Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o kontrolu logu

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
skalpik
Návštěvník
Návštěvník
Příspěvky: 59
Registrován: 19 led 2009 08:36

Prosím o kontrolu logu

#1 Příspěvek od skalpik »

Dobrý den,
u rodičů na počítači byl otevřen trojský kůň (email " z kraje vysočina", bylo to dnes v médiích), spustil jsem AV, tak prosím o kontrolu logu. Děkuji!

Logfile of random's system information tool 1.09 (written by random/random)
Run by Doma at 2014-04-28 13:58:16
Microsoft Windows 7 Ultimate
System drive C: has 389 GB (82%) free of 477 GB
Total RAM: 3839 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:58:22, on 28.4.2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
C:\Program Files (x86)\ICQ7.5\ICQ.exe
C:\Users\Doma\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\ASUS\EPU\EPU.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\winver.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\AVAST Software\Avast\avastUi.exe
C:\Users\Doma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Doma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Doma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Doma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Doma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Doma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Doma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Doma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Doma.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: IMPI Helper - {17E113E6-CD0E-4045-B154-65F0E57959EF} - C:\Program Files\IMPI\Extension32.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ7.5\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Doma\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [brothel] C:\Users\Doma\AppData\Roaming\brothel\ate.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = Doma\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} (RtspVaPgCtrl Class) - http://www.kkpsj.cz/RtspVaPgDec.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: IMPI Updater - Unknown owner - C:\Program Files\IMPI\ExtensionUpdaterService.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files (x86)\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WinAgents TFTP Service 4 (WinAgentsTftpService4) - WinAgents Software Group - C:\Program Files (x86)\Common Files\WinAgents\TftpService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10325 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
"C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe"
C:\Windows\Explorer.EXE
taskeng.exe {0B3CAA62-47A2-475C-9049-1D2812EDD3D7}
"C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe"
"C:\Program Files\IMPI\ExtensionUpdaterService.exe"
"C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe"
"C:\Program Files (x86)\Common Files\WinAgents\TftpService.exe"
"C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-a7c7aa05-52b0-4977-9d9c-a93464f80870 -SystemEventPortName:HostProcess-eaf3380d-fed1-4f31-a1c0-5385de064a6b -IoCancelEventPortName:HostProcess-18503028-7082-457e-80a6-e30a96a70fc3 -NonStateChangingEventPortName:HostProcess-e9f027df-7ad9-4f35-9fa2-2e966a81b1f9 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:47dd0605-8a57-43a1-8ee0-c653a03e3c69
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\ICQ7.5\ICQ.exe" silent loginmode=4
"C:\Users\Doma\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup
"C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
"C:\Program Files (x86)\PowerISO\PWRISOVM.EXE" -startup
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
winver
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe"
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Program Files\AVAST Software\Avast\avastUi.exe"
C:\Windows\splwow64.exe 1
"C:\Users\Doma\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Doma\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="6652.0.1233087877\1986182970" --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,1,14,28 --disable-accelerated-video-decode --gpu-vendor-id=0x1002 --gpu-device-id=0x9715 --gpu-driver-vendor="ATI Technologies Inc." --gpu-driver-version=8.710.0.0 --ignored=" --type=renderer " /prefetch:822062411
"C:\Users\Doma\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/EmbeddedSearch/Group5 pct:10e stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ExtensionInstallVerification/None/GoogleNow/Default/OmniboxBundledExperimentV1/StandardR3/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_64/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/group_01/" --extension-process --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --disable-accelerated-video-decode --enable-software-compositing --channel="6652.2.848410192\465031153" /prefetch:673131151
"C:\Users\Doma\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/EmbeddedSearch/Group5 pct:10e stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ExtensionInstallVerification/None/GoogleNow/Default/OmniboxBundledExperimentV1/StandardR3/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_64/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/group_01/" --extension-process --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --disable-accelerated-video-decode --enable-software-compositing --channel="6652.3.488737002\1657968403" /prefetch:673131151
"C:\Users\Doma\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Doma\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdfeinlpefandfngbdmdgjgepebkjap\2.0.0.429_0\npbrowserext.dll" --lang=cs --channel="6652.5.1737622947\554698305" /prefetch:-390060480
"C:\Users\Doma\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/EmbeddedSearch/Group5 pct:10e stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ExtensionInstallVerification/None/GoogleNow/Default/OmniboxBundledExperimentV1/StandardR3/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_64/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/group_01/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --disable-accelerated-video-decode --enable-software-compositing --channel="6652.6.978151252\2129232508" /prefetch:673131151
"C:\Users\Doma\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/EmbeddedSearch/Group5 pct:10e stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ExtensionInstallVerification/None/FlashHardwareVideoDecode/Disabled/GoogleNow/Default/OmniboxBundledExperimentV1/StandardR3/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_64/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/group_01/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --disable-accelerated-video-decode --enable-software-compositing --channel="6652.10.523736960\613619928" /prefetch:673131151
"C:\Users\Doma\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/EmbeddedSearch/Group5 pct:10e stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ExtensionInstallVerification/None/FlashHardwareVideoDecode/Disabled/GoogleNow/Default/OmniboxBundledExperimentV1/StandardR3/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_64/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/group_01/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --disable-accelerated-video-decode --enable-software-compositing --channel="6652.11.694077172\1196196080" /prefetch:673131151
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe14_ Global\UsGthrCtrlFltPipeMssGthrPipe14 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
"C:\Users\Doma\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4024734649-1204722663-2588032379-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4024734649-1204722663-2588032379-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17E113E6-CD0E-4045-B154-65F0E57959EF}]
IMPI - C:\Program Files\IMPI\Extension64.dll [2013-02-05 211456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-04-28 581824]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17E113E6-CD0E-4045-B154-65F0E57959EF}]
IMPI - C:\Program Files\IMPI\Extension32.dll [2013-02-05 167424]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-30 75232]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-02-02 461216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-04-28 436600]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-08-16 3942048]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-02-02 170912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2010-11-21 1054520]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-07-06 11057768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ICQ"=C:\Program Files (x86)\ICQ7.5\ICQ.exe [2011-08-01 124480]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-10-28 3675352]
"Google Update"=C:\Users\Doma\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-08 136176]
"brothel"=C:\Users\Doma\AppData\Roaming\brothel\ate.exe [2014-04-28 92160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\brothel]
C:\Users\Doma\AppData\Roaming\brothel\ate.exe [2014-04-28 92160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Six Engine]
C:\Program Files (x86)\ASUS\EPU\EPU.exe [2010-06-14 5309056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-10 98304]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"PWRISOVM.EXE"=C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [2012-05-31 336992]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-04-28 3873704]

C:\Users\Doma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Doma\AppData\Roaming\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-04-28 13:58:17 ----D---- C:\Program Files\trend micro
2014-04-28 13:58:16 ----D---- C:\rsit
2014-04-28 12:28:55 ----A---- C:\Windows\system32\drivers\nquy.sys
2014-04-28 12:01:07 ----D---- C:\Users\Doma\AppData\Roaming\AVAST Software
2014-04-28 12:00:16 ----A---- C:\Windows\system32\drivers\aswStm.sys
2014-04-28 12:00:14 ----A---- C:\Windows\system32\drivers\aswVmm.sys
2014-04-28 12:00:14 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2014-04-28 12:00:12 ----A---- C:\Windows\system32\drivers\aswSP.sys
2014-04-28 12:00:11 ----A---- C:\Windows\system32\drivers\aswRvrt.sys
2014-04-28 12:00:09 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2014-04-28 12:00:07 ----A---- C:\Windows\system32\drivers\aswHwid.sys
2014-04-28 12:00:03 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2014-04-28 11:59:54 ----A---- C:\Windows\avastSS.scr
2014-04-28 11:57:14 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-04-28 11:57:03 ----D---- C:\ProgramData\Malwarebytes
2014-04-28 11:57:03 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-28 11:57:03 ----A---- C:\Windows\system32\drivers\mwac.sys
2014-04-28 11:57:03 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2014-04-28 11:57:03 ----A---- C:\Windows\system32\drivers\mbam.sys
2014-04-28 11:52:54 ----D---- C:\Users\Doma\AppData\Roaming\brothel
2014-04-27 14:22:34 ----D---- C:\Windows\Minidump
2014-04-05 17:31:54 ----D---- C:\Program Files (x86)\MeeSoft
2014-03-30 11:08:16 ----D---- C:\ProgramData\IVI Foundation
2014-03-30 11:08:16 ----D---- C:\Program Files (x86)\IVI Foundation
2014-03-30 11:05:49 ----D---- C:\Program Files (x86)\LEGO Software
2014-03-30 11:05:24 ----D---- C:\Program Files (x86)\National Instruments
2014-03-30 11:04:46 ----D---- C:\ProgramData\National Instruments

======List of files/folders modified in the last 1 month======

2014-04-28 13:58:22 ----D---- C:\Windows\Prefetch
2014-04-28 13:58:19 ----D---- C:\Windows\Temp
2014-04-28 13:58:17 ----RD---- C:\Program Files
2014-04-28 12:28:55 ----SHD---- C:\Windows\ftpcache
2014-04-28 12:28:55 ----D---- C:\Windows\system32\drivers
2014-04-28 12:00:23 ----D---- C:\Windows\system32\Tasks
2014-04-28 12:00:00 ----D---- C:\Windows\winsxs
2014-04-28 11:59:58 ----D---- C:\Windows
2014-04-28 11:59:54 ----A---- C:\Windows\system32\aswBoot.exe
2014-04-28 11:58:24 ----SHD---- C:\System Volume Information
2014-04-28 11:57:32 ----D---- C:\ProgramData\AVAST Software
2014-04-28 11:57:03 ----RD---- C:\Program Files (x86)
2014-04-28 11:57:03 ----HD---- C:\ProgramData
2014-04-28 08:43:24 ----D---- C:\Users\Doma\AppData\Roaming\Dropbox
2014-04-28 08:42:04 ----D---- C:\Windows\tracing
2014-04-27 08:28:56 ----D---- C:\Users\Doma\AppData\Roaming\ICQ
2014-04-23 18:59:54 ----D---- C:\Windows\system32\NDF
2014-04-21 07:26:10 ----D---- C:\Windows\system32\config
2014-04-19 07:48:40 ----D---- C:\Windows\system32\catroot2
2014-04-09 21:19:40 ----D---- C:\Windows\System32
2014-04-09 21:19:40 ----D---- C:\Windows\inf
2014-04-09 21:19:40 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-04-05 20:15:49 ----RSD---- C:\Windows\Fonts
2014-03-30 11:08:36 ----SHD---- C:\Windows\Installer
2014-03-30 11:08:23 ----D---- C:\Windows\system32\catroot
2014-03-30 11:08:22 ----D---- C:\Windows\system32\DriverStore
2014-03-30 11:08:17 ----D---- C:\Windows\SysWOW64

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-04-28 208416]
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-08-24 16440]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2009-08-04 13440]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-04-28 93568]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-04-28 1039096]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-04-28 423240]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-11-17 283064]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2012-05-31 126944]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-04-28 29208]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-04-28 79184]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-04-28 85328]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys [2010-02-11 6368256]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-02-11 188416]
R3 AODDriver;AODDriver; \??\C:\Program Files (x86)\ASUS\GPU Boost Driver\amd64\AODDriver.sys [2010-03-12 52280]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-01-28 116736]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-07-06 2419176]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2014-04-03 25816]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2014-04-28 119512]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2014-04-03 63192]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-07-16 15416]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
R3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-04-28 65776]
S0 srkuvfxq;srkuvfxq; C:\Windows\System32\drivers\nquy.sys [2014-04-28 79064]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 WinUsb;WinUSB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-02-11 202752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-04-28 50344]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ICQ Service;ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
R2 IMPI Updater;IMPI Updater; C:\Program Files\IMPI\ExtensionUpdaterService.exe [2013-02-05 185856]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-04-03 857912]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-04-03 1809720]
R2 ScsiAccess;ScsiAccess; C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe [2013-03-31 181312]
R2 TeamViewer6;TeamViewer 6; C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
R2 WinAgentsTftpService4;WinAgents TFTP Service 4; C:\Program Files (x86)\Common Files\WinAgents\TftpService.exe [2012-03-11 115344]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12 257928]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 InstallShield Licensing Service;InstallShield Licensing Service; C:\Program Files (x86)\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe [2012-11-02 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.09 2014-04-28 13:58:25

