VIRY.CZ

Uz asi kompletne dosluhuje,po otvoreni niekolkych tabov sa stane,ze prehliadac zamrzne a podobne,potom laguje HDD,neskutocne vrci a mnoho dalsieho.Poprosim o preventivny log a uvidime co to spravi.
Dakujem
Logfile of random's system information tool 1.10 (written by random/random)
Run by yakuza at 2014-06-04 20:21:30
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 330 GB (54%) free of 610 GB
Total RAM: 4094 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:21:40, on 4. 6. 2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Program Files\trend micro\yakuza.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2123353453-1993312672-866605396-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2123353453-1993312672-866605396-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
O23 - Service: BlueStacks Updater Service (BstHdUpdaterSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7997 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
"C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"
"C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"taskhost.exe"
"C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe"
"C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android
"C:\Program Files (x86)\BlueStacks\HD-Network.exe"
\??\C:\Windows\system32\conhost.exe "-14937273251669010834-152278533312165448671296542610-488778196039872531839768915
"C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe"
\??\C:\Windows\system32\conhost.exe "953747008-1967857753-12621516665685334721077076109-1291832145-2833868171370422303
"C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe"
\??\C:\Windows\system32\conhost.exe "-2061234921400833709161771555680420013849244331039028385195911319-1157983446
"C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
"C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe" avshadowcontrol0_00000598
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=3916.15341040.1118968984 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 3916 "\\.\pipe\gecko-crash-server-pipe.3916" plugin
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe" --proxy-stub-channel=Flash892.62006010.24738 --host-broker-channel=Flash892.62006010.19257 --host-pid=892 --host-npapi-version=27 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll"
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe" --channel=3216.003CF740.102673724 --proxy-stub-channel=Flash892.62006010.24738 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll" --host-npapi-version=27 --type=renderer
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Users\yakuza\Desktop\RSITx64.exe"

=========Mozilla firefox=========

ProfilePath - C:\Users\yakuza\AppData\Roaming\Mozilla\Firefox\Profiles\b7r9aqa9.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "google.sk"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.214 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.214 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL


C:\Users\yakuza\AppData\Roaming\Mozilla\Firefox\Profiles\b7r9aqa9.default\searchplugins\
avira-safesearch.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent]
C:\Program Files (x86)\BlueStacks\HD-Agent.exe [2014-05-01 832272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-01-08 3674320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
C:\Windows\RaidTool\xInsIDE.exe [2007-03-20 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicRotation]
C:\Program Files (x86)\MagicRotation\MagicPvt.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicTuneEngine]
C:\Program Files\MagicTune Premium\MagicTuneLauncher.exe [2010-10-29 53760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RAVCpl64.exe [2008-07-24 6452256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
C:\Windows\Skytel.exe [2008-07-24 1833504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files (x86)\Steam\steam.exe [2014-05-29 1754816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GammaTray.exe.lnk]
C:\PROGRA~1\MAGICT~1\GAMMAT~1.EXE [2009-10-05 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NCProTray.lnk]
C:\PROGRA~2\SEC\NATURA~1\NCPROT~1.EXE [2007-12-13 49220]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2014-06-03 737872]
"Avira Systray"=C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [2014-05-14 183376]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-06-04 20:21:31 ----D---- C:\Program Files\trend micro
2014-06-04 20:21:30 ----D---- C:\rsit
2014-05-24 18:03:41 ----D---- C:\Users\yakuza\AppData\Roaming\HD Tune Pro
2014-05-24 18:03:21 ----D---- C:\Program Files (x86)\HD Tune Pro
2014-05-15 20:47:41 ----A---- C:\Windows\system32\shell32.dll
2014-05-15 20:47:40 ----A---- C:\Windows\SYSWOW64\shell32.dll
2014-05-15 20:47:31 ----A---- C:\Windows\system32\ntoskrnl.exe
2014-05-15 20:47:30 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2014-05-15 20:47:30 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2014-05-15 20:47:30 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2014-05-15 20:47:30 ----A---- C:\Windows\system32\lsasrv.dll
2014-05-15 20:47:30 ----A---- C:\Windows\system32\kerberos.dll
2014-05-15 20:47:29 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2014-05-15 20:47:29 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2014-05-15 20:47:29 ----A---- C:\Windows\SYSWOW64\objsel.dll
2014-05-15 20:47:29 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2014-05-15 20:47:29 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2014-05-15 20:47:29 ----A---- C:\Windows\system32\winlogon.exe
2014-05-15 20:47:29 ----A---- C:\Windows\system32\wdigest.dll
2014-05-15 20:47:29 ----A---- C:\Windows\system32\TSpkg.dll
2014-05-15 20:47:29 ----A---- C:\Windows\system32\schannel.dll
2014-05-15 20:47:29 ----A---- C:\Windows\system32\objsel.dll
2014-05-15 20:47:29 ----A---- C:\Windows\system32\msv1_0.dll
2014-05-15 20:47:29 ----A---- C:\Windows\system32\KernelBase.dll
2014-05-15 20:47:29 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2014-05-15 20:47:28 ----A---- C:\Windows\SYSWOW64\wincredprovider.dll
2014-05-15 20:47:28 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2014-05-15 20:47:28 ----A---- C:\Windows\SYSWOW64\schannel.dll
2014-05-15 20:47:28 ----A---- C:\Windows\SYSWOW64\secur32.dll
2014-05-15 20:47:28 ----A---- C:\Windows\SYSWOW64\dpapiprovider.dll
2014-05-15 20:47:28 ----A---- C:\Windows\SYSWOW64\dimsroam.dll
2014-05-15 20:47:28 ----A---- C:\Windows\SYSWOW64\credssp.dll
2014-05-15 20:47:28 ----A---- C:\Windows\SYSWOW64\cngprovider.dll
2014-05-15 20:47:28 ----A---- C:\Windows\SYSWOW64\capiprovider.dll
2014-05-15 20:47:28 ----A---- C:\Windows\SYSWOW64\adprovider.dll
2014-05-15 20:47:28 ----A---- C:\Windows\system32\wincredprovider.dll
2014-05-15 20:47:28 ----A---- C:\Windows\system32\sspisrv.dll
2014-05-15 20:47:28 ----A---- C:\Windows\system32\sspicli.dll
2014-05-15 20:47:28 ----A---- C:\Windows\system32\secur32.dll
2014-05-15 20:47:28 ----A---- C:\Windows\system32\lsass.exe
2014-05-15 20:47:28 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2014-05-15 20:47:28 ----A---- C:\Windows\system32\dpapiprovider.dll
2014-05-15 20:47:28 ----A---- C:\Windows\system32\dimsroam.dll
2014-05-15 20:47:28 ----A---- C:\Windows\system32\credssp.dll
2014-05-15 20:47:28 ----A---- C:\Windows\system32\cngprovider.dll
2014-05-15 20:47:28 ----A---- C:\Windows\system32\capiprovider.dll
2014-05-15 20:47:28 ----A---- C:\Windows\system32\adprovider.dll
2014-05-14 19:04:52 ----D---- C:\Program Files (x86)\Mozilla Firefox

======List of files/folders modified in the last 1 month======

2014-06-04 20:21:35 ----D---- C:\Windows\Temp
2014-06-04 20:21:31 ----RD---- C:\Program Files
2014-06-04 20:20:34 ----D---- C:\Program Files (x86)\Steam
2014-06-04 17:34:01 ----D---- C:\Windows\system32\config
2014-06-04 17:25:55 ----D---- C:\Windows\System32
2014-06-04 17:25:55 ----D---- C:\Windows\inf
2014-06-04 17:25:55 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-06-04 17:19:44 ----D---- C:\ProgramData\NVIDIA
2014-06-03 17:29:52 ----D---- C:\Windows\system32\catroot
2014-06-03 17:29:51 ----D---- C:\Windows\system32\drivers
2014-06-01 22:11:31 ----D---- C:\Users\yakuza\AppData\Roaming\Skype
2014-05-27 19:20:39 ----SHD---- C:\Windows\Installer
2014-05-27 19:20:34 ----RD---- C:\Program Files (x86)\Skype
2014-05-27 19:20:34 ----D---- C:\Program Files (x86)\Common Files
2014-05-27 19:20:31 ----D---- C:\ProgramData\Skype
2014-05-25 19:15:14 ----D---- C:\Windows\system32\NDF
2014-05-24 18:03:21 ----RD---- C:\Program Files (x86)
2014-05-24 17:35:45 ----SHD---- C:\System Volume Information
2014-05-19 17:21:24 ----D---- C:\ProgramData\Package Cache
2014-05-19 17:21:13 ----D---- C:\Windows\SysWOW64
2014-05-19 17:21:13 ----D---- C:\Program Files (x86)\Avira
2014-05-17 09:58:54 ----D---- C:\Windows\Tasks
2014-05-17 09:58:54 ----D---- C:\Windows\system32\Tasks
2014-05-17 09:58:49 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-05-15 21:05:11 ----D---- C:\Windows\winsxs
2014-05-15 21:02:16 ----D---- C:\Windows\system32\en-US
2014-05-15 21:02:16 ----D---- C:\Windows\PolicyDefinitions
2014-05-15 20:49:52 ----D---- C:\Windows\system32\MRT
2014-05-15 20:48:20 ----A---- C:\Windows\system32\MRT.exe
2014-05-15 20:46:03 ----D---- C:\Windows\system32\catroot2
2014-05-15 17:06:48 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-11 19:09:28 ----D---- C:\Windows\system32\wdi

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2014-06-03 130584]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2014-02-25 28600]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 MagicTune;MagicTune; C:\Windows\system32\drivers\MTiCtwl.sys [2008-11-04 23096]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2014-06-03 112080]
R2 BstHdDrv;BlueStacks Hypervisor; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2014-05-01 123152]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-03-07 283200]
R3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2014-06-04 24072]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2008-07-24 1488032]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
R3 skfiltv;skfiltv; C:\Windows\system32\drivers\skfiltv.sys [2008-08-14 24064]
S1 NCPro;NCPro; C:\Windows\system32\drivers\MTictwl.sys [2008-11-04 23096]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
R2 AntiVirService;Avira Real-Time Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2014-06-03 430160]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2014-06-03 430160]
R2 Avira.OE.ServiceHost;Avira Service Host; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-05-14 123984]
R2 BstHdAndroidSvc;BlueStacks Android Service; C:\Program Files (x86)\BlueStacks\HD-Service.exe [2014-05-01 402192]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2014-05-01 385808]
R2 BstHdUpdaterSvc;BlueStacks Updater Service; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [2014-05-01 774928]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 GEST Service;GEST Service for program management.; C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe [2008-08-08 80392]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-11-11 922912]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-03-15 1266464]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2013-07-26 75136]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-11-11 414496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-05-14 119408]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-05-29 543424]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-09-17 1255736]
S4 AntiVirWebService;Avira Web Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [2014-06-03 1039952]

-----------------EOF-----------------

Zdravím!
Jak je na tom váš oper. systém s legalitou?

