VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

RSIT - podozrenie na keylogger + Myinfotopia plugin (adware)

https://forum.viry.cz:443/viewtopic.php?t=135481

Stránka 1 z 2

RSIT - podozrenie na keylogger + Myinfotopia plugin (adware)

Napsal: 14 led 2014 14:47
od 666andrew
Dobrý deň, ako je jasné z popisu témy, mám tieto závažné problémy. Mám obavu používať PC tak, ako by som chcel, kvôli tomu podozreniu na keylogger. Hoci je už možno preč, nie som si istý. Nejaké veci mi našiel MBAM a odstránil som ich. Hádžem sem log RSIT a aj výpis tých súborov z MBAM. Pri otázke či je win legálny, tak áno, je to OEM verzia. Stretol som sa s takou otázkou už pri riešení podobných problémov. Za váš čas vopred ďakujem. :)

Logfile of random's system information tool 1.09 (written by random/random)
Run by Maros at 2014-01-14 14:45:10
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 115 GB (48%) free of 238 GB
Total RAM: 4094 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:45:13, on 14. 1. 2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Bloody4\Bloody4\Bloody4.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Gaming Keyboard\Monitor.EXE
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Gaming Keyboard\OSD.exe
C:\Windows\twunk_32.exe
C:\Windows\twunk_32.exe
C:\Users\Maros\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Maros\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Maros\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Maros\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Maros\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Maros.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {D5D47440-0750-463D-BAEF-A47D02414806} - (no file)
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Gaming Keyboard] "C:\Program Files (x86)\Gaming Keyboard\Monitor.EXE"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Bloody2] "C:\Program Files (x86)\Bloody4\Bloody4\Bloody4.exe" Minimum
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - Startup: HpM3Util.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\NLSSRV32.EXE
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 x64 (PSI_SVC_2_x64) - arvato digital services llc - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9399 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\NLSSRV32.EXE
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL mmsys.cpl
"C:\Windows\RAVCpl64.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
"C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe" /TUStart /pid:2344
"C:\Program Files\Microsoft Security Client\NisSrv.exe"
C:\Windows\System32\alg.exe
"C:\Program Files (x86)\Bloody4\Bloody4\Bloody4.exe" Minimum
WLIDSvcM.exe 2400
"C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Users\Maros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HpM3Util.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-ded261c5-b1d7-4ea4-b73a-ec3ac5f20539 -SystemEventPortName:HostProcess-633d3529-fda7-4818-91ad-21cfa88827fb -IoCancelEventPortName:HostProcess-4de8f29f-d024-484f-be4d-8003fcce0c5a -NonStateChangingEventPortName:HostProcess-42edc34c-acbb-426c-9446-dcd6c918a214 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:d6b1c976-b4be-41a5-b778-2e6f0623ca47 -DeviceGroupId:WpdFsGroup
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\Gaming Keyboard\Monitor.EXE"
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files (x86)\Gaming Keyboard\OSD.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Windows\twunk_32.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "-11477727671853279295130964601516728803351079938808-2054908665-11188056681543285233
"C:\Windows\twunk_32.exe"
"C:\Users\Maros\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Maros\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="1128.0.2098300886\652407510" --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,3,12,22,26 --gpu-vendor-id=0x10de --gpu-device-id=0x0dc4 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.3221 --ignored=" --type=renderer " /prefetch:822062411
"C:\Users\Maros\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group6 pct:10e stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-1-Percent/group_16/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --renderer-print-preview --instant-process --disable-html-notifications --channel="1128.1.852960024\371141511" /prefetch:673131151
"C:\Users\Maros\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group6 pct:10e stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-1-Percent/group_16/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --extension-process --renderer-print-preview --disable-html-notifications --channel="1128.3.1465755199\1025578813" /prefetch:673131151
"C:\Users\Maros\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group6 pct:10e stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/NetworkConnectivity/disable_network_stats/OmniboxBundledExperimentV1/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-1-Percent/group_16/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --channel="1128.13.1296344633\2039328489" /prefetch:673131151
"C:\Program Files\Microsoft Security Client\MpCmdRun.exe" SpyNetService -RestrictPrivileges -AccessKey E7609A99-F26C-71F9-D1D0-33E9CE198BD4 -Reinvoke
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\Maros\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3607238900-2339944577-2827055329-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3607238900-2339944577-2827055329-1000UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Maros\AppData\Roaming\Mozilla\Firefox\Profiles\265lgu85.default

prefs.js - "browser.startup.homepage" - "http://www.google.sk/"
prefs.js - "extensions.enabledItems" - "Cetrumcz@igeared:1.203.023.002, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.8"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.170 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.7.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nullsoft.com/winampDetector;version=1]
"Description"=Winamp Detector
"Path"=C:\Program Files (x86)\Winamp Detect\npwachk.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Acrobat]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.170 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
NPOFF12.DLL
nppdf32.dll
nppdf32.SKY
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
Cetrumcz_igeared.xml
mall-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe Acrobat Create PDF Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2013-09-05 422280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
Adobe Acrobat Create PDF from Selection - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2013-09-05 422280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-09-12 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe Acrobat Create PDF Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-09-05 330632]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-09-12 157672]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
Adobe Acrobat Create PDF from Selection - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-09-05 330632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe Acrobat Create PDF Toolbar - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2013-09-05 422280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{D5D47440-0750-463D-BAEF-A47D02414806}
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe Acrobat Create PDF Toolbar - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-09-05 330632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RAVCpl64.exe [2008-07-03 6430208]
"Skytel"=C:\Windows\Skytel.exe [2008-06-25 1826816]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2013-10-23 1266912]
"Monitor"=C:\Windows\PixArt\PAC207\Monitor.exe [2006-11-03 319488]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2013-12-10 1100248]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=C:\Program Files (x86)\uTorrent\uTorrent.exe [2013-05-02 802136]
"Bloody2"=C:\Program Files (x86)\Bloody4\Bloody4\Bloody4.exe [2013-08-16 11854848]
"ISUSPM"=C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-10 218032]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
""= []
"Gaming Keyboard"=C:\Program Files (x86)\Gaming Keyboard\Monitor.EXE [2012-02-14 184320]