======Uninstall list======

Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}
Adobe Flash Player 12 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe -maintain activex
Adobe Flash Player 12 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_77_Plugin.exe -maintain plugin
Adobe Reader 9.5.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A95000000001}
Adobe Shockwave Player 11.6-->"C:\Windows\SysWOW64\Adobe\Shockwave 11\uninstaller.exe"
Advanced Port Scanner v1.3-->C:\Program Files (x86)\Advanced Port Scanner\uninstal.exe
AirportMadness4-->msiexec /qb /x {3CD07764-6A66-D39C-5189-8828EC8C045F}
AirportMadness4-->MsiExec.exe /I{3CD07764-6A66-D39C-5189-8828EC8C045F}
ATI Catalyst Install Manager-->msiexec /q/x{2A13EF26-4D68-B2D7-A486-DBBD2FDE366B} REBOOT=ReallySuppress
avast! Free Antivirus-->C:\Program Files\AVAST Software\Avast\Setup\Instup.exe /control_panel /instop:uninstall
BS.Player FREE-->"C:\Program Files (x86)\Webteh\BSplayer\uninstall.exe"
Cabri 3D 2.1.2-->"C:\Program Files (x86)\Cabri\Cabri 3D 2.1\uninstall\unins000.exe"
Cabri 3D Plug-in 2.1.2-->"C:\Program Files (x86)\Cabri\Cabri 3D Plug-in 2.1\uninstall\unins000.exe"
Cabri II Plus 1.4.2-->MsiExec.exe /I{309AA357-D7AD-4AED-9573-679BBD2BEE66}
Click to Call with Skype-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120}
Codec Pack - All In 1 6.0.3.0-->C:\Windows\iun6002.exe "C:\Program Files (x86)\Codec Pack - All In 1\irunin.ini"
Counter-Strike 1.6 Standalone-->"C:\Windows\Counter-Strike 1.6 Standalone Uninstaller.exe"
DAEMON Tools Lite-->C:\Program Files (x86)\DAEMON Tools Lite\uninst.exe
Dance eJay 7 Demo-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{0D74C204-0451-463E-8B8E-F2E11504A675}\setup.exe" -l0x9 -removeonly
Diagram Designer-->C:\Program Files (x86)\MeeSoft\DiagramDesigner\Uninstall.exe
Disco XT Demo-->MsiExec.exe /I{1AAE551D-A4FB-4C8E-83BF-560073FEC00A}
Doplněk Microsoft Save as PDF pro aplikace sady Microsoft Office 2007-->MsiExec.exe /X{90120000-00B0-0405-0000-0000000FF1CE}
EPU-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}\setup.exe" -l0x9
GPU Boost Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{B8887E02-C910-4498-A7C0-186ABFDCD110}\setup.exe" -l0x9
HP Deskjet 3050 J610 series Nápověda-->MsiExec.exe /I{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}
ChaosPro-->C:\Program Files (x86)\ChaosPro 4.0\uninstall.exe
ICQ Toolbar-->C:\Program Files (x86)\ICQ6Toolbar\ICQUnToolbar.exe
ICQ7.5-->"C:\Program Files (x86)\InstallShield Installation Information\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly
IMPI 2.0.0.429-->"C:\Program Files\IMPI\unins000.exe"
Java 7 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217013FF}
Java(TM) 6 Update 31-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216031FF}
LEGO MINDSTORMS Edu NXT - English Language Pack-->MsiExec.exe /X{33DDD5C3-9706-4C7C-B6B3-F067775B9FF5}
LEGO MINDSTORMS Edu NXT Software v2.1-->MsiExec.exe /X{E0E4EB10-3F69-4186-8CAA-F9FDD39F06D5}
LEGO MINDSTORMS NXT x64 Driver-->MsiExec.exe /X{A0831C28-A6FA-49A3-86AE-B5AE3C9EE19C}
Malwarebytes Anti-Malware verze 2.0.1.1004-->"C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe"
Microsoft Office Access MUI (Czech) 2007-->MsiExec.exe /X{90120000-0015-0405-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2007-->MsiExec.exe /X{90120000-0016-0405-0000-0000000FF1CE}
Microsoft Office Groove MUI (Czech) 2007-->MsiExec.exe /X{90120000-00BA-0405-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Czech) 2007-->MsiExec.exe /X{90120000-0044-0405-0000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2007-->MsiExec.exe /X{90120000-00A1-0405-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2007-->MsiExec.exe /X{90120000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2007-->MsiExec.exe /X{90120000-0018-0405-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2007-->MsiExec.exe /X{90120000-002C-0405-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Czech) 2007-->MsiExec.exe /X{90120000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (Czech) 2007-->MsiExec.exe /X{90120000-002A-0405-1000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2007-->MsiExec.exe /X{90120000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2007-->MsiExec.exe /X{90120000-001B-0405-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
MiKTeX 2.9-->"C:\Program Files (x86)\MiKTeX 2.9\miktex/bin/internal\copystart_admin.exe" "C:\Program Files (x86)\MiKTeX 2.9\miktex/bin/internal\uninstall_admin.exe"
OpenOffice.org 3.3-->MsiExec.exe /I{D5B94160-4A07-4956-9C73-8C5EEFEF180F}
PDFTools Version 1.2 (09/28/2006)-->"C:\Program Files (x86)\PDFTools\unins000.exe"
Pharaoh-->C:\Windows\IsUninst.exe -fC:\SIERRA\Pharaoh\Uninst.isu
Photodex Presenter-->C:\Program Files (x86)\Photodex Presenter\uninst.exe
PowerISO-->"C:\Program Files (x86)\PowerISO\uninstall.exe"
ProShow Producer-->C:\Program Files (x86)\Photodex\ProShowProducer\proshow.exe . -u
Quake III Arena-->C:\Windows\IsUninst.exe -f"C:\Program Files (x86)\Quake III Arena\QIII.isu"
R for Windows 2.15.0-->"C:\Program Files\R\R-2.15.0\unins000.exe"
rajče průvodce verze 1.59.42.257-->"C:\Program Files (x86)\rajce\unins000.exe"
Realtek Ethernet Controller Driver For Windows 7-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\Setup.exe -runfromtemp -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -removeonly
Santa Claus in trouble ...again! - Demo-->C:\PROGRA~2\SANTAC~1.AGA\UNINST~1\UNWISE.EXE C:\PROGRA~2\SANTAC~1.AGA\UNINST~1\INSTALL.LOG
Skype™ 5.3-->MsiExec.exe /X{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}
Soldier of Fortune Platinum-->C:\Windows\IsUninst.exe -f"C:\Program Files (x86)\Xplosiv\SOF PLATINUM\sofplat.isu"
swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726}
TeamViewer 6-->C:\Program Files (x86)\TeamViewer\Version6\uninstall.exe
TeXworks 0.4.4-->"C:\Program Files (x86)\TeXworks\unins000.exe"
TOEFL Official Guide 4.0-->C:\Program Files (x86)\McGraw-Hill\TOEFL Official Guide\uninst.exe
Total Commander 64-bit (Remove or Repair)-->c:\totalcmd\tcunin64.exe
VirtualDJ Home FREE-->MsiExec.exe /I{5E1375CB-6792-4464-8715-CC3EC83D48FA}
WinAgents TFTP Server-->MsiExec.exe /I{83719FB4-D863-4511-8A5E-51D2122D2B58}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinEdt-->"C:\Program Files (x86)\WinEdt Team\WinEdt\unins000.exe"
Winmail Opener 1.4-->C:\Program Files (x86)\Winmail Opener\uninst.exe
Winmail Reader 1.2.15-->"C:\Program Files (x86)\Winmail Reader\unins000.exe"
WinRAR 4.00 (32-bit)-->C:\Program Files (x86)\WinRAR\uninstall.exe
WinSCP 5.1.4-->"C:\Program Files (x86)\WinSCP\unins000.exe"
Wondershare Photo Story Platinum (2.5.0) Trial Version-->"C:\Program Files (x86)\Wondershare\Photo Story Platinum\unins000.exe"
XnView 1.99.5-->"C:\Program Files (x86)\XnView\unins000.exe"
Základní software zařízení HP Deskjet 3050 J610 series-->MsiExec.exe /I{7EC4C4BE-172D-42CE-90E2-B0B4535C183F}

======System event log======

Computer Name: Doma-PC
Event Code: 7036
Message: Stav služby Služba Profil uživatele byl změněn na: Zastaveno
Record Number: 298287
Source Name: Service Control Manager
Time Written: 20131130204946.206094-000
Event Type: Informace
User:

Computer Name: Doma-PC
Event Code: 7036
Message: Stav služby Napájení byl změněn na: Zastaveno
Record Number: 298286
Source Name: Service Control Manager
Time Written: 20131130204946.206094-000
Event Type: Informace
User:

Computer Name: Doma-PC
Event Code: 7036
Message: Stav služby Plug and Play byl změněn na: Zastaveno
Record Number: 298285
Source Name: Service Control Manager
Time Written: 20131130204946.190494-000
Event Type: Informace
User:

Computer Name: Doma-PC
Event Code: 20010
Message: Došlo ke změně jednoho nebo více podsystémů služby Plug and Play.

Povolený instalační podsystém služby PlugPlay: 'false'
Povolený podsystém mezipaměti služby PlugPlay: 'false'

Record Number: 298284
Source Name: Microsoft-Windows-UserPnp
Time Written: 20131130204946.190494-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: Doma-PC
Event Code: 7036
Message: Stav služby Služba DPS (Diagnostic Policy Service) byl změněn na: Zastaveno
Record Number: 298283
Source Name: Service Control Manager
Time Written: 20131130204946.159294-000
Event Type: Informace
User:

=====Application event log=====

Computer Name: Doma-PC
Event Code: 258
Message: Program Defragmentace disku úspěšně dokončil defragmentace na Rezervováno systémem.
Record Number: 7725
Source Name: Microsoft-Windows-Defrag
Time Written: 20111014171421.000000-000
Event Type: Informace
User:

Computer Name: Doma-PC
Event Code: 258
Message: Program Defragmentace disku úspěšně dokončil optimalizace spouštění na (C:).
Record Number: 7724
Source Name: Microsoft-Windows-Defrag
Time Written: 20111014171149.000000-000
Event Type: Informace
User:

Computer Name: Doma-PC
Event Code: 903
Message: Služba Ochrana softwaru byla ukončena.

Record Number: 7723
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20111014164214.000000-000
Event Type: Informace
User:

Computer Name: Doma-PC
Event Code: 902
Message: Služba Ochrana softwaru byla spuštěna.
6.1.7600.16385
Record Number: 7722
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20111014163713.000000-000
Event Type: Informace
User:

Computer Name: Doma-PC
Event Code: 1003
Message: Služba Ochrana softwaru dokončila kontrolu stavu licencování.
ID aplikace=55c92734-d682-4d71-983e-d6ec3f16059f
Stav licencování=
1: 022a1afb-b893-4190-92c3-8f69a49839fb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
2: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8, 1, 1 [(0 [0x00000000, 1, 0], [(?)(?)( 1 0x00000000 0 0 msft:rm/algorithm/bios/4.0 0x00000000 0)(?)(?)(?)])(1 )(2 )]
3: a0cde89c-3304-4157-b61c-c8ad785d1fad, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
4: ac96e1a8-6cc4-4310-a4ff-332ce77fb5b8, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
5: cfb3e52c-d707-4861-af51-11b27ee6169c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
6: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
7: afd5f68f-b70f-4000-a21d-28dbc8be8b07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]


Record Number: 7721
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20111014163713.000000-000
Event Type: Informace
User:

=====Security event log=====

Computer Name: Doma-PC
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-21-4024734649-1204722663-2588032379-1000
Název účtu: Doma
Doména účtu: Doma-PC
ID přihlášení: 0x19132

Oprávnění: SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 74440
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20131122204144.034430-000
Event Type: Úspěšný audit
User:

Computer Name: Doma-PC
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: DOMA-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Typ přihlášení: 2

Nové přihlášení:
ID zabezpečení: S-1-5-21-4024734649-1204722663-2588032379-1000
Název účtu: Doma
Doména účtu: Doma-PC
ID přihlášení: 0x19173
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x300
Název procesu: C:\Windows\System32\winlogon.exe

Informace o síti:
Název pracovní stanice: DOMA-PC
Adresa zdrojové sítě 127.0.0.1
Zdrojový port: 0

Podrobné informace o ověření:
Proces přihlášení: User32
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 74439
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20131122204144.034430-000
Event Type: Úspěšný audit
User:

Computer Name: Doma-PC
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: DOMA-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Typ přihlášení: 2

Nové přihlášení:
ID zabezpečení: S-1-5-21-4024734649-1204722663-2588032379-1000
Název účtu: Doma
Doména účtu: Doma-PC
ID přihlášení: 0x19132
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x300
Název procesu: C:\Windows\System32\winlogon.exe

Informace o síti:
Název pracovní stanice: DOMA-PC
Adresa zdrojové sítě 127.0.0.1
Zdrojový port: 0