Ja myslim,ze v pohode.

Zkusíme tento postup:

Stáhněte a spusťte OTL: http://oldtimer.geekstogo.com/OTL.exe . Spusťte, zaškrněte "Pro všechny uživatele", Kontrola na havěť LOP" a Kontrola na hvěť PURITY" a do dolního bílého okna zkopírujte:

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*loader* /s

a klikněte na >Prohledat<. Dejte oba logy.

Ahoj

OTL logfile created on: 5. 6. 2014 17:37:45 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\yakuza\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 49,94% Memory free
7,99 Gb Paging File | 5,87 Gb Available in Paging File | 73,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,04 Gb Total Space | 321,90 Gb Free Space | 54,01% Space Free | Partition Type: NTFS

Computer Name: YAKUZA-PC | User Name: yakuza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/06/05 17:34:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\yakuza\Desktop\OTL.exe
PRC - [2014/06/03 17:29:21 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2014/06/03 17:29:17 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2014/06/03 17:29:16 | 000,737,872 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2014/05/14 19:04:55 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/05/14 14:27:34 | 000,183,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
PRC - [2014/05/14 14:27:34 | 000,123,984 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
PRC - [2014/05/01 13:00:30 | 000,774,928 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
PRC - [2014/05/01 12:58:24 | 000,385,808 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
PRC - [2014/05/01 12:57:52 | 000,402,192 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Service.exe
PRC - [2014/05/01 12:57:48 | 000,367,888 | ---- | M] (BlueStack Systems) -- C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
PRC - [2014/05/01 12:57:40 | 000,261,904 | ---- | M] (BlueStack Systems) -- C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
PRC - [2014/05/01 12:57:38 | 000,379,152 | ---- | M] (BlueStack Systems) -- C:\Program Files (x86)\BlueStacks\HD-Network.exe
PRC - [2013/12/21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/11/11 09:59:20 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/07/26 18:29:03 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/03/15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2008/08/08 14:24:42 | 000,080,392 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe


========== Modules (No Company Name) ==========

MOD - [2014/05/14 19:04:55 | 003,839,088 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/05/14 14:27:32 | 000,137,296 | ---- | M] () -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
MOD - [2014/05/14 14:27:28 | 000,049,744 | ---- | M] () -- C:\Users\yakuza\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
MOD - [2014/03/31 19:44:59 | 000,245,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\bf56bd4e9996950950b4685dac7f2156\WindowsFormsIntegration.ni.dll
MOD - [2014/03/31 19:44:45 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\3f1613bcf5b9cf536359bfff7bd18a5a\System.ServiceProcess.ni.dll
MOD - [2014/03/31 19:44:39 | 017,919,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\40f4f298c3c655b834c73b5046a9cd0b\System.ServiceModel.ni.dll
MOD - [2014/03/31 19:44:11 | 001,065,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\81558b32b261e911f8f822f1de63fdca\System.IdentityModel.ni.dll
MOD - [2014/03/30 17:37:44 | 001,011,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\591cc2015a0165ede73d3e6770e0e7c2\System.Runtime.DurableInstancing.ni.dll
MOD - [2014/03/30 17:37:44 | 000,645,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\40ab9da3eafd6bd1cbc6695ba406975a\System.Transactions.ni.dll
MOD - [2014/03/30 17:37:43 | 000,142,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\b420437eca1d1aec1a8bf23cc5173661\SMDiagnostics.ni.dll
MOD - [2014/03/30 17:37:42 | 002,625,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\30ed505f7ea7d6139128d4a6d9981dc0\System.Runtime.Serialization.ni.dll
MOD - [2014/03/30 17:37:39 | 001,776,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d85a3d6ed5bb77f5603e098cccf60bfa\System.Xaml.ni.dll
MOD - [2014/03/29 13:51:49 | 006,754,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\c12e10c218be4be353975af6abb072d9\System.Data.ni.dll
MOD - [2014/03/29 13:51:47 | 013,006,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f3cdd09fc0acc85c7febbd2e2ef9c4e5\System.Windows.Forms.ni.dll
MOD - [2014/03/29 13:51:44 | 017,629,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\8357ade60159c25ee88db0aab8686e6d\PresentationFramework.ni.dll
MOD - [2014/03/29 13:51:39 | 001,651,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2fe09cc54a8390b20e380239db34228f\System.Drawing.ni.dll
MOD - [2014/03/29 13:51:37 | 002,499,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\73dd24232790e0e5c2649dde8e65516c\System.Data.Linq.ni.dll
MOD - [2014/03/29 13:51:30 | 011,057,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7a1eeb425f9318f432afead4b2da965a\PresentationCore.ni.dll
MOD - [2014/03/29 13:51:30 | 005,571,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2d7c29ad77c15abfa6a8fe6d24840a91\System.Xml.ni.dll
MOD - [2014/03/29 13:51:26 | 000,973,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ac2cd19f2159d48684e17cbdecfaa3b7\System.Configuration.ni.dll
MOD - [2014/03/29 13:51:24 | 000,450,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b4e58d1a3e0ee75b6b107585c92c68e8\PresentationFramework.Aero.ni.dll
MOD - [2014/03/29 13:51:22 | 007,025,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\85693dfd9ba4905b0fd947fdb51446d5\System.Core.ni.dll
MOD - [2014/03/29 13:51:17 | 003,779,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\f1f3a74eb37b27b7d05b8ffa941f8473\WindowsBase.ni.dll
MOD - [2014/03/29 13:51:14 | 009,000,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\161c6f80ad93b0505054d244f1c6243c\System.ni.dll
MOD - [2014/03/29 13:51:09 | 000,144,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\be70c34efd115166a2710acac3346bfa\System.Numerics.ni.dll
MOD - [2014/03/29 13:51:08 | 014,415,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\4ff1f12a08d455f195ba996fe77497c6\mscorlib.ni.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/06/03 17:29:21 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014/06/03 17:29:18 | 001,039,952 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe -- (AntiVirWebService)
SRV - [2014/06/03 17:29:17 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014/05/29 19:36:52 | 000,543,424 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/05/14 19:04:55 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/14 14:27:34 | 000,123,984 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe -- (Avira.OE.ServiceHost)
SRV - [2014/05/01 13:00:30 | 000,774,928 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe -- (BstHdUpdaterSvc)
SRV - [2014/05/01 12:58:24 | 000,385,808 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2014/05/01 12:57:52 | 000,402,192 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2013/12/21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/11 09:59:20 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/07/26 18:29:03 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/03/15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/08 14:24:42 | 000,080,392 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/06/03 17:29:17 | 000,130,584 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2014/06/03 17:29:17 | 000,112,080 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2014/02/25 12:41:28 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013/03/07 17:44:24 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/11/04 13:12:08 | 000,023,096 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\MTiCtwl.sys -- (NCPro)
DRV:64bit: - [2008/11/04 13:12:08 | 000,023,096 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MTiCtwl.sys -- (MagicTune)
DRV:64bit: - [2008/08/14 06:48:34 | 000,024,064 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\skfiltv.sys -- (skfiltv)
DRV - [2014/06/05 17:31:26 | 000,024,072 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2014/05/01 12:58:10 | 000,123,152 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006/08/28 17:12:04 | 000,013,312 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\MTictwl.sys -- (NCPro)
DRV - [2006/08/28 17:12:04 | 000,013,312 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\MTictwl.sys -- (MagicTune)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2123353453-1993312672-866605396-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3F AD 9B A9 76 92 CD 01 [binary data]
IE - HKU\S-1-5-21-2123353453-1993312672-866605396-1000\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll (DeviceVM Inc.)
IE - HKU\S-1-5-21-2123353453-1993312672-866605396-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2123353453-1993312672-866605396-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-2123353453-1993312672-866605396-1000\..\SearchScopes\{FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}: "URL" = http://www.google.com/custom?q={searchT ... BFORID%3A1
IE - HKU\S-1-5-21-2123353453-1993312672-866605396-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.sk"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/09/14 14:56:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\yakuza\AppData\Roaming\Mozilla\Extensions
[2014/04/23 18:51:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\yakuza\AppData\Roaming\Mozilla\Firefox\Profiles\b7r9aqa9.default\extensions
[2014/04/23 18:51:11 | 001,533,185 | ---- | M] () (No name found) -- C:\Users\yakuza\AppData\Roaming\Mozilla\Firefox\Profiles\b7r9aqa9.default\extensions\firefox@ghostery.com.xpi
[2014/03/29 13:53:08 | 000,000,971 | ---- | M] () -- C:\Users\yakuza\AppData\Roaming\Mozilla\Firefox\Profiles\b7r9aqa9.default\searchplugins\avira-safesearch.xml
[2014/05/14 19:04:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/14 19:04:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2123353453-1993312672-866605396-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2123353453-1993312672-866605396-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.151.222.34 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{67B18AA6-EE3C-44FE-BD7F-DCA5DD42A95C}: DhcpNameServer = 213.151.222.34 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{131613ed-d19e-11e2-b69a-001fd080ce60}\Shell - "" = AutoRun
O33 - MountPoints2\{131613ed-d19e-11e2-b69a-001fd080ce60}\Shell\AutoRun\command - "" = E:\CrossLinkPlus.exe
O33 - MountPoints2\{13161401-d19e-11e2-b69a-001fd080ce60}\Shell - "" = AutoRun
O33 - MountPoints2\{13161401-d19e-11e2-b69a-001fd080ce60}\Shell\AutoRun\command - "" = E:\CrossLinkPlus.exe
O33 - MountPoints2\{17c7b003-3e16-11e3-8b81-001fd080ce60}\Shell - "" = AutoRun
O33 - MountPoints2\{17c7b003-3e16-11e3-8b81-001fd080ce60}\Shell\AutoRun\command - "" = E:\CrossLinkPlus.exe
O33 - MountPoints2\{640b6d10-357b-11e2-9b6b-001fd080ce60}\Shell - "" = AutoRun
O33 - MountPoints2\{640b6d10-357b-11e2-9b6b-001fd080ce60}\Shell\AutoRun\command - "" = E:\CrossLinkPlus.exe
O33 - MountPoints2\{e35c96aa-8839-11e3-8c25-001fd080ce60}\Shell - "" = AutoRun
O33 - MountPoints2\{e35c96aa-8839-11e3-8c25-001fd080ce60}\Shell\AutoRun\command - "" = E:\CrossLinkPlus.exe
O33 - MountPoints2\{f6b59d4f-787b-11e2-b238-001fd080ce60}\Shell - "" = AutoRun
O33 - MountPoints2\{f6b59d4f-787b-11e2-b238-001fd080ce60}\Shell\AutoRun\command - "" = E:\CrossLinkPlus.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\CrossLinkPlus.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2014/06/05 17:34:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\yakuza\Desktop\OTL.exe
[2014/06/04 20:21:31 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014/06/04 20:21:30 | 000,000,000 | ---D | C] -- C:\rsit
[2014/06/01 14:13:23 | 000,000,000 | ---D | C] -- C:\Users\yakuza\Desktop\Adobe photoshop CS6 13.0 [Extended x86+x64] CZ
[2014/05/27 19:20:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/05/25 19:15:23 | 000,000,000 | ---D | C] -- C:\Users\yakuza\AppData\Local\Diagnostics
[2014/05/24 18:03:41 | 000,000,000 | ---D | C] -- C:\Users\yakuza\AppData\Roaming\HD Tune Pro
[2014/05/24 18:03:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune Pro
[2014/05/24 18:03:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HD Tune Pro
[2014/05/24 17:38:21 | 002,195,900 | ---- | C] (EFD Software ) -- C:\Users\yakuza\Desktop\hdtunepro_550_trial.exe
[2014/05/15 20:47:31 | 005,550,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/05/15 20:47:30 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/05/15 20:47:30 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/05/15 20:47:30 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/05/15 20:47:29 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\objsel.dll
[2014/05/15 20:47:29 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\objsel.dll
[2014/05/15 20:47:29 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2014/05/15 20:47:29 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2014/05/15 20:47:28 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2014/05/15 20:47:28 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cngprovider.dll
[2014/05/15 20:47:28 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adprovider.dll
[2014/05/15 20:47:28 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\capiprovider.dll
[2014/05/15 20:47:28 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpapiprovider.dll
[2014/05/15 20:47:28 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cngprovider.dll
[2014/05/15 20:47:28 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adprovider.dll
[2014/05/15 20:47:28 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capiprovider.dll
[2014/05/15 20:47:28 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapiprovider.dll
[2014/05/15 20:47:28 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll
[2014/05/15 20:47:28 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wincredprovider.dll
[2014/05/15 20:47:28 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll
[2014/05/15 20:47:28 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wincredprovider.dll
[2014/05/15 20:47:28 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2014/05/15 20:47:28 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2014/05/14 19:04:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/06/05 17:39:38 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014/06/05 17:38:24 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/06/05 17:38:24 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/06/05 17:38:24 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/06/05 17:34:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\yakuza\Desktop\OTL.exe
[2014/06/05 17:31:26 | 000,024,072 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2014/06/05 17:31:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/05 17:31:11 | 3219,890,176 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/04 22:33:34 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/04 22:33:34 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/04 20:20:18 | 001,222,144 | ---- | M] () -- C:\Users\yakuza\Desktop\RSITx64.exe
[2014/06/04 17:53:24 | 000,102,672 | ---- | M] () -- C:\Users\yakuza\Desktop\10320256_540037729429014_3067366087589065641_n.jpg
[2014/06/03 17:29:17 | 000,130,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2014/06/03 17:29:17 | 000,112,080 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2014/05/25 16:02:34 | 001,253,643 | ---- | M] () -- C:\Users\yakuza\Desktop\1401025602598.png
[2014/05/24 17:38:24 | 002,195,900 | ---- | M] (EFD Software ) -- C:\Users\yakuza\Desktop\hdtunepro_550_trial.exe
[2014/05/24 12:46:02 | 000,486,817 | ---- | M] () -- C:\Users\yakuza\Desktop\krts3.jpg
[2014/05/24 12:45:42 | 000,247,812 | ---- | M] () -- C:\Users\yakuza\Desktop\krts5.jpg
[2014/05/24 12:45:06 | 000,473,123 | ---- | M] () -- C:\Users\yakuza\Desktop\krts2.jpg
[2014/05/24 12:44:46 | 000,485,754 | ---- | M] () -- C:\Users\yakuza\Desktop\krts4.jpg
[2014/05/24 12:44:06 | 000,585,279 | ---- | M] () -- C:\Users\yakuza\Desktop\krts1.jpg
[2014/05/17 09:58:49 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/05/17 09:58:49 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/05/14 18:15:25 | 000,070,685 | ---- | M] () -- C:\Users\yakuza\Desktop\10258548_10152375108418459_4596948903873198834_n.png
[2014/05/11 18:17:12 | 000,007,602 | ---- | M] () -- C:\Users\yakuza\AppData\Local\Resmon.ResmonCfg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/06/05 17:39:38 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014/06/04 20:20:16 | 001,222,144 | ---- | C] () -- C:\Users\yakuza\Desktop\RSITx64.exe
[2014/06/04 17:53:21 | 000,102,672 | ---- | C] () -- C:\Users\yakuza\Desktop\10320256_540037729429014_3067366087589065641_n.jpg
[2014/05/25 16:02:33 | 001,253,643 | ---- | C] () -- C:\Users\yakuza\Desktop\1401025602598.png
[2014/05/24 13:49:24 | 000,486,817 | ---- | C] () -- C:\Users\yakuza\Desktop\krts3.jpg
[2014/05/24 13:49:24 | 000,247,812 | ---- | C] () -- C:\Users\yakuza\Desktop\krts5.jpg
[2014/05/24 13:49:23 | 000,485,754 | ---- | C] () -- C:\Users\yakuza\Desktop\krts4.jpg
[2014/05/24 13:49:23 | 000,473,123 | ---- | C] () -- C:\Users\yakuza\Desktop\krts2.jpg
[2014/05/24 13:49:22 | 000,585,279 | ---- | C] () -- C:\Users\yakuza\Desktop\krts1.jpg
[2014/05/14 18:15:23 | 000,070,685 | ---- | C] () -- C:\Users\yakuza\Desktop\10258548_10152375108418459_4596948903873198834_n.png
[2014/05/11 18:17:12 | 000,007,602 | ---- | C] () -- C:\Users\yakuza\AppData\Local\Resmon.ResmonCfg
[2013/07/26 18:29:05 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/07/26 18:29:03 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/12/29 23:46:26 | 000,105,119 | ---- | C] () -- C:\Users\yakuza\AppData\Local\SRDownloader(1).err
[2012/12/29 23:45:56 | 000,001,320 | ---- | C] () -- C:\Users\yakuza\AppData\Local\SRDownloader(1).nast
[2012/12/29 23:35:55 | 000,000,033 | ---- | C] () -- C:\Users\yakuza\AppData\Local\SRDownloader.err
[2012/11/19 22:00:00 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/11/16 19:44:59 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/11/04 20:28:46 | 000,001,088 | ---- | C] () -- C:\Users\yakuza\AppData\Local\SRDownloader.nast
[2012/09/14 16:42:28 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\drivers\MTictwl.sys
[2012/09/14 16:24:16 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/25 04:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 04:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/11/23 20:23:57 | 000,000,000 | ---D | M] -- C:\Users\yakuza\AppData\Roaming\ASUS
[2014/04/06 22:57:46 | 000,000,000 | ---D | M] -- C:\Users\yakuza\AppData\Roaming\DAEMON Tools Lite
[2012/09/14 14:51:35 | 000,000,000 | ---D | M] -- C:\Users\yakuza\AppData\Roaming\ESET
[2012/11/23 20:24:15 | 000,000,000 | ---D | M] -- C:\Users\yakuza\AppData\Roaming\FolderSync
[2014/05/24 18:03:41 | 000,000,000 | ---D | M] -- C:\Users\yakuza\AppData\Roaming\HD Tune Pro
[2012/09/14 19:24:46 | 000,000,000 | ---D | M] -- C:\Users\yakuza\AppData\Roaming\LolClient
[2012/09/23 19:49:04 | 000,000,000 | ---D | M] -- C:\Users\yakuza\AppData\Roaming\Opera
[2012/11/23 21:04:02 | 000,000,000 | ---D | M] -- C:\Users\yakuza\AppData\Roaming\OutlookSync
[2014/01/28 23:07:05 | 000,000,000 | ---D | M] -- C:\Users\yakuza\AppData\Roaming\PLAux
[2013/08/09 14:03:13 | 000,000,000 | ---D | M] -- C:\Users\yakuza\AppData\Roaming\Ubisoft
[2013/04/12 22:26:49 | 000,000,000 | ---D | M] -- C:\Users\yakuza\AppData\Roaming\uTorrent

========== Purity Check ==========



========== Custom Scans ==========

< >
[2009/07/14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 07:08:49 | 000,032,534 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT

< >

< MD5 for: ATAPI.SYS >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010/11/20 15:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010/11/20 15:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009/07/14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
[2010/11/20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010/11/20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
[2010/11/20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010/11/20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010/11/20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009/10/31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010/11/20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/08/03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: HAL.DLL >
[2009/07/14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
[2010/11/20 15:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\SysNative\hal.dll
[2010/11/20 15:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll

< MD5 for: SCECLI.DLL >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SERVICES.EXE >
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2013/05/08 08:14:42 | 001,900,392 | ---- | M] (Microsoft Corporation) MD5=3E94650745D4DAB67E161F5F32CEA597 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22319_none_11d29984961f0be0\tcpip.sys
[2010/11/20 15:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2012/03/30 12:19:17 | 001,877,872 | ---- | M] (Microsoft Corporation) MD5=5EFD096DEF47F8B88EF591DA92143440 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_0faa5514992a39a7\tcpip.sys
[2012/03/30 13:09:53 | 001,895,280 | ---- | M] (Microsoft Corporation) MD5=624C5B3AA4C99B3184BB922D9ECE3FF0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_0f140fa780164fde\tcpip.sys
[2012/03/30 12:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2009/07/14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2013/05/08 08:39:01 | 001,910,632 | ---- | M] (Microsoft Corporation) MD5=9849EA3843A2ADBDD1497E97A85D8CAE -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18148_none_11278ac57d1aa96b\tcpip.sys
[2012/03/30 13:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2013/07/06 07:20:38 | 001,900,992 | ---- | M] (Microsoft Corporation) MD5=B27F13153343BC37A27EAE01634D94E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_1190b9b296509a2f\tcpip.sys
[2013/07/06 08:03:53 | 001,910,208 | ---- | M] (Microsoft Corporation) MD5=DB74544B75566C974815E79A62433F29 -- C:\Windows\SysNative\drivers\tcpip.sys
[2013/07/06 08:03:53 | 001,910,208 | ---- | M] (Microsoft Corporation) MD5=DB74544B75566C974815E79A62433F29 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_114dcae97cfeb81b\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2014/03/04 13:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014/03/04 11:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\SysNative\winlogon.exe
[2014/03/04 11:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[2009/10/28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< >

< %systemroot%*.* /U /s >
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[4 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[5 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[77 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2012/11/21 21:49:53 | 000,000,000 | ---D | M] -- C:\Users\yakuza\AppData\Roaming\Adobe
[2012/11/23 20:23:57 | 000,000,000 | ---D | M] -- C:\Users\yakuza\AppData\Roaming\ASUS
[2014/03/29 13:54:38 | 000,000,000 | ---D | M] -- C:\Users\yakuza\AppData\Roaming\Avira
[2014/04/06 22:57:46 | 000,000,000 | ---D | M] -- C:\Users\yakuza\AppData\Roaming\DAEMON Tools Lite
[2012/09/14 14:51:35 | 000,000,000 | ---D | M] -- C:\Users\yakuza\AppData\Roaming\ESET
[2012/11/23 20:24:15 | 000,000,000 | ---D | M] -- C:\Users\yakuza\AppData\Roaming\FolderSync
[2014/05/24 18:03:41 | 000,000,000 | ---D | M] -- C:\Users\yakuza\AppData\Roaming\HD Tune Pro
[2012/09/14 14:33:05 | 000,000,000 | ---D | M] -- C:\Users\yakuza\AppData\Roaming\Identities
[2013/08/09 13:39:33 | 000,000,000 | ---D | M] -- C:\Users\yakuza\AppData\Roaming\InstallShield
[2012/09/14 19:24:46 | 000,000,000 | ---D | M] -- C:\Users\yakuza\AppData\Roaming\LolClient
[2012/09/14 18:33:39 | 000,000,000 | ---D | M] -- C:\Users\yakuza\AppData\Roaming\Macromedia
[2009/07/14 09:45:14 | 000,000,000 | ---D | M] -- C:\Users\yakuza\AppData\Roaming\Media Center Programs
[2014/04/06 22:57:46 | 000,000,000 | ---D | M] -- C:\Users\yakuza\AppData\Roaming\Media Player Classic
[2014/03/29 13:48:56 | 000,000,000 | --SD | M] -- C:\Users\yakuza\AppData\Roaming\Microsoft
[2012/09/14 14:56:29 | 000,000,000 | ---D | M] -- C:\Users\yakuza\AppData\Roaming\Mozilla
[2013/08/29 14:16:06 | 000,000,000 | ---D | M] -- C:\Users\yakuza\AppData\Roaming\NVIDIA
[2012/09/23 19:49:04 | 000,000,000 | ---D | M] -- C:\Users\yakuza\AppData\Roaming\Opera
[2012/11/23 21:04:02 | 000,000,000 | ---D | M] -- C:\Users\yakuza\AppData\Roaming\OutlookSync
[2014/01/28 23:07:05 | 000,000,000 | ---D | M] -- C:\Users\yakuza\AppData\Roaming\PLAux
[2014/06/01 22:11:31 | 000,000,000 | ---D | M] -- C:\Users\yakuza\AppData\Roaming\Skype
[2013/08/09 14:03:13 | 000,000,000 | ---D | M] -- C:\Users\yakuza\AppData\Roaming\Ubisoft
[2013/04/12 22:26:49 | 000,000,000 | ---D | M] -- C:\Users\yakuza\AppData\Roaming\uTorrent
[2012/10/06 18:34:22 | 000,000,000 | ---D | M] -- C:\Users\yakuza\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2009/12/02 09:13:10 | 000,638,976 | R--- | M] () -- C:\Users\yakuza\AppData\Roaming\ASUS\Cross Link\FunctModules\{3736403A-A3EB-477f-AA96-00EEA43C76E6}\Folder Link.exe
[2009/09/11 13:16:54 | 000,376,832 | R--- | M] () -- C:\Users\yakuza\AppData\Roaming\ASUS\Cross Link\FunctModules\{3736403A-A3EB-477f-AA96-00EEA43C76E6}\GoTip.exe
[2009/09/11 13:16:54 | 000,376,832 | R--- | M] () -- C:\Users\yakuza\AppData\Roaming\ASUS\Cross Link\FunctModules\{5E24AB31-F734-48ec-879E-C4B8C30F9ACD}\GoTip.exe
[2009/09/22 10:31:56 | 001,056,768 | R--- | M] () -- C:\Users\yakuza\AppData\Roaming\ASUS\Cross Link\FunctModules\{5E24AB31-F734-48ec-879E-C4B8C30F9ACD}\OutlookLink.exe
[2009/07/24 14:37:30 | 000,040,960 | R--- | M] (Oti) -- C:\Users\yakuza\AppData\Roaming\ASUS\Cross Link\FunctModules\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\AutoMoveUpdateDriver.exe
[2010/02/03 22:31:12 | 000,856,064 | R--- | M] () -- C:\Users\yakuza\AppData\Roaming\ASUS\Cross Link\FunctModules\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\Data Link.exe
[2009/09/11 11:42:18 | 000,086,016 | R--- | M] () -- C:\Users\yakuza\AppData\Roaming\ASUS\Cross Link\FunctModules\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\GoNetDispatch.exe
[2009/09/30 08:43:30 | 000,073,728 | R--- | M] () -- C:\Users\yakuza\AppData\Roaming\ASUS\Cross Link\FunctModules\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\GoNetWDDND.exe
[2009/09/11 13:16:54 | 000,376,832 | R--- | M] () -- C:\Users\yakuza\AppData\Roaming\ASUS\Cross Link\FunctModules\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\GoTip.exe
[2010/02/05 16:07:10 | 001,047,168 | R--- | M] () -- C:\Users\yakuza\AppData\Roaming\ASUS\Cross Link\FunctModules\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\LinkEngine.exe
[2009/09/11 11:42:18 | 000,032,256 | R--- | M] () -- C:\Users\yakuza\AppData\Roaming\ASUS\Cross Link\FunctModules\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\ntrights.exe
[2009/11/13 05:57:52 | 000,451,584 | R--- | M] () -- C:\Users\yakuza\AppData\Roaming\ASUS\Cross Link\FunctModules\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\PnpDevice.exe
[2010/02/02 19:11:26 | 000,748,160 | R--- | M] () -- C:\Users\yakuza\AppData\Roaming\ASUS\Cross Link\FunctModules\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\Remote Share.exe
[2009/09/11 11:42:18 | 000,049,152 | R--- | M] (Ours Technology Inc.) -- C:\Users\yakuza\AppData\Roaming\ASUS\Cross Link\FunctModules\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\StopLE.exe
[2010/02/01 13:16:00 | 002,445,312 | R--- | M] () -- C:\Users\yakuza\AppData\Roaming\ASUS\Cross Link\MainExe\CrossLinkPlus.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2014/05/14 19:04:55 | 000,275,568 | ---- | M] (Mozilla Corporation) MD5=0DA891CB0703D912CEAFA072F54D002B -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2010/11/20 14:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >
[2013/04/12 20:21:39 | 000,879,456 | ---- | M] (Opera Software) MD5=C5520FEB7AD5F6E3692B6DE41F6A1A27 -- C:\Program Files (x86)\Opera\opera.exe

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014/06/05 17:39:38 | 000,000,512 | ---- | M] () MD5=E5FEFCD0F364CF780CBBB81608352850 -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2014/03/13 10:15:42 | 000,000,238 | ---- | M] () -- \ProgramData\BlueStacks\UserData\InputMapper\com.fluik.PlumberCrack.cfg
[2014/03/13 10:14:17 | 000,000,595 | ---- | M] () -- \ProgramData\BlueStacks\UserData\InputMapper\com.polarbit.crackingsands.cfg
[2014/03/13 10:13:47 | 000,000,590 | ---- | M] () -- \ProgramData\BlueStacks\UserData\InputMapper\com.polarbit.crackingsandsads.cfg
[2014/03/19 08:15:59 | 000,000,385 | ---- | M] () -- \ProgramData\BlueStacks\UserData\InputMapper\org.supergonk.safecrackerpremium.cfg
[2014/03/13 10:15:42 | 000,000,238 | ---- | M] () -- \Users\All Users\BlueStacks\UserData\InputMapper\com.fluik.PlumberCrack.cfg
[2014/03/13 10:14:17 | 000,000,595 | ---- | M] () -- \Users\All Users\BlueStacks\UserData\InputMapper\com.polarbit.crackingsands.cfg
[2014/03/13 10:13:47 | 000,000,590 | ---- | M] () -- \Users\All Users\BlueStacks\UserData\InputMapper\com.polarbit.crackingsandsads.cfg
[2014/03/19 08:15:59 | 000,000,385 | ---- | M] () -- \Users\All Users\BlueStacks\UserData\InputMapper\org.supergonk.safecrackerpremium.cfg