C:\Users\Maros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
HpM3Util.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.FPS1"=frapsv64.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2014-01-14 14:33:07 ----A---- C:\Windows\system32\drivers\hitmanpro37.sys
2014-01-14 14:27:08 ----D---- C:\ProgramData\HitmanPro
2014-01-14 14:15:49 ----D---- C:\Windows\ERUNT
2014-01-14 14:09:25 ----D---- C:\AdwCleaner
2014-01-12 13:50:22 ----D---- C:\rsit
2014-01-12 11:52:40 ----D---- C:\Program Files\CCleaner
2014-01-09 21:14:09 ----D---- C:\Users\Maros\AppData\Roaming\vlc
2014-01-09 20:59:28 ----D---- C:\Program Files (x86)\VideoLAN
2014-01-07 20:07:51 ----A---- C:\Windows\system32\nvhdap64.dll
2014-01-07 20:07:51 ----A---- C:\Windows\system32\nvhdagenco6420103.dll
2014-01-07 20:07:51 ----A---- C:\Windows\system32\drivers\nvhda64v.sys
2014-01-07 20:07:46 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2014-01-07 20:07:46 ----A---- C:\Windows\SYSWOW64\nvumdshim.dll
2014-01-07 20:07:46 ----A---- C:\Windows\SYSWOW64\nvopencl.dll
2014-01-07 20:07:46 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2014-01-07 20:07:46 ----A---- C:\Windows\SYSWOW64\nvoglshim32.dll
2014-01-07 20:07:46 ----A---- C:\Windows\SYSWOW64\nvinit.dll
2014-01-07 20:07:46 ----A---- C:\Windows\SYSWOW64\NvIFR.dll
2014-01-07 20:07:46 ----A---- C:\Windows\SYSWOW64\NvFBC.dll
2014-01-07 20:07:46 ----A---- C:\Windows\system32\nvopencl.dll
2014-01-07 20:07:46 ----A---- C:\Windows\system32\nvoglv64.dll
2014-01-07 20:07:46 ----A---- C:\Windows\system32\nvoglshim64.dll
2014-01-07 20:07:46 ----A---- C:\Windows\system32\nvinitx.dll
2014-01-07 20:07:46 ----A---- C:\Windows\system32\NvIFR64.dll
2014-01-07 20:07:46 ----A---- C:\Windows\system32\NvFBC64.dll
2014-01-07 20:07:46 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2014-01-07 20:07:45 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2014-01-07 20:07:45 ----A---- C:\Windows\SYSWOW64\nvcuvenc.dll
2014-01-07 20:07:45 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2014-01-07 20:07:45 ----A---- C:\Windows\system32\nvd3dumx.dll
2014-01-07 20:07:45 ----A---- C:\Windows\system32\nvcuvid.dll
2014-01-07 20:07:45 ----A---- C:\Windows\system32\nvcuvenc.dll
2014-01-07 20:07:45 ----A---- C:\Windows\system32\nvcuda.dll
2014-01-07 20:07:38 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2014-01-07 20:07:38 ----A---- C:\Windows\system32\nvcompiler.dll
2014-01-07 19:35:47 ----A---- C:\Windows\system32\nvdispgenco6433221.dll
2014-01-07 19:35:46 ----A---- C:\Windows\system32\nvdispco6433221.dll
2014-01-05 14:02:16 ----D---- C:\Program Files (x86)\Deadpool
2014-01-03 12:23:06 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-01-03 12:23:04 ----A---- C:\Windows\system32\ieui.dll
2014-01-03 12:23:03 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-01-03 12:23:03 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-01-03 12:23:03 ----A---- C:\Windows\system32\jsproxy.dll
2014-01-03 12:23:03 ----A---- C:\Windows\system32\ieUnatt.exe
2014-01-03 12:23:03 ----A---- C:\Windows\system32\iesetup.dll
2014-01-03 12:23:03 ----A---- C:\Windows\system32\iernonce.dll
2014-01-03 12:23:03 ----A---- C:\Windows\system32\ie4uinit.exe
2014-01-03 12:23:02 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-01-03 12:23:02 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-01-03 12:23:01 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-01-03 12:23:01 ----A---- C:\Windows\system32\mshtml.dll
2014-01-03 12:23:01 ----A---- C:\Windows\system32\jscript9diag.dll
2014-01-03 12:23:01 ----A---- C:\Windows\system32\ieapfltr.dll
2014-01-03 12:23:00 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-01-03 12:23:00 ----A---- C:\Windows\system32\iertutil.dll
2014-01-03 12:22:59 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-01-03 12:22:59 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-01-03 12:22:58 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-01-03 12:22:58 ----A---- C:\Windows\system32\wininet.dll
2014-01-03 12:22:58 ----A---- C:\Windows\system32\urlmon.dll
2014-01-03 12:22:57 ----A---- C:\Windows\system32\ieframe.dll
2014-01-03 12:22:55 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-01-03 12:22:54 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-01-03 12:22:53 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-01-03 12:22:53 ----A---- C:\Windows\system32\jscript9.dll
2014-01-03 12:17:58 ----D---- C:\ProgramData\DownSauvoe
2014-01-03 12:17:57 ----D---- C:\ProgramData\dlfhleokgkpbdoafcdocdoebojmeoeli
2014-01-03 12:16:13 ----D---- C:\ProgramData\e1b4cec55f7fdea1
2014-01-03 12:16:08 ----D---- C:\ProgramData\DaiscountaExtensi
2013-12-31 00:50:31 ----D---- C:\Program Files (x86)\KONAMI
2013-12-30 22:44:53 ----D---- C:\Windows\Migration
2013-12-30 22:41:54 ----A---- C:\Windows\system32\IEUDINIT.EXE
2013-12-30 22:33:17 ----A---- C:\Windows\SYSWOW64\elshyph.dll
2013-12-30 22:33:17 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-30 22:33:11 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2013-12-30 22:33:11 ----A---- C:\Windows\SYSWOW64\msrating.dll
2013-12-30 22:33:11 ----A---- C:\Windows\SYSWOW64\msls31.dll
2013-12-30 22:33:11 ----A---- C:\Windows\SYSWOW64\jsIntl.dll
2013-12-30 22:33:11 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2013-12-30 22:33:11 ----A---- C:\Windows\system32\elshyph.dll
2013-12-30 22:33:10 ----A---- C:\Windows\SYSWOW64\url.dll
2013-12-30 22:33:10 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2013-12-30 22:33:10 ----A---- C:\Windows\SYSWOW64\inseng.dll
2013-12-30 22:33:10 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2013-12-30 22:33:10 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2013-12-30 22:33:10 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2013-12-30 22:33:10 ----A---- C:\Windows\SYSWOW64\ieapfltr.dat
2013-12-30 22:33:10 ----A---- C:\Windows\SYSWOW64\icardie.dll
2013-12-30 22:33:10 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2013-12-30 22:33:10 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2013-12-30 22:33:09 ----A---- C:\Windows\SYSWOW64\wextract.exe
2013-12-30 22:33:09 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2013-12-30 22:33:09 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2013-12-30 22:33:09 ----A---- C:\Windows\SYSWOW64\pngfilt.dll
2013-12-30 22:33:09 ----A---- C:\Windows\SYSWOW64\occache.dll
2013-12-30 22:33:09 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2013-12-30 22:33:09 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2013-12-30 22:33:09 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-12-30 22:33:09 ----A---- C:\Windows\SYSWOW64\iexpress.exe
2013-12-30 22:33:09 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2013-12-30 22:33:08 ----A---- C:\Windows\SYSWOW64\SetIEInstalledDate.exe
2013-12-30 22:33:08 ----A---- C:\Windows\SYSWOW64\mshtmler.dll
2013-12-30 22:33:08 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2013-12-30 22:33:08 ----A---- C:\Windows\SYSWOW64\mshta.exe
2013-12-30 22:33:08 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2013-12-30 22:33:08 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2013-12-30 22:33:08 ----A---- C:\Windows\SYSWOW64\jscript.dll
2013-12-30 22:33:08 ----A---- C:\Windows\SYSWOW64\imgutil.dll
2013-12-30 22:33:08 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2013-12-30 22:33:08 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2013-12-30 22:33:08 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2013-12-30 22:33:08 ----A---- C:\Windows\SYSWOW64\IEAdvpack.dll
2013-12-30 22:33:07 ----A---- C:\Windows\system32\jsIntl.dll
2013-12-30 22:33:06 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-30 22:33:06 ----A---- C:\Windows\system32\msrating.dll
2013-12-30 22:33:06 ----A---- C:\Windows\system32\msls31.dll
2013-12-30 22:33:06 ----A---- C:\Windows\system32\msfeedssync.exe
2013-12-30 22:33:06 ----A---- C:\Windows\system32\msfeedsbs.dll
2013-12-30 22:33:06 ----A---- C:\Windows\system32\IEAdvpack.dll
2013-12-30 22:33:05 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2013-12-30 22:33:05 ----A---- C:\Windows\system32\mshtmler.dll
2013-12-30 22:33:05 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-30 22:33:05 ----A---- C:\Windows\system32\iesysprep.dll
2013-12-30 22:33:05 ----A---- C:\Windows\system32\dxtrans.dll
2013-12-30 22:33:04 ----A---- C:\Windows\system32\url.dll
2013-12-30 22:33:04 ----A---- C:\Windows\system32\mshtmlmedia.dll
2013-12-30 22:33:04 ----A---- C:\Windows\system32\iedkcs32.dll
2013-12-30 22:33:04 ----A---- C:\Windows\system32\ieapfltr.dat
2013-12-30 22:33:04 ----A---- C:\Windows\system32\icardie.dll
2013-12-30 22:33:04 ----A---- C:\Windows\system32\dxtmsft.dll
2013-12-30 22:33:03 ----A---- C:\Windows\system32\wextract.exe
2013-12-30 22:33:03 ----A---- C:\Windows\system32\webcheck.dll
2013-12-30 22:33:03 ----A---- C:\Windows\system32\vbscript.dll
2013-12-30 22:33:03 ----A---- C:\Windows\system32\pngfilt.dll
2013-12-30 22:33:03 ----A---- C:\Windows\system32\occache.dll
2013-12-30 22:33:03 ----A---- C:\Windows\system32\mshtmled.dll
2013-12-30 22:33:03 ----A---- C:\Windows\system32\mshta.exe
2013-12-30 22:33:03 ----A---- C:\Windows\system32\msfeeds.dll
2013-12-30 22:33:03 ----A---- C:\Windows\system32\licmgr10.dll
2013-12-30 22:33:03 ----A---- C:\Windows\system32\inseng.dll
2013-12-30 22:33:03 ----A---- C:\Windows\system32\iexpress.exe
2013-12-30 22:33:02 ----A---- C:\Windows\system32\MshtmlDac.dll
2013-12-30 22:33:02 ----A---- C:\Windows\system32\jscript.dll
2013-12-30 22:33:02 ----A---- C:\Windows\system32\imgutil.dll
2013-12-30 22:33:02 ----A---- C:\Windows\system32\iepeers.dll
2013-12-30 22:12:53 ----A---- C:\Windows\system32\wmploc.DLL
2013-12-30 22:12:51 ----A---- C:\Windows\SYSWOW64\wmploc.DLL
2013-12-30 22:12:50 ----A---- C:\Windows\SYSWOW64\wmp.dll
2013-12-30 22:12:48 ----A---- C:\Windows\system32\wmp.dll
2013-12-30 22:02:39 ----A---- C:\Windows\SYSWOW64\WMPhoto.dll
2013-12-30 22:02:39 ----A---- C:\Windows\system32\WMPhoto.dll
2013-12-30 22:00:40 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2013-12-30 22:00:40 ----A---- C:\Windows\system32\WindowsCodecs.dll
2013-12-30 13:54:11 ----D---- C:\Windows\system32\MRT
2013-12-30 13:41:49 ----A---- C:\Windows\SYSWOW64\UIAnimation.dll
2013-12-30 13:41:49 ----A---- C:\Windows\SYSWOW64\msmpeg2vdec.dll
2013-12-30 13:41:49 ----A---- C:\Windows\system32\UIAnimation.dll
2013-12-30 13:41:49 ----A---- C:\Windows\system32\msmpeg2vdec.dll
2013-12-30 13:41:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-30 13:41:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-12-30 13:41:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-12-30 13:41:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-12-30 13:41:31 ----AH---- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-30 13:41:31 ----AH---- C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-12-30 13:41:31 ----AH---- C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-12-30 13:41:31 ----AH---- C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-12-30 13:41:31 ----A---- C:\Windows\SYSWOW64\d3d10_1.dll
2013-12-30 13:41:31 ----A---- C:\Windows\system32\d3d10_1.dll
2013-12-30 13:41:30 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll
2013-12-30 13:41:30 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2013-12-30 13:41:30 ----A---- C:\Windows\system32\d3d10warp.dll
2013-12-30 13:41:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-12-30 13:41:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-12-30 13:41:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-12-30 13:41:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-12-30 13:41:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-12-30 13:41:29 ----AH---- C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-12-30 13:41:29 ----AH---- C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-12-30 13:41:29 ----AH---- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-12-30 13:41:29 ----AH---- C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-12-30 13:41:29 ----AH---- C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-12-30 13:41:29 ----A---- C:\Windows\SYSWOW64\XpsGdiConverter.dll
2013-12-30 13:41:29 ----A---- C:\Windows\SYSWOW64\dxgi.dll
2013-12-30 13:41:29 ----A---- C:\Windows\SYSWOW64\d3d10level9.dll
2013-12-30 13:41:29 ----A---- C:\Windows\SYSWOW64\d3d10core.dll
2013-12-30 13:41:29 ----A---- C:\Windows\system32\dxgi.dll
2013-12-30 13:41:29 ----A---- C:\Windows\system32\d3d10level9.dll
2013-12-30 13:41:28 ----A---- C:\Windows\SYSWOW64\XpsPrint.dll
2013-12-30 13:41:28 ----A---- C:\Windows\SYSWOW64\d3d10_1core.dll
2013-12-30 13:41:28 ----A---- C:\Windows\SYSWOW64\d3d10.dll
2013-12-30 13:41:28 ----A---- C:\Windows\system32\d3d10core.dll
2013-12-30 13:41:28 ----A---- C:\Windows\system32\d3d10_1core.dll
2013-12-30 13:41:28 ----A---- C:\Windows\system32\d3d10.dll
2013-12-30 13:41:27 ----A---- C:\Windows\SYSWOW64\WindowsCodecsExt.dll
2013-12-30 13:41:27 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2013-12-30 13:41:27 ----A---- C:\Windows\system32\XpsPrint.dll
2013-12-30 13:41:27 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2013-12-30 13:41:27 ----A---- C:\Windows\system32\FntCache.dll
2013-12-30 13:41:27 ----A---- C:\Windows\system32\DWrite.dll
2013-12-30 13:41:26 ----A---- C:\Windows\SYSWOW64\d2d1.dll
2013-12-30 13:41:26 ----A---- C:\Windows\system32\d2d1.dll
2013-12-30 13:35:31 ----A---- C:\Windows\system32\consent.exe
2013-12-30 13:35:31 ----A---- C:\Windows\system32\appinfo.dll
2013-12-30 13:34:46 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2013-12-30 13:34:46 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2013-12-30 13:34:46 ----A---- C:\Windows\system32\cryptsvc.dll
2013-12-30 13:34:46 ----A---- C:\Windows\system32\cryptnet.dll
2013-12-30 13:34:46 ----A---- C:\Windows\system32\crypt32.dll
2013-12-30 13:34:45 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2013-12-30 13:34:25 ----A---- C:\Windows\SYSWOW64\d3d11.dll
2013-12-30 13:34:25 ----A---- C:\Windows\system32\d3d11.dll
2013-12-30 13:34:21 ----A---- C:\Windows\SYSWOW64\SmartcardCredentialProvider.dll
2013-12-30 13:34:21 ----A---- C:\Windows\SYSWOW64\authui.dll
2013-12-30 13:34:21 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2013-12-30 13:34:21 ----A---- C:\Windows\system32\credui.dll
2013-12-30 13:34:21 ----A---- C:\Windows\system32\authui.dll
2013-12-30 13:34:20 ----A---- C:\Windows\SYSWOW64\credui.dll
2013-12-30 13:34:05 ----A---- C:\Windows\SYSWOW64\tzres.dll
2013-12-30 13:34:05 ----A---- C:\Windows\system32\tzres.dll
2013-12-30 13:33:38 ----A---- C:\Windows\SYSWOW64\certutil.exe
2013-12-30 13:33:38 ----A---- C:\Windows\system32\certutil.exe
2013-12-30 13:33:36 ----A---- C:\Windows\SYSWOW64\certenc.dll
2013-12-30 13:33:36 ----A---- C:\Windows\system32\certenc.dll
2013-12-30 13:32:37 ----A---- C:\Windows\system32\ntoskrnl.exe
2013-12-30 13:32:36 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2013-12-30 13:32:36 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2013-12-30 13:32:36 ----A---- C:\Windows\system32\advapi32.dll
2013-12-30 13:32:35 ----A---- C:\Windows\SYSWOW64\tdh.dll
2013-12-30 13:32:35 ----A---- C:\Windows\system32\tdh.dll
2013-12-30 13:32:35 ----A---- C:\Windows\system32\ntdll.dll
2013-12-30 13:32:34 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2013-12-30 13:32:34 ----A---- C:\Windows\system32\wow64.dll
2013-12-30 13:32:33 ----A---- C:\Windows\SYSWOW64\setup16.exe
2013-12-30 13:32:33 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2013-12-30 13:32:33 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2013-12-30 13:32:32 ----A---- C:\Windows\SYSWOW64\wow32.dll
2013-12-30 13:32:32 ----A---- C:\Windows\SYSWOW64\user.exe
2013-12-30 13:32:32 ----A---- C:\Windows\SYSWOW64\instnm.exe
2013-12-30 13:32:28 ----A---- C:\Windows\system32\drivers\tcpip.sys
2013-12-30 13:32:27 ----A---- C:\Windows\SYSWOW64\mswsock.dll
2013-12-30 13:32:27 ----A---- C:\Windows\system32\mswsock.dll
2013-12-30 13:32:22 ----A---- C:\Windows\system32\KernelBase.dll
2013-12-30 13:32:21 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2013-12-30 13:32:21 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2013-12-30 13:32:21 ----A---- C:\Windows\system32\winsrv.dll
2013-12-30 13:32:21 ----A---- C:\Windows\system32\smss.exe
2013-12-30 13:32:21 ----A---- C:\Windows\system32\kernel32.dll
2013-12-30 13:32:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-12-30 13:32:20 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-12-30 13:32:20 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-12-30 13:32:20 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-12-30 13:32:20 ----A---- C:\Windows\system32\csrsrv.dll
2013-12-30 13:32:20 ----A---- C:\Windows\system32\conhost.exe
2013-12-30 13:32:19 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-12-30 13:32:19 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-12-30 13:32:19 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2013-12-30 13:32:19 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-12-30 13:32:19 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-12-30 13:32:19 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-12-30 13:32:19 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-12-30 13:32:19 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2013-12-30 13:32:19 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-12-30 13:32:19 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-12-30 13:32:19 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-12-30 13:32:19 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-12-30 13:32:19 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-12-30 13:32:19 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-12-30 13:32:19 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-12-30 13:32:19 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-12-30 13:32:19 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-12-30 13:32:19 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-12-30 13:32:19 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-12-30 13:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-12-30 13:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-12-30 13:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-12-30 13:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-12-30 13:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2013-12-30 13:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-12-30 13:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-12-30 13:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-12-30 13:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-12-30 13:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-12-30 13:32:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-12-30 13:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-12-30 13:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-12-30 13:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-12-30 13:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-12-30 13:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-12-30 13:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-12-30 13:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-12-30 13:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-12-30 13:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-12-30 13:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-12-30 13:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-12-30 13:32:18 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-12-30 13:32:17 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2013-12-30 13:32:17 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-12-30 13:32:17 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2013-12-30 13:32:17 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-12-30 13:32:17 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-12-30 13:32:17 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-12-30 13:32:17 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-12-30 13:32:17 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2013-12-30 13:32:17 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-12-30 13:32:17 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-12-30 13:32:16 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2013-12-30 13:32:16 ----A---- C:\Windows\system32\apisetschema.dll
2013-12-30 13:32:11 ----A---- C:\Windows\system32\drivers\Wdf01000.sys
2013-12-30 13:32:10 ----A---- C:\Windows\system32\WMVDECOD.DLL
2013-12-30 13:32:09 ----A---- C:\Windows\SYSWOW64\WMVDECOD.DLL
2013-12-30 13:32:07 ----A---- C:\Windows\system32\schannel.dll
2013-12-30 13:32:06 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2013-12-30 13:32:06 ----A---- C:\Windows\SYSWOW64\schannel.dll
2013-12-30 13:32:06 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2013-12-30 13:32:06 ----A---- C:\Windows\system32\sspicli.dll
2013-12-30 13:32:06 ----A---- C:\Windows\system32\ncrypt.dll
2013-12-30 13:32:06 ----A---- C:\Windows\system32\lsass.exe
2013-12-30 13:32:06 ----A---- C:\Windows\system32\lsasrv.dll
2013-12-30 13:32:06 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2013-12-30 13:32:06 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2013-12-30 13:32:06 ----A---- C:\Windows\system32\drivers\cng.sys
2013-12-30 13:32:05 ----A---- C:\Windows\SYSWOW64\secur32.dll
2013-12-30 13:32:05 ----A---- C:\Windows\system32\sspisrv.dll
2013-12-30 13:32:05 ----A---- C:\Windows\system32\secur32.dll
2013-12-30 13:31:48 ----A---- C:\Windows\SYSWOW64\cryptdlg.dll
2013-12-30 13:31:48 ----A---- C:\Windows\system32\cryptdlg.dll
2013-12-30 13:31:29 ----A---- C:\Windows\system32\drivers\afd.sys
2013-12-30 13:31:25 ----A---- C:\Windows\system32\shell32.dll
2013-12-30 13:31:24 ----A---- C:\Windows\SYSWOW64\shell32.dll
2013-12-30 13:31:24 ----A---- C:\Windows\SYSWOW64\shdocvw.dll
2013-12-30 13:31:24 ----A---- C:\Windows\system32\shdocvw.dll
2013-12-30 13:31:09 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2013-12-30 13:31:09 ----A---- C:\Windows\system32\wintrust.dll
2013-12-30 13:30:52 ----A---- C:\Windows\system32\win32k.sys
2013-12-30 13:30:50 ----A---- C:\Windows\system32\rpcrt4.dll
2013-12-30 13:30:49 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2013-12-30 13:30:46 ----A---- C:\Windows\SYSWOW64\WebClnt.dll
2013-12-30 13:30:46 ----A---- C:\Windows\SYSWOW64\davclnt.dll
2013-12-30 13:30:46 ----A---- C:\Windows\system32\WebClnt.dll
2013-12-30 13:30:46 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2013-12-30 13:30:46 ----A---- C:\Windows\system32\davclnt.dll
2013-12-30 13:30:44 ----A---- C:\Windows\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-12-30 13:30:44 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-12-30 13:30:40 ----A---- C:\Windows\system32\drivers\portcls.sys
2013-12-30 13:30:40 ----A---- C:\Windows\system32\drivers\drmk.sys
2013-12-30 13:30:38 ----A---- C:\Windows\system32\IKEEXT.DLL
2013-12-30 13:30:38 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2013-12-30 13:30:37 ----A---- C:\Windows\SYSWOW64\nshwfp.dll
2013-12-30 13:30:37 ----A---- C:\Windows\SYSWOW64\FWPUCLNT.DLL
2013-12-30 13:30:37 ----A---- C:\Windows\system32\nshwfp.dll
2013-12-30 13:30:33 ----A---- C:\Windows\system32\drivers\usbser.sys
2013-12-30 13:30:31 ----A---- C:\Windows\SYSWOW64\imagehlp.dll
2013-12-30 13:30:31 ----A---- C:\Windows\system32\imagehlp.dll
2013-12-30 13:30:30 ----A---- C:\Windows\system32\drivers\usbcir.sys
2013-12-30 13:30:28 ----A---- C:\Windows\SYSWOW64\msieftp.dll
2013-12-30 13:30:28 ----A---- C:\Windows\system32\msieftp.dll
2013-12-30 13:30:27 ----A---- C:\Windows\SYSWOW64\qedit.dll
2013-12-30 13:30:27 ----A---- C:\Windows\system32\qedit.dll
2013-12-30 13:30:17 ----A---- C:\Windows\system32\wwansvc.dll
2013-12-30 13:30:17 ----A---- C:\Windows\system32\wwanprotdim.dll
2013-12-30 13:30:16 ----A---- C:\Windows\system32\drivers\ataport.sys
2013-12-30 13:30:15 ----A---- C:\Windows\system32\drivers\usbscan.sys
2013-12-30 13:30:15 ----A---- C:\Windows\system32\drivers\hidparse.sys
2013-12-30 13:30:15 ----A---- C:\Windows\system32\drivers\hidclass.sys
2013-12-30 13:30:12 ----A---- C:\Windows\system32\comctl32.dll
2013-12-30 13:30:11 ----A---- C:\Windows\SYSWOW64\comctl32.dll
2013-12-30 13:30:10 ----A---- C:\Windows\system32\atmfd.dll
2013-12-30 13:30:09 ----A---- C:\Windows\SYSWOW64\lpk.dll
2013-12-30 13:30:09 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2013-12-30 13:30:09 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2013-12-30 13:30:09 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2013-12-30 13:30:09 ----A---- C:\Windows\system32\lpk.dll
2013-12-30 13:30:09 ----A---- C:\Windows\system32\fontsub.dll
2013-12-30 13:30:09 ----A---- C:\Windows\system32\dciman32.dll
2013-12-30 13:30:08 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2013-12-30 13:30:08 ----A---- C:\Windows\system32\atmlib.dll
2013-12-30 13:30:06 ----A---- C:\Windows\SYSWOW64\wscript.exe
2013-12-30 13:30:06 ----A---- C:\Windows\SYSWOW64\scrrun.dll
2013-12-30 13:30:06 ----A---- C:\Windows\system32\wscript.exe
2013-12-30 13:30:06 ----A---- C:\Windows\system32\scrrun.dll
2013-12-30 13:30:06 ----A---- C:\Windows\system32\cscript.exe
2013-12-30 13:30:05 ----A---- C:\Windows\SYSWOW64\cscript.exe
2013-12-30 13:28:00 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2013-12-30 13:28:00 ----A---- C:\Windows\system32\gdi32.dll
2013-12-30 13:27:44 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2013-12-30 13:27:44 ----A---- C:\Windows\system32\win32spl.dll
2013-12-30 13:27:42 ----A---- C:\Windows\system32\drivers\tssecsrv.sys
2013-12-30 13:27:39 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2013-12-30 13:27:39 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2013-12-30 13:27:39 ----A---- C:\Windows\system32\cdd.dll
2013-12-30 13:16:42 ----A---- C:\Windows\system32\scavengeui.dll
2013-12-30 13:14:41 ----A---- C:\Windows\system32\drivers\usbport.sys
2013-12-30 13:14:41 ----A---- C:\Windows\system32\drivers\usbehci.sys
2013-12-30 13:14:41 ----A---- C:\Windows\system32\drivers\usbccgp.sys
2013-12-30 13:14:40 ----A---- C:\Windows\system32\drivers\usbuhci.sys
2013-12-30 13:14:40 ----A---- C:\Windows\system32\drivers\usbohci.sys
2013-12-30 13:14:40 ----A---- C:\Windows\system32\drivers\usbhub.sys
2013-12-30 13:14:40 ----A---- C:\Windows\system32\drivers\usbd.sys
2013-12-26 11:54:23 ----D---- C:\WinSetupFromUSB
2013-12-19 12:20:22 ----A---- C:\Windows\SYSWOW64\nvStreaming.exe
2013-12-18 13:48:32 ----A---- C:\Windows\SYSWOW64\nvaudcap32v.dll
2013-12-18 13:48:32 ----A---- C:\Windows\system32\drivers\nvvad64v.sys