Podrobné informace o ověření:
Proces přihlášení: User32
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 74438
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20131122204144.034430-000
Event Type: Úspěšný audit
User:

Computer Name: Doma-PC
Event Code: 4648
Message: Došlo k pokusu o přihlášení pomocí explicitního pověření.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: DOMA-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Účet, jehož pověření bylo použito:
Název účtu: Doma
Doména účtu: Doma-PC
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Cílový server:
Název cílového serveru: localhost
Další informace: localhost

Informace o procesu:
ID procesu: 0x300
Název procesu: C:\Windows\System32\winlogon.exe

Informace o síti:
Síťová adresa: 127.0.0.1
Port: 0

Tato událost je generována, pokud se proces pokusí přihlásit k účtu explicitním zadáním pověření tohoto účtu. K tomu nejčastěji dochází v dávkových konfiguracích, například naplánovaných úlohách, nebo při použití příkazu RUNAS.
Record Number: 74437
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20131122204144.034430-000
Event Type: Úspěšný audit
User:

Computer Name: Doma-PC
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 74436
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20131122204141.600826-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\MiKTeX 2.9\miktex\bin\;C:\Program Files (x86)\IVI Foundation\VISA\WinNT\Bin
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=16
"PROCESSOR_IDENTIFIER"=AMD64 Family 16 Model 5 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=0503
"VXIPNPPATH"=C:\Program Files (x86)\IVI Foundation\VISA\

-----------------EOF-----------------

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119536
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosím o kontrolu logu

#2 Příspěvek od Rudy »

Zdravím!
Jak je na tom váš operační systém s legalitou?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

skalpik
Návštěvník
Návštěvník
Příspěvky: 59
Registrován: 19 led 2009 08:36

Re: Prosím o kontrolu logu

#3 Příspěvek od skalpik »

Dobrý den, počítač nám stavěl kamarád, ujišťoval mě, že mi tam dal legální systém. Dále jsem to nezkoumal, ale myslím, že to bude pravda, on si celkem zakládá na legalitě :) Doufám, že to takhle stačí, nemám od počítače žádné papíry, bylo to stavěný přímo od něj..

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119536
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosím o kontrolu logu

#4 Příspěvek od Rudy »

OK. Zkuste tento postup:

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe , ulozte na plochu a spustte.
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text
CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s
Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

skalpik
Návštěvník
Návštěvník
Příspěvky: 59
Registrován: 19 led 2009 08:36

Re: Prosím o kontrolu logu

#5 Příspěvek od skalpik »

Přikládám log z OTL, díky

OTL logfile created on: 28.4.2014 21:29:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Doma\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,75 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 45,56% Memory free
7,50 Gb Paging File | 4,91 Gb Available in Paging File | 65,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 379,41 Gb Free Space | 81,48% Space Free | Partition Type: NTFS

Computer Name: DOMA-PC | User Name: Doma | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014.04.28 21:28:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Doma\Downloads\OTL.exe
PRC - [2014.04.28 11:59:53 | 003,873,704 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014.04.28 11:59:53 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014.04.03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014.04.03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014.04.03 09:49:06 | 006,963,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014.01.03 02:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Users\Doma\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.03.31 16:26:13 | 000,181,312 | ---- | M] () -- C:\Program Files (x86)\Photodex\ProShowProducer\scsiaccess.exe
PRC - [2013.02.05 17:50:10 | 000,185,856 | ---- | M] () -- C:\Program Files\IMPI\ExtensionUpdaterService.exe
PRC - [2012.05.31 06:10:58 | 000,336,992 | ---- | M] (Power Software Ltd) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2012.03.11 18:21:04 | 000,115,344 | ---- | M] (WinAgents Software Group) -- C:\Program Files (x86)\Common Files\WinAgents\TftpService.exe
PRC - [2012.01.12 13:35:12 | 007,320,528 | ---- | M] (QIP) -- C:\Program Files (x86)\QIP 2010\qip.exe
PRC - [2011.08.01 10:28:16 | 000,124,480 | ---- | M] (ICQ, LLC.) -- C:\Program Files (x86)\ICQ7.5\ICQ.exe
PRC - [2011.06.01 14:44:54 | 008,003,448 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
PRC - [2011.06.01 14:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.03.27 12:41:20 | 001,137,280 | ---- | M] (
ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe


========== Modules (No Company Name) ==========

MOD - [2014.04.28 11:59:53 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014.04.02 03:58:03 | 000,390,472 | ---- | M] () -- C:\Users\Doma\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppgooglenaclpluginchrome.dll
MOD - [2014.04.02 03:58:02 | 013,691,720 | ---- | M] () -- C:\Users\Doma\AppData\Local\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll
MOD - [2014.04.02 03:57:59 | 004,081,480 | ---- | M] () -- C:\Users\Doma\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll
MOD - [2014.04.02 03:57:54 | 000,674,632 | ---- | M] () -- C:\Users\Doma\AppData\Local\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
MOD - [2014.04.02 03:57:53 | 000,093,000 | ---- | M] () -- C:\Users\Doma\AppData\Local\Google\Chrome\Application\34.0.1847.116\libegl.dll
MOD - [2014.04.02 03:57:52 | 001,647,432 | ---- | M] () -- C:\Users\Doma\AppData\Local\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
MOD - [2014.04.02 03:57:49 | 000,065,352 | ---- | M] () -- C:\Users\Doma\AppData\Local\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
MOD - [2014.01.03 02:45:04 | 003,558,400 | ---- | M] () -- C:\Users\Doma\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013.10.19 01:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Doma\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012.01.12 13:35:34 | 000,956,880 | ---- | M] () -- C:\Program Files (x86)\QIP 2010\Protos\Social\Social.dll
MOD - [2012.01.12 13:35:32 | 000,049,104 | ---- | M] () -- C:\Program Files (x86)\QIP 2010\Protos\MRA\pics.dll
MOD - [2012.01.12 13:35:30 | 001,641,424 | ---- | M] () -- C:\Program Files (x86)\QIP 2010\Protos\MRA\mra.dll
MOD - [2012.01.12 13:35:26 | 002,523,600 | ---- | M] () -- C:\Program Files (x86)\QIP 2010\Protos\InfICQ\inficq.dll
MOD - [2012.01.12 13:35:22 | 000,824,784 | ---- | M] () -- C:\Program Files (x86)\QIP 2010\Plugins\qipradio\qipradio.dll
MOD - [2012.01.12 13:35:22 | 000,175,056 | ---- | M] () -- C:\Program Files (x86)\QIP 2010\Plugins\ogorod\ogorod.dll
MOD - [2012.01.12 13:35:22 | 000,140,240 | ---- | M] () -- C:\Program Files (x86)\QIP 2010\Plugins\cards\cards.dll
MOD - [2012.01.12 13:35:22 | 000,058,832 | ---- | M] () -- C:\Program Files (x86)\QIP 2010\Plugins\Win7Helper\Win7Helper.dll
MOD - [2012.01.12 13:35:16 | 004,660,176 | ---- | M] () -- C:\Program Files (x86)\QIP 2010\Core\voip.dll
MOD - [2010.03.12 05:40:58 | 004,449,632 | ---- | M] () -- C:\Program Files (x86)\ASUS\GPU Boost Driver\platform.dll
MOD - [2010.03.12 05:40:56 | 000,423,256 | ---- | M] () -- C:\Program Files (x86)\ASUS\GPU Boost Driver\device.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014.04.28 11:59:53 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013.02.05 17:50:10 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\IMPI\ExtensionUpdaterService.exe -- (IMPI Updater)
SRV:64bit: - [2010.02.11 05:05:44 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014.04.03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014.04.03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014.03.12 13:23:13 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.31 16:26:13 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Photodex\ProShowProducer\scsiaccess.exe -- (ScsiAccess)
SRV - [2012.11.02 23:25:34 | 000,069,632 | ---- | M] (Macrovision ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe -- (InstallShield Licensing Service)
SRV - [2012.03.11 18:21:04 | 000,115,344 | ---- | M] (WinAgents Software Group) [Auto | Running] -- C:\Program Files (x86)\Common Files\WinAgents\TftpService.exe -- (WinAgentsTftpService4)
SRV - [2011.06.01 14:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014.04.28 21:15:29 | 000,119,512 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014.04.28 11:59:54 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014.04.28 11:59:54 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014.04.28 11:59:54 | 000,208,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014.04.28 11:59:54 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014.04.28 11:59:54 | 000,085,328 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2014.04.28 11:59:54 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014.04.28 11:59:54 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014.04.28 11:59:54 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014.04.03 09:51:16 | 000,063,192 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014.04.03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013.11.17 13:33:17 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.05.31 06:10:48 | 000,126,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010.06.23 11:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.02.11 05:24:04 | 006,368,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.02.11 04:11:12 | 000,188,416 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.01.28 16:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.08.24 00:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010.03.12 05:40:48 | 000,052,280 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\ASUS\GPU Boost Driver\amd64\aoddriver.sys -- (AODDriver)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4024734649-1204722663-2588032379-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-4024734649-1204722663-2588032379-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-4024734649-1204722663-2588032379-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-4024734649-1204722663-2588032379-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4024734649-1204722663-2588032379-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-4024734649-1204722663-2588032379-1000\..\SearchScopes\{32FF9AEA-609D-41C1-BAE1-201AB387805C}: "URL" = http://www.google.cz/search?q={searchTe ... {startPage}
IE - HKU\S-1-5-21-4024734649-1204722663-2588032379-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.ph ... &ch_id=osd
IE - HKU\S-1-5-21-4024734649-1204722663-2588032379-1000\..\SearchScopes\{F085F6ED-758A-44C9-B7EB-50EAECB90C9D}: "URL" = http://websearch.ask.com/redirect?clien ... FF7C10D7E7
IE - HKU\S-1-5-21-4024734649-1204722663-2588032379-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Cabrilog.com/Cabri 3D: C:\Program Files (x86)\Cabri\Cabri 3D Plug-in 2.1\bin\npcabri3d.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Doma\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Doma\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Doma\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{17E113E6-CD0E-4045-B154-65F0E57959EF}: C:\PROGRAM FILES\IMPI\FIREFOX [2013.02.12 08:46:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{17E113E6-CD0E-4045-B154-65F0E57959EF}: C:\Program Files\IMPI\Firefox [2013.02.12 08:46:57 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = http://www.google.cz/search?q={searchTe ... {startPage}
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://qip.ru/?utm_source=qip2012&utm_m ... 2012_start
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Doma\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Doma\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Doma\AppData\Local\Google\Chrome\Application\34.0.1847.116\gcswf32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Doma\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Doma\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\Doma\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Vyhledávání Google = C:\Users\Doma\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Users\Doma\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2018.95_0\
CHR - Extension: Skype Click to Call = C:\Users\Doma\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\
CHR - Extension: IMPI = C:\Users\Doma\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdfeinlpefandfngbdmdgjgepebkjap\2.0.0.429_0\
CHR - Extension: Peněženka Google = C:\Users\Doma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Doma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IMPI) - {17E113E6-CD0E-4045-B154-65F0E57959EF} - C:\Program Files\IMPI\Extension64.dll ()
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (IMPI) - {17E113E6-CD0E-4045-B154-65F0E57959EF} - C:\Program Files\IMPI\Extension32.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKU\S-1-5-21-4024734649-1204722663-2588032379-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4024734649-1204722663-2588032379-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-4024734649-1204722663-2588032379-1000..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Doma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Doma\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} http://www.kkpsj.cz/RtspVaPgDec.cab (RtspVaPgCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.13.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{988E2D58-2147-46D9-ADB3-CFA7F3723A3B}: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d7cef646-27fe-11e3-9a19-20cf30f1d04a}\Shell - "" = AutoRun
O33 - MountPoints2\{d7cef646-27fe-11e3-9a19-20cf30f1d04a}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (aswBoot.exe /M:1cd661aa /wow /dir:"C:\Program Files\AVAST Software\Avast")
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2014.04.28 13:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014.04.28 13:58:16 | 000,000,000 | ---D | C] -- C:\rsit
[2014.04.28 12:01:07 | 000,000,000 | ---D | C] -- C:\Users\Doma\AppData\Roaming\AVAST Software
[2014.04.28 12:00:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014.04.28 12:00:16 | 000,085,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014.04.28 12:00:14 | 001,039,096 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014.04.28 12:00:12 | 000,423,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014.04.28 12:00:09 | 000,079,184 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014.04.28 12:00:03 | 000,093,568 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014.04.28 11:59:54 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014.04.28 11:57:14 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.04.28 11:57:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014.04.28 11:57:03 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014.04.28 11:57:03 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014.04.28 11:57:03 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014.04.28 11:57:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014.04.28 11:57:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014.04.28 11:52:54 | 000,000,000 | ---D | C] -- C:\Users\Doma\AppData\Roaming\brothel
[2014.04.27 14:22:34 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2014.04.22 21:25:02 | 000,000,000 | ---D | C] -- C:\Users\Doma\Desktop\tábor
[2014.04.22 19:52:10 | 000,000,000 | ---D | C] -- C:\Users\Doma\Desktop\přírodní vědy
[2014.04.05 17:31:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MeeSoft
[2014.04.05 17:31:54 | 000,000,000 | ---D | C] -- C:\Users\Doma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Diagram Designer
[2014.04.05 17:31:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diagram Designer
[2014.03.30 11:08:49 | 000,000,000 | ---D | C] -- C:\Users\Doma\Documents\LEGO Creations
[2014.03.30 11:08:16 | 000,000,000 | ---D | C] -- C:\ProgramData\IVI Foundation
[2014.03.30 11:08:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IVI Foundation
[2014.03.30 11:08:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO MINDSTORMS Edu NXT 2.1
[2014.03.30 11:05:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LEGO Software
[2014.03.30 11:05:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\National Instruments
[2014.03.30 11:04:46 | 000,000,000 | ---D | C] -- C:\ProgramData\National Instruments