< *keygen* /s >

< *loader* /s >
[2014/06/03 17:29:18 | 000,044,112 | ---- | M] () -- \Program Files (x86)\Avira\AntiVir Desktop\avwebloader.dll
[2014/06/03 17:29:18 | 000,494,672 | ---- | M] () -- \Program Files (x86)\Avira\AntiVir Desktop\avwebloader.exe
[2014/06/03 17:29:18 | 000,193,104 | ---- | M] () -- \Program Files (x86)\Avira\AntiVir Desktop\avwebloadergui.dll
[2013/07/25 04:43:28 | 000,065,344 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2013/07/25 04:43:30 | 000,067,904 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader64.dll
[2013/07/25 04:43:12 | 000,073,024 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader.dll
[2013/07/25 04:43:12 | 000,080,704 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader64.dll
[2013/10/23 22:07:40 | 000,007,825 | ---- | M] () -- \Program Files (x86)\Steam\remoteui\static\libs\images\ajax-loader.gif
[2012/02/16 14:44:38 | 000,000,404 | ---- | M] () -- \Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.91\deploy\assets\storeImages\layout\small_loader.gif
[2013/09/20 15:08:38 | 000,105,119 | ---- | M] () -- \Users\yakuza\AppData\Local\SRDownloader(1).err
[2013/09/20 15:08:50 | 000,001,320 | ---- | M] () -- \Users\yakuza\AppData\Local\SRDownloader(1).nast
[2012/12/29 23:35:55 | 000,000,033 | ---- | M] () -- \Users\yakuza\AppData\Local\SRDownloader.err
[2012/11/05 02:15:15 | 000,001,088 | ---- | M] () -- \Users\yakuza\AppData\Local\SRDownloader.nast
[2014/04/09 18:48:44 | 000,001,870 | ---- | M] () -- \Users\yakuza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9XAQ22TE\AdLoader[1].htm
[2014/05/29 19:07:44 | 000,017,912 | ---- | M] () -- \Users\yakuza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JO9K49GK\AdLoader-3b8e790904fffcf74f96367cd382e261.min[1].js
[2014/04/09 18:48:44 | 000,112,122 | ---- | M] () -- \Users\yakuza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JO9K49GK\AdLoader-7b473315d0084c71df83cdee72aab144.min[1].js
[2014/06/01 18:15:18 | 000,001,980 | ---- | M] () -- \Users\yakuza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JO9K49GK\AdLoader[1].htm
[2014/06/01 21:45:56 | 000,001,980 | ---- | M] () -- \Users\yakuza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JO9K49GK\AdLoader[2].htm
[2014/04/12 09:34:16 | 000,000,723 | ---- | M] () -- \Users\yakuza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JO9K49GK\downloaderror[1].js
[2014/04/12 09:34:16 | 000,001,174 | ---- | M] () -- \Users\yakuza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q43VDDK5\downloader[1].js
[2014/02/18 18:46:42 | 000,072,638 | ---- | M] () -- \Users\yakuza\AppData\Local\Skype\Apps\login\images\loader.gif
[2014/02/18 18:46:42 | 000,003,032 | ---- | M] () -- \Users\yakuza\AppData\Local\Skype\Apps\login\images\loader.png
[2014/02/18 18:46:42 | 000,006,012 | ---- | M] () -- \Users\yakuza\AppData\Local\Skype\Apps\login\images\normal\loader_15fps.gif
[2014/02/18 18:46:42 | 000,021,956 | ---- | M] () -- \Users\yakuza\AppData\Local\Skype\Apps\login\images\normal\loader_30fps.gif
[2014/02/18 18:46:42 | 000,009,772 | ---- | M] () -- \Users\yakuza\AppData\Local\Skype\Apps\login\images\retina\loader@2x.png
[2012/12/29 23:38:04 | 000,905,728 | ---- | M] () -- \Users\yakuza\Desktop\SRDownloader(1).exe
[2013/08/02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2013/08/02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2009/07/14 03:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009/07/14 03:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 07:04:54 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16850_none_66c2596d956d1920\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 19:28:57 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17135_none_66dcd6a595588d81\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/04 07:26:58 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17206_none_66fe4899953f502c\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 07:06:43 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21010_none_67770e0aae6a7c68\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 19:26:17 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21335_none_67667556ae762a72\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/04 16:12:39 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21416_none_677d175eae65090e\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 07:21:03 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 19:38:48 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_68a2edab92971725\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 07:38:44 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/02 04:12:19 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 07:12:44 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_691eb3faabbf8f66\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 19:35:00 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_6957a248ab947a6d\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/04 07:32:07 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22209_none_6971452eab80a50e\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/07/08 07:11:20 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22379_none_692597a0abb965cc\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/02 08:20:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_695e76beab8ff095\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/03/04 13:03:17 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22616_none_69637bfcab8b6996\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/04/12 04:28:21 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_69353b6eabae8d55\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 07:37:37 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a.manifest
[2009/07/14 07:37:37 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winload.efi.mui_35ee487d
[2009/07/14 07:37:37 | 000,033,344 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winload.exe.mui_3bc5b827
[2009/07/14 07:37:37 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winresume.efi.mui_f412814e
[2009/07/14 07:37:37 | 000,029,760 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winresume.exe.mui_ff8b5358
[2012/09/20 18:54:13 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2012/09/20 18:54:13 | 000,642,944 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.efi_75834aa0
[2012/09/20 18:54:13 | 000,605,552 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.exe_75835076
[2012/09/20 18:54:13 | 000,566,208 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.efi_85cd069f
[2012/09/20 18:54:13 | 000,518,672 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.exe_85cd1215
[2009/07/14 04:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009/07/14 04:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2009/07/14 04:44:20 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a.manifest
[2009/07/14 04:13:42 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef.manifest
[2011/02/05 15:09:31 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66.manifest
[2011/02/05 15:04:44 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20897_none_b79c80e49f7bc9f4.manifest
[2010/11/20 06:12:44 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89.manifest
[2011/02/05 19:34:23 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2011/02/05 15:09:57 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e.manifest
[2009/07/14 04:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009/07/14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 06:19:58 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16850_none_0aa3bde9dd0fa7ea\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 18:45:38 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17135_none_0abe3b21dcfb1c4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/04 06:43:53 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17206_none_0adfad15dce1def6\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 06:12:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21010_none_0b587286f60d0b32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 18:48:05 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21335_none_0b47d9d2f618b93c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/04 06:39:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21416_none_0b5e7bdaf60797d8\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 06:15:45 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 18:40:37 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_0c845227da39a5ef\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 06:45:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 06:36:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_0d001876f3621e30\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 18:29:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_0d3906c4f3370937\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/04 06:43:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22209_none_0d52a9aaf32333d8\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/07/08 06:59:24 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22379_none_0d06fc1cf35bf496\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/02 07:53:29 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_0d3fdb3af3327f5f\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/03/04 12:35:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22616_none_0d44e078f32df860\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/04/12 04:03:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_0d169feaf3511c1f\api-ms-win-core-libraryloader-l1-1-0.dll

< End of report >

OTL Extras logfile created on: 5. 6. 2014 17:37:45 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\yakuza\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 49,94% Memory free
7,99 Gb Paging File | 5,87 Gb Available in Paging File | 73,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,04 Gb Total Space | 321,90 Gb Free Space | 54,01% Space Free | Partition Type: NTFS

