chyba při připojování k Internetu 9:07:11 - Nelze kontaktovat
server..

Error - 20. 3. 2012 4:07:17 | Computer Name = Pc-PC | Source = MCUpdate | ID = 0
Description = 9:07:16 - Chyba při připojování k Internetu 9:07:16 - Nelze kontaktovat
server..

Error - 29. 4. 2012 3:24:02 | Computer Name = Pc-PC | Source = MCUpdate | ID = 0
Description = 9:24:02 - Chyba při připojování k Internetu 9:24:02 - Nelze kontaktovat
server..

Error - 29. 4. 2012 3:24:15 | Computer Name = Pc-PC | Source = MCUpdate | ID = 0
Description = 9:24:07 - Chyba při připojování k Internetu 9:24:07 - Nelze kontaktovat
server..

Error - 10. 5. 2012 3:13:24 | Computer Name = Pc-PC | Source = MCUpdate | ID = 0
Description = 9:13:24 - Chyba při připojování k Internetu 9:13:24 - Nelze kontaktovat
server..

Error - 10. 5. 2012 3:13:35 | Computer Name = Pc-PC | Source = MCUpdate | ID = 0
Description = 9:13:29 - Chyba při připojování k Internetu 9:13:29 - Nelze kontaktovat
server..

Error - 14. 5. 2012 3:50:17 | Computer Name = Pc-PC | Source = MCUpdate | ID = 0
Description = 9:50:17 - Chyba při připojování k Internetu 9:50:17 - Nelze kontaktovat
server..

Error - 14. 5. 2012 3:50:29 | Computer Name = Pc-PC | Source = MCUpdate | ID = 0
Description = 9:50:23 - Chyba při připojování k Internetu 9:50:23 - Nelze kontaktovat
server..

Error - 15. 5. 2012 7:24:23 | Computer Name = Pc-PC | Source = MCUpdate | ID = 0
Description = 13:24:23 - Chyba při připojování k Internetu 13:24:23 - Nelze kontaktovat
server..

Error - 15. 5. 2012 7:24:34 | Computer Name = Pc-PC | Source = MCUpdate | ID = 0
Description = 13:24:28 - Chyba při připojování k Internetu 13:24:28 - Nelze kontaktovat
server..

[ OSession Events ]
Error - 14. 5. 2012 4:06:09 | Computer Name = Pc-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 597
seconds with 360 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 22. 9. 2013 19:08:03 | Computer Name = Pc-PC | Source = volsnap | ID = 393252
Description = Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného
uživatelem se nepodařilo zvětšit úložiště stínové kopie.

Error - 23. 9. 2013 3:41:34 | Computer Name = Pc-PC | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (9:38:06, ?23. ?9. ?2013) bylo neočekávané.

Error - 23. 9. 2013 3:47:19 | Computer Name = Pc-PC | Source = Service Control Manager | ID = 7022
Description = Služba Windows Update přestala během spouštění reagovat.

Error - 23. 9. 2013 4:20:31 | Computer Name = Pc-PC | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (10:17:20, ?23. ?9. ?2013) bylo neočekávané.

Error - 23. 9. 2013 16:33:38 | Computer Name = Pc-PC | Source = Microsoft Antimalware | ID = 5008
Description =

Error - 23. 9. 2013 16:34:14 | Computer Name = Pc-PC | Source = Service Control Manager | ID = 7031
Description = Služba Microsoft Antimalware Service byla nečekaně ukončena. Stalo
se to 1 krát. Následující opravná akce bude spuštěna za 15000 milisekund: Restartovat
službu.

Error - 23. 9. 2013 17:58:17 | Computer Name = Pc-PC | Source = Service Control Manager | ID = 7030
Description = Služba Advanced SystemCare Service 6 je označena jako interaktivní
služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní
služby. Tato služba nebude fungovat správně.

Error - 23. 9. 2013 18:21:25 | Computer Name = Pc-PC | Source = Service Control Manager | ID = 7009
Description = Při čekání na připojení služby Služba Zasílání zpráv o chybách systému
Windows bylo dosaženo časového limitu (30000 ms).

Error - 23. 9. 2013 18:22:57 | Computer Name = Pc-PC | Source = volsnap | ID = 393252
Description = Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného
uživatelem se nepodařilo zvětšit úložiště stínové kopie.

Error - 24. 9. 2013 3:22:18 | Computer Name = Pc-PC | Source = DCOM | ID = 10010
Description =


< End of report >

Ja chtel log z MBAM, tohle je zase z OTL


Jestli si ten znamy vzal penize i za ten system, tak vas osidil, protoze v logu je videt crack na windows


A pravidla fora hovori jasne http://forum.viry.cz/viewtopic.php?f=12&t=115512

Pomáhat NELZE:
2) Pokud stroj uživatele prokazatelně obsahuje nelegální hostitelský čí ochranný software
(operační systém, antivir, firewall, atd.), je nutné navést uživatele k nápravě, např. skrze neplacený software,
a začít řešit, až v době kdy je PC "v pořádku". V případě že uživatel nechce na pravidla přistoupit,
je nutné jej vyzvat ať fórum opustí, a vrátí se až je splní.