======List of files/folders modified in the last 1 month======

2014-01-14 14:45:12 ----D---- C:\Program Files\trend micro
2014-01-14 14:45:04 ----D---- C:\Windows\temp
2014-01-14 14:44:26 ----SHD---- C:\System Volume Information
2014-01-14 14:43:29 ----D---- C:\Users\Maros\AppData\Roaming\uTorrent
2014-01-14 14:36:24 ----AD---- C:\Windows
2014-01-14 14:35:27 ----RD---- C:\Program Files
2014-01-14 14:33:12 ----D---- C:\Windows\System32
2014-01-14 14:33:07 ----D---- C:\Windows\system32\drivers
2014-01-14 14:33:01 ----D---- C:\ProgramData\NVIDIA
2014-01-14 14:27:08 ----D---- C:\ProgramData
2014-01-14 14:11:04 ----RD---- C:\Program Files (x86)
2014-01-14 13:55:48 ----D---- C:\Users\Maros\AppData\Roaming\Skype
2014-01-13 14:20:54 ----D---- C:\Users\Maros\AppData\Roaming\HpUpdate
2014-01-12 16:49:55 ----D---- C:\Windows\system32\catroot
2014-01-12 11:52:47 ----D---- C:\Windows\system32\Tasks
2014-01-12 11:48:52 ----D---- C:\Windows\inf
2014-01-12 11:44:06 ----A---- C:\Users\Maros\AppData\Roaming\trace_FilterInstaller.txt
2014-01-12 11:44:04 ----A---- C:\Users\Maros\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2014-01-12 11:43:57 ----D---- C:\Windows\SysWOW64
2014-01-12 11:41:22 ----SHD---- C:\Windows\Installer
2014-01-12 11:41:12 ----DC---- C:\Windows\system32\DRVSTORE
2014-01-12 11:41:10 ----D---- C:\Windows\system32\DriverStore
2014-01-11 15:36:08 ----D---- C:\ProgramData\InstallMate
2014-01-11 15:36:03 ----D---- C:\Windows\Tasks
2014-01-11 15:36:03 ----D---- C:\Program Files (x86)\Resident Evil 6
2014-01-11 13:29:16 ----D---- C:\Windows\pss
2014-01-11 13:26:55 ----D---- C:\Users\Maros\AppData\Roaming\.purple
2014-01-11 13:18:48 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-09 21:11:16 ----D---- C:\Users\Maros\AppData\Roaming\Winamp
2014-01-09 21:11:16 ----D---- C:\Users\Maros\AppData\Roaming\Media Player Classic
2014-01-09 21:11:16 ----D---- C:\Users\Maros\AppData\Roaming\DAEMON Tools Lite
2014-01-09 21:11:14 ----D---- C:\Windows\Minidump
2014-01-09 21:11:14 ----D---- C:\Windows\Logs
2014-01-08 16:17:33 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2014-01-08 16:12:20 ----D---- C:\Windows\system32\catroot2
2014-01-08 15:10:02 ----D---- C:\Windows\Prefetch
2014-01-07 21:04:04 ----D---- C:\Program Files (x86)\Call of Duty Ghosts
2014-01-06 12:24:57 ----D---- C:\Windows\rescache
2014-01-05 15:03:35 ----D---- C:\ProgramData\Package Cache
2014-01-05 14:59:45 ----RSD---- C:\Windows\assembly
2014-01-04 00:28:10 ----SD---- C:\ProgramData\Microsoft
2014-01-04 00:27:21 ----SD---- C:\Users\Maros\AppData\Roaming\Microsoft
2014-01-03 17:28:40 ----D---- C:\Windows\winsxs
2014-01-03 16:13:19 ----D---- C:\Program Files\Internet Explorer
2014-01-03 16:13:19 ----D---- C:\Program Files (x86)\Internet Explorer
2014-01-01 16:10:23 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2014-01-01 16:10:00 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-01-01 16:09:17 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-01-01 16:09:16 ----D---- C:\Windows\system32\cs-CZ
2013-12-31 18:53:02 ----D---- C:\Windows\Panther
2013-12-31 18:53:02 ----D---- C:\Windows\debug
2013-12-31 14:05:12 ----D---- C:\Windows\Microsoft.NET
2013-12-31 01:44:50 ----D---- C:\Windows\SYSWOW64\sk-SK
2013-12-31 01:44:50 ----D---- C:\Windows\system32\sk-SK
2013-12-31 01:44:48 ----D---- C:\Windows\SYSWOW64\migration
2013-12-31 01:44:48 ----D---- C:\Windows\SYSWOW64\en-US
2013-12-31 01:44:47 ----D---- C:\Windows\system32\migration
2013-12-31 01:44:47 ----D---- C:\Windows\system32\en-US
2013-12-31 01:44:47 ----D---- C:\Windows\PolicyDefinitions
2013-12-30 22:15:03 ----D---- C:\Windows\AppPatch
2013-12-30 22:15:03 ----D---- C:\Program Files\Windows Media Player
2013-12-30 22:15:03 ----D---- C:\Program Files (x86)\Windows Media Player
2013-12-30 22:12:27 ----D---- C:\ProgramData\Microsoft Help
2013-12-30 15:24:58 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2013-12-30 15:21:22 ----D---- C:\Program Files\Windows Defender
2013-12-30 15:21:22 ----D---- C:\Program Files (x86)\Windows Defender
2013-12-30 15:21:10 ----D---- C:\Windows\SYSWOW64\zh-TW
2013-12-30 15:21:10 ----D---- C:\Windows\SYSWOW64\zh-HK
2013-12-30 15:21:10 ----D---- C:\Windows\SYSWOW64\zh-CN
2013-12-30 15:21:10 ----D---- C:\Windows\SYSWOW64\tr-TR
2013-12-30 15:21:10 ----D---- C:\Windows\SYSWOW64\sv-SE
2013-12-30 15:21:10 ----D---- C:\Windows\SYSWOW64\ru-RU
2013-12-30 15:21:10 ----D---- C:\Windows\SYSWOW64\pt-PT
2013-12-30 15:21:10 ----D---- C:\Windows\SYSWOW64\pt-BR
2013-12-30 15:21:10 ----D---- C:\Windows\SYSWOW64\pl-PL
2013-12-30 15:21:10 ----D---- C:\Windows\SYSWOW64\nl-NL
2013-12-30 15:21:10 ----D---- C:\Windows\SYSWOW64\ko-KR
2013-12-30 15:21:10 ----D---- C:\Windows\SYSWOW64\ja-JP
2013-12-30 15:21:10 ----D---- C:\Windows\SYSWOW64\it-IT
2013-12-30 15:21:10 ----D---- C:\Windows\SYSWOW64\hu-HU
2013-12-30 15:21:10 ----D---- C:\Windows\SYSWOW64\fr-FR
2013-12-30 15:21:10 ----D---- C:\Windows\SYSWOW64\fi-FI
2013-12-30 15:21:10 ----D---- C:\Windows\SYSWOW64\es-ES
2013-12-30 15:21:10 ----D---- C:\Windows\SYSWOW64\el-GR
2013-12-30 15:21:10 ----D---- C:\Windows\SYSWOW64\de-DE
2013-12-30 15:21:09 ----D---- C:\Windows\SYSWOW64\nb-NO
2013-12-30 15:21:09 ----D---- C:\Windows\SYSWOW64\da-DK
2013-12-30 15:21:09 ----D---- C:\Windows\system32\zh-HK
2013-12-30 15:21:09 ----D---- C:\Windows\system32\tr-TR
2013-12-30 15:21:09 ----D---- C:\Windows\system32\sv-SE
2013-12-30 15:21:09 ----D---- C:\Windows\system32\pt-PT
2013-12-30 15:21:09 ----D---- C:\Windows\system32\pt-BR
2013-12-30 15:21:09 ----D---- C:\Windows\system32\pl-PL
2013-12-30 15:21:09 ----D---- C:\Windows\system32\nl-NL
2013-12-30 15:21:09 ----D---- C:\Windows\system32\ko-KR
2013-12-30 15:21:09 ----D---- C:\Windows\system32\it-IT
2013-12-30 15:21:09 ----D---- C:\Windows\system32\hu-HU
2013-12-30 15:21:09 ----D---- C:\Windows\system32\fr-FR
2013-12-30 15:21:09 ----D---- C:\Windows\system32\fi-FI
2013-12-30 15:21:09 ----D---- C:\Windows\system32\el-GR
2013-12-30 15:21:08 ----D---- C:\Windows\system32\zh-TW
2013-12-30 15:21:08 ----D---- C:\Windows\system32\zh-CN
2013-12-30 15:21:08 ----D---- C:\Windows\system32\ru-RU
2013-12-30 15:21:08 ----D---- C:\Windows\system32\nb-NO
2013-12-30 15:21:08 ----D---- C:\Windows\system32\ja-JP
2013-12-30 15:21:08 ----D---- C:\Windows\system32\es-ES
2013-12-30 15:21:08 ----D---- C:\Windows\system32\de-DE
2013-12-30 15:21:08 ----D---- C:\Windows\system32\da-DK
2013-12-30 15:21:08 ----D---- C:\Program Files\Windows Journal
2013-12-30 15:10:38 ----D---- C:\Program Files\Microsoft Security Client
2013-12-30 15:10:38 ----D---- C:\Program Files (x86)\Microsoft Security Client
2013-12-30 14:32:01 ----D---- C:\Program Files\Microsoft Silverlight
2013-12-26 12:10:51 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-12-23 11:18:22 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-22 17:26:16 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-12-19 21:33:31 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2013-12-19 21:33:31 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2013-12-19 21:33:31 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2013-12-19 21:33:31 ----A---- C:\Windows\system32\OpenCL.dll
2013-12-19 21:33:31 ----A---- C:\Windows\system32\nvwgf2umx.dll
2013-12-19 21:33:31 ----A---- C:\Windows\system32\nvumdshimx.dll
2013-12-19 21:33:31 ----A---- C:\Windows\system32\nvapi64.dll
2013-12-19 19:53:46 ----A---- C:\Windows\system32\nvsvc64.dll
2013-12-19 19:53:46 ----A---- C:\Windows\system32\nvcpl.dll
2013-12-19 19:53:44 ----A---- C:\Windows\system32\nvvsvc.exe
2013-12-19 19:53:44 ----A---- C:\Windows\system32\nvsvcr.dll
2013-12-19 19:53:44 ----A---- C:\Windows\system32\nvshext.dll
2013-12-19 19:53:44 ----A---- C:\Windows\system32\nvmctray.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-09-27 248240]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-08-08 834544]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 HssDRV6;Hotspot Shield Routing Driver 6; C:\Windows\system32\DRIVERS\hssdrv6.sys [2012-07-24 41704]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2013-05-30 314016]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2013-05-30 43680]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-09-27 134944]
R3 hitmanpro37;HitmanPro 3.7 Support Driver; \??\C:\Windows\system32\drivers\hitmanpro37.sys [2014-01-14 32512]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2008-07-03 1477272]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2013-11-28 197408]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2013-12-05 39200]
R3 PAC207;Trust Webcam Live; C:\Windows\system32\DRIVERS\PFC027.SYS [2007-04-12 572928]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-12-24 412264]
R3 SgamingkbFltr;Gaming Keyboard 1; C:\Windows\system32\drivers\GKS16Fltr.sys [2011-12-20 14848]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-08-29 11880]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM); C:\Windows\system32\DRIVERS\vcsvad.sys [2008-12-26 21504]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 FairplayKD;FairplayKD; \??\C:\ProgramData\MTA San Andreas All\1.3\temp\FairplayKD.sys []
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2012-08-08 20544]
S3 Netaapl;Apple Mobile Device Ethernet Service; C:\Windows\system32\DRIVERS\netaapl64.sys [2013-07-25 23040]
S3 netr28ux;TP-LINK Wireless USB Adapter; C:\Windows\system32\DRIVERS\netr28ux.sys []
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2013-01-23 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2011-08-17 27136]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys [2012-07-24 38632]
S3 tapoas;TAP-Win32 Adapter OAS; C:\Windows\system32\DRIVERS\tapoas.sys [2011-08-19 30720]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 UBNRedir;UBNRedir; C:\Windows\system32\DRIVERS\ubnredir.sys []
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2013-01-23 9216]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\drivers\usb8023x.sys [2013-02-12 19968]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 WinRing0_1_2_0;WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2012-08-01 14544]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
S3 WSDPrintDevice;Podpora tisku WSD prostřednictvím funkce UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S3 WSDScan;Podpora skenování WSD přes UMB; C:\Windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-09-05 65640]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-10-23 23808]
R2 nlsX86cc;Nalpeiron Licensing Service; C:\Windows\SysWOW64\NLSSRV32.EXE [2012-11-13 70152]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-10 1494304]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-12-10 15129376]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-12-19 922912]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2012-08-24 76888]
R2 PSI_SVC_2_x64;Protexis Licensing V2 x64; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-12-19 411936]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2012-09-17 2365792]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-09-05 171680]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-26 257416]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2013-11-26 111616]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-11-18 529744]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-08-08 1255736]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-12-22 119408]
S4 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S4 Skype C2C Service;Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-01-31 3289208]
S4 TeamViewer8;TeamViewer 8; C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]