========== Files - Modified Within 30 Days ==========

[2014.04.28 21:31:18 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014.04.28 21:23:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.04.28 21:19:01 | 000,000,958 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4024734649-1204722663-2588032379-1000UA.job
[2014.04.28 21:15:29 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.04.28 18:35:55 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.04.28 18:35:55 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.04.28 18:28:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.04.28 18:28:20 | 3019,247,616 | -HS- | M] () -- C:\hiberfil.sys
[2014.04.28 16:19:02 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4024734649-1204722663-2588032379-1000Core.job
[2014.04.28 12:00:48 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014.04.28 11:59:54 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014.04.28 11:59:54 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014.04.28 11:59:54 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014.04.28 11:59:54 | 000,208,416 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014.04.28 11:59:54 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014.04.28 11:59:54 | 000,085,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014.04.28 11:59:54 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014.04.28 11:59:54 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014.04.28 11:59:54 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014.04.28 11:59:54 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014.04.28 11:57:05 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014.04.27 14:22:32 | 480,032,167 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014.04.18 08:21:39 | 000,068,485 | ---- | M] () -- C:\Users\Doma\Desktop\Pozvánka 2.5.2014.pdf
[2014.04.17 21:22:35 | 000,018,454 | ---- | M] () -- C:\Users\Doma\Desktop\Pozvánka 2.5.2014.odt
[2014.04.13 12:54:21 | 000,013,139 | ---- | M] () -- C:\Users\Doma\Desktop\klokan 2014 = hesla.odt
[2014.04.12 19:22:27 | 000,002,362 | ---- | M] () -- C:\Users\Doma\Desktop\Google Chrome.lnk
[2014.04.10 21:36:32 | 000,013,243 | ---- | M] () -- C:\Users\Doma\Desktop\klokan 2014.odt
[2014.04.09 21:19:40 | 001,453,562 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.04.09 21:19:40 | 000,625,326 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2014.04.09 21:19:40 | 000,609,896 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.04.09 21:19:40 | 000,119,448 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2014.04.09 21:19:40 | 000,104,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.04.09 18:46:49 | 000,014,400 | ---- | M] () -- C:\Users\Doma\Desktop\MO 2014.ods
[2014.04.06 06:41:51 | 000,441,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014.04.05 18:40:09 | 000,094,141 | ---- | M] () -- C:\Users\Doma\Desktop\diagram_bar.jpg
[2014.04.05 18:19:57 | 000,094,605 | ---- | M] () -- C:\Users\Doma\Desktop\diagram_cb.jpg
[2014.04.05 18:17:36 | 000,033,699 | ---- | M] () -- C:\Users\Doma\Desktop\diagram_cb.png
[2014.04.03 09:51:16 | 000,063,192 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014.04.03 09:51:04 | 000,088,280 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014.04.03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014.03.30 11:08:09 | 000,002,069 | ---- | M] () -- C:\Users\Public\Desktop\NXT 2.1 Data Logging.lnk
[2014.03.30 11:08:09 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\NXT 2.1 Programming.lnk

========== Files Created - No Company Name ==========

[2014.04.28 21:31:18 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014.04.28 12:00:48 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014.04.28 12:00:14 | 000,208,416 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014.04.28 12:00:11 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014.04.28 12:00:07 | 000,029,208 | ---- | C] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014.04.28 11:57:05 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014.04.27 14:22:32 | 480,032,167 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014.04.18 08:21:36 | 000,068,485 | ---- | C] () -- C:\Users\Doma\Desktop\Pozvánka 2.5.2014.pdf
[2014.04.17 21:22:33 | 000,018,454 | ---- | C] () -- C:\Users\Doma\Desktop\Pozvánka 2.5.2014.odt
[2014.04.13 12:54:19 | 000,013,139 | ---- | C] () -- C:\Users\Doma\Desktop\klokan 2014 = hesla.odt
[2014.04.10 21:36:30 | 000,013,243 | ---- | C] () -- C:\Users\Doma\Desktop\klokan 2014.odt
[2014.04.05 18:38:12 | 000,094,141 | ---- | C] () -- C:\Users\Doma\Desktop\diagram_bar.jpg
[2014.04.05 18:19:57 | 000,094,605 | ---- | C] () -- C:\Users\Doma\Desktop\diagram_cb.jpg
[2014.04.05 18:05:38 | 000,033,699 | ---- | C] () -- C:\Users\Doma\Desktop\diagram_cb.png
[2014.04.02 20:15:02 | 000,014,400 | ---- | C] () -- C:\Users\Doma\Desktop\MO 2014.ods
[2014.03.30 11:08:09 | 000,002,069 | ---- | C] () -- C:\Users\Public\Desktop\NXT 2.1 Data Logging.lnk
[2014.03.30 11:08:09 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\NXT 2.1 Programming.lnk
[2013.02.23 20:46:07 | 000,722,983 | ---- | C] () -- C:\Windows\Counter-Strike 1.6 Standalone Uninstaller.exe
[2012.10.07 22:13:44 | 000,000,600 | ---- | C] () -- C:\Users\Doma\AppData\Roaming\winscp.rnd
[2012.07.15 09:55:26 | 000,034,683 | ---- | C] () -- C:\Users\Doma\abstract.pdf
[2012.07.15 09:55:26 | 000,003,835 | ---- | C] () -- C:\Users\Doma\abstract.synctex.gz
[2012.07.15 09:55:26 | 000,000,009 | ---- | C] () -- C:\Users\Doma\abstract.aux
[2012.07.14 12:55:56 | 000,001,284 | ---- | C] () -- C:\Users\Doma\abstract.tex
[2012.06.27 22:44:33 | 000,000,681 | ---- | C] () -- C:\Users\Doma\Doma – zástupce.lnk
[2012.06.14 17:29:52 | 000,000,524 | ---- | C] () -- C:\Windows\QIII.INI
[2012.04.25 14:28:38 | 000,000,337 | ---- | C] () -- C:\Users\Doma\AppData\Local\Perfmon.PerfmonCfg
[2011.10.08 20:03:26 | 000,000,008 | -HS- | C] () -- C:\Users\Doma\AppData\Roaming\.xp070105.dat
[2011.10.08 20:03:26 | 000,000,008 | -HS- | C] () -- C:\Users\Doma\AppData\Roaming\.px050107.dat
[2011.10.08 20:03:26 | 000,000,008 | -HS- | C] () -- C:\Users\Doma\AppData\Roaming\.ax010705.dat
[2011.06.20 15:57:02 | 000,000,008 | -HS- | C] () -- C:\Users\Doma\AppData\Roaming\.drv190904.dat
[2011.06.20 15:57:02 | 000,000,008 | -HS- | C] () -- C:\Program Files (x86)\.drv120405.dat
[2011.06.20 15:57:02 | 000,000,008 | -HS- | C] () -- C:\Users\Doma\AppData\Roaming\.drv120205.dat
[2011.06.20 15:57:02 | 000,000,008 | -HS- | C] () -- C:\Program Files (x86)\.data211204.dat
[2011.06.20 15:57:02 | 000,000,008 | -HS- | C] () -- C:\Program Files (x86)\.data211004.dat
[2011.06.20 15:57:02 | 000,000,008 | -HS- | C] () -- C:\Program Files (x86)\.data110704.dat
[2011.06.20 15:57:02 | 000,000,008 | -HS- | C] () -- C:\Users\Doma\AppData\Roaming\.data001.dat
[2011.06.20 15:57:02 | 000,000,008 | -HS- | C] () -- C:\Users\Doma\AppData\Roaming\.data000.dat
[2011.06.20 15:57:02 | 000,000,008 | -HS- | C] () -- C:\Program Files (x86)\.dat000002.dat
[2011.06.20 15:57:02 | 000,000,008 | -HS- | C] () -- C:\Program Files (x86)\.dat000001.dat
[2011.06.20 15:57:02 | 000,000,008 | -HS- | C] () -- C:\Users\Doma\AppData\Roaming\.app190905.dat
[2011.06.20 15:57:02 | 000,000,008 | -HS- | C] () -- C:\Users\Doma\AppData\Roaming\.addit001.dat

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010.07.27 16:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010.07.27 16:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011.06.20 15:56:29 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\.Cabri3D-2.1
[2012.09.05 17:14:06 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\AirportMadness4
[2014.04.28 12:01:07 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\AVAST Software
[2013.11.17 13:35:30 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\AVG
[2014.04.28 18:29:35 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\brothel
[2013.05.11 21:59:16 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\BSplayer
[2012.05.12 10:37:07 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\BSplayer Pro
[2011.05.09 21:52:22 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\Cabrilog
[2012.11.25 23:34:59 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\ChaosPro 4.0
[2014.03.10 13:39:20 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\DAEMON Tools Lite
[2012.11.02 23:53:10 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\DiscoXT
[2014.04.28 18:30:10 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\Dropbox
[2013.03.03 11:16:31 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\GHISLER
[2014.04.27 08:28:56 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\ICQ
[2013.03.31 16:26:17 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\Netscape
[2011.05.14 08:46:01 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\OpenOffice.org
[2013.03.31 16:25:05 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\Photodex
[2012.06.14 17:25:31 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\PowerISO
[2014.02.10 21:54:44 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\QIP
[2014.03.04 08:23:24 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\QipGuard
[2014.03.10 13:39:35 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\QipShot
[2013.02.02 18:42:23 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\Unity
[2014.01.01 21:07:56 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\XnView

========== Purity Check ==========



========== Custom Scans ==========

< >
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,540 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.05.08 13:50:54 | 000,000,906 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4024734649-1204722663-2588032379-1000Core.job
[2011.05.08 13:50:55 | 000,000,958 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4024734649-1204722663-2588032379-1000UA.job
[2013.03.02 01:43:32 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< >

< MD5 for: AGP440.SYS >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\SysWOW64\autochk.exe
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009.07.14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\SysNative\autochk.exe
[2009.07.14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe

< MD5 for: CDROM.SYS >
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\drivers\cdrom.sys
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2009.07.14 03:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\SysNative\cryptsvc.dll
[2009.07.14 03:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: HAL.DLL >
[2009.07.14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\SysNative\hal.dll
[2009.07.14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll

< MD5 for: IASTORV.SYS >
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\drivers\isapnp.sys
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\isapnp.sys
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\isapnp.sys

< MD5 for: LSASS.EXE >
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\SysNative\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe

< MD5 for: NDIS.SYS >
[2009.07.14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\SysNative\drivers\ndis.sys
[2009.07.14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\SysNative\drivers\nvraid.sys
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvraid.sys
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: SMSS.EXE >
[2009.07.14 03:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\SysNative\smss.exe
[2009.07.14 03:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2014.04.03 09:49:02 | 000,742,200 | ---- | M] (MalwareBytes) MD5=96820649733BFB2B0499C371904B7B40 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2010.06.14 08:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2010.06.14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\SysNative\drivers\tcpip.sys
[2010.06.14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009.07.14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys

< MD5 for: USERINIT.EXE >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2014.04.03 09:49:02 | 000,742,200 | ---- | M] (MalwareBytes) MD5=96820649733BFB2B0499C371904B7B40 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WS2_32.DLL >
[2009.07.14 03:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\SysNative\ws2_32.dll
[2009.07.14 03:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[2 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[4 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[1 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[121 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >
[2007.11.07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2011.06.20 15:56:29 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\.Cabri3D-2.1
[2011.05.08 14:54:59 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\Adobe
[2012.09.05 17:14:06 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\AirportMadness4
[2011.04.26 13:42:18 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\ATI
[2014.04.28 12:01:07 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\AVAST Software
[2013.11.17 13:35:30 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\AVG
[2014.04.28 18:29:35 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\brothel
[2013.05.11 21:59:16 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\BSplayer
[2012.05.12 10:37:07 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\BSplayer Pro
[2011.05.09 21:52:22 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\Cabrilog
[2012.11.25 23:34:59 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\ChaosPro 4.0
[2014.03.10 13:39:20 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\DAEMON Tools Lite
[2012.11.02 23:53:10 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\DiscoXT
[2014.04.28 18:30:10 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\Dropbox
[2013.03.03 11:16:31 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\GHISLER
[2014.04.27 08:28:56 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\ICQ
[2011.04.26 13:27:57 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\Identities
[2011.04.26 14:14:37 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\Macromedia
[2009.07.14 17:36:38 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\Media Center Programs
[2014.01.01 21:07:19 | 000,000,000 | --SD | M] -- C:\Users\Doma\AppData\Roaming\Microsoft
[2012.07.14 13:46:43 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\MiKTeX
[2013.03.31 16:26:17 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\Mozilla
[2013.03.31 16:26:17 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\Netscape
[2011.05.14 08:46:01 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\OpenOffice.org
[2013.03.31 16:25:05 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\Photodex
[2012.06.14 17:25:31 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\PowerISO
[2014.02.10 21:54:44 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\QIP
[2014.03.04 08:23:24 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\QipGuard
[2014.03.10 13:39:35 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\QipShot
[2013.02.11 14:59:46 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\Skype
[2013.02.02 18:42:23 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\Unity
[2011.05.08 14:54:53 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\WinRAR
[2014.01.01 21:07:56 | 000,000,000 | ---D | M] -- C:\Users\Doma\AppData\Roaming\XnView

< %APPDATA%\*.exe /s >
[2009.08.11 21:21:26 | 000,087,552 | ---- | M] () -- C:\Users\Doma\AppData\Roaming\BSplayer\AC3 Filter\ac3config.exe
[2009.08.11 21:21:30 | 000,090,112 | ---- | M] () -- C:\Users\Doma\AppData\Roaming\BSplayer\AC3 Filter\spdif_test.exe
[2010.03.22 14:52:04 | 000,697,690 | ---- | M] () -- C:\Users\Doma\AppData\Roaming\BSplayer\AC3 Filter\unins000.exe
[2010.02.23 17:01:52 | 001,185,871 | ---- | M] () -- C:\Users\Doma\AppData\Roaming\BSplayer\FFDShow\unins000.exe
[2010.08.14 10:42:54 | 000,113,152 | ---- | M] () -- C:\Users\Doma\AppData\Roaming\BSplayer\Haali media splitter\dsmux.exe
[2010.08.14 10:45:10 | 000,358,400 | ---- | M] () -- C:\Users\Doma\AppData\Roaming\BSplayer\Haali media splitter\gdsmux.exe
[2010.08.14 10:42:06 | 000,137,728 | ---- | M] () -- C:\Users\Doma\AppData\Roaming\BSplayer\Haali media splitter\mkv2vfr.exe
[2010.09.30 15:30:22 | 000,042,305 | ---- | M] () -- C:\Users\Doma\AppData\Roaming\BSplayer\Haali media splitter\uninstall.exe
[2014.01.03 02:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Users\Doma\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2014.01.03 02:47:26 | 000,229,288 | ---- | M] (Dropbox, Inc.) -- C:\Users\Doma\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
[2012.05.24 20:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\Doma\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.12.09 16:05:31 | 000,053,664 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Doma\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.04.26 13:47:08 | 000,010,134 | R--- | M] () -- C:\Users\Doma\AppData\Roaming\Microsoft\Installer\{F93FC0FA-AC65-81AE-58BF-32381C7B407C}\ARPPRODUCTICON.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >

< %SYSTEMDRIVE%\*.exe >
[2007.11.07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"ICQ" = "C:\Program Files (x86)\ICQ7.5\ICQ.exe" silent loginmode=4 -- [2011.08.01 10:28:16 | 000,124,480 | ---- | M] (ICQ, LLC.)
"DAEMON Tools Lite" = "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun -- [2013.10.28 10:29:38 | 003,675,352 | ---- | M] (Disc Soft Ltd)
"Google Update" = "C:\Users\Doma\AppData\Local\Google\Update\GoogleUpdate.exe" /c -- [2011.05.08 13:50:54 | 000,136,176 | ---- | M] (Google Inc.)

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< >

< type c:\boot.ini >> test.txt /c >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014.04.28 21:31:18 | 000,000,512 | ---- | M] () MD5=06406AA6DAFC244A7CBBF7B3AFB7AC36 -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2005.04.22 16:49:42 | 000,021,134 | R--- | M] () -- \eJay\Dance eJay 7 Demo\DrumWaves\Snares\crack sn.wav
[2005.04.22 16:49:42 | 000,028,442 | R--- | M] () -- \eJay\Dance eJay 7 Demo\DrumWaves\Snares\cracking sn.wav
[2007.07.17 09:08:20 | 000,015,970 | ---- | M] () -- \Program Files (x86)\Wondershare\Photo Story Platinum\Decorations\Effects\firecracker.jpg
[2007.07.12 11:56:46 | 000,007,941 | ---- | M] () -- \Program Files (x86)\Wondershare\Photo Story Platinum\Decorations\Effects\Firecracker.swf
[2012.03.30 14:48:28 | 000,000,127 | ---- | M] () -- \Program Files\R\R-2.15.0\library\survival\tests\data.cracks

< *keygen* /s >

< *AntiWPA* /s >

< *loader* /s >
[2014.03.03 16:12:50 | 000,002,290 | ---- | M] () -- \Documents and Settings\Doma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\61H2C0KZ\loader[1].js
[2014.04.27 14:17:01 | 000,002,290 | ---- | M] () -- \Documents and Settings\Doma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UKCHKBQY\loader[1].js
[2014.01.08 19:16:23 | 000,019,497 | ---- | M] () -- \Documents and Settings\Doma\AppData\Local\Temp\UninstallRes\ClientPackage\Images\uninstall\loader.gif
[1999.01.09 02:10:00 | 000,022,800 | ---- | M] () -- \Documents and Settings\Doma\Desktop\Sierra Pharaoh - Setup\DIRECTX\DMLOADER.DLL
[2011.09.21 16:03:05 | 000,016,084 | ---- | M] () -- \Documents and Settings\Doma\Downloads\gameloader (1).dcr
[2011.12.24 12:12:23 | 000,016,084 | ---- | M] () -- \Documents and Settings\Doma\Downloads\gameloader (10).dcr
[2011.12.24 12:12:38 | 000,016,084 | ---- | M] () -- \Documents and Settings\Doma\Downloads\gameloader (11).dcr
[2011.09.23 21:18:45 | 000,016,084 | ---- | M] () -- \Documents and Settings\Doma\Downloads\gameloader (2).dcr
[2011.09.23 23:02:29 | 000,016,084 | ---- | M] () -- \Documents and Settings\Doma\Downloads\gameloader (3).dcr
[2011.09.29 15:04:12 | 000,016,084 | ---- | M] () -- \Documents and Settings\Doma\Downloads\gameloader (4).dcr
[2011.12.17 13:23:34 | 000,016,084 | ---- | M] () -- \Documents and Settings\Doma\Downloads\gameloader (5).dcr
[2011.12.17 13:23:46 | 000,016,084 | ---- | M] () -- \Documents and Settings\Doma\Downloads\gameloader (6).dcr
[2011.12.17 13:23:56 | 000,016,084 | ---- | M] () -- \Documents and Settings\Doma\Downloads\gameloader (7).dcr
[2011.12.24 12:12:06 | 000,016,084 | ---- | M] () -- \Documents and Settings\Doma\Downloads\gameloader (8).dcr
[2011.12.24 12:12:15 | 000,016,084 | ---- | M] () -- \Documents and Settings\Doma\Downloads\gameloader (9).dcr
[2011.09.21 16:02:32 | 000,016,084 | ---- | M] () -- \Documents and Settings\Doma\Downloads\gameloader.dcr
[2012.07.19 15:59:57 | 004,110,768 | ---- | M] () -- \Documents and Settings\Doma\Downloads\Jim_Snidero_Groove_blues_mp3_downloader_2910a.exe
[2006.10.26 13:40:34 | 000,057,344 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006.10.26 13:40:34 | 000,005,120 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2011.03.19 23:13:33 | 000,169,384 | ---- | M] () -- \Program Files (x86)\Counter-Strike 1.6 Standalone\cstrike\models\qloader.mdl
[2011.03.19 23:09:50 | 000,352,548 | ---- | M] () -- \Program Files (x86)\Counter-Strike 1.6 Standalone\valve\models\loader.mdl
[2011.03.19 23:09:55 | 000,012,764 | ---- | M] () -- \Program Files (x86)\Counter-Strike 1.6 Standalone\valve\sound\ambience\loader_hydra1.wav
[2011.03.19 23:09:55 | 000,012,164 | ---- | M] () -- \Program Files (x86)\Counter-Strike 1.6 Standalone\valve\sound\ambience\loader_step1.wav
[2009.10.06 06:08:30 | 000,145,082 | ---- | M] () -- \Program Files (x86)\HP\HP Deskjet 3050 J610 series\bin\HelpViewer\Resources\Loader.gif
[2011.06.13 17:48:23 | 000,005,795 | ---- | M] () -- \Program Files (x86)\ICQ7.5\imApp\theme\IMAGES\XtraPreloader\loader.jpg
[2011.06.13 17:48:23 | 000,004,180 | ---- | M] () -- \Program Files (x86)\ICQ7.5\imApp\theme\IMAGES\XtraPreloader\zlango-preloader.png
[2011.06.13 17:48:23 | 000,005,520 | ---- | M] () -- \Program Files (x86)\ICQ7.5\imApp\theme\MUICoreLib\xtraLoader.swf
[2012.05.12 13:47:13 | 000,002,886 | ---- | M] () -- \Program Files (x86)\ICQ7.5\Xtraz\icq\content\babylon_feed\preloader01_b.swf
[2011.07.27 14:35:18 | 000,000,402 | ---- | M] () -- \Program Files (x86)\ICQ7.5\Xtraz\icq\content\icq_profile\preloader.html
[2011.06.13 17:58:50 | 000,000,402 | ---- | M] () -- \Program Files (x86)\ICQ7.5\Xtraz\icq\content\profile_forms\preloader.html
[2011.06.13 17:58:50 | 000,000,402 | ---- | M] () -- \Program Files (x86)\ICQ7.5\Xtraz\icq\content\profile_lightboxs\preloader.html
[2012.05.11 11:48:12 | 000,003,095 | ---- | M] () -- \Program Files (x86)\LEGO Software\LEGO MINDSTORMS Edu NXT\components\uriloader.xpt
[2012.05.11 11:59:02 | 000,025,775 | ---- | M] () -- \Program Files (x86)\LEGO Software\LEGO MINDSTORMS Edu NXT\engine\EditorVIs\SubVIs\Loader\LogIfLoadErrors.vi
[2011.05.21 12:41:00 | 000,379,444 | ---- | M] () -- \Program Files (x86)\MiKTeX 2.9\doc\luatex\luatexbase\luatexbase-loader.pdf
[2011.05.21 12:41:00 | 000,000,555 | ---- | M] () -- \Program Files (x86)\MiKTeX 2.9\doc\luatex\luatexbase\test-loader-latex.tex
[2011.05.21 12:41:00 | 000,000,548 | ---- | M] () -- \Program Files (x86)\MiKTeX 2.9\doc\luatex\luatexbase\test-loader-plain.tex
[2011.05.21 12:41:00 | 000,000,411 | ---- | M] () -- \Program Files (x86)\MiKTeX 2.9\doc\luatex\luatexbase\test-loader.lua
[2011.05.21 12:41:00 | 000,000,419 | ---- | M] () -- \Program Files (x86)\MiKTeX 2.9\doc\luatex\luatexbase\test-loader.sub.lua
[2012.04.26 17:32:56 | 000,003,848 | ---- | M] () -- \Program Files (x86)\MiKTeX 2.9\tex\generic\oberdiek\luatex-loader.sty
[2011.05.21 12:41:00 | 000,002,580 | ---- | M] () -- \Program Files (x86)\MiKTeX 2.9\tex\luatex\luatexbase\luatexbase-loader.sty
[2011.05.21 12:41:00 | 000,002,075 | ---- | M] () -- \Program Files (x86)\MiKTeX 2.9\tex\luatex\luatexbase\luatexbase.loader.lua
[2011.01.17 16:21:04 | 000,006,263 | ---- | M] () -- \Program Files (x86)\OpenOffice.org 3\Basis\program\pythonloader.py
[2011.05.08 00:40:48 | 000,021,504 | ---- | M] () -- \Program Files (x86)\OpenOffice.org 3\Basis\program\pythonloader.uno.dll
[2011.01.17 17:00:08 | 000,000,171 | ---- | M] () -- \Program Files (x86)\OpenOffice.org 3\Basis\program\pythonloader.uno.ini
[2011.05.08 00:40:52 | 000,029,184 | ---- | M] () -- \Program Files (x86)\OpenOffice.org 3\URE\bin\javaloader.uno.dll
[2010.11.19 12:24:20 | 000,003,689 | ---- | M] () -- \Program Files (x86)\OpenOffice.org 3\URE\java\unoloader.jar
[2007.07.12 11:58:52 | 000,000,712 | ---- | M] () -- \Program Files (x86)\Wondershare\Photo Story Platinum\res\PreLoader.swf
[2007.07.13 10:32:50 | 000,006,912 | ---- | M] () -- \Program Files (x86)\Wondershare\Photo Story Platinum\res\PreLoader.xml
[2014.04.28 11:59:52 | 000,072,480 | ---- | M] () -- \Program Files\AVAST Software\Avast\aswWrcIELoader32.exe
[2014.04.28 11:59:52 | 000,085,888 | ---- | M] () -- \Program Files\AVAST Software\Avast\aswWrcIELoader64.exe
[2011.10.21 00:05:02 | 000,000,383 | ---- | M] () -- \Program Files\R\R-2.15.0\share\R\nspackloader.R
[2014.03.03 16:12:50 | 000,002,290 | ---- | M] () -- \Users\Doma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\61H2C0KZ\loader[1].js
[2014.04.27 14:17:01 | 000,002,290 | ---- | M] () -- \Users\Doma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UKCHKBQY\loader[1].js
[2014.01.08 19:16:23 | 000,019,497 | ---- | M] () -- \Users\Doma\AppData\Local\Temp\UninstallRes\ClientPackage\Images\uninstall\loader.gif
[1999.01.09 02:10:00 | 000,022,800 | ---- | M] () -- \Users\Doma\Desktop\Sierra Pharaoh - Setup\DIRECTX\DMLOADER.DLL
[2011.09.21 16:03:05 | 000,016,084 | ---- | M] () -- \Users\Doma\Downloads\gameloader (1).dcr
[2011.12.24 12:12:23 | 000,016,084 | ---- | M] () -- \Users\Doma\Downloads\gameloader (10).dcr
[2011.12.24 12:12:38 | 000,016,084 | ---- | M] () -- \Users\Doma\Downloads\gameloader (11).dcr
[2011.09.23 21:18:45 | 000,016,084 | ---- | M] () -- \Users\Doma\Downloads\gameloader (2).dcr
[2011.09.23 23:02:29 | 000,016,084 | ---- | M] () -- \Users\Doma\Downloads\gameloader (3).dcr
[2011.09.29 15:04:12 | 000,016,084 | ---- | M] () -- \Users\Doma\Downloads\gameloader (4).dcr
[2011.12.17 13:23:34 | 000,016,084 | ---- | M] () -- \Users\Doma\Downloads\gameloader (5).dcr
[2011.12.17 13:23:46 | 000,016,084 | ---- | M] () -- \Users\Doma\Downloads\gameloader (6).dcr
[2011.12.17 13:23:56 | 000,016,084 | ---- | M] () -- \Users\Doma\Downloads\gameloader (7).dcr
[2011.12.24 12:12:06 | 000,016,084 | ---- | M] () -- \Users\Doma\Downloads\gameloader (8).dcr
[2011.12.24 12:12:15 | 000,016,084 | ---- | M] () -- \Users\Doma\Downloads\gameloader (9).dcr
[2011.09.21 16:02:32 | 000,016,084 | ---- | M] () -- \Users\Doma\Downloads\gameloader.dcr
[2012.07.19 15:59:57 | 004,110,768 | ---- | M] () -- \Users\Doma\Downloads\Jim_Snidero_Groove_blues_mp3_downloader_2910a.exe
[2012.06.12 13:26:51 | 000,082,784 | ---- | M] () -- \Windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
[2009.07.14 14:25:34 | 002,202,645 | R--- | M] () -- \Windows\Setup\SCRIPTS\Windows7Loader.exe
[2009.07.14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2012.10.04 10:12:02 | 000,012,532 | ---- | M] () -- \Windows\System32\Adobe\Shockwave 11\shockwave_Projector_Loader.dcr
[2009.07.14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2012.10.04 10:12:02 | 000,012,532 | ---- | M] () -- \Windows\SysWOW64\Adobe\Shockwave 11\shockwave_Projector_Loader.dcr
[2009.07.14 03:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009.07.14 03:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 17:17:49 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2009.07.14 17:17:49 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.efi.mui_35ee487d
[2009.07.14 17:17:49 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.exe.mui_3bc5b827
[2009.07.14 17:17:49 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.efi.mui_f412814e
[2009.07.14 17:17:49 | 000,030,288 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.exe.mui_ff8b5358
[2011.04.26 14:37:40 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66.manifest
[2011.04.26 14:37:40 | 000,640,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66_winload.efi_75834aa0
[2011.04.26 14:37:40 | 000,603,976 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66_winload.exe_75835076
[2011.04.26 14:37:40 | 000,556,928 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66_winresume.efi_85cd069f
[2011.04.26 14:37:40 | 000,518,160 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66_winresume.exe_85cd1215
[2009.07.14 04:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 04:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2009.07.14 17:15:51 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2009.07.14 04:13:42 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef.manifest
[2011.02.05 15:09:31 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66.manifest
[2011.02.05 15:04:44 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20897_none_b79c80e49f7bc9f4.manifest
[2011.02.05 19:34:23 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2011.02.05 15:09:57 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e.manifest
[2009.07.14 04:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll

< *minodlogin* /s >

< *tnod* /s >

< *AutoKMS* /s >

< *activator* /s >

< *serial* /s >
[1997.07.15 01:00:00 | 000,041,472 | ---- | M] () -- \Documents and Settings\Doma\Desktop\Sierra Pharaoh - Setup\DIRECTX\DPSERIAL.DLL
[2011.09.13 20:49:30 | 006,340,608 | ---- | M] () -- \Documents and Settings\Doma\Downloads\1315924957_sb_prezentaceserialtatry.ppt
[2011.09.13 20:52:02 | 004,765,184 | ---- | M] () -- \Documents and Settings\Doma\Downloads\1315927544_sb_prezentaceserialpiratia.ppt
[2011.12.30 21:48:28 | 000,000,069 | ---- | M] () -- \Documents and Settings\Doma\Downloads\Quake-3-arena\Quake 3 arena\Crack\serial.txt
[2011.03.10 01:43:26 | 000,413,696 | ---- | M] () -- \Program Files (x86)\Microsoft Silverlight\4.0.60310.0\System.Runtime.Serialization.dll
[2013.02.12 08:46:34 | 001,186,816 | ---- | M] () -- \Program Files (x86)\Microsoft Silverlight\4.0.60310.0\System.Runtime.Serialization.ni.dll
[2009.06.10 23:13:54 | 000,970,752 | ---- | M] () -- \Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2009.07.14 17:17:32 | 000,090,112 | ---- | M] () -- \Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[2009.06.10 22:30:43 | 000,847,872 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2009.07.14 17:17:32 | 000,090,112 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[1997.07.15 01:00:00 | 000,041,472 | ---- | M] () -- \Users\Doma\Desktop\Sierra Pharaoh - Setup\DIRECTX\DPSERIAL.DLL
[2011.09.13 20:49:30 | 006,340,608 | ---- | M] () -- \Users\Doma\Downloads\1315924957_sb_prezentaceserialtatry.ppt
[2011.09.13 20:52:02 | 004,765,184 | ---- | M] () -- \Users\Doma\Downloads\1315927544_sb_prezentaceserialpiratia.ppt
[2011.12.30 21:48:28 | 000,000,069 | ---- | M] () -- \Users\Doma\Downloads\Quake-3-arena\Quake 3 arena\Crack\serial.txt
[2009.07.14 17:17:20 | 000,011,776 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.06.10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2009.07.14 17:17:32 | 000,090,112 | ---- | M] () -- \Windows\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
[2009.06.10 23:13:54 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2009.07.14 06:56:20 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\39e53f507d9cbc5c10a2f47c4b0d09dd\System.Runtime.Serialization.ni.dll
[2011.05.08 00:26:34 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\ad1106dcb485b61902595ebdbac11003\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2009.07.14 06:55:32 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\d57d865568209a71d63739fa448ed6df\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2011.05.08 14:43:26 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dc01d7a6574e5414acc40f3cd0c4ea1d\System.Runtime.Serialization.ni.dll
[2011.05.08 17:46:41 | 003,073,536 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\8f330bba5fc6e402f62bbcdf8db81cbb\System.Runtime.Serialization.ni.dll
[2011.04.26 15:04:47 | 000,396,288 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\e2661f961657f6705544823d25728184\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2009.06.10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2009.07.14 17:17:21 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.06.10 23:14:06 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2009.06.10 22:40:06 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2009.07.14 17:17:19 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2009.06.10 22:30:46 | 000,847,872 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2009.07.14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2009.07.14 17:17:13 | 000,005,120 | ---- | M] () -- \Windows\System32\cs-CZ\serialui.dll.mui
[2009.07.14 02:00:40 | 000,094,208 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_amd64_neutral_fdcfb86ce78678d1\serial.sys
[2009.06.10 22:37:50 | 000,038,400 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_amd64_neutral_6fb75ea318f84fe5\grserial.sys
[2009.07.14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\SysWOW64\serialui.dll
[2009.07.14 17:17:13 | 000,005,120 | ---- | M] () -- \Windows\SysWOW64\cs-CZ\serialui.dll.mui
[2009.07.14 17:17:19 | 000,011,776 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_1c215c9ac50719c5\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2009.07.14 17:17:22 | 000,005,120 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_aa5fd338fd5bcb23\serialui.dll.mui
[2009.07.14 03:41:54 | 000,017,920 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360\serialui.dll
[2009.07.14 17:17:32 | 000,090,112 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_b96904386c2fe002\System.RunTime.Serialization.Resources.dll
[2009.07.14 17:17:25 | 000,009,728 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_20ab142d65ed6acc\serial.sys.mui
[2009.07.14 02:00:40 | 000,094,208 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_548ca258d20f4ada\serial.sys
[2009.06.10 22:40:06 | 000,131,072 | ---- | M] () -- \Windows\winsxs\amd64_netfx-system.runtim..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_a9d1bee515273f56\System.Runtime.Serialization.Formatters.Soap.dll
[2009.06.10 22:37:50 | 000,038,400 | ---- | M] () -- \Windows\winsxs\amd64_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_ce9ed3064deed3aa\grserial.sys
[2009.06.10 22:30:46 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7600.16385_none_5943b25a748cb06c\System.Runtime.Serialization.dll
[2009.06.10 22:30:43 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_941abf24c884ab05\System.Runtime.Serialization.dll
[2011.04.26 14:37:40 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16757_none_6dccf6b5c641c933.manifest
[2011.04.26 14:37:40 | 000,017,792 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16757_none_6dccf6b5c641c933_kdcom.dll_db5e7744
[2009.07.14 17:17:49 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_aa5fd338fd5bcb23_serialui.dll.mui_7d29d2a3
[2009.07.14 04:57:29 | 000,017,920 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360_serialui.dll_bea29328
[2009.07.14 17:17:47 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed_serialui.dll.mui_7d29d2a3
[2009.07.14 04:58:37 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a_serialui.dll_bea29328
[2009.07.14 04:15:17 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_6daa7ec5c65bf5bc.manifest
[2011.02.05 15:10:43 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16757_none_6dccf6b5c641c933.manifest
[2011.02.05 15:05:47 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.20897_none_6e2b53d0df7fd8c1.manifest
[2011.02.05 19:35:45 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8.manifest
[2011.02.05 15:11:05 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.21655_none_703aeff2dc87a23b.manifest
[2009.07.14 04:11:30 | 000,000,868 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.1.7600.16385_none_88b1c48f2026fe3f.manifest
[2009.07.14 04:26:23 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7600.16385_none_5943b25a748cb06c.manifest
[2009.07.14 04:27:09 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_941abf24c884ab05.manifest
[2009.07.14 03:52:33 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896.manifest
[2009.07.14 17:16:38 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0.manifest
[2009.07.14 03:51:52 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9.manifest
[2009.07.14 03:57:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b.manifest
[2009.06.10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll
[2009.07.14 17:17:20 | 000,011,776 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.1.7600.16385_cs-cz_d5c3552dd9b47144\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.06.10 23:14:06 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896\System.Runtime.Serialization.dll
[2009.07.14 17:17:32 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0\System.RunTime.Serialization.Resources.dll
[2009.06.10 23:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9\System.Runtime.Serialization.dll
[2009.07.14 17:17:21 | 000,011,776 | ---- | M] () -- \Windows\winsxs\wow64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_267606ecf967dbc0\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.07.14 17:17:13 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed\serialui.dll.mui
[2009.07.14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a\serialui.dll
[2009.07.14 17:17:32 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_5d4a68b4b3d26ecc\System.RunTime.Serialization.Resources.dll
[2009.06.10 23:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b\System.Runtime.Serialization.dll