Computer Name: YAKUZA-PC | User Name: yakuza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-2123353453-1993312672-866605396-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C29F7C9-F7A4-4DA9-A041-372BDEB7EA44}" = lport=137 | protocol=17 | dir=in | app=system |
"{16469BEF-D020-4C43-81B2-CACCBC648627}" = lport=139 | protocol=6 | dir=in | app=system |
"{2C08139B-ED11-4166-8833-37D080BD5CCE}" = lport=445 | protocol=6 | dir=in | app=system |
"{2F8DB5D7-8E94-4C24-AAB3-F3907B442AD7}" = rport=137 | protocol=17 | dir=out | app=system |
"{3F857A64-71CB-4AA3-AFFE-F6D1AE2FA88B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5402BC8C-0B09-4EAD-9F84-609613AB839A}" = lport=58899 | protocol=17 | dir=in | name=pando media booster |
"{690A2F4B-3E74-43B8-A365-7BD449EFB3CB}" = rport=139 | protocol=6 | dir=out | app=system |
"{6D3EA536-C16C-4D29-8327-7EEAA869D7F8}" = lport=58899 | protocol=17 | dir=in | name=pando media booster |
"{97922990-6EC5-4F5F-99B0-4ED0465C970A}" = rport=138 | protocol=17 | dir=out | app=system |
"{B22ACA99-05CC-4542-A7B8-DF6E66F2ABDB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C493392E-2E76-4435-B21E-900572D4679A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E925B697-55CB-4609-8EFE-BFF185012630}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EFEB35C8-7AFC-4F58-B3F3-8AA1035E89EB}" = rport=445 | protocol=6 | dir=out | app=system |
"{F4696421-D427-4473-A1BE-E150148A51B5}" = lport=58899 | protocol=6 | dir=in | name=pando media booster |
"{FC7164A4-E2BA-47CC-8A9E-E4202D172D95}" = lport=138 | protocol=17 | dir=in | app=system |
"{FD2E636F-F3F5-47AA-99BE-82F255386B2C}" = lport=58899 | protocol=6 | dir=in | name=pando media booster |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B321114-1532-4D83-86BC-917987A1C3CC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{0D42D664-61C9-4F15-8240-E9FDC5BFADD8}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{0FC792D1-7FBB-4FFD-AA5B-E62AAB7E1FFE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{1188E75C-3C32-45A5-A2E6-41CA3D295546}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{17568CE5-1591-42B9-B99B-E7DE20A72F83}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{1DB61A55-DC8B-4F13-846F-49C943D6BC80}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{2204B49B-F357-4414-AEF8-4F3A64F1D114}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2B07029E-2166-48CC-A7C2-0C04BF093653}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\free to play\ftp.exe |
"{2B4A066E-6A66-489F-85DD-1E29CCEF346D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{37F94352-C7FA-44DA-A4F5-2FA9BADDE1F8}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{38DFF658-FE91-417F-93A1-59BF8E9502FE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{395B3B1B-1FC0-482E-9FDD-E9F5BCD36BF9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3CB52B41-7568-406B-9A4B-C61D1D1D7AB7}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{3CFD4265-8574-4052-A65B-29AE110BB5E5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{4390C7F0-D39C-49AA-AD9C-844AA6D1F591}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{44CD13A2-9724-44B1-8F26-A722455CA4BA}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{4726D8E3-80DC-4929-A902-B48C8FC9A441}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{4C07C129-012A-4765-8745-518D8B7F75F7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{4DE686C4-E40C-4C64-9EA5-F3A75E20BB45}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{52BB4C29-FDA0-46FB-9DF7-140F2A65816C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\free to play\ftp.exe |
"{52F4D475-EB4A-468B-8696-9BFAE6036F2B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{54E1223E-43F3-4417-850F-46A14B768AEA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{59391F2B-024D-49AE-94CB-44C785EEEC1D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{69D05F27-49E7-492C-9551-CA9F01DB1D5E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{702BB71D-4169-431E-B5B5-D14FA858BD52}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{784A2E86-C511-498E-BE91-C162BAE0298C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7ECAF4D2-6505-4328-85C1-90AE61E23456}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{848C31A7-8EDE-4071-BA10-8D2AF1CDE6EF}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{854FBC54-072A-4237-BE2F-B97349B0D20F}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{864F9FF0-D762-48BC-ADA6-8EFC84A72AF7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{86B29A0A-0E39-484D-98CA-81D72BFCE771}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{8E552E42-276B-4D13-8BC7-E90A93BD97A7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{96FF4F33-6AB9-4869-9F16-FCCE64A1B102}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{970247AB-CA6E-46F5-90B7-952288190B72}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9A207791-261E-4829-880A-1CF4CACEB177}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{9D2F7305-B19C-492F-A3E4-310D3957C634}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{9E005D2E-9201-43B3-BC63-D1B1587334DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A4EF0856-96D6-4821-9B51-A5721D382FB6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{B00C7335-9818-4214-9D7B-29E61A663D4D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{B70CE4BA-36EE-44D4-95EE-76D2D42EEE28}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{B79C1961-010C-422F-BC84-770B57BC0AC6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{BC7EF778-B13D-4CF2-8981-B82D35D98E93}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C6B0CEA8-1EAB-4564-9B07-9DCF4AD7A743}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C9780585-A95E-493C-A780-6C82D7CD42E4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{CC19DB7F-FE0C-4304-B9F1-2419E9488E8B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DCB6B78D-526B-4117-ADBA-982FB88DBD70}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E9296322-3CE7-4586-AF12-AB67DFCF04C9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{E9FDAEC3-4F26-4180-B3E7-92FB08DB6981}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 331.82
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 331.82
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 331.82
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 331.82
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0725
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3b00ed43-dc70-41d5-afdd-ef9ffb605c04}" = Avira
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{4C02AFA8-074D-44FE-B0E1-A73D4AA65390}" = BlueStacks Notification Center
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{79E9C7C5-4FCC-4DFF-B79E-17319E9522F3}" = MagicTunePremium
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.16
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.0905.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{AC76BA86-7AD7-1029-7B44-AB0000000001}" = Adobe Reader XI (11.0.07) - Czech
"{D0DB3714-CFA1-4FA7-ABA3-B1DCB5998895}" = Avira
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"BlueStacks App Player" = BlueStacks App Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"HD Tune Pro_is1" = HD Tune Pro 5.50
"HD Tune_is1" = HD Tune 2.55
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.4.0 (Standard)
"Mozilla Firefox 29.0.1 (x86 sk)" = Mozilla Firefox 29.0.1 (x86 sk)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Opera 12.15.1748" = Opera 12.15
"PunkBusterSvc" = PunkBuster Services
"Steam App 43110" = Metro 2033
"Steam App 570" = Dota 2
"strife" = Strife
"WinRAR archiver" = WinRAR 4.11 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2123353453-1993312672-866605396-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 19. 4. 2014 10:06:13 | Computer Name = yakuza-PC | Source = Steam Client Service | ID = 1
Description = Error: Failed to poke open firewall

Error - 19. 4. 2014 10:07:59 | Computer Name = yakuza-PC | Source = Steam Client Service | ID = 1
Description = Error: Failed to poke open firewall

Error - 20. 4. 2014 5:40:30 | Computer Name = yakuza-PC | Source = Steam Client Service | ID = 1
Description = Error: Failed to poke open firewall

Error - 21. 4. 2014 8:07:45 | Computer Name = yakuza-PC | Source = Steam Client Service | ID = 1
Description = Error: Failed to poke open firewall

Error - 21. 4. 2014 15:04:11 | Computer Name = yakuza-PC | Source = Steam Client Service | ID = 1
Description = Error: Failed to poke open firewall

Error - 22. 4. 2014 16:12:44 | Computer Name = yakuza-PC | Source = Steam Client Service | ID = 1
Description = Error: Failed to poke open firewall

Error - 14. 5. 2014 11:54:50 | Computer Name = yakuza-PC | Source = .NET Runtime | ID = 1026
Description =

Error - 14. 5. 2014 11:55:06 | Computer Name = yakuza-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Avira.OE.ServiceHost.exe, version: 1.1.12.20002,
time stamp: 0x53674d9b Faulting module name: ntdll.dll, version: 6.1.7601.18229,
time stamp: 0x51fb1072 Exception code: 0xc0000005 Fault offset: 0x00038e19 Faulting
process id: 0x8a4 Faulting application start time: 0x01cf6f8cc50c2f26 Faulting application
path: C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe Faulting module
path: C:\Windows\SysWOW64\ntdll.dll Report Id: 1db5d3ca-db80-11e3-b2c3-001fd080ce60

Error - 18. 5. 2014 17:23:34 | Computer Name = yakuza-PC | Source = BstHdAndroidSvc | ID = 0
Description = Failed to shut down service. The error that occurred was: System.InvalidOperationException:
UpdatePendingStatus can only be called during the handling of Start, Stop, Pause
and Continue commands. at System.ServiceProcess.ServiceBase.RequestAdditionalTime(Int32
milliseconds) at BlueStacks.hyperDroid.Service.Service.OnStop() at BlueStacks.hyperDroid.Service.Service.OnShutdown()

at System.ServiceProcess.ServiceBase.DeferredShutdown().

Error - 24. 5. 2014 11:35:25 | Computer Name = yakuza-PC | Source = Desktop Window Manager | ID = 9020
Description = The Desktop Window Manager has encountered a fatal error (0x8007000e)

[ System Events ]
Error - 30. 5. 2014 11:46:50 | Computer Name = yakuza-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
Client Service service to connect.

Error - 30. 5. 2014 11:46:50 | Computer Name = yakuza-PC | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
error: %%1053

Error - 31. 5. 2014 3:08:39 | Computer Name = yakuza-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
NCPro

Error - 31. 5. 2014 12:17:48 | Computer Name = yakuza-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the lmhosts service.

Error - 31. 5. 2014 12:17:48 | Computer Name = yakuza-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the AntiVirSchedulerService service.

Error - 1. 6. 2014 3:49:14 | Computer Name = yakuza-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
NCPro

Error - 2. 6. 2014 11:55:36 | Computer Name = yakuza-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
NCPro

Error - 3. 6. 2014 11:24:55 | Computer Name = yakuza-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
NCPro

Error - 4. 6. 2014 11:20:16 | Computer Name = yakuza-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
NCPro

Error - 5. 6. 2014 11:31:47 | Computer Name = yakuza-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
NCPro


< End of report >

Znovu spustte OTL jako spravce
Do spodniho okna vlozte nasledujici text:

:OTL
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2123353453-1993312672-866605396-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2123353453-1993312672-866605396-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-2123353453-1993312672-866605396-1000\..\SearchScopes\{FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}: "URL" = http://www.google.com/custom?q={searchT ... %3A1%3BDIV
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O33 - MountPoints2\{131613ed-d19e-11e2-b69a-001fd080ce60}\Shell - "" = AutoRun
O33 - MountPoints2\{131613ed-d19e-11e2-b69a-001fd080ce60}\Shell\AutoRun\command - "" = E:\CrossLinkPlus.exe
O33 - MountPoints2\{13161401-d19e-11e2-b69a-001fd080ce60}\Shell - "" = AutoRun
O33 - MountPoints2\{13161401-d19e-11e2-b69a-001fd080ce60}\Shell\AutoRun\command - "" = E:\CrossLinkPlus.exe
O33 - MountPoints2\{17c7b003-3e16-11e3-8b81-001fd080ce60}\Shell - "" = AutoRun
O33 - MountPoints2\{17c7b003-3e16-11e3-8b81-001fd080ce60}\Shell\AutoRun\command - "" = E:\CrossLinkPlus.exe
O33 - MountPoints2\{640b6d10-357b-11e2-9b6b-001fd080ce60}\Shell - "" = AutoRun
O33 - MountPoints2\{640b6d10-357b-11e2-9b6b-001fd080ce60}\Shell\AutoRun\command - "" = E:\CrossLinkPlus.exe
O33 - MountPoints2\{e35c96aa-8839-11e3-8c25-001fd080ce60}\Shell - "" = AutoRun
O33 - MountPoints2\{e35c96aa-8839-11e3-8c25-001fd080ce60}\Shell\AutoRun\command - "" = E:\CrossLinkPlus.exe
O33 - MountPoints2\{f6b59d4f-787b-11e2-b238-001fd080ce60}\Shell - "" = AutoRun
O33 - MountPoints2\{f6b59d4f-787b-11e2-b238-001fd080ce60}\Shell\AutoRun\command - "" = E:\CrossLinkPlus.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\CrossLinkPlus.exe

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[Purity]
[CreateRestorePoint]

Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

Len som nahodil ten odkaz pod zltu ciaru a dal Run scan,tak snad je to ok

OTL logfile created on: 5. 6. 2014 19:33:46 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\yakuza\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

4,00 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 56,44% Memory free
7,99 Gb Paging File | 5,91 Gb Available in Paging File | 73,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,04 Gb Total Space | 321,60 Gb Free Space | 53,96% Space Free | Partition Type: NTFS

Computer Name: YAKUZA-PC | User Name: yakuza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/06/05 17:34:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\yakuza\Desktop\OTL.exe
PRC - [2014/06/03 17:29:21 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2014/06/03 17:29:17 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2014/06/03 17:29:16 | 000,737,872 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2014/05/29 19:36:52 | 000,543,424 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2014/05/29 19:36:48 | 001,754,816 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2014/05/14 19:04:55 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/05/14 14:27:34 | 000,183,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
PRC - [2014/05/14 14:27:34 | 000,123,984 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
PRC - [2014/05/01 13:00:30 | 000,774,928 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
PRC - [2014/05/01 12:58:24 | 000,385,808 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
PRC - [2014/05/01 12:57:52 | 000,402,192 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Service.exe
PRC - [2014/05/01 12:57:48 | 000,367,888 | ---- | M] (BlueStack Systems) -- C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
PRC - [2014/05/01 12:57:40 | 000,261,904 | ---- | M] (BlueStack Systems) -- C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
PRC - [2014/05/01 12:57:38 | 000,379,152 | ---- | M] (BlueStack Systems) -- C:\Program Files (x86)\BlueStacks\HD-Network.exe
PRC - [2013/12/21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/11/11 09:59:20 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/07/26 18:29:03 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/03/15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2008/08/08 14:24:42 | 000,080,392 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe


========== Modules (No Company Name) ==========

MOD - [2014/05/29 19:37:34 | 002,139,840 | ---- | M] () -- C:\Program Files (x86)\Steam\video.dll
MOD - [2014/05/29 19:36:54 | 001,116,864 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2014/05/17 03:36:10 | 000,756,224 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2014/05/14 19:04:55 | 003,839,088 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/05/14 14:27:32 | 000,137,296 | ---- | M] () -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
MOD - [2014/05/14 14:27:28 | 000,049,744 | ---- | M] () -- C:\Users\yakuza\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
MOD - [2014/05/02 01:35:22 | 020,628,160 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2014/04/30 02:08:08 | 001,135,104 | ---- | M] () -- C:\Program Files (x86)\Steam\libavcodec-55.dll
MOD - [2014/04/30 02:08:08 | 000,471,552 | ---- | M] () -- C:\Program Files (x86)\Steam\libavutil-53.dll
MOD - [2014/04/30 02:08:08 | 000,404,992 | ---- | M] () -- C:\Program Files (x86)\Steam\libavformat-55.dll
MOD - [2014/04/30 02:08:08 | 000,340,992 | ---- | M] () -- C:\Program Files (x86)\Steam\libavresample-1.dll
MOD - [2014/04/29 02:37:22 | 000,519,168 | ---- | M] () -- C:\Program Files (x86)\Steam\libswscale-2.dll
MOD - [2014/03/31 19:44:59 | 000,245,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\bf56bd4e9996950950b4685dac7f2156\WindowsFormsIntegration.ni.dll
MOD - [2014/03/31 19:44:45 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\3f1613bcf5b9cf536359bfff7bd18a5a\System.ServiceProcess.ni.dll
MOD - [2014/03/31 19:44:39 | 017,919,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\40f4f298c3c655b834c73b5046a9cd0b\System.ServiceModel.ni.dll
MOD - [2014/03/31 19:44:11 | 001,065,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\81558b32b261e911f8f822f1de63fdca\System.IdentityModel.ni.dll
MOD - [2014/03/30 17:37:44 | 001,011,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\591cc2015a0165ede73d3e6770e0e7c2\System.Runtime.DurableInstancing.ni.dll
MOD - [2014/03/30 17:37:44 | 000,645,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\40ab9da3eafd6bd1cbc6695ba406975a\System.Transactions.ni.dll
MOD - [2014/03/30 17:37:43 | 000,142,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\b420437eca1d1aec1a8bf23cc5173661\SMDiagnostics.ni.dll
MOD - [2014/03/30 17:37:42 | 002,625,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\30ed505f7ea7d6139128d4a6d9981dc0\System.Runtime.Serialization.ni.dll
MOD - [2014/03/30 17:37:39 | 001,776,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d85a3d6ed5bb77f5603e098cccf60bfa\System.Xaml.ni.dll
MOD - [2014/03/29 13:51:49 | 006,754,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\c12e10c218be4be353975af6abb072d9\System.Data.ni.dll
MOD - [2014/03/29 13:51:47 | 013,006,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f3cdd09fc0acc85c7febbd2e2ef9c4e5\System.Windows.Forms.ni.dll
MOD - [2014/03/29 13:51:44 | 017,629,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\8357ade60159c25ee88db0aab8686e6d\PresentationFramework.ni.dll
MOD - [2014/03/29 13:51:39 | 001,651,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2fe09cc54a8390b20e380239db34228f\System.Drawing.ni.dll
MOD - [2014/03/29 13:51:37 | 002,499,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\73dd24232790e0e5c2649dde8e65516c\System.Data.Linq.ni.dll
MOD - [2014/03/29 13:51:30 | 011,057,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7a1eeb425f9318f432afead4b2da965a\PresentationCore.ni.dll
MOD - [2014/03/29 13:51:30 | 005,571,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2d7c29ad77c15abfa6a8fe6d24840a91\System.Xml.ni.dll
MOD - [2014/03/29 13:51:26 | 000,973,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ac2cd19f2159d48684e17cbdecfaa3b7\System.Configuration.ni.dll
MOD - [2014/03/29 13:51:24 | 000,450,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b4e58d1a3e0ee75b6b107585c92c68e8\PresentationFramework.Aero.ni.dll
MOD - [2014/03/29 13:51:22 | 007,025,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\85693dfd9ba4905b0fd947fdb51446d5\System.Core.ni.dll
MOD - [2014/03/29 13:51:17 | 003,779,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\f1f3a74eb37b27b7d05b8ffa941f8473\WindowsBase.ni.dll
MOD - [2014/03/29 13:51:14 | 009,000,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\161c6f80ad93b0505054d244f1c6243c\System.ni.dll
MOD - [2014/03/29 13:51:09 | 000,144,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\be70c34efd115166a2710acac3346bfa\System.Numerics.ni.dll
MOD - [2014/03/29 13:51:08 | 014,415,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\4ff1f12a08d455f195ba996fe77497c6\mscorlib.ni.dll
MOD - [2013/06/15 01:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013/06/15 01:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013/06/15 01:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/06/03 17:29:21 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014/06/03 17:29:18 | 001,039,952 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe -- (AntiVirWebService)
SRV - [2014/06/03 17:29:17 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014/05/29 19:36:52 | 000,543,424 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/05/14 19:04:55 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/14 14:27:34 | 000,123,984 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe -- (Avira.OE.ServiceHost)
SRV - [2014/05/01 13:00:30 | 000,774,928 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe -- (BstHdUpdaterSvc)
SRV - [2014/05/01 12:58:24 | 000,385,808 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2014/05/01 12:57:52 | 000,402,192 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2013/12/21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/11 09:59:20 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/07/26 18:29:03 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/03/15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/08 14:24:42 | 000,080,392 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/06/03 17:29:17 | 000,130,584 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2014/06/03 17:29:17 | 000,112,080 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2014/02/25 12:41:28 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013/03/07 17:44:24 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/11/04 13:12:08 | 000,023,096 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\MTiCtwl.sys -- (NCPro)
DRV:64bit: - [2008/11/04 13:12:08 | 000,023,096 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MTiCtwl.sys -- (MagicTune)
DRV:64bit: - [2008/08/14 06:48:34 | 000,024,064 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\skfiltv.sys -- (skfiltv)
DRV - [2014/06/05 17:31:26 | 000,024,072 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2014/05/01 12:58:10 | 000,123,152 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006/08/28 17:12:04 | 000,013,312 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\MTictwl.sys -- (NCPro)
DRV - [2006/08/28 17:12:04 | 000,013,312 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\MTictwl.sys -- (MagicTune)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3F AD 9B A9 76 92 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKCU\..\SearchScopes\{FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}: "URL" = http://www.google.com/custom?q={searchT ... BFORID%3A1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.sk"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/09/14 14:56:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\yakuza\AppData\Roaming\Mozilla\Extensions
[2014/04/23 18:51:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\yakuza\AppData\Roaming\Mozilla\Firefox\Profiles\b7r9aqa9.default\extensions
[2014/04/23 18:51:11 | 001,533,185 | ---- | M] () (No name found) -- C:\Users\yakuza\AppData\Roaming\Mozilla\Firefox\Profiles\b7r9aqa9.default\extensions\firefox@ghostery.com.xpi
[2014/03/29 13:53:08 | 000,000,971 | ---- | M] () -- C:\Users\yakuza\AppData\Roaming\Mozilla\Firefox\Profiles\b7r9aqa9.default\searchplugins\avira-safesearch.xml
[2014/05/14 19:04:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/14 19:04:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.151.222.34 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{67B18AA6-EE3C-44FE-BD7F-DCA5DD42A95C}: DhcpNameServer = 213.151.222.34 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{131613ed-d19e-11e2-b69a-001fd080ce60}\Shell - "" = AutoRun
O33 - MountPoints2\{131613ed-d19e-11e2-b69a-001fd080ce60}\Shell\AutoRun\command - "" = E:\CrossLinkPlus.exe
O33 - MountPoints2\{13161401-d19e-11e2-b69a-001fd080ce60}\Shell - "" = AutoRun
O33 - MountPoints2\{13161401-d19e-11e2-b69a-001fd080ce60}\Shell\AutoRun\command - "" = E:\CrossLinkPlus.exe
O33 - MountPoints2\{17c7b003-3e16-11e3-8b81-001fd080ce60}\Shell - "" = AutoRun
O33 - MountPoints2\{17c7b003-3e16-11e3-8b81-001fd080ce60}\Shell\AutoRun\command - "" = E:\CrossLinkPlus.exe
O33 - MountPoints2\{640b6d10-357b-11e2-9b6b-001fd080ce60}\Shell - "" = AutoRun
O33 - MountPoints2\{640b6d10-357b-11e2-9b6b-001fd080ce60}\Shell\AutoRun\command - "" = E:\CrossLinkPlus.exe
O33 - MountPoints2\{e35c96aa-8839-11e3-8c25-001fd080ce60}\Shell - "" = AutoRun
O33 - MountPoints2\{e35c96aa-8839-11e3-8c25-001fd080ce60}\Shell\AutoRun\command - "" = E:\CrossLinkPlus.exe
O33 - MountPoints2\{f6b59d4f-787b-11e2-b238-001fd080ce60}\Shell - "" = AutoRun
O33 - MountPoints2\{f6b59d4f-787b-11e2-b238-001fd080ce60}\Shell\AutoRun\command - "" = E:\CrossLinkPlus.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\CrossLinkPlus.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[CREATERESTOREPOINT]
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/06/05 17:34:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\yakuza\Desktop\OTL.exe
[2014/06/04 20:21:31 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014/06/04 20:21:30 | 000,000,000 | ---D | C] -- C:\rsit
[2014/06/01 14:13:23 | 000,000,000 | ---D | C] -- C:\Users\yakuza\Desktop\Adobe photoshop CS6 13.0 [Extended x86+x64] CZ
[2014/05/27 19:20:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/05/25 19:15:23 | 000,000,000 | ---D | C] -- C:\Users\yakuza\AppData\Local\Diagnostics
[2014/05/24 18:03:41 | 000,000,000 | ---D | C] -- C:\Users\yakuza\AppData\Roaming\HD Tune Pro
[2014/05/24 18:03:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune Pro
[2014/05/24 18:03:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HD Tune Pro
[2014/05/24 17:38:21 | 002,195,900 | ---- | C] (EFD Software ) -- C:\Users\yakuza\Desktop\hdtunepro_550_trial.exe
[2014/05/15 20:47:31 | 005,550,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/05/15 20:47:30 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/05/15 20:47:30 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/05/15 20:47:30 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/05/15 20:47:29 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\objsel.dll
[2014/05/15 20:47:29 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\objsel.dll
[2014/05/15 20:47:29 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2014/05/15 20:47:29 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2014/05/15 20:47:28 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2014/05/15 20:47:28 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cngprovider.dll
[2014/05/15 20:47:28 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adprovider.dll
[2014/05/15 20:47:28 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\capiprovider.dll
[2014/05/15 20:47:28 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpapiprovider.dll
[2014/05/15 20:47:28 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cngprovider.dll
[2014/05/15 20:47:28 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adprovider.dll
[2014/05/15 20:47:28 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capiprovider.dll
[2014/05/15 20:47:28 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapiprovider.dll
[2014/05/15 20:47:28 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll
[2014/05/15 20:47:28 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wincredprovider.dll
[2014/05/15 20:47:28 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll
[2014/05/15 20:47:28 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wincredprovider.dll
[2014/05/15 20:47:28 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2014/05/15 20:47:28 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2014/05/14 19:04:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/06/05 19:31:27 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/05 19:31:27 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/05 17:39:38 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014/06/05 17:38:24 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/06/05 17:38:24 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/06/05 17:38:24 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/06/05 17:34:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\yakuza\Desktop\OTL.exe
[2014/06/05 17:31:26 | 000,024,072 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2014/06/05 17:31:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/05 17:31:11 | 3219,890,176 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/04 20:20:18 | 001,222,144 | ---- | M] () -- C:\Users\yakuza\Desktop\RSITx64.exe
[2014/06/04 17:53:24 | 000,102,672 | ---- | M] () -- C:\Users\yakuza\Desktop\10320256_540037729429014_3067366087589065641_n.jpg
[2014/06/03 17:29:17 | 000,130,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2014/06/03 17:29:17 | 000,112,080 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2014/05/25 16:02:34 | 001,253,643 | ---- | M] () -- C:\Users\yakuza\Desktop\1401025602598.png
[2014/05/24 17:38:24 | 002,195,900 | ---- | M] (EFD Software ) -- C:\Users\yakuza\Desktop\hdtunepro_550_trial.exe
[2014/05/24 12:46:02 | 000,486,817 | ---- | M] () -- C:\Users\yakuza\Desktop\krts3.jpg
[2014/05/24 12:45:42 | 000,247,812 | ---- | M] () -- C:\Users\yakuza\Desktop\krts5.jpg
[2014/05/24 12:45:06 | 000,473,123 | ---- | M] () -- C:\Users\yakuza\Desktop\krts2.jpg
[2014/05/24 12:44:46 | 000,485,754 | ---- | M] () -- C:\Users\yakuza\Desktop\krts4.jpg
[2014/05/24 12:44:06 | 000,585,279 | ---- | M] () -- C:\Users\yakuza\Desktop\krts1.jpg
[2014/05/17 09:58:49 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/05/17 09:58:49 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/05/14 18:15:25 | 000,070,685 | ---- | M] () -- C:\Users\yakuza\Desktop\10258548_10152375108418459_4596948903873198834_n.png
[2014/05/11 18:17:12 | 000,007,602 | ---- | M] () -- C:\Users\yakuza\AppData\Local\Resmon.ResmonCfg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/06/05 17:39:38 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014/06/04 20:20:16 | 001,222,144 | ---- | C] () -- C:\Users\yakuza\Desktop\RSITx64.exe
[2014/06/04 17:53:21 | 000,102,672 | ---- | C] () -- C:\Users\yakuza\Desktop\10320256_540037729429014_3067366087589065641_n.jpg
[2014/05/25 16:02:33 | 001,253,643 | ---- | C] () -- C:\Users\yakuza\Desktop\1401025602598.png
[2014/05/24 13:49:24 | 000,486,817 | ---- | C] () -- C:\Users\yakuza\Desktop\krts3.jpg
[2014/05/24 13:49:24 | 000,247,812 | ---- | C] () -- C:\Users\yakuza\Desktop\krts5.jpg
[2014/05/24 13:49:23 | 000,485,754 | ---- | C] () -- C:\Users\yakuza\Desktop\krts4.jpg
[2014/05/24 13:49:23 | 000,473,123 | ---- | C] () -- C:\Users\yakuza\Desktop\krts2.jpg
[2014/05/24 13:49:22 | 000,585,279 | ---- | C] () -- C:\Users\yakuza\Desktop\krts1.jpg
[2014/05/14 18:15:23 | 000,070,685 | ---- | C] () -- C:\Users\yakuza\Desktop\10258548_10152375108418459_4596948903873198834_n.png
[2014/05/11 18:17:12 | 000,007,602 | ---- | C] () -- C:\Users\yakuza\AppData\Local\Resmon.ResmonCfg
[2013/07/26 18:29:05 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/07/26 18:29:03 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/12/29 23:46:26 | 000,105,119 | ---- | C] () -- C:\Users\yakuza\AppData\Local\SRDownloader(1).err
[2012/12/29 23:45:56 | 000,001,320 | ---- | C] () -- C:\Users\yakuza\AppData\Local\SRDownloader(1).nast
[2012/12/29 23:35:55 | 000,000,033 | ---- | C] () -- C:\Users\yakuza\AppData\Local\SRDownloader.err
[2012/11/19 22:00:00 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/11/16 19:44:59 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/11/04 20:28:46 | 000,001,088 | ---- | C] () -- C:\Users\yakuza\AppData\Local\SRDownloader.nast
[2012/09/14 16:42:28 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\drivers\MTictwl.sys
[2012/09/14 16:24:16 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/25 04:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 04:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< :OTL >

< IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC >

< IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} >

< IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC >

< IE - HKU\S-1-5-21-2123353453-1993312672-866605396-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} >

< IE - HKU\S-1-5-21-2123353453-1993312672-866605396-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC >

< IE - HKU\S-1-5-21-2123353453-1993312672-866605396-1000\..\SearchScopes\{FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}: "URL" = http://www.google.com/custom?q={searchT ... %3A1%3BDIV >

< O1364bit: - gopher Prefix: missing >

< O13 - gopher Prefix: missing >

< O18:64bit: - Protocol\Handler\ms-help - No CLSID value found >

< O18:64bit: - Protocol\Handler\skype4com - No CLSID value found >

< O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. >

< O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. >

< O33 - MountPoints2\{131613ed-d19e-11e2-b69a-001fd080ce60}\Shell - "" = AutoRun >

< O33 - MountPoints2\{131613ed-d19e-11e2-b69a-001fd080ce60}\Shell\AutoRun\command - "" = E:\CrossLinkPlus.exe >

< O33 - MountPoints2\{13161401-d19e-11e2-b69a-001fd080ce60}\Shell - "" = AutoRun >

< O33 - MountPoints2\{13161401-d19e-11e2-b69a-001fd080ce60}\Shell\AutoRun\command - "" = E:\CrossLinkPlus.exe >

< O33 - MountPoints2\{17c7b003-3e16-11e3-8b81-001fd080ce60}\Shell - "" = AutoRun >

< O33 - MountPoints2\{17c7b003-3e16-11e3-8b81-001fd080ce60}\Shell\AutoRun\command - "" = E:\CrossLinkPlus.exe >

< O33 - MountPoints2\{640b6d10-357b-11e2-9b6b-001fd080ce60}\Shell - "" = AutoRun >

< O33 - MountPoints2\{640b6d10-357b-11e2-9b6b-001fd080ce60}\Shell\AutoRun\command - "" = E:\CrossLinkPlus.exe >

< O33 - MountPoints2\{e35c96aa-8839-11e3-8c25-001fd080ce60}\Shell - "" = AutoRun >

< O33 - MountPoints2\{e35c96aa-8839-11e3-8c25-001fd080ce60}\Shell\AutoRun\command - "" = E:\CrossLinkPlus.exe >

< O33 - MountPoints2\{f6b59d4f-787b-11e2-b238-001fd080ce60}\Shell - "" = AutoRun >

< O33 - MountPoints2\{f6b59d4f-787b-11e2-b238-001fd080ce60}\Shell\AutoRun\command - "" = E:\CrossLinkPlus.exe >

< O33 - MountPoints2\E\Shell - "" = AutoRun >

< O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\CrossLinkPlus.exe >

< >

< :files >

< %windir%\system32\*.tmp.dll /s >

< %windir%\system32\SET*.tmp /s >

< %windir%\*.tmp >
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< >

< :commands >

< [EMPTYTEMP] >

< [EMPTYFLASH] >

< [Purity] >

< End of report >

Vy ale musíte kliknout na opravit.

run fix alebo run clean? Dal som pred tym run clean chcelo to reboot ale zrusil som to. Malo by to nieco poskodit?

Já mám OTL v češtině a jde o tlačítko s červeným nápidem pod tlačítkem >Prohledat< (vlevo nahoře druhé shora).

TAk po restarte sa log neobjavil,z plochy mi OTL zmizlo,ale mam tam 3 skryte priecinky desktop.ini dalsi desktop.ini a thumbs.db namiesto otl.Co dalej?

To je OK. To, co je tam navíc, jednoduše smažte. Nastala nějaká změna?

3 subory som teda vymazal,log to nevyhodilo ani po vypnuti.Zmenu som zatial nepostrehol,asi to je uz pocitac do srotu,ma nieco vyse 5 rokov a ktovie ci vobec komponenty do seba pasuju.diki ti za ochotu

Dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.