Ja naozaj neviem ako to bolo, mozno tie peniaze boli za ten ventilator. hm co uz. Takze asi to vymazem co naslo a mozno sa spamata, alebo zase reinstal neviem.


Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2013.09.24.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16686
Pc :: PC-PC [administrátor]

Ochrana: Povolena

24. 9. 2013 11:43:57
MBAM-log-2013-09-24 (13-03-19).txt

Typ: Kompletní kontrola (C:\|D:\|E:\|F:\|G:\|H:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 305438
Uplynulý čas: 1 hodin, 2 minut, 30 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1 (PUP.Optional.RegCleanPro.A) -> Nebyla provedena žádná instrukce.
HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Nebyla provedena žádná instrukce.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 3
C:\Program Files\RegClean Pro (PUP.Optional.RegCleanPro.A) -> Nebyla provedena žádná instrukce.
C:\Users\Pc\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
C:\Users\Pc\AppData\Roaming\OpenCandy\E0DEB1CCE2824399BA629F59081557D5 (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.

Nalezené soubory: 39
C:\Program Files\Amazon Browser Bar\search_protect.exe (PUP.Optional.Searchprotect) -> Nebyla provedena žádná instrukce.
C:\Windows\Installer\6f5f07.msi (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\Windows\Installer\6f5f0d.msi (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\Program Files\RegClean Pro\TraditionalCn_rcp_zh-tw.ini (PUP.Optional.RegCleanPro.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\RegClean Pro\install_left_image.bmp (PUP.Optional.RegCleanPro.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\RegClean Pro\Chinese_rcp.ini (PUP.Optional.RegCleanPro.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\RegClean Pro\CleanSchedule.exe (PUP.Optional.RegCleanPro.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\RegClean Pro\Cloud_Backup_Setup.exe (PUP.Optional.RegCleanPro.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\RegClean Pro\Cloud_Backup_Setup_Intl.exe (PUP.Optional.RegCleanPro.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\RegClean Pro\Danish_rcp.ini (PUP.Optional.RegCleanPro.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\RegClean Pro\Dutch_rcp.ini (PUP.Optional.RegCleanPro.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\RegClean Pro\eng_rcp.ini (PUP.Optional.RegCleanPro.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\RegClean Pro\Finnish_rcp_fi.ini (PUP.Optional.RegCleanPro.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\RegClean Pro\French_rcp.ini (PUP.Optional.RegCleanPro.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\RegClean Pro\German_rcp.ini (PUP.Optional.RegCleanPro.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\RegClean Pro\greek_rcp_el.ini (PUP.Optional.RegCleanPro.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\RegClean Pro\isxdl.dll (PUP.Optional.RegCleanPro.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\RegClean Pro\Italian_rcp.ini (PUP.Optional.RegCleanPro.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\RegClean Pro\Japanese_rcp.ini (PUP.Optional.RegCleanPro.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\RegClean Pro\korean_rcp_ko.ini (PUP.Optional.RegCleanPro.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\RegClean Pro\Norwegian_rcp.ini (PUP.Optional.RegCleanPro.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\RegClean Pro\polish_rcp_pl.ini (PUP.Optional.RegCleanPro.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\RegClean Pro\portugese_rcp_pt.ini (PUP.Optional.RegCleanPro.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\RegClean Pro\Portuguese_rcp.ini (PUP.Optional.RegCleanPro.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\RegClean Pro\RCPUninstall.exe (PUP.Optional.RegCleanPro.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\RegClean Pro\RegCleanPro.dll (PUP.Optional.RegCleanPro.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\RegClean Pro\RegCleanPro.exe (PUP.Optional.RegCleanPro.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\RegClean Pro\russian_rcp_ru.ini (PUP.Optional.RegCleanPro.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\RegClean Pro\Spanish_rcp.ini (PUP.Optional.RegCleanPro.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\RegClean Pro\Swedish_rcp.ini (PUP.Optional.RegCleanPro.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\RegClean Pro\systweakasp.exe (PUP.Optional.RegCleanPro.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\RegClean Pro\turkish_rcp_tr.ini (PUP.Optional.RegCleanPro.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\RegClean Pro\unins000.dat (PUP.Optional.RegCleanPro.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\RegClean Pro\unins000.exe (PUP.Optional.RegCleanPro.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\RegClean Pro\unins000.msg (PUP.Optional.RegCleanPro.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\RegClean Pro\xmllite.dll (PUP.Optional.RegCleanPro.A) -> Nebyla provedena žádná instrukce.
C:\Windows\Tasks\RegClean Pro_DEFAULT.job (PUP.Optional.RegCleanPro.A) -> Nebyla provedena žádná instrukce.
C:\Windows\System32\roboot.exe (PUP.Optional.PCPerformer.A) -> Nebyla provedena žádná instrukce.
C:\Users\Pc\AppData\Roaming\OpenCandy\E0DEB1CCE2824399BA629F59081557D5\version512e990dafdb7.exe (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.

(konec)

Nalezy odstrante, pak MBAM odinstalujte.

Odinstalujte vse od IObit, dela to vic skody nez uzitku.

Pohledejte na foru a pouzijte ADWCleaner, TFC, CCleaner a Defraggler. Treba se pc ulevi.

A to je vzhledem k tomu cracknutemu systemu vse.