-----------------EOF-----------------

Re: RSIT - podozrenie na keylogger + Myinfotopia plugin (adw

Napsal: 14 led 2014 14:48
od 666andrew
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verzia databázy: v2014.01.11.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Maros :: MAROS-PC [administrátor]

11. 1. 2014 13:20:18
mbam-log-2014-01-11 (13-20-18).txt

Typ kontroly: Úplná kontrola (C:\|)
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 444446
Uplynutý čas: 2 hod, 11 min, 29 sek

Detegované služby pamäte: 3
C:\Users\Maros\AppData\Roaming\.purple\crsscmgr\crssc.exe (Trojan.FakeMS) -> 2560 -> Bude odstránený po reštartovaní.
C:\Users\Maros\AppData\Roaming\.purple\crsscmgr\service.exe (PUP.Optional.Bitminer) -> 4712 -> Bude odstránený po reštartovaní.
C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe (PUP.Optional.OptimizerPro.A) -> 512 -> Bude odstránený po reštartovaní.

Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)

Detegované registračné kľúče: 25
HKCR\CLSID\{B88D31B9-7195-660A-43CA-26EBED1B1053} (PUP.Optional.MultiPlug.A) -> Pridanie do karantény a zmazanie úspešné.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B88D31B9-7195-660A-43CA-26EBED1B1053} (PUP.Optional.MultiPlug.A) -> Pridanie do karantény a zmazanie úspešné.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B88D31B9-7195-660A-43CA-26EBED1B1053} (PUP.Optional.MultiPlug.A) -> Pridanie do karantény a zmazanie úspešné.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B88D31B9-7195-660A-43CA-26EBED1B1053} (PUP.Optional.MultiPlug.A) -> Pridanie do karantény a zmazanie úspešné.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B88D31B9-7195-660A-43CA-26EBED1B1053} (PUP.Optional.MultiPlug.A) -> Pridanie do karantény a zmazanie úspešné.
HKCR\CLSID\{F21030B3-862F-152C-771D-2E9902A7F435} (PUP.Optional.MultiPlug.A) -> Pridanie do karantény a zmazanie úspešné.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F21030B3-862F-152C-771D-2E9902A7F435} (PUP.Optional.MultiPlug.A) -> Pridanie do karantény a zmazanie úspešné.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F21030B3-862F-152C-771D-2E9902A7F435} (PUP.Optional.MultiPlug.A) -> Pridanie do karantény a zmazanie úspešné.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F21030B3-862F-152C-771D-2E9902A7F435} (PUP.Optional.MultiPlug.A) -> Pridanie do karantény a zmazanie úspešné.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F21030B3-862F-152C-771D-2E9902A7F435} (PUP.Optional.MultiPlug.A) -> Pridanie do karantény a zmazanie úspešné.
HKCR\AppID\{562B9316-C08A-444A-9482-62080DD851AE} (PUP.Optional.SpeedAnalysis3.A) -> Pridanie do karantény a zmazanie úspešné.
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Pridanie do karantény a zmazanie úspešné.
HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252} (PUP.Optional.GreatSaver.A) -> Pridanie do karantény a zmazanie úspešné.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B138259A-351E-33FA-2726-8D71704F1DA9} (PUP.Optional.MultiPlug.A) -> Pridanie do karantény a zmazanie úspešné.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AF992111-52BE-832B-5882-8477E4A3C99A} (PUP.Optional.MultiPlug.A) -> Pridanie do karantény a zmazanie úspešné.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 (PUP.Optional.OptimizerPro.A) -> Pridanie do karantény a zmazanie úspešné.
HKCU\SOFTWARE\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> Pridanie do karantény a zmazanie úspešné.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} (PUP.Optional.WebSearchInfo) -> Pridanie do karantény a zmazanie úspešné.
HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Pridanie do karantény a zmazanie úspešné.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Pridanie do karantény a zmazanie úspešné.
HKCU\Software\AppDataLow\SProtector (PUP.Optional.SProtector.A) -> Pridanie do karantény a zmazanie úspešné.
HKCU\SOFTWARE\OPTIMIZER PRO (PUP.Optional.OptimizerPro.A) -> Pridanie do karantény a zmazanie úspešné.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Pridanie do karantény a zmazanie úspešné.
HKCU\Software\Systweak\RegClean Pro (PUP.Optional.RegCleanerPro.A) -> Pridanie do karantény a zmazanie úspešné.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Pridanie do karantény a zmazanie úspešné.

Detegované registračné hodnoty: 4
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.WebSearchInfo) -> Dáta: {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} -> Pridanie do karantény a zmazanie úspešné.
HKCU\Software\Optimizer Pro|AdsBuyNowURL (PUP.Optional.OptimizerPro.A) -> Dáta: http://conversion.pcutilitiespro.revenu ... rpro/xsell -> Pridanie do karantény a zmazanie úspešné.
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Dáta: {97BB7293-3FD3-11E3-B6DF-001FD0B541BD} -> Pridanie do karantény a zmazanie úspešné.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Dáta: {97BB7293-3FD3-11E3-B6DF-001FD0B541BD} -> Pridanie do karantény a zmazanie úspešné.

Detegované položky registračných dát: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.WebSearchInfo) -> Škodlivý: (http://websearch.searchrocket.info/?pid ... K&unqvl=16) Dobrý: (http://www.google.com) -> Pridanie do karantény a opravy prebehli úspešne.

Detegované priečinky: 9
C:\ProgramData\IBUpdaterService (Adware.InstallBrain) -> Pridanie do karantény a zmazanie úspešné.
C:\Users\Maros\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Pridanie do karantény a zmazanie úspešné.
C:\Program Files (x86)\Optimizer Pro (PUP.Optional.OptimizerPro.A) -> Pridanie do karantény a zmazanie úspešné.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro (PUP.Optional.OptimizerPro.A) -> Pridanie do karantény a zmazanie úspešné.
C:\ProgramData\SearchNewTab (PUP.Optional.SearchNewTab) -> Pridanie do karantény a zmazanie úspešné.
C:\ProgramData\BetterSoft\OptimizerPro (PUP.Optional.OptimizerPro.A) -> Bude odstránený po reštartovaní.
C:\ProgramData\BetterSoft\OptimizerPro\3036567561 (PUP.Optional.OptimizerPro.A) -> Pridanie do karantény a zmazanie úspešné.
C:\ProgramData\InstallMate\OptimizerPro (PUP.Optional.OptimizerPro.A) -> Pridanie do karantény a zmazanie úspešné.
C:\Users\Maros\AppData\Roaming\File Scout (PUP.Optional.FileScout.A) -> Pridanie do karantény a zmazanie úspešné.