< *w7lxe* /s >

< End of report >

skalpik
Návštěvník
Návštěvník
Příspěvky: 59
Registrován: 19 led 2009 08:36

Re: Prosím o kontrolu logu

#6 Příspěvek od skalpik »

A ještě druhý log
OTL Extras logfile created on: 28.4.2014 21:29:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Doma\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,75 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 45,56% Memory free
7,50 Gb Paging File | 4,91 Gb Available in Paging File | 65,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 379,41 Gb Free Space | 81,48% Space Free | Partition Type: NTFS

Computer Name: DOMA-PC | User Name: Doma | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0346FDB2-746C-4516-B03C-AF21C05AF028}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{040069D4-9D78-421C-AB0B-D018F1B1D6E3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{075FF881-805E-469B-A3C9-D0C1D0205815}" = lport=2869 | protocol=6 | dir=in | app=system |
"{12D689B3-D405-42D7-A892-0A8097FE92D6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1451B169-049C-4E4F-A46D-C2B365E04460}" = rport=137 | protocol=17 | dir=out | app=system |
"{17E5960C-1925-44C1-8964-A07DE674E568}" = rport=138 | protocol=17 | dir=out | app=system |
"{19E0C535-2713-4272-8A66-F348CD2B9F0F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2DA39332-4B32-49D8-A3D2-50F1B9B2C9E0}" = lport=445 | protocol=6 | dir=in | app=system |
"{3E6FDC48-25BE-474E-937D-758D40527EB5}" = lport=138 | protocol=17 | dir=in | app=system |
"{4952370F-2C6B-4630-BE22-F1C842C5E2AF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{54F0C175-6CFE-4649-B6F3-908139FBFC07}" = lport=69 | protocol=17 | dir=in | name=tftp transmissions port |
"{60BDD01A-630E-4224-8752-78D347B538EA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{68226171-FDBD-4139-9F8A-C6EE82AB384A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8389BBE4-0A9B-4243-916D-E50BF75F1E44}" = lport=139 | protocol=6 | dir=in | app=system |
"{86C5BDB4-42C5-40B9-90D3-00E65E35CC04}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{969EA103-76E3-47E1-B623-8464773B0965}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{97BA6AFD-9B4E-4AFE-AAF2-BBBA6EB420E6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A1B72443-30C9-40E9-9F36-56D313BA4B01}" = lport=137 | protocol=17 | dir=in | app=system |
"{B5A23786-6EE4-4A14-875A-EB5620CF3FD8}" = lport=12000 | protocol=6 | dir=in | name=winagents tftp server administration port |
"{B78D03A2-FF53-4D0D-8B47-79ECC0C10BD6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CF21B5A6-A86F-4BAB-8718-5A19AB273057}" = rport=445 | protocol=6 | dir=out | app=system |
"{D75A8D19-53CB-425A-B6EC-8D68F4F47CC5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D9645860-AD66-4C0A-A02C-51FDB6844E4C}" = rport=139 | protocol=6 | dir=out | app=system |
"{E0FEBB0D-DD77-4988-8AEF-6D071165D573}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EC6F3EAE-1C53-456E-B471-DA1579C4644B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{F44288A6-2352-42BC-BDC8-D12C9B231C7B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{043D1B2E-A4FA-4149-AD11-E23A57D61090}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{06C5FC66-6855-4CCC-AB6F-B40374445E3C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{07BDFB88-81EC-4DC0-BADA-5C1D01E92CB4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{125C5F88-001A-4D6B-81D3-B0820E347494}" = protocol=17 | dir=in | app=c:\users\doma\appdata\roaming\dropbox\bin\dropbox.exe |
"{13599940-159A-47C3-B569-0D690A336AAA}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{177498DA-E4DF-4BF1-AA1C-918A05EFE82B}" = protocol=17 | dir=in | app=c:\program files (x86)\winagents\tftp server 4\tftpservermanager.exe |
"{1B479CF8-7744-409E-AC14-BE33159691AE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{354A3959-C777-45B0-849B-DE9FFF08C7FA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3B306CA5-0633-47BC-B0B6-7C3BC977296B}" = protocol=6 | dir=in | app=c:\users\doma\appdata\roaming\dropbox\bin\dropbox.exe |
"{439B5A7C-4CC0-4F38-85A1-F8212CE408FC}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{4443790E-0103-4C3E-A846-057E3C75D140}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{51468A17-E1DB-42A4-A021-458BEC5B3F6F}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{52E5BF12-2FE9-4CFC-8B9F-7934AB2B92E7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{55D93A6D-5E85-4E86-9097-5C21091DC3FB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5971D77B-443D-451D-9555-E28B65CD625F}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{5B519AFD-D04A-43FA-9018-CAA8A9D8273C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5C03DE1A-7977-414B-93E1-DB1B7787284D}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\winagents\tftpservice.exe |
"{623EC196-B385-4F3A-89A0-C2305DA7BA6F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{62C280F1-273D-4F90-B134-2DB05ECD3DEA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{76905385-D614-4F3D-A772-6A8BBBB79DDB}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{771DB21D-6946-4B50-961A-B36A2E30FA2A}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{7DF967CD-6C39-4B0E-967B-9E73B86A8B07}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{84BB8E2A-A0BF-4E89-A116-C6005A6CB7FB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8D8535EC-5A02-4807-8549-92007C042CBE}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\winagents\tftpservice.exe |
"{9A930CDC-E8A3-4E43-821F-2707515E73DF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{9F24123A-3F01-40E8-9FCC-BA4CA45DAC7A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B0D1F3DB-8648-4062-832D-7B1364ACA62D}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{B7FCA10D-8916-48F9-9F2F-35C577B4C64B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C8A7D09B-E6A9-45B5-97F2-9D9356D3261C}" = protocol=6 | dir=out | app=system |
"{CCB0B0D8-1903-463E-B50E-101CD3A98D82}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D1DEB46B-EDF6-4787-BB89-D3D7448E0BB8}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{D41D1472-2A24-4FD0-BD67-89300E9C80D2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{D81CD5AE-E035-470F-B6D8-8467A2FFF09C}" = protocol=6 | dir=in | app=c:\program files (x86)\winagents\tftp server 4\tftpservermanager.exe |
"{D8E4973A-D913-4803-9DBA-E939D7920678}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D968C45E-94CD-4ABB-A8B9-72CC306C1702}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{DAB2CDBF-FEB1-4287-9159-434403D9C268}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{DFA4430E-2CD6-4D2A-9352-4A657B3BC5E3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E43656B3-0A7C-415F-B007-15038DDE4274}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{E6FEC0C8-72A4-4AAF-88AC-B7C1E522B024}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EC55368F-9B61-4CEE-A030-8F8B12B5584B}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{F5568507-A029-4D9A-A329-F3B60B84A554}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F7B83C9C-A27E-487E-BC16-0E468896E277}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{0BF077F5-FCAC-4761-9469-AFADA696D2FC}C:\users\doma\desktop\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\users\doma\desktop\age of empires ii\empires2.exe |
"TCP Query User{14F703E0-A51A-40FB-BAE8-447C8E4C84C2}E:\quake3.exe" = protocol=6 | dir=in | app=e:\quake3.exe |
"TCP Query User{18D34C8C-23BB-491B-82F6-24C14790B21B}C:\program files (x86)\xplosiv\sof platinum\sof.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xplosiv\sof platinum\sof.exe |
"TCP Query User{1BF9B173-05D0-49DA-B893-44870BC6BA77}C:\users\doma\desktop\age of empires ii\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\doma\desktop\age of empires ii\age2_x1.exe |
"TCP Query User{23AD75AB-A033-4C0A-8447-DB5D1295B9B7}C:\program files (x86)\qip 2010\qip.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qip 2010\qip.exe |
"TCP Query User{4F5A71E6-D428-4419-8AD6-98FD8202AAE9}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{5B549160-83E9-4DD5-BD7D-520E407C20DA}C:\users\doma\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\doma\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{5EC7C4B3-1A54-4D51-BEDE-8D628E29416F}C:\program files (x86)\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"TCP Query User{6501665A-105A-4FDF-9E0C-051D310981F0}C:\program files (x86)\xplosiv\sof platinum\sof.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xplosiv\sof platinum\sof.exe |
"TCP Query User{8C75F775-FD64-4614-91D5-6CAA8F4C5C30}C:\program files (x86)\qip 2010\qip.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qip 2010\qip.exe |
"TCP Query User{9281E6CD-C210-454B-A2D0-725F5EEEB224}C:\program files (x86)\quake iii arena\quake3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\quake iii arena\quake3.exe |
"TCP Query User{B19E3918-5FFB-4227-9CD9-73A0199F770F}C:\users\doma\desktop\age of empires ii\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\doma\desktop\age of empires ii\age2_x1.exe |
"TCP Query User{B3D51BB2-E3C5-4BF2-9352-A8B32E69953F}C:\users\doma\desktop\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\users\doma\desktop\age of empires ii\empires2.exe |
"TCP Query User{B726F337-C716-460B-83FD-0A9630149E43}C:\program files (x86)\quake iii arena\quake3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\quake iii arena\quake3.exe |
"TCP Query User{D0169C15-629F-4EFA-A828-F680693E5AE1}C:\totalcmd\totalcmd64.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd64.exe |
"TCP Query User{D4E83F7C-19F1-4FA0-8728-CDD37E293076}C:\program files (x86)\counter-strike 1.6 standalone\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\counter-strike 1.6 standalone\launcher.exe |
"TCP Query User{DAE7C0E8-7B2F-4C57-89BD-169FB5097A0C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{0777AF9F-F547-4B72-9429-B74FF36F041F}C:\program files (x86)\qip 2010\qip.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qip 2010\qip.exe |
"UDP Query User{0B1AE0CD-CD85-4B94-B8D8-4179B31AD18C}C:\program files (x86)\qip 2010\qip.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qip 2010\qip.exe |
"UDP Query User{17C7DD03-20A0-46BA-990B-1147D783D379}C:\users\doma\desktop\age of empires ii\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\doma\desktop\age of empires ii\age2_x1.exe |
"UDP Query User{306840A6-1794-401B-92D2-2CB89CB394DB}C:\users\doma\desktop\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\users\doma\desktop\age of empires ii\empires2.exe |
"UDP Query User{3B393DAF-86CC-4FFE-8757-1265D619A77F}C:\users\doma\desktop\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\users\doma\desktop\age of empires ii\empires2.exe |
"UDP Query User{44D25D99-FE37-4FE8-A4BB-0C683456BDC6}C:\users\doma\desktop\age of empires ii\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\doma\desktop\age of empires ii\age2_x1.exe |
"UDP Query User{5A3F3E6B-8268-4F70-B2AC-A9B010A40086}C:\program files (x86)\quake iii arena\quake3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\quake iii arena\quake3.exe |
"UDP Query User{6E578B1D-0183-4383-9DFC-5F3A2117361D}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{95FEA41F-8D6A-4511-8AE7-F23D7120B025}C:\users\doma\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\doma\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{9AB2CB02-641B-4FCC-B0D2-7C2937B6AF0C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{BAED3981-80BF-410F-99E5-3C9013843863}C:\program files (x86)\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"UDP Query User{BC5E9400-2117-4206-90AC-01D4D63D9DA2}C:\program files (x86)\xplosiv\sof platinum\sof.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xplosiv\sof platinum\sof.exe |
"UDP Query User{CF934EC2-A990-433C-986C-AC0B04C8947D}C:\program files (x86)\quake iii arena\quake3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\quake iii arena\quake3.exe |
"UDP Query User{D10A9E43-64B2-4BA5-9F39-637FC8CBD098}C:\totalcmd\totalcmd64.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd64.exe |
"UDP Query User{D78264DA-324E-4578-8058-4E63B1D33E57}C:\program files (x86)\xplosiv\sof platinum\sof.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xplosiv\sof platinum\sof.exe |
"UDP Query User{DC090B33-C945-498A-8553-4DB955C39D1B}C:\program files (x86)\counter-strike 1.6 standalone\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\counter-strike 1.6 standalone\launcher.exe |
"UDP Query User{DFD01373-89BF-4D7E-9779-5511851CD07C}E:\quake3.exe" = protocol=17 | dir=in | app=e:\quake3.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{17E113E6-CD0E-4045-B154-65F0E57959EF}_is1" = IMPI 2.0.0.429
"{2A13EF26-4D68-B2D7-A486-DBBD2FDE366B}" = ATI Catalyst Install Manager
"{34FE274A-6AC9-24D1-2364-7A8BE8B4A068}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{7EC4C4BE-172D-42CE-90E2-B0B4535C183F}" = Základní software zařízení HP Deskjet 3050 J610 series
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2007
"{945CF655-4A32-4667-B085-70A9D53C5A86}" = NI VC2008MSMs x64
"{A0831C28-A6FA-49A3-86AE-B5AE3C9EE19C}" = LEGO MINDSTORMS NXT x64 Driver
"R for Windows 2.15.0_is1" = R for Windows 2.15.0
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D74C204-0451-463E-8B8E-F2E11504A675}" = Dance eJay 7 Demo
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15C11D1A-F178-68C9-9C3F-D70694850DCF}" = CCC Help Thai
"{1AAE551D-A4FB-4C8E-83BF-560073FEC00A}" = Disco XT Demo
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20687EF7-CDC0-B8CA-058B-32BC7B6D7B30}" = CCC Help Turkish
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2D4FF9D4-EB76-4A29-6A66-EC5A2B7A900D}" = CCC Help Russian
"{309AA357-D7AD-4AED-9573-679BBD2BEE66}" = Cabri II Plus 1.4.2
"{336A1E37-FE4F-E77C-1EFE-AD66B8E76A9F}" = CCC Help Chinese Traditional
"{33DDD5C3-9706-4C7C-B6B3-F067775B9FF5}" = LEGO MINDSTORMS Edu NXT - English Language Pack
"{3A627783-AF3B-D420-6411-05AACB3F3932}" = Catalyst Control Center Graphics Previews Vista
"{3CD07764-6A66-D39C-5189-8828EC8C045F}" = AirportMadness4
"{407CA81C-8454-CCD5-BACD-BA6BD18F680F}" = CCC Help Greek
"{41DA4817-4D2A-4D83-AD02-6A2D95DC8DCB}_is1" = TeXworks 0.4.4
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EAA09F8-EC61-81CB-EED8-E9DE18800DED}" = Catalyst Control Center Localization All
"{5ACC1A9F-AAB9-012D-4A65-1D7E92B4242E}" = CCC Help Italian
"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63BCDFC4-BD0D-640E-2B3F-FCDA34805E33}" = Catalyst Control Center Graphics Full New
"{67227CE5-9560-9D24-852B-E75AAB19F0A6}" = CCC Help Portuguese
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{756B8ACF-1E76-6869-2E4B-200BC6D6E6B1}" = CCC Help Swedish
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{76EBC536-D99E-58A6-ECA6-5A63A5FCB992}" = CCC Help Hungarian
"{7A54F8D9-D42B-DC31-22F4-4AB33DD60208}" = CCC Help Finnish
"{7EE3C326-76F2-6E15-105F-4D386B90152C}" = CCC Help Dutch
"{83719FB4-D863-4511-8A5E-51D2122D2B58}" = WinAgents TFTP Server
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADE5280-35CA-CF98-A456-F66B98C77244}" = ccc-core-static
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00B0-0405-0000-0000000FF1CE}" = Doplněk Microsoft Save as PDF pro aplikace sady Microsoft Office 2007
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{94C45C20-CB09-54A1-5E41-FCEFBAD50A1B}" = CCC Help Spanish
"{94D0A32F-F467-D869-2AF3-465F5C6F187E}" = CCC Help Chinese Standard
"{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU
"{A37CA1E3-3343-BF7D-0103-EA5790A67C2A}" = CCC Help German
"{ABC0160A-D981-8776-5D53-B962E9AB9A17}" = CCC Help French
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{B20D0A45-039C-1299-1E92-81BC9A995BFA}" = CCC Help Korean
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{B7EDCA19-58E3-9B10-5ED5-1928DF65BB4F}" = Catalyst Control Center Graphics Light
"{B8887E02-C910-4498-A7C0-186ABFDCD110}" = GPU Boost Driver
"{B99D218E-948E-BB99-9E9A-D5D31B3FC4D1}" = CCC Help Japanese
"{BA39F78D-E4B1-8DB4-AFC6-7302DC3B12BC}" = CCC Help Czech
"{BD510201-74C1-4C78-D7A8-4E2210495A6D}" = CCC Help English
"{C6B003DB-5950-0800-0858-1F5F70A090F6}" = CCC Help Polish
"{D53EE2FF-EF7A-A93F-BF5F-2B96029B6C8A}" = Catalyst Control Center Graphics Full Existing
"{D5B94160-4A07-4956-9C73-8C5EEFEF180F}" = OpenOffice.org 3.3
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DA04174D-7B42-F784-0456-B9201DAB1F0D}" = Catalyst Control Center Core Implementation
"{DFF9B672-09C0-41E6-BA77-2EC668B427F2}" = LEGO MINDSTORMS NXT x64 Driver Support
"{E0E4EB10-3F69-4186-8CAA-F9FDD39F06D5}" = LEGO MINDSTORMS Edu NXT Software v2.1
"{EC8BF669-EFEA-40D9-8894-9074E407FC07}" = NI VC2008MSMs x86
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Nápověda
"{F93FC0FA-AC65-81AE-58BF-32381C7B407C}" = Catalyst Control Center InstallProxy
"{FF0E8A52-B152-F22E-8BF5-488EE977ACD0}" = CCC Help Norwegian
"{FF52834F-839A-652B-2BB7-DB4BD61603A9}" = CCC Help Danish
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced Port Scanner v1.3" = Advanced Port Scanner v1.3
"AirportMadness4" = AirportMadness4
"Avast" = avast! Free Antivirus
"BSPlayerf" = BS.Player FREE
"cabrilog_cabri3d_21x_is1" = Cabri 3D 2.1.2
"cabrilog_cabri3d_plugin_21x_is1" = Cabri 3D Plug-in 2.1.2
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"Counter-Strike 1.6 Standalone" = Counter-Strike 1.6 Standalone
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diagram Designer" = Diagram Designer
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ChaosPro 4.0" = ChaosPro
"ICQToolbar" = ICQ Toolbar
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware verze 2.0.1.1004
"MiKTeX 2.9" = MiKTeX 2.9
"PDFTools_is1" = PDFTools Version 1.2 (09/28/2006)
"Pharaoh" = Pharaoh
"Photodex Presenter" = Photodex Presenter
"PowerISO" = PowerISO
"ProShow Producer" = ProShow Producer
"Quake III Arena" = Quake III Arena
"rajče.net_is1" = rajče průvodce verze 1.59.42.257
"Santa Claus in trouble ...again! - Demo" = Santa Claus in trouble ...again! - Demo
"Soldier of Fortune Platinum" = Soldier of Fortune Platinum
"TeamViewer 6" = TeamViewer 6
"TOEFL Official Guide" = TOEFL Official Guide 4.0
"WinEdt_is1" = WinEdt
"Winmail Opener" = Winmail Opener 1.4
"Winmail Reader_is1" = Winmail Reader 1.2.15
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"winscp3_is1" = WinSCP 5.1.4
"Wondershare Photo Story Platinum_is1" = Wondershare Photo Story Platinum (2.5.0) Trial Version
"XnView_is1" = XnView 1.99.5

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4024734649-1204722663-2588032379-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"QIP 2010" = QIP 2010 3.1.5890
"QIP 2012" = QIP 2012 4.0.7102
"UnityWebPlayer" = Unity Web Player
"VVVS-ZS (beta verze)" = VVVS-ZS (beta verze)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 27.11.2013 13:04:10 | Computer Name = Doma-PC | Source = RasClient | ID = 20227
Description =

Error - 27.11.2013 13:07:00 | Computer Name = Doma-PC | Source = RasClient | ID = 20227
Description =

Error - 27.11.2013 13:07:11 | Computer Name = Doma-PC | Source = RasClient | ID = 20227
Description =

Error - 28.11.2013 13:28:30 | Computer Name = Doma-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files\R\r-2.15.0\Tcl\bin64\tk85.dll
se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program files\R\r-2.15.0\Tcl\bin64\tk85.dll
na řádku 9. Hodnota x64 atributu processorArchitecture v prvku assemblyIdentity
je neplatná.

Error - 30.11.2013 14:32:14 | Computer Name = Doma-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files\R\r-2.15.0\Tcl\bin64\tk85.dll
se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program files\R\r-2.15.0\Tcl\bin64\tk85.dll
na řádku 9. Hodnota x64 atributu processorArchitecture v prvku assemblyIdentity
je neplatná.

Error - 1.12.2013 14:49:51 | Computer Name = Doma-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files\R\r-2.15.0\Tcl\bin64\tk85.dll
se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program files\R\r-2.15.0\Tcl\bin64\tk85.dll
na řádku 9. Hodnota x64 atributu processorArchitecture v prvku assemblyIdentity
je neplatná.

Error - 3.12.2013 10:50:12 | Computer Name = Doma-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files\R\r-2.15.0\Tcl\bin64\tk85.dll
se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program files\R\r-2.15.0\Tcl\bin64\tk85.dll
na řádku 9. Hodnota x64 atributu processorArchitecture v prvku assemblyIdentity
je neplatná.

Error - 7.12.2013 2:02:33 | Computer Name = Doma-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files\R\r-2.15.0\Tcl\bin64\tk85.dll
se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program files\R\r-2.15.0\Tcl\bin64\tk85.dll
na řádku 9. Hodnota x64 atributu processorArchitecture v prvku assemblyIdentity
je neplatná.

Error - 8.12.2013 8:04:40 | Computer Name = Doma-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files\R\r-2.15.0\Tcl\bin64\tk85.dll
se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program files\R\r-2.15.0\Tcl\bin64\tk85.dll
na řádku 9. Hodnota x64 atributu processorArchitecture v prvku assemblyIdentity
je neplatná.

Error - 10.12.2013 14:43:20 | Computer Name = Doma-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files\R\r-2.15.0\Tcl\bin64\tk85.dll
se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program files\R\r-2.15.0\Tcl\bin64\tk85.dll
na řádku 9. Hodnota x64 atributu processorArchitecture v prvku assemblyIdentity
je neplatná.

[ System Events ]
Error - 18.4.2014 1:01:49 | Computer Name = Doma-PC | Source = Service Control Manager | ID = 7034
Description = Služba WinAgents TFTP Service 4 byla neočekávaně ukončena. Tento stav
nastal již 1krát.

Error - 27.4.2014 8:22:34 | Computer Name = Doma-PC | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (14:20:49, ?27.?4.?2014) bylo neočekávané.

Error - 27.4.2014 8:22:38 | Computer Name = DOMA-PC | Source = BugCheck | ID = 1001
Description =

Error - 28.4.2014 5:52:19 | Computer Name = Doma-PC | Source = Schannel | ID = 36888
Description = Byla vygenerována následující výstraha o závažné chybě: 10. Stav interní
chyby: 10

Error - 28.4.2014 5:52:43 | Computer Name = Doma-PC | Source = Schannel | ID = 36888
Description = Byla vygenerována následující výstraha o závažné chybě: 10. Stav interní
chyby: 10

Error - 28.4.2014 5:53:41 | Computer Name = Doma-PC | Source = Schannel | ID = 36888
Description = Byla vygenerována následující výstraha o závažné chybě: 10. Stav interní
chyby: 10

Error - 28.4.2014 5:54:02 | Computer Name = Doma-PC | Source = Schannel | ID = 36888
Description = Byla vygenerována následující výstraha o závažné chybě: 10. Stav interní
chyby: 10

Error - 28.4.2014 5:55:45 | Computer Name = Doma-PC | Source = Schannel | ID = 36888
Description = Byla vygenerována následující výstraha o závažné chybě: 10. Stav interní
chyby: 10

Error - 28.4.2014 5:56:11 | Computer Name = Doma-PC | Source = Schannel | ID = 36888
Description = Byla vygenerována následující výstraha o závažné chybě: 10. Stav interní
chyby: 10

Error - 28.4.2014 5:57:32 | Computer Name = Doma-PC | Source = Service Control Manager | ID = 7000
Description = Služba iclrxhai neuspěla při spuštění v důsledku následující chyby:
%%2


< End of report >

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119536
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosím o kontrolu logu

#7 Příspěvek od Rudy »

Sken OTL mi potvrdil, že váš operační systém není legální. Proto váš problém nemohu podle pravidel: http://forum.viry.cz/viewtopic.php?f=12&t=115512 řešit. Bohužel.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Odpovědět