Detegované súbory: 54
C:\Program Files (x86)\Brutal Legend\steam_api.dll (Trojan.VirTool) -> Žiadna úloha nevykonaná.
C:\Users\Maros\AppData\Roaming\.purple\crsscmgr\crssc.exe (Trojan.FakeMS) -> Bude odstránený po reštartovaní.
C:\Users\Maros\AppData\Roaming\.purple\crsscmgr\service.exe (PUP.Optional.Bitminer) -> Bude odstránený po reštartovaní.
C:\ProgramData\DownSauvoe\l9Yw.dll (PUP.Optional.MultiPlug.A) -> Pridanie do karantény a zmazanie úspešné.
C:\ProgramData\DaiscountaExtensi\wLjgj5.dll (PUP.Optional.MultiPlug.A) -> Pridanie do karantény a zmazanie úspešné.
C:\Program Files (x86)\Optimizer Pro\OptimizerPro.exe (PUP.Optional.OptimizePro.A) -> Pridanie do karantény a zmazanie úspešné.
C:\Program Files (x86)\Optimizer Pro\OptProGuard.exe (PUP.Optional.OptimizerPro) -> Pridanie do karantény a zmazanie úspešné.
C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PUP.Optional.OptimizePro.A) -> Pridanie do karantény a zmazanie úspešné.
C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe (PUP.Optional.OptimizerPro) -> Pridanie do karantény a zmazanie úspešné.
C:\Program Files (x86)\Optimizer Pro\OptProSchedule.exe (PUP.Optional.OptimizerPro) -> Pridanie do karantény a zmazanie úspešné.
C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe (PUP.Optional.OptimizerPro) -> Pridanie do karantény a zmazanie úspešné.
C:\Program Files (x86)\Optimizer Pro\OptProStart.exe (PUP.Optional.OptimizerPro) -> Pridanie do karantény a zmazanie úspešné.
C:\Program Files (x86)\Outlast\Binaries\Win32\steam_api.dll (VirTool.Obfuscator) -> Pridanie do karantény a zmazanie úspešné.
C:\Program Files (x86)\Resident Evil 6\steam_api.dll (Trojan.VirTool) -> Pridanie do karantény a zmazanie úspešné.
C:\ProgramData\coinyTTiinuetosaave\51a50f7c19f91.dll (PUP.Optional.MultiPlug.A) -> Pridanie do karantény a zmazanie úspešné.
C:\ProgramData\DaiscountaExtensi\wLjgj5.exe (PUP.Optional.MultiPlug.A) -> Pridanie do karantény a zmazanie úspešné.
C:\ProgramData\DaiscountaExtensi\wLjgj5.x64.dll (PUP.Optional.MultiPlug.A) -> Pridanie do karantény a zmazanie úspešné.
C:\ProgramData\DownSauvoe\l9Yw.exe (PUP.Optional.MultiPlug.A) -> Pridanie do karantény a zmazanie úspešné.
C:\ProgramData\DownSauvoe\l9Yw.x64.dll (PUP.Optional.MultiPlug.A) -> Pridanie do karantény a zmazanie úspešné.
C:\ProgramData\Microsoft\BingDesktop\BingCore\temp\tmp27DA.exe (Trojan.Agent.ED) -> Pridanie do karantény a zmazanie úspešné.
C:\ProgramData\Microsoft\BingDesktop\BingCore\temp\tmp5EA.exe (Trojan.Agent) -> Pridanie do karantény a zmazanie úspešné.
C:\ProgramData\Microsoft\BingDesktop\BingCore\temp\tmp7E53.exe (Trojan.FakeMS) -> Pridanie do karantény a zmazanie úspešné.
C:\ProgramData\SearchNewTab\51a50fce5d241.dll (PUP.Optional.MultiPlug.A) -> Pridanie do karantény a zmazanie úspešné.
C:\Users\Maros\AppData\Roaming\File Scout\filescout.exe (PUP.Optional.FileScout.A) -> Pridanie do karantény a zmazanie úspešné.
C:\Users\Maros\Downloads\winamp565_full_emusic-7plus_all.exe (PUP.Optional.OpenCandy) -> Pridanie do karantény a zmazanie úspešné.
C:\Windows\Setup\SCRIPTS\Windows7Loader.exe (Trojan.Agent.W) -> Pridanie do karantény a zmazanie úspešné.
C:\ProgramData\IBUpdaterService\repository.xml (Adware.InstallBrain) -> Pridanie do karantény a zmazanie úspešné.
C:\Users\Maros\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Pridanie do karantény a zmazanie úspešné.
C:\Program Files (x86)\Optimizer Pro\OptimizerPro.chm (PUP.Optional.OptimizerPro.A) -> Pridanie do karantény a zmazanie úspešné.
C:\Program Files (x86)\Optimizer Pro\English.ini (PUP.Optional.OptimizerPro.A) -> Pridanie do karantény a zmazanie úspešné.
C:\Program Files (x86)\Optimizer Pro\file_id.diz (PUP.Optional.OptimizerPro.A) -> Pridanie do karantény a zmazanie úspešné.
C:\Program Files (x86)\Optimizer Pro\HomePage.url (PUP.Optional.OptimizerPro.A) -> Pridanie do karantény a zmazanie úspešné.
C:\Program Files (x86)\Optimizer Pro\OptProUninstaller.exe (PUP.Optional.OptimizerPro.A) -> Pridanie do karantény a zmazanie úspešné.
C:\Program Files (x86)\Optimizer Pro\scan.gif (PUP.Optional.OptimizerPro.A) -> Pridanie do karantény a zmazanie úspešné.
C:\Program Files (x86)\Optimizer Pro\sqlite3.dll (PUP.Optional.OptimizerPro.A) -> Pridanie do karantény a zmazanie úspešné.
C:\Program Files (x86)\Optimizer Pro\unins000.dat (PUP.Optional.OptimizerPro.A) -> Pridanie do karantény a zmazanie úspešné.
C:\Program Files (x86)\Optimizer Pro\unins000.exe (PUP.Optional.OptimizerPro.A) -> Pridanie do karantény a zmazanie úspešné.
C:\Windows\Tasks\schedule!3036567561.job (PUP.Optional.OptimizerPro.A) -> Pridanie do karantény a zmazanie úspešné.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro\Optimizer Pro on the Web.lnk (PUP.Optional.OptimizerPro.A) -> Pridanie do karantény a zmazanie úspešné.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro\Help.lnk (PUP.Optional.OptimizerPro.A) -> Pridanie do karantény a zmazanie úspešné.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro\Optimizer Pro.lnk (PUP.Optional.OptimizerPro.A) -> Pridanie do karantény a zmazanie úspešné.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro\Uninstall Optimizer Pro.lnk (PUP.Optional.OptimizerPro.A) -> Pridanie do karantény a zmazanie úspešné.
C:\ProgramData\SearchNewTab\51a50fce5d241.tlb (PUP.Optional.SearchNewTab) -> Pridanie do karantény a zmazanie úspešné.
C:\ProgramData\SearchNewTab\settings.ini (PUP.Optional.SearchNewTab) -> Pridanie do karantény a zmazanie úspešné.
C:\ProgramData\BetterSoft\OptimizerPro\3036567561.ini (PUP.Optional.OptimizerPro.A) -> Pridanie do karantény a zmazanie úspešné.
C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe (PUP.Optional.OptimizerPro.A) -> Bude odstránený po reštartovaní.
C:\ProgramData\InstallMate\OptimizerPro\Custom.dll (PUP.Optional.OptimizerPro.A) -> Pridanie do karantény a zmazanie úspešné.
C:\ProgramData\InstallMate\OptimizerPro\Readme.txt (PUP.Optional.OptimizerPro.A) -> Pridanie do karantény a zmazanie úspešné.
C:\ProgramData\InstallMate\OptimizerPro\Setup.dat (PUP.Optional.OptimizerPro.A) -> Pridanie do karantény a zmazanie úspešné.
C:\ProgramData\InstallMate\OptimizerPro\Setup.exe (PUP.Optional.OptimizerPro.A) -> Pridanie do karantény a zmazanie úspešné.
C:\ProgramData\InstallMate\OptimizerPro\Setup.ico (PUP.Optional.OptimizerPro.A) -> Pridanie do karantény a zmazanie úspešné.
C:\ProgramData\InstallMate\OptimizerPro\TsuDll.dll (PUP.Optional.OptimizerPro.A) -> Pridanie do karantény a zmazanie úspešné.
C:\ProgramData\InstallMate\OptimizerPro\_Setup.dll (PUP.Optional.OptimizerPro.A) -> Pridanie do karantény a zmazanie úspešné.
C:\Users\Maros\AppData\Roaming\File Scout\uninst.exe (PUP.Optional.FileScout.A) -> Pridanie do karantény a zmazanie úspešné.

(koniec)

Re: RSIT - podozrenie na keylogger + Myinfotopia plugin (adw

Napsal: 14 led 2014 14:56
od vyosek
Zdravim :)

:arrow: Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
  • Ulozte nejlepe na plochu
  • Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
  • Probehne vytvoreni zalohy a nasledne prohledavani
  • Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte
:arrow: Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
  • Ulozte nejlepe na plochu
  • Ukoncete vsechny programy
  • Kliknete na Scan a nasledne Clean
  • Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Re: RSIT - podozrenie na keylogger + Myinfotopia plugin (adw

Napsal: 14 led 2014 15:31
od 666andrew
Tu je JRT. Nie je tam nič, pretože som našiel návod, ako to odstrániť na internete a boli tam presne tieto dva programy a už mi to odstránili, teda to čo našli. Navyše počas testu JRT mi MSE vyhodilo:

Kategória: Trójsky kôň

Popis: Tento program je nebezpečný a umožňuje vykonávať príkazy zadávané útočníkom.

Odporúčaná akcia: Tento softvér ihneď odstráňte.

Položky:
file:C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopOverlays.dll

Odstránil som to. Teraz idem na ten adwcleaner.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Ultimate x64
Ran by Maros on ut 14. 01. 2014 at 15:18:24,75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ut 14. 01. 2014 at 15:29:03,22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Re: RSIT - podozrenie na keylogger + Myinfotopia plugin (adw

Napsal: 14 led 2014 15:33
od vyosek
:arrow: Jeste tedy pro jistotu AdwCleaner at vime ze je to pryc

:arrow: Nasledujici soubory otestujte na VirusTotalu https://www.virustotal.com/cs/
  • C:\Windows\twunk_32.exe
  • Kliknete na Choose file
  • Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
  • Kliknete na Scan It
  • Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
    Obrázek
  • Vysledek analyzy sem vlozte (jako odkaz)

Re: RSIT - podozrenie na keylogger + Myinfotopia plugin (adw

Napsal: 14 led 2014 15:39
od 666andrew
Toto je aktuálny výpis a pod ním pridám ten z predtým.


# AdwCleaner v3.017 - Report created 14/01/2014 at 15:34:47
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Maros - MAROS-PC
# Running from : C:\Users\Maros\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Windows\System32\Tasks\NCH Software

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (cs)

[ File : C:\Users\Maros\AppData\Roaming\Mozilla\Firefox\Profiles\265lgu85.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Maros\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [12920 octets] - [14/01/2014 14:09:27]
AdwCleaner[R1].txt - [1051 octets] - [14/01/2014 15:32:10]
AdwCleaner[S0].txt - [13001 octets] - [14/01/2014 14:11:03]
AdwCleaner[S1].txt - [976 octets] - [14/01/2014 15:34:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1035 octets] ##########

_________________________________________________________________________________________

# AdwCleaner v3.017 - Report created 14/01/2014 at 14:09:27
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Maros - MAROS-PC
# Running from : C:\Users\Maros\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml
File Found : C:\Users\Maros\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
File Found : C:\Users\Maros\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url
File Found : C:\Users\Maros\AppData\Roaming\Mozilla\Firefox\Profiles\265lgu85.default\bProtector_extensions.rdf
File Found : C:\Users\Maros\AppData\Roaming\Mozilla\Firefox\Profiles\265lgu85.default\invalidprefs.js
File Found : C:\Users\Maros\AppData\Roaming\Mozilla\Firefox\Profiles\265lgu85.default\searchplugins\Babylon.xml
File Found : C:\Users\Maros\AppData\Roaming\Mozilla\Firefox\Profiles\265lgu85.default\searchplugins\BrowserProtect.xml
File Found : C:\Users\Maros\AppData\Roaming\Mozilla\Firefox\Profiles\265lgu85.default\searchplugins\WebSearch.xml
File Found : C:\Users\Maros\AppData\Roaming\Mozilla\Firefox\Profiles\265lgu85.default\user.js
File Found : C:\Windows\System32\roboot64.exe
File Found : C:\Windows\System32\Tasks\NCH Software
Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\quickstores@quickstores.de
Folder Found : C:\Users\Maros\AppData\Roaming\Mozilla\Firefox\Profiles\265lgu85.default\Extensions\{2DBBA0BE-6E67-8593-FFBE-69DA12AE4F06}
Folder Found : C:\Users\Maros\AppData\Roaming\Mozilla\Firefox\Profiles\265lgu85.default\Extensions\ayii_6@wvpbwxdfe.edu
Folder Found : C:\Users\Maros\AppData\Roaming\Mozilla\Firefox\Profiles\265lgu85.default\Extensions\w3g2y8phzd@ueeuuu-.com
Folder Found C:\Program Files (x86)\NCH Software
Folder Found C:\Program Files (x86)\sweetpacks bundle uninstaller
Folder Found C:\Program Files (x86)\WebSearch
Folder Found C:\ProgramData\Babylon
Folder Found C:\ProgramData\BetterSoft
Folder Found C:\ProgramData\coinyTTiinuetosaave
Folder Found C:\ProgramData\NCH Software
Folder Found C:\ProgramData\StarApp
Folder Found C:\ProgramData\Tarma Installer
Folder Found C:\ProgramData\Trymedia
Folder Found C:\Users\Maros\AppData\Local\PutLockerDownloader
Folder Found C:\Users\Maros\AppData\Roaming\NCH Software
Folder Found C:\Users\Maros\AppData\Roaming\optimizer pro
Folder Found C:\Users\Maros\AppData\Roaming\PerformerSoft
Folder Found C:\Users\Maros\AppData\Roaming\StatusWinks
Folder Found C:\Users\Maros\AppData\Roaming\Systweak
Folder Found C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\53538d8fe039ed46
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\NCH Software
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Found : [x64] HKCU\Software\NCH Software
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{944FEDFD-C4FD-441D-8275-9C651A9FFBDE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}
Key Found : HKLM\SOFTWARE\Classes\Facebook.ScriptHostObject
Key Found : HKLM\SOFTWARE\Classes\Facebook.ScriptHostObject.1
Key Found : HKLM\SOFTWARE\Classes\FTDownloader
Key Found : HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\PutLockerDownloader
Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A8E5842E-102B-4289-9D57-3B3F5B5E15D3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\dt soft\daemon tools toolbar
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\apfdadfinodckpcehhdhjlgiphgnbfci
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bbffdhejhaoiflnpooogkckfdcmmjppn
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\hgojaaaiddhmiiakpejiklijbalpckih
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\FTDownloader_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\FTDownloader_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\PutlockerDownloader_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\PutlockerDownloader_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{944FEDFD-C4FD-441D-8275-9C651A9FFBDE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}
Key Found : HKLM\Software\NCH Software
Key Found : HKLM\Software\SP Global
Key Found : HKLM\Software\SProtector
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{B64982B1-D112-42B5-B1E4-D3867C4533F8}]
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [statuswinks@StatusWinks]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [statuswinks@StatusWinks]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (cs)

[ File : C:\Users\Maros\AppData\Roaming\Mozilla\Firefox\Profiles\265lgu85.default\prefs.js ]

Line Found : user_pref("aol_toolbar.default.homepage.check", false);
Line Found : user_pref("aol_toolbar.default.search.check", false);
Line Found : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Found : user_pref("browser.search.defaulturl", "hxxp://websearch.searchrocket.info/?pid=377&r=2013/05/28&hid=3665465197&lg=EN&cc=SK&unqvl=16&l=1&q=");
Line Found : user_pref("browser.search.order.1", "WebSearch");
Line Found : user_pref("browser.search.order.1,S", "WebSearch");
Line Found : user_pref("browser.search.selectedEngine,S", "WebSearch");
Line Found : user_pref("extensions.51a50f7c19eb5.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.location.hostname)>-1) return;}c[...]
Line Found : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Line Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.claro-search.com/?affID=117423&tt=4 ... 1fd0b541bd");
Line Found : user_pref("extensions.claro.admin", false);
Line Found : user_pref("extensions.claro.aflt", "babsst");
Line Found : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
Line Found : user_pref("extensions.claro.dfltLng", "en");
Line Found : user_pref("extensions.claro.excTlbr", false);
Line Found : user_pref("extensions.claro.id", "8ecfd517000000000000001fd0b541bd");
Line Found : user_pref("extensions.claro.instlDay", "15661");
Line Found : user_pref("extensions.claro.instlRef", "sst");
Line Found : user_pref("extensions.claro.prdct", "claro");
Line Found : user_pref("extensions.claro.prtnrId", "claro");
Line Found : user_pref("extensions.claro.tlbrId", "claro");
Line Found : user_pref("extensions.claro.tlbrSrchUrl", "");
Line Found : user_pref("extensions.claro.vrsn", "1.8.3.10");
Line Found : user_pref("extensions.claro.vrsni", "1.8.3.10");
Line Found : user_pref("extensions.claro_i.smplGrp", "none");
Line Found : user_pref("extensions.claro_i.vrsnTs", "1.8.3.1014:10:08");
Line Found : user_pref("extensions.evUZdo.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};var _wlst={lsKey:\"ssjsmn2ja8ddw2a\",get:function(b,a){if(3<b)return a(!1);var d=[...]
Line Found : user_pref("extensions.wyUwveII.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};var _wlst={lsKey:\"ssjsmn2ja8ddw2a\",get:function(b,a){if(3<b)return a(!1);var [...]
Line Found : user_pref("keyword.URL", "hxxp://websearch.searchrocket.info/?pid=377&r=2013/05/28&hid=3665465197&lg=EN&cc=SK&unqvl=16&l=1&q=");
Line Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Found : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Found : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v

[ File : C:\Users\Maros\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : homepage

*************************

AdwCleaner[R0].txt - [12718 octets] - [14/01/2014 14:09:27]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [12779 octets] ##########

Re: RSIT - podozrenie na keylogger + Myinfotopia plugin (adw

Napsal: 14 led 2014 15:42
od vyosek
OK poprosim jeste o Virustotal

Re: RSIT - podozrenie na keylogger + Myinfotopia plugin (adw

Napsal: 14 led 2014 15:42
od 666andrew
Tu je výsledok s VT.

Kód: Vybrat vše

https://www.virustotal.com/sk/file/a18b0a31c87475be5d4dc8ab693224e24ae79f2845d788a657555cb30c59078b/analysis/1389710448/

Re: RSIT - podozrenie na keylogger + Myinfotopia plugin (adw

Napsal: 14 led 2014 15:45
od vyosek
:arrow: Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu
  • Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
  • Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

  • Kód: Vybrat vše

    :reg
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
"{D5D47440-0750-463D-BAEF-A47D02414806}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=-
"ISUSPM"=-
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

:files
C:\ProgramData\Microsoft\BingDesktop
C:\Users\Maros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HpM3Util.exe
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3607238900-2339944577-2827055329-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3607238900-2339944577-2827055329-1000UA.job
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[EMPTYJAVA]
  • Nasledne kliknete na Opravit
  • PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Re: RSIT - podozrenie na keylogger + Myinfotopia plugin (adw

Napsal: 14 led 2014 15:52
od 666andrew
Nech sa páči.


All processes killed
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar\\{D5D47440-0750-463D-BAEF-A47D02414806} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5D47440-0750-463D-BAEF-A47D02414806}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLs"|"" /E : value set successfully!
========== FILES ==========
C:\ProgramData\Microsoft\BingDesktop\BingCore\temp folder moved successfully.
C:\ProgramData\Microsoft\BingDesktop\BingCore\DesktopSearchCache\data folder moved successfully.
C:\ProgramData\Microsoft\BingDesktop\BingCore\DesktopSearchCache\cache folder moved successfully.
C:\ProgramData\Microsoft\BingDesktop\BingCore\DesktopSearchCache folder moved successfully.
C:\ProgramData\Microsoft\BingDesktop\BingCore folder moved successfully.
C:\ProgramData\Microsoft\BingDesktop folder moved successfully.
C:\Users\Maros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HpM3Util.exe moved successfully.
C:\Windows\tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3607238900-2339944577-2827055329-1000Core.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3607238900-2339944577-2827055329-1000UA.job moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
C:\Windows\1C4551A64743409391E41477CD655043.TMP folder moved successfully.
C:\Windows\85EBB28365AF4C539EBE7C0A232762F7.TMP folder moved successfully.
C:\Windows\B83FC356B7C0441F8A4DD71E088E7974.TMP folder moved successfully.
C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP folder moved successfully.
C:\Windows\E10DB5DAE57640EAA7FC1CB2A7B283A6.TMP folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 58264 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Maros
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 7683233 bytes
->Java cache emptied: 299724 bytes
->FireFox cache emptied: 199705800 bytes
->Google Chrome cache emptied: 422646329 bytes
->Flash cache emptied: 58792 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 29446 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 47952956 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 647,00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Maros
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Maros
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01142014_154800

Files\Folders moved on Reboot...
C:\Users\Maros\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Maros\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Re: RSIT - podozrenie na keylogger + Myinfotopia plugin (adw

Napsal: 14 led 2014 15:53
od vyosek
Tak jeste uklidime :James008:

:arrow: T-Cleaner http://vyosek.tym.cz/pro_usery/T-Cleaner.exe
  • Stahnete a spustte
  • Pro potvrzeni volby mackejte A, Enter
  • Po pouziti utilitu smazte
  • Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
:arrow: OTC http://oldtimer.geekstogo.com/OTC.exe
  • Stahnete a spustte
  • Kliknete na CleanUp a potvrdte YES
  • Program uklidi a restartuje PC

:arrow: TFC http://oldtimer.geekstogo.com/TFC.exe
  • Stahnete a spustte
  • Kliknete na Start a potvrdte OK
  • Program uklidi a restartuje pc
  • Po pouziti utilitu smazte
:arrow: Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič
  • Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
Panel registry
  • dejte Hledej problémy
  • nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
  • postup opakujte dokud nebude bez problemu - vetsinou cca 3x
Panel nástroje
  • Zde muzete odinstalovat nepotrebne programy
CCleaner doporucuji pouzivat cca jednou za tyden

:arrow: A pokud nejsou problemy ci dotazy, je to z me strany vse :| PC by melo byt ciste, Keylogger jsem tam nevidel, adware jste si odpalil defakto sam :James008:

Re: RSIT - podozrenie na keylogger + Myinfotopia plugin (adw

Napsal: 14 led 2014 15:56
od 666andrew
Chcem sa spýtať, ono je to asi späť. Vždy keď otvorím stránku pokec.sk, teda na tej mi to vyskakuje a vyskočilo mi to znova - ten plugin.

//Navyše v chrome mám znovu dva nové pluginy - Command Class, DownSauvoe.

Re: RSIT - podozrenie na keylogger + Myinfotopia plugin (adw

Napsal: 14 led 2014 16:05
od vyosek
:arrow: Zadejte v chrome do adresniho radku chrome://extensions/

:arrow: Zkuste ty nezname pluginy odinstalovat

:arrow: Dejte log z FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

Re: RSIT - podozrenie na keylogger + Myinfotopia plugin (adw

Napsal: 14 led 2014 16:14
od 666andrew
Ja ich aj odinštalujem, ale vypnem a zapnem Chrome, otvorím tú stránku a je to tam znova a znova to musím odinštalovať.

Tu je ten log. :)


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-01-2014 02
Ran by Maros (administrator) on MAROS-PC on 14-01-2014 16:10:40
Running from C:\Users\Maros\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Bloody4\Bloody4\Bloody4.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Gaming Keyboard\Monitor.EXE
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Gaming Keyboard\OSD.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Users\Maros\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Maros\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Maros\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Maros\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Maros\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Maros\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Users\Maros\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Maros\AppData\Local\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Maros\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RAVCpl64.exe [6430208 2008-07-03] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1826816 2008-06-25] (Realtek Semiconductor Corp.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Monitor] - C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [Gaming Keyboard] - C:\Program Files (x86)\Gaming Keyboard\Monitor.EXE [184320 2012-02-14] ()
HKCU\...\Run: [Bloody2] - C:\Program Files (x86)\Bloody4\Bloody4\Bloody4.exe [11854848 2013-08-16] ()
AppInit_DLLs: [ ] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7D6EE29C16C1CD01
SearchScopes: HKCU - {02BD3EF7-9D1F-4C61-9B85-F3AA35A4A2F4} URL = http://search.centrum.cz/index.php?q={s ... trum-1.0.0
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Maros\AppData\Roaming\Mozilla\Firefox\Profiles\265lgu85.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.sk/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Maros\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Maros\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: sony.com/MediaGoDetector - C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Cetrumcz_igeared.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\mall-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Adblock Plus - C:\Users\Maros\AppData\Roaming\Mozilla\Firefox\Profiles\265lgu85.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-19]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-03-08]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-06-30]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2012-11-17]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://google.sk/"
CHR Plugin: (Shockwave Flash) - C:\Users\Maros\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Maros\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Maros\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Microsoft\u00C3\u0082\u00C2\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll No File
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
CHR Plugin: (Google Update) - C:\Users\Maros\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Adblock Plus) - C:\Users\Maros\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.2_0 [2013-12-21]
CHR Extension: (Skype Click to Call) - C:\Users\Maros\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0 [2013-11-27]
CHR Extension: (Google Wallet) - C:\Users\Maros\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 [2013-12-21]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-12-21]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S4 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-03-12] (Nero AG)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-08-24] ()
R2 PSI_SVC_2_x64; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2365792 2012-09-17] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-05-30] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-01-14] ()
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [41704 2012-07-24] (AnchorFree Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-05-30] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572928 2007-04-12] (PixArt Imaging Inc.)
R3 SgamingkbFltr; C:\Windows\System32\drivers\GKS16Fltr.sys [14848 2011-12-20] (LXD Development, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2012-08-08] ()
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2011-08-19] (The OpenVPN Project)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-08-29] (TuneUp Software)
S3 UBNRedir; C:\Windows\SysWOW64\DRIVERS\ubnredir.sys [6784 2013-02-20] (UniversalBox)
R3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
S3 WinRing0_1_2_0; C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [14544 2012-08-01] (OpenLibSys.org)
S3 zlportio; C:\Windows\zlportio.sys [4016 2013-02-20] (SpecoSoft)
U3 abio8krh; C:\Windows\System32\Drivers\abio8krh.sys [0 ] (Microsoft Corporation)
U5 Browser; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\1.3\temp\FairplayKD.sys [x]
S3 netr28ux; system32\DRIVERS\netr28ux.sys [x]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-14 16:10 - 2014-01-14 16:11 - 00017431 _____ C:\Users\Maros\Desktop\FRST.txt
2014-01-14 16:10 - 2014-01-14 16:10 - 00000000 ____D C:\FRST
2014-01-14 16:09 - 2014-01-14 16:09 - 00112640 _____ (forum.viry.cz) C:\Users\Maros\Desktop\FRSTLauncher.exe
2014-01-14 16:08 - 2014-01-14 16:08 - 02075648 _____ (Farbar) C:\Users\Maros\Desktop\FRST64.exe
2014-01-14 14:33 - 2014-01-14 14:33 - 00032512 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2014-01-14 14:31 - 2014-01-14 14:31 - 00000214 _____ C:\Windows\system32\.crusader
2014-01-14 14:27 - 2014-01-14 14:31 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-14 14:15 - 2014-01-14 14:15 - 00000000 ____D C:\Windows\ERUNT
2014-01-12 13:50 - 2013-04-26 14:08 - 00935175 _____ C:\Users\Maros\Desktop\RSITx64.exe
2014-01-12 11:52 - 2014-01-12 11:52 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-12 11:52 - 2014-01-12 11:52 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-12 11:52 - 2014-01-12 11:52 - 00000000 ____D C:\Program Files\CCleaner
2014-01-09 21:14 - 2014-01-09 21:14 - 00000000 ____D C:\Users\Maros\AppData\Roaming\vlc
2014-01-09 20:59 - 2014-01-09 21:13 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2014-01-08 13:40 - 2014-01-08 13:40 - 00000000 ____D C:\Users\Maros\AppData\Local\YnqPack
2014-01-07 20:07 - 2013-12-19 21:33 - 30372640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-01-07 20:07 - 2013-12-19 21:33 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-01-07 20:07 - 2013-12-19 21:33 - 22960416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-01-07 20:07 - 2013-12-19 21:33 - 18222008 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-01-07 20:07 - 2013-12-19 21:33 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-01-07 20:07 - 2013-12-19 21:33 - 15877216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-01-07 20:07 - 2013-12-19 21:33 - 12645664 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-01-07 20:07 - 2013-12-19 21:33 - 11605752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-01-07 20:07 - 2013-12-19 21:33 - 11554264 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-01-07 20:07 - 2013-12-19 21:33 - 09700224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-01-07 20:07 - 2013-12-19 21:33 - 09657464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-01-07 20:07 - 2013-12-19 21:33 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-01-07 20:07 - 2013-12-19 21:33 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-01-07 20:07 - 2013-12-19 21:33 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-01-07 20:07 - 2013-12-19 21:33 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-01-07 20:07 - 2013-12-19 21:33 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-01-07 20:07 - 2013-12-19 21:33 - 00882464 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-01-07 20:07 - 2013-12-19 21:33 - 00879392 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-01-07 20:07 - 2013-12-19 21:33 - 00852768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-01-07 20:07 - 2013-12-19 21:33 - 00847648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-01-07 20:07 - 2013-12-19 21:33 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-01-07 20:07 - 2013-12-19 21:33 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-01-07 20:07 - 2013-12-19 21:33 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-01-07 20:07 - 2013-12-19 21:33 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-01-07 20:07 - 2013-12-19 21:33 - 00023754 _____ C:\Windows\system32\nvinfo.pb
2014-01-07 20:07 - 2013-11-28 14:38 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-01-07 20:07 - 2013-11-28 14:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-01-07 20:07 - 2013-11-22 09:36 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-01-07 19:35 - 2013-12-19 21:33 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433221.dll
2014-01-07 19:35 - 2013-12-19 21:33 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433221.dll
2014-01-05 15:24 - 2014-01-05 15:24 - 00001571 _____ C:\Users\Maros\Desktop\Call of Duty Ghosts.lnk
2014-01-05 15:13 - 2014-01-05 15:13 - 00000000 ___SH C:\Users\Maros\AppData\Local\LumaEmu
2014-01-05 14:08 - 2014-01-05 14:08 - 00001182 _____ C:\Users\Public\Desktop\Deadpool.lnk
2014-01-05 14:02 - 2014-01-05 14:08 - 00000000 ____D C:\Program Files (x86)\Deadpool
2014-01-04 11:42 - 2014-01-04 11:43 - 00002622 _____ C:\Users\Maros\Documents\certifikát.pfx
2014-01-03 12:23 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-01-03 12:23 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-01-03 12:23 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-01-03 12:23 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-01-03 12:23 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-01-03 12:23 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-01-03 12:23 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-01-03 12:23 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-01-03 12:23 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-01-03 12:23 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-01-03 12:23 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-01-03 12:23 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-01-03 12:23 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-01-03 12:23 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-01-03 12:23 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-01-03 12:23 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-01-03 12:23 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-01-03 12:23 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-01-03 12:23 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-01-03 12:22 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-01-03 12:22 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-01-03 12:22 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-01-03 12:22 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-01-03 12:22 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-01-03 12:22 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-01-03 12:22 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-01-03 12:22 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-01-03 12:22 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-01-03 12:22 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-01-03 12:22 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-01-03 12:22 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-01-03 12:17 - 2014-01-11 15:36 - 00000000 ____D C:\ProgramData\DownSauvoe
2014-01-03 12:17 - 2014-01-03 12:17 - 00000000 ____D C:\ProgramData\dlfhleokgkpbdoafcdocdoebojmeoeli
2014-01-03 12:16 - 2014-01-11 15:36 - 00000000 ____D C:\ProgramData\DaiscountaExtensi
2014-01-03 12:16 - 2014-01-03 12:18 - 00000000 ____D C:\ProgramData\e1b4cec55f7fdea1
2013-12-31 15:15 - 2013-12-31 18:35 - 00000000 ____D C:\Users\Maros\Documents\FIFA 13
2013-12-31 00:50 - 2013-12-31 00:50 - 00000000 ____D C:\Program Files (x86)\KONAMI
2013-12-30 22:41 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-12-30 22:33 - 2013-12-30 22:33 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-30 22:33 - 2013-12-30 22:33 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-30 22:33 - 2013-12-30 22:33 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-30 22:33 - 2013-12-30 22:33 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-30 22:33 - 2013-12-30 22:33 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-30 22:33 - 2013-12-30 22:33 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-30 22:33 - 2013-12-30 22:33 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-30 22:33 - 2013-12-30 22:33 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-30 22:33 - 2013-12-30 22:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-30 22:33 - 2013-12-30 22:33 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-30 22:33 - 2013-12-30 22:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-30 22:33 - 2013-12-30 22:33 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-30 22:33 - 2013-12-30 22:33 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-30 22:33 - 2013-12-30 22:33 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-30 22:33 - 2013-12-30 22:33 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-30 22:33 - 2013-12-30 22:33 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-30 22:33 - 2013-12-30 22:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-30 22:33 - 2013-12-30 22:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-30 22:33 - 2013-12-30 22:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-30 22:33 - 2013-12-30 22:33 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-30 22:12 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-30 22:12 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-30 22:12 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-30 22:12 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-30 22:02 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-30 22:02 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-30 22:00 - 2013-04-17 08:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-12-30 22:00 - 2013-04-17 07:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-12-30 13:54 - 2013-12-30 13:57 - 00000000 ____D C:\Windows\system32\MRT
2013-12-30 13:41 - 2013-01-13 22:17 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-30 13:41 - 2013-01-13 22:17 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-12-30 13:41 - 2013-01-13 22:16 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-12-30 13:41 - 2013-01-13 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-12-30 13:41 - 2013-01-13 22:11 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-12-30 13:41 - 2013-01-13 22:11 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-12-30 13:41 - 2013-01-13 22:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-12-30 13:41 - 2013-01-13 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-12-30 13:41 - 2013-01-13 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-12-30 13:41 - 2013-01-13 21:35 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-12-30 13:41 - 2013-01-13 21:35 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-30 13:41 - 2013-01-13 21:35 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-12-30 13:41 - 2013-01-13 21:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-12-30 13:41 - 2013-01-13 21:31 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-12-30 13:41 - 2013-01-13 21:31 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-12-30 13:41 - 2013-01-13 21:31 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-12-30 13:41 - 2013-01-13 21:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-12-30 13:41 - 2013-01-13 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-12-30 13:41 - 2013-01-13 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-12-30 13:41 - 2013-01-13 21:22 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-12-30 13:41 - 2013-01-13 21:20 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-12-30 13:41 - 2013-01-13 21:09 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-12-30 13:41 - 2013-01-13 21:08 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-12-30 13:41 - 2013-01-13 20:59 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-12-30 13:41 - 2013-01-13 20:58 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-12-30 13:41 - 2013-01-13 20:54 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-12-30 13:41 - 2013-01-13 20:53 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-12-30 13:41 - 2013-01-13 20:53 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-12-30 13:41 - 2013-01-13 20:51 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-12-30 13:41 - 2013-01-13 20:49 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-12-30 13:41 - 2013-01-13 20:48 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-12-30 13:41 - 2013-01-13 20:46 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-12-30 13:41 - 2013-01-13 20:38 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-12-30 13:41 - 2013-01-13 20:38 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-12-30 13:41 - 2013-01-13 20:37 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-12-30 13:41 - 2013-01-13 20:25 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-12-30 13:41 - 2013-01-13 20:24 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-12-30 13:41 - 2013-01-13 20:24 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-12-30 13:41 - 2013-01-13 20:20 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-12-30 13:41 - 2013-01-13 20:20 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-12-30 13:41 - 2013-01-13 20:10 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-12-30 13:41 - 2013-01-13 19:34 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-12-30 13:41 - 2013-01-13 19:09 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-12-30 13:41 - 2013-01-13 18:26 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-12-30 13:41 - 2013-01-13 18:05 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-12-30 13:41 - 2013-01-04 07:11 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-12-30 13:41 - 2013-01-04 07:11 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-12-30 13:35 - 2013-02-27 07:02 - 00111448 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2013-12-30 13:35 - 2013-02-27 06:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2013-12-30 13:34 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-30 13:34 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-30 13:34 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-12-30 13:34 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-12-30 13:34 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-12-30 13:34 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-12-30 13:34 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-12-30 13:34 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-12-30 13:34 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-12-30 13:34 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-12-30 13:34 - 2013-07-09 06:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-12-30 13:34 - 2013-07-09 06:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-12-30 13:34 - 2013-07-09 05:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-12-30 13:34 - 2013-07-09 05:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-12-30 13:34 - 2013-04-26 00:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-12-30 13:34 - 2013-03-31 23:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-12-30 13:33 - 2013-05-13 06:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-12-30 13:33 - 2013-05-13 04:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-12-30 13:33 - 2013-05-13 04:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-12-30 13:33 - 2013-05-13 04:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-12-30 13:32 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-12-30 13:32 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-12-30 13:32 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-12-30 13:32 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-12-30 13:32 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-12-30 13:32 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-12-30 13:32 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-12-30 13:32 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-12-30 13:32 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-12-30 13:32 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-12-30 13:32 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-12-30 13:32 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-12-30 13:32 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-12-30 13:32 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-12-30 13:32 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-12-30 13:32 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-12-30 13:32 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-12-30 13:32 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-12-30 13:32 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-12-30 13:32 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-12-30 13:32 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-12-30 13:32 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-12-30 13:32 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-12-30 13:32 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-12-30 13:32 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-12-30 13:32 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-12-30 13:32 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-12-30 13:32 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-12-30 13:32 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-12-30 13:32 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-12-30 13:32 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-12-30 13:32 - 2013-08-02 03:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-12-30 13:32 - 2013-08-02 03:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-12-30 13:32 - 2013-08-02 03:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-12-30 13:32 - 2013-08-02 03:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-12-30 13:32 - 2013-08-02 03:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-12-30 13:32 - 2013-08-02 03:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 03:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 02:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-12-30 13:32 - 2013-08-02 02:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-12-30 13:32 - 2013-08-02 02:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-12-30 13:32 - 2013-08-02 02:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 02:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 02:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-12-30 13:32 - 2013-08-02 01:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-12-30 13:32 - 2013-08-02 01:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 01:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 01:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-12-30 13:32 - 2013-08-02 01:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-12-30 13:32 - 2013-07-25 10:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-12-30 13:32 - 2013-07-25 09:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-12-30 13:32 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-12-30 13:32 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-12-30 13:31 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-12-30 13:31 - 2013-07-26 03:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-12-30 13:31 - 2013-07-26 03:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-12-30 13:31 - 2013-07-26 02:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-12-30 13:31 - 2013-07-26 02:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-12-30 13:31 - 2013-07-09 06:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-12-30 13:31 - 2013-07-09 05:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-12-30 13:31 - 2013-05-10 06:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-12-30 13:31 - 2013-05-10 04:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-12-30 13:30 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-30 13:30 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-30 13:30 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-30 13:30 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-30 13:30 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-30 13:30 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-30 13:30 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-30 13:30 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-12-30 13:30 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-12-30 13:30 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-12-30 13:30 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-30 13:30 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-12-30 13:30 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-30 13:30 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-12-30 13:30 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-30 13:30 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-30 13:30 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-30 13:30 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-30 13:30 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-30 13:30 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-30 13:30 - 2013-08-29 02:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbser.sys
2013-12-30 13:30 - 2013-08-05 03:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-12-30 13:30 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-12-30 13:30 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-12-30 13:30 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-12-30 13:30 - 2013-07-09 06:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-12-30 13:30 - 2013-07-09 05:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-12-30 13:30 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-12-30 13:30 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-12-30 13:30 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-12-30 13:30 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-12-30 13:30 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-12-30 13:30 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-12-30 13:30 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-12-30 13:30 - 2013-07-03 05:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-12-30 13:30 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-12-30 13:30 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-12-30 13:30 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-12-30 13:30 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-12-30 13:30 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-12-30 13:30 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-12-30 13:30 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-12-30 13:30 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-12-30 13:30 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-12-30 13:30 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-12-30 13:30 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-12-30 13:30 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-12-30 13:30 - 2013-06-04 07:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-12-30 13:30 - 2013-06-04 05:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-12-30 13:30 - 2013-03-19 06:53 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-12-30 13:30 - 2013-03-19 06:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2013-12-30 13:28 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-12-30 13:28 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-12-30 13:27 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-12-30 13:27 - 2013-06-15 05:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-12-30 13:27 - 2013-04-26 06:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-12-30 13:27 - 2013-04-26 05:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-12-30 13:27 - 2013-04-10 07:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-12-30 13:27 - 2011-02-03 12:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-12-30 13:16 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-12-30 13:14 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-12-30 13:14 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-12-30 13:14 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-12-30 13:14 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-12-30 13:14 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-12-30 13:14 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-12-30 13:14 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-12-26 11:54 - 2013-12-26 12:58 - 00000000 ____D C:\WinSetupFromUSB
2013-12-26 11:54 - 2013-12-26 11:54 - 00000690 _____ C:\Users\Maros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinSetupFromUSB.lnk
2013-12-21 13:59 - 2013-12-21 13:59 - 00000000 ____D C:\Users\Maros\Desktop\matematika_maturitne_otazky
2013-12-19 12:20 - 2013-12-19 12:20 - 00590112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-12-18 13:48 - 2013-12-05 09:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-12-18 13:48 - 2013-12-05 09:42 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll

==================== One Month Modified Files and Folders =======

2014-01-14 16:11 - 2014-01-14 16:10 - 00017431 _____ C:\Users\Maros\Desktop\FRST.txt
2014-01-14 16:10 - 2014-01-14 16:10 - 00000000 ____D C:\FRST
2014-01-14 16:09 - 2014-01-14 16:09 - 00112640 _____ (forum.viry.cz) C:\Users\Maros\Desktop\FRSTLauncher.exe
2014-01-14 16:08 - 2014-01-14 16:08 - 02075648 _____ (Farbar) C:\Users\Maros\Desktop\FRST64.exe
2014-01-14 16:08 - 2012-09-15 08:23 - 01638677 _____ C:\Windows\WindowsUpdate.log
2014-01-14 16:07 - 2012-08-08 13:59 - 00000000 ____D C:\Users\Maros\AppData\Roaming\uTorrent
2014-01-14 16:05 - 2012-08-08 17:12 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2014-01-14 16:04 - 2012-08-08 14:04 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-14 16:04 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-14 16:01 - 2012-08-08 13:43 - 00000000 ____D C:\Users\Maros
2014-01-14 15:57 - 2009-07-14 05:45 - 00014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-14 15:57 - 2009-07-14 05:45 - 00014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-14 15:48 - 2012-08-08 13:45 - 00000000 ___RD C:\Users\Maros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-14 14:45 - 2013-04-26 14:12 - 00000000 ____D C:\Program Files\trend micro
2014-01-14 14:33 - 2014-01-14 14:33 - 00032512 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2014-01-14 14:31 - 2014-01-14 14:31 - 00000214 _____ C:\Windows\system32\.crusader
2014-01-14 14:31 - 2014-01-14 14:27 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-14 14:15 - 2014-01-14 14:15 - 00000000 ____D C:\Windows\ERUNT
2014-01-14 13:55 - 2012-08-08 20:17 - 00000000 ____D C:\Users\Maros\AppData\Roaming\Skype
2014-01-13 14:20 - 2013-09-03 14:11 - 00000000 ____D C:\Users\Maros\AppData\Roaming\HpUpdate
2014-01-12 16:19 - 2013-12-01 13:52 - 00000000 ____D C:\Users\Maros\Desktop\Moje M
2014-01-12 11:52 - 2014-01-12 11:52 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-12 11:52 - 2014-01-12 11:52 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-12 11:52 - 2014-01-12 11:52 - 00000000 ____D C:\Program Files\CCleaner
2014-01-12 11:44 - 2013-11-12 17:54 - 00000919 _____ C:\Users\Maros\AppData\Roaming\trace_FilterInstaller.txt
2014-01-12 11:44 - 2013-11-12 17:54 - 00000000 _____ C:\Users\Maros\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2014-01-12 11:42 - 2013-06-08 18:43 - 00000000 ____D C:\Users\Maros\AppData\Local\Unity
2014-01-11 16:40 - 2012-09-03 17:55 - 00000000 ____D C:\Users\Maros\AppData\Local\Microsoft Help
2014-01-11 15:36 - 2014-01-03 12:17 - 00000000 ____D C:\ProgramData\DownSauvoe
2014-01-11 15:36 - 2014-01-03 12:16 - 00000000 ____D C:\ProgramData\DaiscountaExtensi
2014-01-11 15:36 - 2013-05-28 20:26 - 00000000 ____D C:\ProgramData\InstallMate
2014-01-11 15:36 - 2013-03-23 19:10 - 00000000 ____D C:\Program Files (x86)\Resident Evil 6
2014-01-11 13:29 - 2012-09-25 21:52 - 00000000 ____D C:\Windows\pss
2014-01-11 13:26 - 2012-08-08 14:12 - 00000000 ____D C:\Users\Maros\AppData\Roaming\.purple
2014-01-11 13:18 - 2012-08-26 12:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-11 13:18 - 2012-08-09 10:04 - 00000000 ____D C:\Users\Maros\Desktop\Programy
2014-01-09 21:14 - 2014-01-09 21:14 - 00000000 ____D C:\Users\Maros\AppData\Roaming\vlc
2014-01-09 21:13 - 2014-01-09 20:59 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2014-01-09 21:11 - 2012-08-18 18:29 - 00000000 ____D C:\Windows\Minidump
2014-01-09 21:11 - 2012-08-08 15:30 - 00000000 ____D C:\Users\Maros\AppData\Roaming\Media Player Classic
2014-01-09 21:11 - 2012-08-08 15:19 - 00000000 ____D C:\Users\Maros\AppData\Roaming\Winamp
2014-01-09 21:11 - 2012-08-08 13:58 - 00000000 ____D C:\Users\Maros\AppData\Roaming\DAEMON Tools Lite
2014-01-08 16:17 - 2012-08-10 11:24 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2014-01-08 15:43 - 2009-07-14 06:08 - 00032532 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-08 13:40 - 2014-01-08 13:40 - 00000000 ____D C:\Users\Maros\AppData\Local\YnqPack
2014-01-06 12:24 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2014-01-05 15:24 - 2014-01-05 15:24 - 00001571 _____ C:\Users\Maros\Desktop\Call of Duty Ghosts.lnk
2014-01-05 15:13 - 2014-01-05 15:13 - 00000000 ___SH C:\Users\Maros\AppData\Local\LumaEmu
2014-01-05 15:03 - 2013-06-29 12:46 - 00000000 ____D C:\ProgramData\Package Cache
2014-01-05 14:08 - 2014-01-05 14:08 - 00001182 _____ C:\Users\Public\Desktop\Deadpool.lnk
2014-01-05 14:08 - 2014-01-05 14:02 - 00000000 ____D C:\Program Files (x86)\Deadpool
2014-01-04 11:43 - 2014-01-04 11:42 - 00002622 _____ C:\Users\Maros\Documents\certifikát.pfx
2014-01-03 12:18 - 2014-01-03 12:16 - 00000000 ____D C:\ProgramData\e1b4cec55f7fdea1
2014-01-03 12:17 - 2014-01-03 12:17 - 00000000 ____D C:\ProgramData\dlfhleokgkpbdoafcdocdoebojmeoeli
2014-01-02 11:18 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2014-01-01 16:10 - 2012-08-08 14:01 - 01551042 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-01 16:10 - 2009-07-14 16:18 - 00660758 _____ C:\Windows\system32\perfh005.dat
2014-01-01 16:10 - 2009-07-14 16:18 - 00141408 _____ C:\Windows\system32\perfc005.dat
2014-01-01 16:10 - 2009-07-14 06:13 - 01551042 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-31 18:53 - 2012-08-08 14:28 - 00000000 ____D C:\Windows\Panther
2013-12-31 18:35 - 2013-12-31 15:15 - 00000000 ____D C:\Users\Maros\Documents\FIFA 13
2013-12-31 11:06 - 2012-08-08 13:45 - 00001397 _____ C:\Users\Maros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-31 01:44 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\sk-SK
2013-12-31 01:44 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\sk-SK
2013-12-31 01:44 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-31 00:50 - 2013-12-31 00:50 - 00000000 ____D C:\Program Files (x86)\KONAMI
2013-12-30 22:33 - 2013-12-30 22:33 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-30 22:33 - 2013-12-30 22:33 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-30 22:33 - 2013-12-30 22:33 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-30 22:33 - 2013-12-30 22:33 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-30 22:33 - 2013-12-30 22:33 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-30 22:33 - 2013-12-30 22:33 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-30 22:33 - 2013-12-30 22:33 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-30 22:33 - 2013-12-30 22:33 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-30 22:33 - 2013-12-30 22:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-30 22:33 - 2013-12-30 22:33 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-30 22:33 - 2013-12-30 22:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-30 22:33 - 2013-12-30 22:33 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-30 22:33 - 2013-12-30 22:33 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-30 22:33 - 2013-12-30 22:33 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-30 22:33 - 2013-12-30 22:33 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-30 22:33 - 2013-12-30 22:33 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-30 22:33 - 2013-12-30 22:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-30 22:33 - 2013-12-30 22:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-30 22:33 - 2013-12-30 22:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-30 22:33 - 2013-12-30 22:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-30 22:33 - 2013-12-30 22:33 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-30 22:17 - 2009-07-14 05:45 - 00498640 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-30 22:12 - 2012-09-03 17:55 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-30 15:31 - 2012-08-08 13:45 - 00000000 ___RD C:\Users\Maros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-30 15:24 - 2012-08-08 20:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-12-30 15:21 - 2009-07-14 16:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-12-30 15:21 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-12-30 15:21 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-12-30 15:21 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-12-30 15:21 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-12-30 15:21 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\zh-HK
2013-12-30 15:21 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\tr-TR
2013-12-30 15:11 - 2012-08-08 14:02 - 00002155 _____ C:\Windows\epplauncher.mif
2013-12-30 15:10 - 2012-08-10 11:41 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-12-30 15:10 - 2012-08-10 11:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-12-30 14:32 - 2012-08-08 20:42 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-12-30 13:57 - 2013-12-30 13:54 - 00000000 ____D C:\Windows\system32\MRT
2013-12-26 12:58 - 2013-12-26 11:54 - 00000000 ____D C:\WinSetupFromUSB
2013-12-26 12:10 - 2012-08-30 14:10 - 00000000 ____D C:\Users\Maros\AppData\Local\Adobe
2013-12-26 12:10 - 2012-08-16 03:56 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-26 12:10 - 2012-08-16 03:56 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-26 12:10 - 2012-08-08 17:51 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-26 11:54 - 2013-12-26 11:54 - 00000690 _____ C:\Users\Maros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinSetupFromUSB.lnk
2013-12-23 11:18 - 2012-08-26 07:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-22 17:26 - 2013-03-08 12:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-21 13:59 - 2013-12-21 13:59 - 00000000 ____D C:\Users\Maros\Desktop\matematika_maturitne_otazky
2013-12-19 21:33 - 2014-01-07 20:07 - 30372640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-12-19 21:33 - 2014-01-07 20:07 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-12-19 21:33 - 2014-01-07 20:07 - 22960416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-12-19 21:33 - 2014-01-07 20:07 - 18222008 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-12-19 21:33 - 2014-01-07 20:07 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-12-19 21:33 - 2014-01-07 20:07 - 15877216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-12-19 21:33 - 2014-01-07 20:07 - 12645664 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-12-19 21:33 - 2014-01-07 20:07 - 11605752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-12-19 21:33 - 2014-01-07 20:07 - 11554264 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-12-19 21:33 - 2014-01-07 20:07 - 09700224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-12-19 21:33 - 2014-01-07 20:07 - 09657464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-12-19 21:33 - 2014-01-07 20:07 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-12-19 21:33 - 2014-01-07 20:07 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-12-19 21:33 - 2014-01-07 20:07 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-12-19 21:33 - 2014-01-07 20:07 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-12-19 21:33 - 2014-01-07 20:07 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-12-19 21:33 - 2014-01-07 20:07 - 00882464 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-12-19 21:33 - 2014-01-07 20:07 - 00879392 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-12-19 21:33 - 2014-01-07 20:07 - 00852768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-12-19 21:33 - 2014-01-07 20:07 - 00847648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-12-19 21:33 - 2014-01-07 20:07 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-12-19 21:33 - 2014-01-07 20:07 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-12-19 21:33 - 2014-01-07 20:07 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-12-19 21:33 - 2014-01-07 20:07 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-12-19 21:33 - 2014-01-07 20:07 - 00023754 _____ C:\Windows\system32\nvinfo.pb
2013-12-19 21:33 - 2014-01-07 19:35 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433221.dll
2013-12-19 21:33 - 2014-01-07 19:35 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433221.dll
2013-12-19 21:33 - 2013-11-20 17:35 - 18310112 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-12-19 21:33 - 2013-11-20 17:35 - 15230352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-12-19 21:33 - 2013-11-20 17:35 - 02698272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-12-19 21:33 - 2013-11-20 17:35 - 01436528 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2013-12-19 21:33 - 2013-01-07 16:01 - 03071656 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-12-19 21:33 - 2012-02-09 21:43 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2013-12-19 21:33 - 2012-02-09 21:43 - 00053024 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2013-12-19 19:53 - 2013-01-07 16:04 - 06671648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-12-19 19:53 - 2013-01-07 16:04 - 03490080 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2013-12-19 19:53 - 2013-01-07 16:04 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2013-12-19 19:53 - 2013-01-07 16:04 - 00922912 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-12-19 19:53 - 2013-01-07 16:04 - 00386336 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-12-19 19:53 - 2013-01-07 16:04 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-12-19 12:20 - 2013-12-19 12:20 - 00590112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-12-19 06:01 - 2013-01-07 16:04 - 03539040 _____ C:\Windows\system32\nvcoproc.bin

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================


Available physical RAM: 2411.65 MB
Total physical RAM: 4094.49 MB
Percentage of memory in use: 41%

==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================


==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\ProgramData\TEMP:05EE1EEF
AlternateDataStreams: C:\Users\Maros\Data aplikací:NT
AlternateDataStreams: C:\Users\Maros\AppData\Roaming:NT

==================== Security Center ==================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Maros\Desktop" je 1388 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Re: RSIT - podozrenie na keylogger + Myinfotopia plugin (adw

Napsal: 14 led 2014 20:24
od vyosek
Ty pluginy se tam natahnou vzdy jen po navsteve te stranky, ze zadne jine??
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz