Dobrý večer,
chtěl bych požádat o preventivní kontrolu logu. Delší čas jsem SSD neformátoval a zdá se mi, že se PC zpomaluje. Díky moc.
Logfile of random's system information tool 1.10 (written by random/random)
Run by Kopecky at 2014-06-10 22:29:05
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 28 GB (33%) free of 86 GB
Total RAM: 8136 MB (71% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:29:07, on 10.6.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Kopecky\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\Kopecky.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AdobeCEPServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Kopecky\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: PHOTOfunSTUDIO 6.0.lnk = C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Úložná technologie Intel(R) Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Serviio - Unknown owner - C:\Program Files\Serviio\bin\ServiioService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11088 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4150626791-4065493338-2529544-1000Core.job - C:\Users\Kopecky\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4150626791-4065493338-2529544-1000UA.job - C:\Users\Kopecky\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18 462760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-05-07 436600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18 171944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2011-02-18 283160]
"NUSB3MON"=C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2010-11-17 113288]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-03-24 336384]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"AdobeCEPServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [2013-03-13 1039248]
"Adobe Creative Cloud"=C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2013-09-03 2237328]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-06-05 3890208]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-11-06 3673728]
"uTorrent"=C:\Users\Kopecky\AppData\Roaming\uTorrent\uTorrent.exe [2014-06-03 1272400]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files (x86)\Lenovo\Bluetooth Software\BTTray.exe
PHOTOfunSTUDIO 6.0.lnk - C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.FPS1"=frapsvid.dll
"VIDC.FFDS"=ff_vfw.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2014-06-10 22:24:12 ----D---- C:\rsit
2014-06-10 22:24:12 ----D---- C:\Program Files (x86)\trend micro
2014-05-19 19:04:01 ----A---- C:\Windows\SysWOW64\mshtmled.dll
2014-05-19 19:04:01 ----A---- C:\Windows\SysWOW64\mshtml.dll
2014-05-19 19:03:48 ----D---- C:\Program Files (x86)\Common Files\DESIGNER
2014-05-19 18:59:56 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-19 18:59:56 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-19 18:59:56 ----A---- C:\Windows\SysWOW64\msv1_0.dll
2014-05-19 18:59:56 ----A---- C:\Windows\SysWOW64\kerberos.dll
2014-05-19 18:59:55 ----A---- C:\Windows\SysWOW64\wdigest.dll
2014-05-19 18:59:55 ----A---- C:\Windows\SysWOW64\TSpkg.dll
2014-05-19 18:59:55 ----A---- C:\Windows\SysWOW64\objsel.dll
2014-05-19 18:59:55 ----A---- C:\Windows\SysWOW64\KernelBase.dll
2014-05-19 18:59:54 ----A---- C:\Windows\SysWOW64\wincredprovider.dll
2014-05-19 18:59:54 ----A---- C:\Windows\SysWOW64\sspicli.dll
2014-05-19 18:59:54 ----A---- C:\Windows\SysWOW64\schannel.dll
2014-05-19 18:59:54 ----A---- C:\Windows\SysWOW64\secur32.dll
2014-05-19 18:59:54 ----A---- C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-19 18:59:54 ----A---- C:\Windows\SysWOW64\dimsroam.dll
2014-05-19 18:59:54 ----A---- C:\Windows\SysWOW64\credssp.dll
2014-05-19 18:59:54 ----A---- C:\Windows\SysWOW64\cngprovider.dll
2014-05-19 18:59:54 ----A---- C:\Windows\SysWOW64\capiprovider.dll
2014-05-19 18:59:54 ----A---- C:\Windows\SysWOW64\adprovider.dll
2014-05-19 18:59:26 ----A---- C:\Windows\SysWOW64\shell32.dll
======List of files/folders modified in the last 1 month======
2014-06-10 22:29:06 ----D---- C:\Windows\Temp
2014-06-10 22:26:06 ----D---- C:\ProgramData\PMB Files
2014-06-10 22:24:20 ----D---- C:\Windows\Prefetch
2014-06-10 22:24:12 ----RD---- C:\Program Files (x86)
2014-06-10 22:10:13 ----D---- C:\Windows\SysWOW64
2014-06-10 22:10:13 ----D---- C:\Windows\System32
2014-06-10 22:10:13 ----D---- C:\Windows\inf
2014-06-10 22:10:10 ----D---- C:\Windows
2014-06-10 21:23:10 ----D---- C:\Windows\tracing
2014-06-10 18:32:03 ----D---- C:\Users\Kopecky\AppData\Roaming\uTorrent
2014-06-10 17:38:50 ----A---- C:\Windows\SysWOW64\log.txt
2014-06-03 21:58:35 ----SHD---- C:\System Volume Information
2014-05-20 18:02:58 ----D---- C:\Windows\rescache
2014-05-20 17:45:46 ----D---- C:\Windows\Microsoft.NET
2014-05-20 17:45:28 ----RSD---- C:\Windows\assembly
2014-05-19 20:18:15 ----D---- C:\Windows\winsxs
2014-05-19 20:17:07 ----D---- C:\Windows\PolicyDefinitions
2014-05-19 19:04:00 ----SHD---- C:\Windows\Installer
2014-05-19 19:04:00 ----D---- C:\ProgramData\Microsoft Help
2014-05-19 19:03:48 ----D---- C:\Program Files (x86)\Common Files
2014-05-14 21:09:04 ----A---- C:\Windows\SysWOW64\FlashPlayerApp.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\SysWOW64\drivers\aswRvrt.sys []
R0 aswVmm;avast! VM Monitor; C:\Windows\SysWOW64\drivers\aswVmm.sys []
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys []
R0 LHDmgr;LHDmgr; C:\Windows\System32\DRIVERS\LhdX64.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys []
R1 aswKbd;aswKbd; C:\Windows\SysWOW64\drivers\aswKbd.sys []
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys []
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys []
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys []
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys []
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys []
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys []
R2 TurboB;Turbo Boost UI Monitor driver; C:\Windows\system32\DRIVERS\TurboB.sys []
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\Windows\system32\DRIVERS\AcpiVpc.sys []
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys []
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys []
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys []
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys []
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys []
R3 BTWAMPFL;btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys []
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys []
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys []
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys []
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys []
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys []
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys []
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys []
R3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys []
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys []
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys []
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys []
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys []
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys []
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys []
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-02-25 11856]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys []
S3 ALSysIO;ALSysIO; \??\C:\Users\Kopecky\AppData\Local\Temp\ALSysIO64.sys []
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys []
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
S3 NPPTNT2;NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [2005-01-02 4682]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys []
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUVStor.sys []
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys []
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys []
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys []
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\drivers\usbscan.sys []
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys []
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-09-03 65640]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe []
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-05-07 50344]
R2 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [2010-12-14 953632]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-02-18 13336]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-12-21 325656]
R2 Serviio;Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [2013-12-20 359936]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-08-27 1403200]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14 257712]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe /V []
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2011-03-28 4323256]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2013-03-15 543656]
S3 TuneUp.Defrag;@C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [2013-07-16 607040]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0; C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []
S4 NetMsmqActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Preventivní kontrola logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Preventivní kontrola logu
Zdravim 
Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne
Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text
Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).
Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text
Kód: Vybrat vše
CREATERESTOREPOINT
netsvcs
drivers32
savembr:0
/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop
%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5
*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Preventivní kontrola logu
Dobrý večer, omlouvám se, dostal jsem se k PC až večer, přikládám oba *.txt soubory.
OTL logfile created on: 11.6.2014 22:10:42 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kopecky\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
7,95 Gb Total Physical Memory | 5,18 Gb Available Physical Memory | 65,21% Memory free
7,94 Gb Paging File | 5,26 Gb Available in Paging File | 66,24% Paging File free
Paging file location(s): [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 83,75 Gb Total Space | 28,00 Gb Free Space | 33,43% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 165,36 Gb Free Space | 17,75% Space Free | Partition Type: NTFS
Computer Name: KOPECKYNB | User Name: Kopecky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014.06.11 21:23:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kopecky\Desktop\OTL.exe
PRC - [2014.06.05 18:01:09 | 003,890,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014.05.07 08:05:40 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013.09.03 20:24:56 | 000,395,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
PRC - [2013.09.03 15:58:26 | 002,237,328 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
PRC - [2013.09.03 15:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.08.30 10:01:00 | 004,579,696 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
PRC - [2013.06.13 14:46:40 | 000,815,992 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2013.03.13 13:39:04 | 001,039,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
PRC - [2011.02.18 09:20:54 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.02.18 09:20:50 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.12.21 11:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.21 11:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.11.19 13:52:54 | 000,174,064 | ---- | M] (Panasonic Corporation) -- C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
PRC - [2010.11.17 03:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
========== Modules (No Company Name) ==========
MOD - [2014.05.19 22:15:10 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\562bdd62e51e3eaac4e7c3c30fc6a200\IAStorUtil.ni.dll
MOD - [2014.05.19 20:19:33 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\98c91b8d3f1d54c41ada5f37e0935303\System.Runtime.Remoting.ni.dll
MOD - [2014.05.19 20:19:32 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4f66c3dc2cd6583df3fcc393edcb48a7\System.Transactions.ni.dll
MOD - [2014.05.19 20:19:31 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dbc236ca6655e4e3839ee4f802eb3f99\System.Data.ni.dll
MOD - [2014.05.14 01:40:54 | 000,414,536 | ---- | M] () -- C:\Users\Kopecky\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppgooglenaclpluginchrome.dll
MOD - [2014.05.14 01:40:50 | 004,217,672 | ---- | M] () -- C:\Users\Kopecky\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll
MOD - [2014.05.14 01:40:45 | 000,716,616 | ---- | M] () -- C:\Users\Kopecky\AppData\Local\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
MOD - [2014.05.14 01:40:44 | 000,126,280 | ---- | M] () -- C:\Users\Kopecky\AppData\Local\Google\Chrome\Application\35.0.1916.114\libegl.dll
MOD - [2014.05.14 01:40:43 | 001,732,424 | ---- | M] () -- C:\Users\Kopecky\AppData\Local\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
MOD - [2014.03.04 07:57:21 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2014.02.13 20:13:14 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\ad6e1822cef18d4543465d225d4f6cb6\IAStorCommon.ni.dll
MOD - [2014.02.13 20:10:19 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014.02.13 20:10:14 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014.02.13 20:10:05 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014.02.13 20:10:01 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014.02.13 20:09:58 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014.02.13 20:09:58 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014.02.13 20:09:53 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2013.12.12 17:01:08 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013.09.03 15:25:58 | 032,726,528 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
MOD - [2013.08.30 10:01:00 | 004,579,696 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
MOD - [2013.08.30 10:00:58 | 000,381,808 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CCInvokeAAM.dll
MOD - [2013.07.08 14:43:52 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_cs_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2013.03.13 13:42:38 | 000,071,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\zlib1.dll
MOD - [2012.07.24 19:40:16 | 000,296,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Data.SqlServerCe\3.5.1.0__89845dcd8080cc91\System.Data.SqlServerCe.dll
MOD - [2010.11.13 04:36:45 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_cs_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 03:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
========== Services (SafeList) ==========
SRV - [2014.05.14 21:09:04 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.10.23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.09.03 15:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.07.16 22:03:51 | 000,607,040 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2013.03.15 18:29:10 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.03.28 21:51:25 | 004,323,256 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011.02.18 09:20:54 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.12.21 11:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.12.21 11:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.08.27 15:01:22 | 001,403,200 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.08.27 14:56:30 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV - [2010.02.25 11:18:08 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.02 23:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... d=ie7&rlz=
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4150626791-4065493338-2529544-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
IE - HKU\S-1-5-21-4150626791-4065493338-2529544-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/search?q={searchT ... d=ie7&rlz=
IE - HKU\S-1-5-21-4150626791-4065493338-2529544-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKU\S-1-5-21-4150626791-4065493338-2529544-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-4150626791-4065493338-2529544-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4150626791-4065493338-2529544-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE11SR
IE - HKU\S-1-5-21-4150626791-4065493338-2529544-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www2.delta-search.com/?q={search ... 4&tsp=4986
IE - HKU\S-1-5-21-4150626791-4065493338-2529544-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... d=ie7&rlz=
IE - HKU\S-1-5-21-4150626791-4065493338-2529544-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kopecky\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kopecky\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: E:\Hry\Settlers\Data\Base\_Dbg\Bin\Release\orbit\npuplaypc.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\7go@7go.com: C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\7go@7go.com [2013.08.26 21:16:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\speedanalysis02@SpeedAnalysis.com: C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com [2013.08.26 21:17:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@VideoPlayerV3beta748.net: C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta748\ff [2014.01.11 13:49:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\7go@7go.com: C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\7go@7go.com [2013.08.26 21:16:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\speedanalysis02@SpeedAnalysis.com: C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com [2013.08.26 21:17:05 | 000,000,000 | ---D | M]
[2013.08.26 21:17:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions
[2013.08.26 21:16:56 | 000,000,000 | ---D | M] (7Go Games) -- C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\7go@7go.com
[2013.08.26 21:17:05 | 000,000,000 | ---D | M] (Speed Analysis 2) -- C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = https://www.google.com/complete/search? ... earchTerms},
CHR - homepage: www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Kopecky\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kopecky\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kopecky\AppData\Local\Google\Chrome\Application\35.0.1916.114\gcswf32.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Kopecky\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Kopecky\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - Extension: YouTube = C:\Users\Kopecky\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Vyhledávánà Google = C:\Users\Kopecky\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Peněženka Google = C:\Users\Kopecky\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Kopecky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2014.03.16 14:05:15 | 000,000,941 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 genuine.microsoft.com
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O1 - Hosts: 127.0.0.1 sls.microsoft.com
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Adobe Creative Cloud] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCEPServiceManager] C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4150626791-4065493338-2529544-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra Button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5ACE836E-D1EF-4A7E-AD7B-3E9488DFF904}: DhcpNameServer = 213.46.172.36 213.46.172.37
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7A3C0CE-69E7-4CDE-852E-70A2D96DECDE}: DhcpNameServer = 213.46.172.36 213.46.172.37
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.08.26 02:41:05 | 000,000,000 | RH-D | M] - E:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002.10.16 14:56:50 | 000,000,036 | RH-- | M] () - E:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{c8ff6e49-8797-11e1-89c3-3859f9fc7ea1}\Shell - "" = AutoRun
O33 - MountPoints2\{c8ff6e49-8797-11e1-89c3-3859f9fc7ea1}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{cad61f6a-6996-11e3-b43b-3859f9fc7ea1}\Shell - "" = AutoRun
O33 - MountPoints2\{cad61f6a-6996-11e3-b43b-3859f9fc7ea1}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\laucher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014.06.11 21:23:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kopecky\Desktop\OTL.exe
[2014.06.10 22:50:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014.06.10 22:24:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2014.06.10 22:24:12 | 000,000,000 | ---D | C] -- C:\rsit
[2014.05.19 19:04:01 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014.05.19 19:03:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014.05.19 18:59:56 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014.05.19 18:59:56 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014.05.19 18:59:55 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\objsel.dll
[2014.05.19 18:59:54 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cngprovider.dll
[2014.05.19 18:59:54 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adprovider.dll
[2014.05.19 18:59:54 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capiprovider.dll
[2014.05.19 18:59:54 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapiprovider.dll
[2014.05.19 18:59:54 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll
[2014.05.19 18:59:54 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wincredprovider.dll
========== Files - Modified Within 30 Days ==========
[2014.06.11 22:08:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.06.11 22:01:12 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014.06.11 22:01:01 | 000,000,116 | ---- | M] () -- C:\.dir
[2014.06.11 21:23:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kopecky\Desktop\OTL.exe
[2014.06.11 21:13:27 | 000,000,970 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4150626791-4065493338-2529544-1000UA.job
[2014.06.11 21:00:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.06.10 22:59:56 | 000,213,696 | ---- | M] () -- C:\Users\Kopecky\Documents\cc_20140610_225940.reg
[2014.06.10 22:50:24 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014.06.07 14:13:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4150626791-4065493338-2529544-1000Core.job
[2014.06.04 07:04:29 | 000,002,399 | ---- | M] () -- C:\Users\Kopecky\Desktop\Google Chrome.lnk
[2014.06.03 21:12:59 | 000,000,854 | ---- | M] () -- C:\Users\Kopecky\Desktop\µTorrent.lnk
[2014.05.27 19:16:32 | 000,000,873 | ---- | M] () -- C:\Users\Kopecky\Desktop\Play DmC Devil May Cry.lnk
[2014.05.14 21:09:04 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014.05.14 21:09:04 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
========== Files Created - No Company Name ==========
[2014.06.11 21:26:46 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014.06.10 22:59:43 | 000,213,696 | ---- | C] () -- C:\Users\Kopecky\Documents\cc_20140610_225940.reg
[2014.06.10 22:50:24 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014.05.27 19:16:32 | 000,000,873 | ---- | C] () -- C:\Users\Kopecky\Desktop\Play DmC Devil May Cry.lnk
[2014.03.16 14:05:15 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\winver.exe
[2013.12.27 23:29:34 | 000,000,043 | ---- | C] () -- C:\Windows\MezzmoMediaServer.INI
[2013.08.26 21:17:13 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.11.06 19:07:36 | 000,000,132 | ---- | C] () -- C:\Users\Kopecky\AppData\Roaming\Adobe Formát BMP CS5 – předvolby
[2012.10.17 10:54:30 | 000,057,856 | ---- | C] () -- C:\Windows\Fce32.dll
[2012.10.17 10:54:29 | 000,092,672 | ---- | C] () -- C:\Windows\SysWow64\See32.dll
[2012.10.17 10:54:29 | 000,057,856 | ---- | C] () -- C:\Windows\SysWow64\Fce32.dll
[2012.09.30 21:49:07 | 000,000,600 | ---- | C] () -- C:\Users\Kopecky\AppData\Local\PUTTY.RND
[2012.09.30 21:18:48 | 000,003,280 | ---- | C] () -- C:\Windows\SysWow64\LOWERP.ini
[2012.09.30 21:18:48 | 000,001,760 | ---- | C] () -- C:\Windows\SysWow64\LPOff.ini
[2012.07.24 19:41:57 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012.07.24 19:41:57 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012.07.24 19:41:57 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012.07.24 19:41:57 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012.07.24 19:41:57 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012.07.24 19:41:57 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012.07.24 19:41:57 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012.07.24 19:41:57 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012.07.24 19:41:57 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012.07.24 19:41:57 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2012.07.24 19:41:57 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012.07.24 19:41:57 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012.07.24 19:41:57 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012.07.24 19:41:57 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012.07.24 19:41:57 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012.07.24 19:41:57 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2012.07.24 19:41:57 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2012.07.24 19:41:57 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012.07.24 19:41:57 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011.12.24 10:22:38 | 000,000,037 | -HS- | C] () -- C:\Users\Kopecky\AppData\Local\1754111884ee9ab5277ca00.95260103
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014.03.25 04:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.03.25 04:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013.08.26 21:16:56 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\7go
[2013.12.12 17:19:28 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\AVAST Software
[2013.08.26 21:16:53 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Babylon
[2013.04.06 13:14:43 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\BSplayer
[2013.04.06 13:10:11 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\BSplayer Pro
[2014.06.10 22:58:38 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\DAEMON Tools Lite
[2013.12.06 18:46:34 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\DriverCure
[2014.05.07 18:05:18 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Dropbox
[2013.03.03 19:15:26 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\ESET
[2011.12.15 17:34:13 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\GHISLER
[2013.03.24 14:24:44 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\ICQ
[2014.02.08 15:30:52 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\library_dir
[2013.01.12 01:11:13 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\LiveCAD3
[2011.12.15 14:08:40 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\LolClient
[2012.05.24 19:54:57 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\LolClient2
[2012.01.24 13:34:05 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\NetworkTunnel
[2011.12.15 11:14:39 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Nitro PDF
[2011.12.15 11:13:14 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\OpenCandy
[2013.12.06 18:46:34 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\ParetoLogic
[2013.10.01 18:31:37 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\PDAppFlex
[2013.08.26 21:19:21 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\PerformerSoft
[2014.02.19 23:22:55 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Raptr
[2014.05.10 20:40:43 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Riot Games
[2013.08.26 21:17:20 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\SeeSimilar02
[2014.04.22 22:52:33 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Seznam.cz
[2013.08.26 21:17:05 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\SpeedAnalysis2
[2012.10.24 18:42:10 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013.12.15 13:36:37 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\The Creative Assembly
[2013.06.11 20:53:08 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Theta
[2014.06.10 22:58:37 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\TS3Client
[2012.10.16 18:11:38 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\TuneUp Software
[2014.06.10 22:58:37 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\uTorrent
[2012.10.17 11:02:56 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\WebcamMax
[2012.09.30 21:19:14 | 000,000,000 | -HSD | M] -- C:\Users\Kopecky\AppData\Roaming\wyUpdate AU
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:AF4CCAAD
< End of report >
OTL logfile created on: 11.6.2014 22:10:42 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kopecky\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
7,95 Gb Total Physical Memory | 5,18 Gb Available Physical Memory | 65,21% Memory free
7,94 Gb Paging File | 5,26 Gb Available in Paging File | 66,24% Paging File free
Paging file location(s): [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 83,75 Gb Total Space | 28,00 Gb Free Space | 33,43% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 165,36 Gb Free Space | 17,75% Space Free | Partition Type: NTFS
Computer Name: KOPECKYNB | User Name: Kopecky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014.06.11 21:23:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kopecky\Desktop\OTL.exe
PRC - [2014.06.05 18:01:09 | 003,890,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014.05.07 08:05:40 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013.09.03 20:24:56 | 000,395,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
PRC - [2013.09.03 15:58:26 | 002,237,328 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
PRC - [2013.09.03 15:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.08.30 10:01:00 | 004,579,696 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
PRC - [2013.06.13 14:46:40 | 000,815,992 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2013.03.13 13:39:04 | 001,039,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
PRC - [2011.02.18 09:20:54 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.02.18 09:20:50 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.12.21 11:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.21 11:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.11.19 13:52:54 | 000,174,064 | ---- | M] (Panasonic Corporation) -- C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
PRC - [2010.11.17 03:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
========== Modules (No Company Name) ==========
MOD - [2014.05.19 22:15:10 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\562bdd62e51e3eaac4e7c3c30fc6a200\IAStorUtil.ni.dll
MOD - [2014.05.19 20:19:33 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\98c91b8d3f1d54c41ada5f37e0935303\System.Runtime.Remoting.ni.dll
MOD - [2014.05.19 20:19:32 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4f66c3dc2cd6583df3fcc393edcb48a7\System.Transactions.ni.dll
MOD - [2014.05.19 20:19:31 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dbc236ca6655e4e3839ee4f802eb3f99\System.Data.ni.dll
MOD - [2014.05.14 01:40:54 | 000,414,536 | ---- | M] () -- C:\Users\Kopecky\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppgooglenaclpluginchrome.dll
MOD - [2014.05.14 01:40:50 | 004,217,672 | ---- | M] () -- C:\Users\Kopecky\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll
MOD - [2014.05.14 01:40:45 | 000,716,616 | ---- | M] () -- C:\Users\Kopecky\AppData\Local\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
MOD - [2014.05.14 01:40:44 | 000,126,280 | ---- | M] () -- C:\Users\Kopecky\AppData\Local\Google\Chrome\Application\35.0.1916.114\libegl.dll
MOD - [2014.05.14 01:40:43 | 001,732,424 | ---- | M] () -- C:\Users\Kopecky\AppData\Local\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
MOD - [2014.03.04 07:57:21 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2014.02.13 20:13:14 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\ad6e1822cef18d4543465d225d4f6cb6\IAStorCommon.ni.dll
MOD - [2014.02.13 20:10:19 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014.02.13 20:10:14 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014.02.13 20:10:05 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014.02.13 20:10:01 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014.02.13 20:09:58 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014.02.13 20:09:58 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014.02.13 20:09:53 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2013.12.12 17:01:08 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013.09.03 15:25:58 | 032,726,528 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
MOD - [2013.08.30 10:01:00 | 004,579,696 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
MOD - [2013.08.30 10:00:58 | 000,381,808 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CCInvokeAAM.dll
MOD - [2013.07.08 14:43:52 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_cs_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2013.03.13 13:42:38 | 000,071,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\zlib1.dll
MOD - [2012.07.24 19:40:16 | 000,296,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Data.SqlServerCe\3.5.1.0__89845dcd8080cc91\System.Data.SqlServerCe.dll
MOD - [2010.11.13 04:36:45 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_cs_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 03:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
========== Services (SafeList) ==========
SRV - [2014.05.14 21:09:04 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.10.23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.09.03 15:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.07.16 22:03:51 | 000,607,040 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2013.03.15 18:29:10 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.03.28 21:51:25 | 004,323,256 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011.02.18 09:20:54 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.12.21 11:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.12.21 11:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.08.27 15:01:22 | 001,403,200 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.08.27 14:56:30 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV - [2010.02.25 11:18:08 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.02 23:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... d=ie7&rlz=
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4150626791-4065493338-2529544-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
IE - HKU\S-1-5-21-4150626791-4065493338-2529544-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/search?q={searchT ... d=ie7&rlz=
IE - HKU\S-1-5-21-4150626791-4065493338-2529544-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKU\S-1-5-21-4150626791-4065493338-2529544-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-4150626791-4065493338-2529544-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4150626791-4065493338-2529544-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE11SR
IE - HKU\S-1-5-21-4150626791-4065493338-2529544-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www2.delta-search.com/?q={search ... 4&tsp=4986
IE - HKU\S-1-5-21-4150626791-4065493338-2529544-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... d=ie7&rlz=
IE - HKU\S-1-5-21-4150626791-4065493338-2529544-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kopecky\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kopecky\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: E:\Hry\Settlers\Data\Base\_Dbg\Bin\Release\orbit\npuplaypc.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\7go@7go.com: C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\7go@7go.com [2013.08.26 21:16:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\speedanalysis02@SpeedAnalysis.com: C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com [2013.08.26 21:17:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@VideoPlayerV3beta748.net: C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta748\ff [2014.01.11 13:49:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\7go@7go.com: C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\7go@7go.com [2013.08.26 21:16:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\speedanalysis02@SpeedAnalysis.com: C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com [2013.08.26 21:17:05 | 000,000,000 | ---D | M]
[2013.08.26 21:17:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions
[2013.08.26 21:16:56 | 000,000,000 | ---D | M] (7Go Games) -- C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\7go@7go.com
[2013.08.26 21:17:05 | 000,000,000 | ---D | M] (Speed Analysis 2) -- C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = https://www.google.com/complete/search? ... earchTerms},
CHR - homepage: www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Kopecky\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kopecky\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kopecky\AppData\Local\Google\Chrome\Application\35.0.1916.114\gcswf32.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Kopecky\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Kopecky\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - Extension: YouTube = C:\Users\Kopecky\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Vyhledávánà Google = C:\Users\Kopecky\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Peněženka Google = C:\Users\Kopecky\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Kopecky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2014.03.16 14:05:15 | 000,000,941 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 genuine.microsoft.com
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O1 - Hosts: 127.0.0.1 sls.microsoft.com
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Adobe Creative Cloud] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCEPServiceManager] C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4150626791-4065493338-2529544-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra Button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5ACE836E-D1EF-4A7E-AD7B-3E9488DFF904}: DhcpNameServer = 213.46.172.36 213.46.172.37
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7A3C0CE-69E7-4CDE-852E-70A2D96DECDE}: DhcpNameServer = 213.46.172.36 213.46.172.37
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.08.26 02:41:05 | 000,000,000 | RH-D | M] - E:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002.10.16 14:56:50 | 000,000,036 | RH-- | M] () - E:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{c8ff6e49-8797-11e1-89c3-3859f9fc7ea1}\Shell - "" = AutoRun
O33 - MountPoints2\{c8ff6e49-8797-11e1-89c3-3859f9fc7ea1}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{cad61f6a-6996-11e3-b43b-3859f9fc7ea1}\Shell - "" = AutoRun
O33 - MountPoints2\{cad61f6a-6996-11e3-b43b-3859f9fc7ea1}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\laucher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014.06.11 21:23:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kopecky\Desktop\OTL.exe
[2014.06.10 22:50:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014.06.10 22:24:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2014.06.10 22:24:12 | 000,000,000 | ---D | C] -- C:\rsit
[2014.05.19 19:04:01 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014.05.19 19:03:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014.05.19 18:59:56 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014.05.19 18:59:56 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014.05.19 18:59:55 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\objsel.dll
[2014.05.19 18:59:54 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cngprovider.dll
[2014.05.19 18:59:54 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adprovider.dll
[2014.05.19 18:59:54 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capiprovider.dll
[2014.05.19 18:59:54 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapiprovider.dll
[2014.05.19 18:59:54 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll
[2014.05.19 18:59:54 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wincredprovider.dll
========== Files - Modified Within 30 Days ==========
[2014.06.11 22:08:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.06.11 22:01:12 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014.06.11 22:01:01 | 000,000,116 | ---- | M] () -- C:\.dir
[2014.06.11 21:23:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kopecky\Desktop\OTL.exe
[2014.06.11 21:13:27 | 000,000,970 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4150626791-4065493338-2529544-1000UA.job
[2014.06.11 21:00:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.06.10 22:59:56 | 000,213,696 | ---- | M] () -- C:\Users\Kopecky\Documents\cc_20140610_225940.reg
[2014.06.10 22:50:24 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014.06.07 14:13:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4150626791-4065493338-2529544-1000Core.job
[2014.06.04 07:04:29 | 000,002,399 | ---- | M] () -- C:\Users\Kopecky\Desktop\Google Chrome.lnk
[2014.06.03 21:12:59 | 000,000,854 | ---- | M] () -- C:\Users\Kopecky\Desktop\µTorrent.lnk
[2014.05.27 19:16:32 | 000,000,873 | ---- | M] () -- C:\Users\Kopecky\Desktop\Play DmC Devil May Cry.lnk
[2014.05.14 21:09:04 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014.05.14 21:09:04 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
========== Files Created - No Company Name ==========
[2014.06.11 21:26:46 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014.06.10 22:59:43 | 000,213,696 | ---- | C] () -- C:\Users\Kopecky\Documents\cc_20140610_225940.reg
[2014.06.10 22:50:24 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014.05.27 19:16:32 | 000,000,873 | ---- | C] () -- C:\Users\Kopecky\Desktop\Play DmC Devil May Cry.lnk
[2014.03.16 14:05:15 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\winver.exe
[2013.12.27 23:29:34 | 000,000,043 | ---- | C] () -- C:\Windows\MezzmoMediaServer.INI
[2013.08.26 21:17:13 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.11.06 19:07:36 | 000,000,132 | ---- | C] () -- C:\Users\Kopecky\AppData\Roaming\Adobe Formát BMP CS5 – předvolby
[2012.10.17 10:54:30 | 000,057,856 | ---- | C] () -- C:\Windows\Fce32.dll
[2012.10.17 10:54:29 | 000,092,672 | ---- | C] () -- C:\Windows\SysWow64\See32.dll
[2012.10.17 10:54:29 | 000,057,856 | ---- | C] () -- C:\Windows\SysWow64\Fce32.dll
[2012.09.30 21:49:07 | 000,000,600 | ---- | C] () -- C:\Users\Kopecky\AppData\Local\PUTTY.RND
[2012.09.30 21:18:48 | 000,003,280 | ---- | C] () -- C:\Windows\SysWow64\LOWERP.ini
[2012.09.30 21:18:48 | 000,001,760 | ---- | C] () -- C:\Windows\SysWow64\LPOff.ini
[2012.07.24 19:41:57 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012.07.24 19:41:57 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012.07.24 19:41:57 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012.07.24 19:41:57 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012.07.24 19:41:57 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012.07.24 19:41:57 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012.07.24 19:41:57 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012.07.24 19:41:57 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012.07.24 19:41:57 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012.07.24 19:41:57 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2012.07.24 19:41:57 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012.07.24 19:41:57 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012.07.24 19:41:57 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012.07.24 19:41:57 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012.07.24 19:41:57 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012.07.24 19:41:57 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2012.07.24 19:41:57 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2012.07.24 19:41:57 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012.07.24 19:41:57 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011.12.24 10:22:38 | 000,000,037 | -HS- | C] () -- C:\Users\Kopecky\AppData\Local\1754111884ee9ab5277ca00.95260103
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014.03.25 04:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.03.25 04:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013.08.26 21:16:56 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\7go
[2013.12.12 17:19:28 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\AVAST Software
[2013.08.26 21:16:53 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Babylon
[2013.04.06 13:14:43 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\BSplayer
[2013.04.06 13:10:11 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\BSplayer Pro
[2014.06.10 22:58:38 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\DAEMON Tools Lite
[2013.12.06 18:46:34 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\DriverCure
[2014.05.07 18:05:18 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Dropbox
[2013.03.03 19:15:26 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\ESET
[2011.12.15 17:34:13 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\GHISLER
[2013.03.24 14:24:44 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\ICQ
[2014.02.08 15:30:52 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\library_dir
[2013.01.12 01:11:13 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\LiveCAD3
[2011.12.15 14:08:40 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\LolClient
[2012.05.24 19:54:57 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\LolClient2
[2012.01.24 13:34:05 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\NetworkTunnel
[2011.12.15 11:14:39 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Nitro PDF
[2011.12.15 11:13:14 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\OpenCandy
[2013.12.06 18:46:34 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\ParetoLogic
[2013.10.01 18:31:37 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\PDAppFlex
[2013.08.26 21:19:21 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\PerformerSoft
[2014.02.19 23:22:55 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Raptr
[2014.05.10 20:40:43 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Riot Games
[2013.08.26 21:17:20 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\SeeSimilar02
[2014.04.22 22:52:33 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Seznam.cz
[2013.08.26 21:17:05 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\SpeedAnalysis2
[2012.10.24 18:42:10 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013.12.15 13:36:37 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\The Creative Assembly
[2013.06.11 20:53:08 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Theta
[2014.06.10 22:58:37 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\TS3Client
[2012.10.16 18:11:38 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\TuneUp Software
[2014.06.10 22:58:37 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\uTorrent
[2012.10.17 11:02:56 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\WebcamMax
[2012.09.30 21:19:14 | 000,000,000 | -HSD | M] -- C:\Users\Kopecky\AppData\Roaming\wyUpdate AU
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:AF4CCAAD
< End of report >
Re: Preventivní kontrola logu
A druhý.
OTL Extras logfile created on: 11.6.2014 22:10:42 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kopecky\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
7,95 Gb Total Physical Memory | 5,18 Gb Available Physical Memory | 65,21% Memory free
7,94 Gb Paging File | 5,26 Gb Available in Paging File | 66,24% Paging File free
Paging file location(s): [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 83,75 Gb Total Space | 28,00 Gb Free Space | 33,43% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 165,36 Gb Free Space | 17,75% Space Free | Partition Type: NTFS
Computer Name: KOPECKYNB | User Name: Kopecky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06AB4586-9EFF-4A46-9A80-6EAD0CAF34CC}" = rport=139 | protocol=6 | dir=out | app=system |
"{0878027E-D4A6-4661-B343-546F0783EEE3}" = lport=2869 | protocol=6 | dir=in | name=mezzmo media server service |
"{1172AF11-0E2E-4E59-AD48-D33A2E1B51BD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1272019A-B6AE-404D-B563-352FA3CBACB4}" = lport=56735 | protocol=6 | dir=in | name=pando media booster |
"{1678542F-175F-45DF-8A3E-DE944E3E11D4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1A79D013-73A4-4517-97F3-41FB4ACE1AAB}" = lport=138 | protocol=17 | dir=in | app=system |
"{1CE6008E-C7CD-4E04-B367-DBBA4624A67C}" = lport=56735 | protocol=6 | dir=in | name=pando media booster |
"{2AAFB46C-DCB3-4409-B63A-0F8A83A96B3E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2E833E7B-AF32-4573-A562-29081D1BED27}" = rport=138 | protocol=17 | dir=out | app=system |
"{2F26D600-D6AB-424D-A54A-3CCC3E6AD997}" = lport=1900 | protocol=17 | dir=in | name=mezzmo media server service |
"{31C19D31-F072-4E61-89C6-F7E767BB2691}" = lport=1900 | protocol=17 | dir=in | name=mezzmo media server service |
"{32D575D6-CA3D-4EDB-A14D-ECF26D0ABA97}" = lport=2869 | protocol=6 | dir=in | name=mezzmo media server service |
"{3B8A8474-209C-48FD-9EDA-84D30BDCDAC3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3D447553-7F34-4EFE-9435-AD5055AD6F77}" = lport=1900 | protocol=17 | dir=in | name=mezzmo media server service |
"{3E9BF27D-7B25-425C-9521-A4A6C0CA5DB8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{41707DC2-F683-4C48-8231-15E33B36AFF2}" = lport=445 | protocol=6 | dir=in | app=system |
"{44419009-8BF3-4C80-8EBE-96C24B1D4612}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4740C156-FD68-4B68-88CE-364D033286FA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4B3EF5A9-5B9D-488A-8E2A-51F4403F9217}" = lport=53168 | protocol=6 | dir=in | name=mezzmo media server service |
"{4DDA9D6E-F0E0-4398-A14C-959D1C882214}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{5442C73D-3C18-4C51-ACC2-30AD33F0F2C6}" = lport=2869 | protocol=6 | dir=in | name=mezzmo media server service |
"{5B825335-5946-4B91-84AE-227C21E9DAA7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{638F8286-241E-4466-AB87-D5F070E536EE}" = lport=53168 | protocol=6 | dir=in | name=mezzmo media server service |
"{6D56B57F-C51E-4014-9C95-83308CE42CF2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{77F7297C-5C71-48E3-ACC8-7833B42B71A2}" = lport=56735 | protocol=17 | dir=in | name=pando media booster |
"{8007A3A3-9A5E-4AC8-8EA8-AEE524D4213D}" = rport=445 | protocol=6 | dir=out | app=system |
"{8FFAE935-626E-419A-8629-BB3F8E65144F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9271FF2E-78E0-48F7-918D-7FEF3D842594}" = lport=10243 | protocol=6 | dir=in | app=system |
"{948FFD7E-FDBC-4523-9661-FCEE7B90C58D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{96413CC2-F121-47D6-A8A4-74303BCDDD65}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9BEDBD0A-B382-4686-BCF0-1450B468E28F}" = lport=53168 | protocol=6 | dir=in | name=mezzmo media server service |
"{A9BD5275-7C94-46CC-90B8-6474E82B5CE2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A9C9DA74-3A1A-46EB-98F9-0A8555208FFD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AC461C37-867D-4B9E-AE15-E2891B21F382}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{AF1D4F55-14A0-4BB5-921B-59B49625006A}" = lport=139 | protocol=6 | dir=in | app=system |
"{BB0BFBD5-06DC-4B48-805A-334E38F769E1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BD56CFE1-54F4-437A-BEB5-B6E3ACCA798E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D00B4408-D18F-4B11-8302-58DC901730E5}" = rport=137 | protocol=17 | dir=out | app=system |
"{D170CE01-D81C-4B14-BB34-35B4B46E712E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D36C06CF-F411-4FCD-8754-5B80002C92C5}" = lport=56735 | protocol=17 | dir=in | name=pando media booster |
"{D457A1BF-3F7D-4778-B117-4857CFF9F11F}" = lport=137 | protocol=17 | dir=in | app=system |
"{DD067ABA-A52D-4075-A588-3627C19CF68F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EA284F6D-CF89-4545-991E-6096968B26BA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EBD7AC93-B44B-4069-859C-1CFB0497B017}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F6318E9C-7000-4806-92CE-3E530E1012AB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{F71D319A-F138-4EC1-82E0-0DA5B6E00787}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09113304-4D9A-48B1-91E5-95CAE9B05C47}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1118B6C8-F756-4476-8BA8-D1F49B120B64}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{1E7D90FD-DEC8-4699-B067-891C911A0A77}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{1EF0F8A6-4728-485C-B64A-3F74DEFD0C97}" = protocol=17 | dir=in | app=c:\program files\serviio\bin\serviioservice.exe |
"{2290332A-E217-4B10-BDEC-9A775B401F2E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{2757E8C8-9FD5-48D1-B7CF-2ECC3364CC45}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{292A1080-E182-43F7-B04B-A4CA719CE22E}" = protocol=17 | dir=in | app=e:\hry\dmc\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe |
"{2AF65AE8-C52A-4B8A-B9EF-231DDD868E0E}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{2B2D78A9-4905-4286-89EC-A57E81695BD7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{31131128-1F9F-4B45-A38B-E4E4C48E1D09}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{368C4260-A307-41AC-B3AA-B7924D533658}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{38F97E84-D7EF-4537-B17D-6FD412C8914E}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{3BC2F357-C04C-464A-9366-9AB7415275ED}" = protocol=6 | dir=in | app=c:\program files\serviio\bin\serviioservice.exe |
"{41FBEA89-7FB7-42F7-8FD9-0239A21E6D8F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4549490C-FD52-45D7-819A-24147A80135B}" = protocol=58 | dir=in | app=system |
"{47BB3B80-B771-4287-99E4-AFDABC4254AA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{4B6D3F40-F6B6-412A-A7F2-B5FEDA62F4F5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4EEE06AD-0897-4FFF-BDEF-9E75552FBBBE}" = protocol=17 | dir=in | app=c:\users\kopecky\appdata\roaming\utorrent\utorrent.exe |
"{4F4F0205-1753-44CA-86E0-73E8E4FA44C9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{5024BC1D-9F77-4AB1-BAF0-7772A2FF273D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{63219A6B-8200-4E13-A97A-E84053EFFF3E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{648591CC-FF90-4947-AB9E-77286450CD6C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{67B4E91F-61C0-4EF1-8CC9-47CBB694031D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{68EA0CE9-3800-4A74-B54F-1841AE5E4089}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{76C62F26-DF13-46AC-BFE3-F432FE2FF57B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7A8D9A2C-7749-4990-A9B3-2FF62E3365EC}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7E7E351B-53B7-4179-AB44-A76104921C4F}" = protocol=6 | dir=in | app=e:\hry\dmc\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe |
"{7E7EFAB4-1B2F-4C92-ACED-3F4B051E843E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8298B8EB-1E38-4574-ADE4-C29613DF5A39}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{858B9BF6-04C4-4A60-A396-40B9691F5A4E}" = protocol=6 | dir=in | app=c:\program files\serviio\bin\serviioconsole.exe |
"{92AE7C7B-26FE-476F-8163-B98227C1A15F}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{93C1DE25-CE20-4D6D-874D-EFCEB1EDBF08}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{9468622E-FFF8-4C34-88E5-B5EBB5014A7E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{9E0E7A4C-F52C-4DCD-A52D-9230F05812E7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A7721075-348F-4E17-ADF6-CA5D55E6CD18}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AA5633F7-0A28-4B6A-81AC-8A700E54F5C7}" = protocol=17 | dir=in | app=c:\users\kopecky\appdata\roaming\utorrent\utorrent.exe |
"{AEB7B1D2-2BFE-43C0-A028-0326E0711088}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AFDA6D93-71BF-4958-AFD9-684DDC41C7A2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B19CFF59-F112-4ADA-97A7-CD3967235210}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B4190145-48CE-465D-8399-770B1E2709FB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BFB7F81D-9487-48F0-8066-3AF990A39895}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C793A129-F8FF-4788-9665-4F2B7AEBC6BD}" = protocol=6 | dir=in | app=c:\users\kopecky\appdata\roaming\utorrent\utorrent.exe |
"{CE36282F-AA22-4CDA-A553-D50BBF0045FB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D1E65184-B619-4AD4-A242-2D86DAAD5BD5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D803EEE5-829E-48A5-AE84-31A61D87CB41}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DEB1A251-F67E-443D-82B9-A52E590DEB05}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{DFFE7571-F84E-47EE-B962-9386EB2313BD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E0CDFADA-067C-4188-9710-831915FCC82E}" = protocol=6 | dir=out | app=system |
"{E3814A2F-BC75-47BE-BB65-6EA407AD7804}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E6043DFA-4E57-46E8-A740-621B240E6964}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{E704E9CC-AB8C-46D9-BA8B-CE4DD36BBF50}" = protocol=6 | dir=in | app=c:\users\kopecky\appdata\roaming\utorrent\utorrent.exe |
"{EEECB23C-33EC-48F3-B831-3F1D3DBF535F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{F8BA7EA5-D9C0-4729-BDA0-22CDB76CFBCD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{0275E383-DFEB-4115-AAC9-D778887E3B5B}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{49D26815-52DD-4273-8DB9-EF2A998F6F45}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{954D4AAF-A6F7-4D6D-A36E-0CE23D6CD35C}C:\program files (x86)\ubisoft\heroes 3 complete\heroes3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\heroes 3 complete\heroes3.exe |
"TCP Query User{99ABB677-2F07-4552-844C-9A71C582B9D4}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{CA609764-A32D-4AF3-9119-3871FE1F8E0B}E:\hry\dmc\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe" = protocol=6 | dir=in | app=e:\hry\dmc\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe |
"UDP Query User{1CE434DF-C272-4555-B584-EE94EBF4354D}C:\program files (x86)\ubisoft\heroes 3 complete\heroes3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\heroes 3 complete\heroes3.exe |
"UDP Query User{69CD6527-5570-415E-BAC4-E6EA24F8100E}E:\hry\dmc\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe" = protocol=17 | dir=in | app=e:\hry\dmc\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe |
"UDP Query User{89172FD4-25CE-405D-A0E1-0397736D3695}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{C2EC6667-4946-4F5B-9C44-ACE8CCD91107}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{C575A254-F479-47E6-A2C9-4CE3AAB0D7EB}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0389A677-241F-6EEC-54B0-2D07F620776E}" = Catalyst Control Center Localization All
"{03D98FB6-0E27-5614-864A-961248BD89E8}" = CCC Help Danish
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{121C477C-5B7B-44E3-B621-BDDB542AE8FD}" = TuneUp Utilities Language Pack (en-GB)
"{19555808-AF6B-9E99-366C-A2D8C6FB3D07}" = CCC Help English
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBAE18D-4DE4-47AA-83EC-D1B046F262DC}" = PDF Settings CC
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 51
"{271B24E3-1505-B13A-BF3E-282CF0C54B68}" = PX Profile Update
"{29172463-C766-9812-F399-82380F03761A}" = CCC Help Korean
"{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}" = Adobe Photoshop CC
"{2E6D4F14-C94C-758B-46E4-9AD21852108F}" = CCC Help Portuguese
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3DBFE2A1-945C-9F14-17F6-1F74CB4F82A5}" = CCC Help Japanese
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4504861F-2770-D8F2-F0B1-B723FADF315F}" = CCC Help Polish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{50210E48-FB67-0045-3853-C3FBEB470127}" = CCC Help French
"{5035C1F3-6147-3C83-3C39-37B6DBDAC163}" = CCC Help Thai
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5F1DD61A-0C22-E924-3A81-DFFCC14A5A97}" = CCC Help Russian
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6B84E528-9705-4D36-9C97-97B8E23DAB75}" = League of Legends
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A2BF2A-E7E5-BA48-7525-02BD5B7425C7}" = CCC Help Chinese Standard
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{744C5097-94C7-DE34-5B1F-43EDFDBD5E35}" = CCC Help Dutch
"{795062B9-1B7A-7ACA-1C7D-7B3D61F4116A}" = ccc-core-static
"{7D5B0DA2-9AAE-3ADF-B692-685EA3DC64C6}" = CCC Help Italian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8CC173F3-DBEC-ED42-68EF-49BCB95FC49F}" = CCC Help Swedish
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{0B7A4B67-2A38-42B1-9857-662FAB361E08}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{FDF9A959-241A-4662-A8DE-7DED9C22D160}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0405-1000-0000000FF1CE}_ENTERPRISE_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{96A84750-A54D-C7C3-44AA-5C28C36C5640}" = CCC Help German
"{96B17AEC-9C54-0969-5613-4C9B33BFEAFF}" = CCC Help Chinese Traditional
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E1751DF-188D-591B-3887-1825F597007A}" = CCC Help Spanish
"{A44B2324-CB46-A9F9-7FDC-7FD087AEC7FC}" = Catalyst Control Center Profiles Mobile
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1029-7B44-AA1000000001}" = Adobe Reader X (10.1.8) - Czech
"{AD40A06A-77AB-4E2E-B2AA-FDE106A9977A}" = Lenovo EasyCamera
"{B34E1065-711C-7B9E-C77D-9E071DAAFC31}" = CCC Help Finnish
"{B62A8A6F-5E48-4336-BF13-1632D5921872}" = PHOTOfunSTUDIO 6.0
"{B92C2C6C-F70E-497B-88A7-1FEF9888272B}" = Adobe AIR
"{BA0F92C2-2012-0AF0-A2CE-62E220A0AF06}" = CCC Help Hungarian
"{BCFC4789-7C5E-B050-CBB1-8C6CA46990A8}" = CCC Help Greek
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{CCB6DF61-A144-02B4-EDC7-D7478AF7B27D}" = CCC Help Norwegian
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.11 Game
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E7FC3EAE-C6D8-92D1-B065-29DECFD5A8E7}" = Catalyst Control Center Graphics Previews Common
"{EDFB64A7-5BFD-4137-943D-5663149A15F5}" = Heroes of Might and Magic III Complete
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F8B2AA7F-956F-D943-F1C0-42843041B108}" = CCC Help Czech
"{FC2C6FBD-01DC-36D8-5F4B-7033B00C9963}" = CCC Help Turkish
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Creative Cloud" = Adobe Creative Cloud
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"avast" = avast! Free Antivirus
"BSPlayerf" = BS.Player FREE
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"DirectVobSub" = DirectVobSub (remove only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
"Hamachi" = Hamachi 1.0.2.5
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{EDFB64A7-5BFD-4137-943D-5663149A15F5}" = Heroes of Might and Magic III Complete
"League of Legends 3.0.1" = League of Legends
"OpenAL" = OpenAL
"PSPad editor_is1" = PSPad editor
"Raptr" = Raptr
"Totalcmd" = Total Commander (Remove or Repair)
"TuneUp Utilities" = TuneUp Utilities
"VLC media player" = VLC media player 2.1.2
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 5.01 (32-bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4150626791-4065493338-2529544-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 27.12.2012 12:46:35 | Computer Name = KopeckyNB | Source = Winlogon | ID = 4103
Description = Aktivace licence systému Windows se nezdařila. Chyba 0x00000000.
Error - 27.12.2012 18:55:23 | Computer Name = KopeckyNB | Source = Application Error | ID = 1000
Description = Název chybující aplikace: l2.exe, verze: 0.0.0.0, časové razítko:
0x4e55f39a Název chybujícího modulu: NWindow.DLL, verze: 0.0.0.0, časové razítko:
0x4e55f390 Kód výjimky: 0xc0000005 Posun chyby: 0x0045b252 ID chybujícího procesu:
0x1468 Čas spuštění chybující aplikace: 0x01cde451db806613 Cesta k chybující aplikaci:
C:\Hry\Lineage 2\system\l2.exe Cesta k chybujícímu modulu: C:\Hry\Lineage 2\system\NWindow.DLL
ID
zprávy: 7edd4e7d-5078-11e2-a963-3859f9fc7ea1
Error - 27.12.2012 18:55:28 | Computer Name = KopeckyNB | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 27.12.2012 18:55:28 | Computer Name = KopeckyNB | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 27.12.2012 18:55:28 | Computer Name = KopeckyNB | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 28.12.2012 7:21:34 | Computer Name = KopeckyNB | Source = Software Protection Platform Service | ID = 8198
Description = Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
0x800401F9
Error - 28.12.2012 7:21:34 | Computer Name = KopeckyNB | Source = Winlogon | ID = 4103
Description = Aktivace licence systému Windows se nezdařila. Chyba 0x00000000.
Error - 28.12.2012 7:51:33 | Computer Name = KopeckyNB | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 28.12.2012 8:20:26 | Computer Name = KopeckyNB | Source = Software Protection Platform Service | ID = 8198
Description = Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
0x800401F9
Error - 28.12.2012 8:20:26 | Computer Name = KopeckyNB | Source = Winlogon | ID = 4103
Description = Aktivace licence systému Windows se nezdařila. Chyba 0x00000000.
[ OSession Events ]
Error - 24.3.2012 10:14:12 | Computer Name = KopeckyNB | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 13328
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 11.6.2014 15:55:49 | Computer Name = KopeckyNB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Při pokusu o načtení souboru místních hostitelů došlo k chybě.
Error - 11.6.2014 15:57:55 | Computer Name = KopeckyNB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Při pokusu o načtení souboru místních hostitelů došlo k chybě.
Error - 11.6.2014 16:00:01 | Computer Name = KopeckyNB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Při pokusu o načtení souboru místních hostitelů došlo k chybě.
Error - 11.6.2014 16:02:53 | Computer Name = KopeckyNB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Při pokusu o načtení souboru místních hostitelů došlo k chybě.
Error - 11.6.2014 16:04:53 | Computer Name = KopeckyNB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Při pokusu o načtení souboru místních hostitelů došlo k chybě.
Error - 11.6.2014 16:06:53 | Computer Name = KopeckyNB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Při pokusu o načtení souboru místních hostitelů došlo k chybě.
Error - 11.6.2014 16:08:53 | Computer Name = KopeckyNB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Při pokusu o načtení souboru místních hostitelů došlo k chybě.
Error - 11.6.2014 16:10:53 | Computer Name = KopeckyNB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Při pokusu o načtení souboru místních hostitelů došlo k chybě.
Error - 11.6.2014 16:12:53 | Computer Name = KopeckyNB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Při pokusu o načtení souboru místních hostitelů došlo k chybě.
Error - 11.6.2014 16:14:53 | Computer Name = KopeckyNB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Při pokusu o načtení souboru místních hostitelů došlo k chybě.
< End of report >
OTL Extras logfile created on: 11.6.2014 22:10:42 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kopecky\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
7,95 Gb Total Physical Memory | 5,18 Gb Available Physical Memory | 65,21% Memory free
7,94 Gb Paging File | 5,26 Gb Available in Paging File | 66,24% Paging File free
Paging file location(s): [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 83,75 Gb Total Space | 28,00 Gb Free Space | 33,43% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 165,36 Gb Free Space | 17,75% Space Free | Partition Type: NTFS
Computer Name: KOPECKYNB | User Name: Kopecky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06AB4586-9EFF-4A46-9A80-6EAD0CAF34CC}" = rport=139 | protocol=6 | dir=out | app=system |
"{0878027E-D4A6-4661-B343-546F0783EEE3}" = lport=2869 | protocol=6 | dir=in | name=mezzmo media server service |
"{1172AF11-0E2E-4E59-AD48-D33A2E1B51BD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1272019A-B6AE-404D-B563-352FA3CBACB4}" = lport=56735 | protocol=6 | dir=in | name=pando media booster |
"{1678542F-175F-45DF-8A3E-DE944E3E11D4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1A79D013-73A4-4517-97F3-41FB4ACE1AAB}" = lport=138 | protocol=17 | dir=in | app=system |
"{1CE6008E-C7CD-4E04-B367-DBBA4624A67C}" = lport=56735 | protocol=6 | dir=in | name=pando media booster |
"{2AAFB46C-DCB3-4409-B63A-0F8A83A96B3E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2E833E7B-AF32-4573-A562-29081D1BED27}" = rport=138 | protocol=17 | dir=out | app=system |
"{2F26D600-D6AB-424D-A54A-3CCC3E6AD997}" = lport=1900 | protocol=17 | dir=in | name=mezzmo media server service |
"{31C19D31-F072-4E61-89C6-F7E767BB2691}" = lport=1900 | protocol=17 | dir=in | name=mezzmo media server service |
"{32D575D6-CA3D-4EDB-A14D-ECF26D0ABA97}" = lport=2869 | protocol=6 | dir=in | name=mezzmo media server service |
"{3B8A8474-209C-48FD-9EDA-84D30BDCDAC3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3D447553-7F34-4EFE-9435-AD5055AD6F77}" = lport=1900 | protocol=17 | dir=in | name=mezzmo media server service |
"{3E9BF27D-7B25-425C-9521-A4A6C0CA5DB8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{41707DC2-F683-4C48-8231-15E33B36AFF2}" = lport=445 | protocol=6 | dir=in | app=system |
"{44419009-8BF3-4C80-8EBE-96C24B1D4612}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4740C156-FD68-4B68-88CE-364D033286FA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4B3EF5A9-5B9D-488A-8E2A-51F4403F9217}" = lport=53168 | protocol=6 | dir=in | name=mezzmo media server service |
"{4DDA9D6E-F0E0-4398-A14C-959D1C882214}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{5442C73D-3C18-4C51-ACC2-30AD33F0F2C6}" = lport=2869 | protocol=6 | dir=in | name=mezzmo media server service |
"{5B825335-5946-4B91-84AE-227C21E9DAA7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{638F8286-241E-4466-AB87-D5F070E536EE}" = lport=53168 | protocol=6 | dir=in | name=mezzmo media server service |
"{6D56B57F-C51E-4014-9C95-83308CE42CF2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{77F7297C-5C71-48E3-ACC8-7833B42B71A2}" = lport=56735 | protocol=17 | dir=in | name=pando media booster |
"{8007A3A3-9A5E-4AC8-8EA8-AEE524D4213D}" = rport=445 | protocol=6 | dir=out | app=system |
"{8FFAE935-626E-419A-8629-BB3F8E65144F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9271FF2E-78E0-48F7-918D-7FEF3D842594}" = lport=10243 | protocol=6 | dir=in | app=system |
"{948FFD7E-FDBC-4523-9661-FCEE7B90C58D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{96413CC2-F121-47D6-A8A4-74303BCDDD65}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9BEDBD0A-B382-4686-BCF0-1450B468E28F}" = lport=53168 | protocol=6 | dir=in | name=mezzmo media server service |
"{A9BD5275-7C94-46CC-90B8-6474E82B5CE2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A9C9DA74-3A1A-46EB-98F9-0A8555208FFD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AC461C37-867D-4B9E-AE15-E2891B21F382}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{AF1D4F55-14A0-4BB5-921B-59B49625006A}" = lport=139 | protocol=6 | dir=in | app=system |
"{BB0BFBD5-06DC-4B48-805A-334E38F769E1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BD56CFE1-54F4-437A-BEB5-B6E3ACCA798E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D00B4408-D18F-4B11-8302-58DC901730E5}" = rport=137 | protocol=17 | dir=out | app=system |
"{D170CE01-D81C-4B14-BB34-35B4B46E712E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D36C06CF-F411-4FCD-8754-5B80002C92C5}" = lport=56735 | protocol=17 | dir=in | name=pando media booster |
"{D457A1BF-3F7D-4778-B117-4857CFF9F11F}" = lport=137 | protocol=17 | dir=in | app=system |
"{DD067ABA-A52D-4075-A588-3627C19CF68F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EA284F6D-CF89-4545-991E-6096968B26BA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EBD7AC93-B44B-4069-859C-1CFB0497B017}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F6318E9C-7000-4806-92CE-3E530E1012AB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{F71D319A-F138-4EC1-82E0-0DA5B6E00787}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09113304-4D9A-48B1-91E5-95CAE9B05C47}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1118B6C8-F756-4476-8BA8-D1F49B120B64}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{1E7D90FD-DEC8-4699-B067-891C911A0A77}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{1EF0F8A6-4728-485C-B64A-3F74DEFD0C97}" = protocol=17 | dir=in | app=c:\program files\serviio\bin\serviioservice.exe |
"{2290332A-E217-4B10-BDEC-9A775B401F2E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{2757E8C8-9FD5-48D1-B7CF-2ECC3364CC45}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{292A1080-E182-43F7-B04B-A4CA719CE22E}" = protocol=17 | dir=in | app=e:\hry\dmc\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe |
"{2AF65AE8-C52A-4B8A-B9EF-231DDD868E0E}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{2B2D78A9-4905-4286-89EC-A57E81695BD7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{31131128-1F9F-4B45-A38B-E4E4C48E1D09}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{368C4260-A307-41AC-B3AA-B7924D533658}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{38F97E84-D7EF-4537-B17D-6FD412C8914E}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{3BC2F357-C04C-464A-9366-9AB7415275ED}" = protocol=6 | dir=in | app=c:\program files\serviio\bin\serviioservice.exe |
"{41FBEA89-7FB7-42F7-8FD9-0239A21E6D8F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4549490C-FD52-45D7-819A-24147A80135B}" = protocol=58 | dir=in | app=system |
"{47BB3B80-B771-4287-99E4-AFDABC4254AA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{4B6D3F40-F6B6-412A-A7F2-B5FEDA62F4F5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4EEE06AD-0897-4FFF-BDEF-9E75552FBBBE}" = protocol=17 | dir=in | app=c:\users\kopecky\appdata\roaming\utorrent\utorrent.exe |
"{4F4F0205-1753-44CA-86E0-73E8E4FA44C9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{5024BC1D-9F77-4AB1-BAF0-7772A2FF273D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{63219A6B-8200-4E13-A97A-E84053EFFF3E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{648591CC-FF90-4947-AB9E-77286450CD6C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{67B4E91F-61C0-4EF1-8CC9-47CBB694031D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{68EA0CE9-3800-4A74-B54F-1841AE5E4089}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{76C62F26-DF13-46AC-BFE3-F432FE2FF57B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7A8D9A2C-7749-4990-A9B3-2FF62E3365EC}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7E7E351B-53B7-4179-AB44-A76104921C4F}" = protocol=6 | dir=in | app=e:\hry\dmc\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe |
"{7E7EFAB4-1B2F-4C92-ACED-3F4B051E843E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8298B8EB-1E38-4574-ADE4-C29613DF5A39}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{858B9BF6-04C4-4A60-A396-40B9691F5A4E}" = protocol=6 | dir=in | app=c:\program files\serviio\bin\serviioconsole.exe |
"{92AE7C7B-26FE-476F-8163-B98227C1A15F}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{93C1DE25-CE20-4D6D-874D-EFCEB1EDBF08}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{9468622E-FFF8-4C34-88E5-B5EBB5014A7E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{9E0E7A4C-F52C-4DCD-A52D-9230F05812E7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A7721075-348F-4E17-ADF6-CA5D55E6CD18}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AA5633F7-0A28-4B6A-81AC-8A700E54F5C7}" = protocol=17 | dir=in | app=c:\users\kopecky\appdata\roaming\utorrent\utorrent.exe |
"{AEB7B1D2-2BFE-43C0-A028-0326E0711088}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AFDA6D93-71BF-4958-AFD9-684DDC41C7A2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B19CFF59-F112-4ADA-97A7-CD3967235210}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B4190145-48CE-465D-8399-770B1E2709FB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BFB7F81D-9487-48F0-8066-3AF990A39895}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C793A129-F8FF-4788-9665-4F2B7AEBC6BD}" = protocol=6 | dir=in | app=c:\users\kopecky\appdata\roaming\utorrent\utorrent.exe |
"{CE36282F-AA22-4CDA-A553-D50BBF0045FB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D1E65184-B619-4AD4-A242-2D86DAAD5BD5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D803EEE5-829E-48A5-AE84-31A61D87CB41}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DEB1A251-F67E-443D-82B9-A52E590DEB05}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{DFFE7571-F84E-47EE-B962-9386EB2313BD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E0CDFADA-067C-4188-9710-831915FCC82E}" = protocol=6 | dir=out | app=system |
"{E3814A2F-BC75-47BE-BB65-6EA407AD7804}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E6043DFA-4E57-46E8-A740-621B240E6964}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{E704E9CC-AB8C-46D9-BA8B-CE4DD36BBF50}" = protocol=6 | dir=in | app=c:\users\kopecky\appdata\roaming\utorrent\utorrent.exe |
"{EEECB23C-33EC-48F3-B831-3F1D3DBF535F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{F8BA7EA5-D9C0-4729-BDA0-22CDB76CFBCD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{0275E383-DFEB-4115-AAC9-D778887E3B5B}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{49D26815-52DD-4273-8DB9-EF2A998F6F45}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{954D4AAF-A6F7-4D6D-A36E-0CE23D6CD35C}C:\program files (x86)\ubisoft\heroes 3 complete\heroes3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\heroes 3 complete\heroes3.exe |
"TCP Query User{99ABB677-2F07-4552-844C-9A71C582B9D4}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{CA609764-A32D-4AF3-9119-3871FE1F8E0B}E:\hry\dmc\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe" = protocol=6 | dir=in | app=e:\hry\dmc\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe |
"UDP Query User{1CE434DF-C272-4555-B584-EE94EBF4354D}C:\program files (x86)\ubisoft\heroes 3 complete\heroes3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\heroes 3 complete\heroes3.exe |
"UDP Query User{69CD6527-5570-415E-BAC4-E6EA24F8100E}E:\hry\dmc\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe" = protocol=17 | dir=in | app=e:\hry\dmc\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe |
"UDP Query User{89172FD4-25CE-405D-A0E1-0397736D3695}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{C2EC6667-4946-4F5B-9C44-ACE8CCD91107}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{C575A254-F479-47E6-A2C9-4CE3AAB0D7EB}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0389A677-241F-6EEC-54B0-2D07F620776E}" = Catalyst Control Center Localization All
"{03D98FB6-0E27-5614-864A-961248BD89E8}" = CCC Help Danish
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{121C477C-5B7B-44E3-B621-BDDB542AE8FD}" = TuneUp Utilities Language Pack (en-GB)
"{19555808-AF6B-9E99-366C-A2D8C6FB3D07}" = CCC Help English
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBAE18D-4DE4-47AA-83EC-D1B046F262DC}" = PDF Settings CC
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 51
"{271B24E3-1505-B13A-BF3E-282CF0C54B68}" = PX Profile Update
"{29172463-C766-9812-F399-82380F03761A}" = CCC Help Korean
"{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}" = Adobe Photoshop CC
"{2E6D4F14-C94C-758B-46E4-9AD21852108F}" = CCC Help Portuguese
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3DBFE2A1-945C-9F14-17F6-1F74CB4F82A5}" = CCC Help Japanese
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4504861F-2770-D8F2-F0B1-B723FADF315F}" = CCC Help Polish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{50210E48-FB67-0045-3853-C3FBEB470127}" = CCC Help French
"{5035C1F3-6147-3C83-3C39-37B6DBDAC163}" = CCC Help Thai
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5F1DD61A-0C22-E924-3A81-DFFCC14A5A97}" = CCC Help Russian
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6B84E528-9705-4D36-9C97-97B8E23DAB75}" = League of Legends
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A2BF2A-E7E5-BA48-7525-02BD5B7425C7}" = CCC Help Chinese Standard
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{744C5097-94C7-DE34-5B1F-43EDFDBD5E35}" = CCC Help Dutch
"{795062B9-1B7A-7ACA-1C7D-7B3D61F4116A}" = ccc-core-static
"{7D5B0DA2-9AAE-3ADF-B692-685EA3DC64C6}" = CCC Help Italian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8CC173F3-DBEC-ED42-68EF-49BCB95FC49F}" = CCC Help Swedish
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{0B7A4B67-2A38-42B1-9857-662FAB361E08}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{FDF9A959-241A-4662-A8DE-7DED9C22D160}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0405-1000-0000000FF1CE}_ENTERPRISE_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{96A84750-A54D-C7C3-44AA-5C28C36C5640}" = CCC Help German
"{96B17AEC-9C54-0969-5613-4C9B33BFEAFF}" = CCC Help Chinese Traditional
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E1751DF-188D-591B-3887-1825F597007A}" = CCC Help Spanish
"{A44B2324-CB46-A9F9-7FDC-7FD087AEC7FC}" = Catalyst Control Center Profiles Mobile
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1029-7B44-AA1000000001}" = Adobe Reader X (10.1.8) - Czech
"{AD40A06A-77AB-4E2E-B2AA-FDE106A9977A}" = Lenovo EasyCamera
"{B34E1065-711C-7B9E-C77D-9E071DAAFC31}" = CCC Help Finnish
"{B62A8A6F-5E48-4336-BF13-1632D5921872}" = PHOTOfunSTUDIO 6.0
"{B92C2C6C-F70E-497B-88A7-1FEF9888272B}" = Adobe AIR
"{BA0F92C2-2012-0AF0-A2CE-62E220A0AF06}" = CCC Help Hungarian
"{BCFC4789-7C5E-B050-CBB1-8C6CA46990A8}" = CCC Help Greek
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{CCB6DF61-A144-02B4-EDC7-D7478AF7B27D}" = CCC Help Norwegian
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.11 Game
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E7FC3EAE-C6D8-92D1-B065-29DECFD5A8E7}" = Catalyst Control Center Graphics Previews Common
"{EDFB64A7-5BFD-4137-943D-5663149A15F5}" = Heroes of Might and Magic III Complete
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F8B2AA7F-956F-D943-F1C0-42843041B108}" = CCC Help Czech
"{FC2C6FBD-01DC-36D8-5F4B-7033B00C9963}" = CCC Help Turkish
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Creative Cloud" = Adobe Creative Cloud
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"avast" = avast! Free Antivirus
"BSPlayerf" = BS.Player FREE
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"DirectVobSub" = DirectVobSub (remove only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
"Hamachi" = Hamachi 1.0.2.5
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{EDFB64A7-5BFD-4137-943D-5663149A15F5}" = Heroes of Might and Magic III Complete
"League of Legends 3.0.1" = League of Legends
"OpenAL" = OpenAL
"PSPad editor_is1" = PSPad editor
"Raptr" = Raptr
"Totalcmd" = Total Commander (Remove or Repair)
"TuneUp Utilities" = TuneUp Utilities
"VLC media player" = VLC media player 2.1.2
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 5.01 (32-bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4150626791-4065493338-2529544-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 27.12.2012 12:46:35 | Computer Name = KopeckyNB | Source = Winlogon | ID = 4103
Description = Aktivace licence systému Windows se nezdařila. Chyba 0x00000000.
Error - 27.12.2012 18:55:23 | Computer Name = KopeckyNB | Source = Application Error | ID = 1000
Description = Název chybující aplikace: l2.exe, verze: 0.0.0.0, časové razítko:
0x4e55f39a Název chybujícího modulu: NWindow.DLL, verze: 0.0.0.0, časové razítko:
0x4e55f390 Kód výjimky: 0xc0000005 Posun chyby: 0x0045b252 ID chybujícího procesu:
0x1468 Čas spuštění chybující aplikace: 0x01cde451db806613 Cesta k chybující aplikaci:
C:\Hry\Lineage 2\system\l2.exe Cesta k chybujícímu modulu: C:\Hry\Lineage 2\system\NWindow.DLL
ID
zprávy: 7edd4e7d-5078-11e2-a963-3859f9fc7ea1
Error - 27.12.2012 18:55:28 | Computer Name = KopeckyNB | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 27.12.2012 18:55:28 | Computer Name = KopeckyNB | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 27.12.2012 18:55:28 | Computer Name = KopeckyNB | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 28.12.2012 7:21:34 | Computer Name = KopeckyNB | Source = Software Protection Platform Service | ID = 8198
Description = Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
0x800401F9
Error - 28.12.2012 7:21:34 | Computer Name = KopeckyNB | Source = Winlogon | ID = 4103
Description = Aktivace licence systému Windows se nezdařila. Chyba 0x00000000.
Error - 28.12.2012 7:51:33 | Computer Name = KopeckyNB | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 28.12.2012 8:20:26 | Computer Name = KopeckyNB | Source = Software Protection Platform Service | ID = 8198
Description = Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
0x800401F9
Error - 28.12.2012 8:20:26 | Computer Name = KopeckyNB | Source = Winlogon | ID = 4103
Description = Aktivace licence systému Windows se nezdařila. Chyba 0x00000000.
[ OSession Events ]
Error - 24.3.2012 10:14:12 | Computer Name = KopeckyNB | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 13328
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 11.6.2014 15:55:49 | Computer Name = KopeckyNB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Při pokusu o načtení souboru místních hostitelů došlo k chybě.
Error - 11.6.2014 15:57:55 | Computer Name = KopeckyNB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Při pokusu o načtení souboru místních hostitelů došlo k chybě.
Error - 11.6.2014 16:00:01 | Computer Name = KopeckyNB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Při pokusu o načtení souboru místních hostitelů došlo k chybě.
Error - 11.6.2014 16:02:53 | Computer Name = KopeckyNB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Při pokusu o načtení souboru místních hostitelů došlo k chybě.
Error - 11.6.2014 16:04:53 | Computer Name = KopeckyNB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Při pokusu o načtení souboru místních hostitelů došlo k chybě.
Error - 11.6.2014 16:06:53 | Computer Name = KopeckyNB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Při pokusu o načtení souboru místních hostitelů došlo k chybě.
Error - 11.6.2014 16:08:53 | Computer Name = KopeckyNB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Při pokusu o načtení souboru místních hostitelů došlo k chybě.
Error - 11.6.2014 16:10:53 | Computer Name = KopeckyNB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Při pokusu o načtení souboru místních hostitelů došlo k chybě.
Error - 11.6.2014 16:12:53 | Computer Name = KopeckyNB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Při pokusu o načtení souboru místních hostitelů došlo k chybě.
Error - 11.6.2014 16:14:53 | Computer Name = KopeckyNB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Při pokusu o načtení souboru místních hostitelů došlo k chybě.
< End of report >
Re: Preventivní kontrola logu
Děkuji předem za odborný náhled a případnou pomoc.
Re: Preventivní kontrola logu
Nezkopiroval jste tam ten text. Takze repete, presne podle navodu 
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Preventivní kontrola logu
Už se mi to stalo včera, test nedoběhl a zasekl se s následující chybou:
Problém bude zřejmě s Daemon Tools Lite, program nepoužívám a nelze odebrat. Při pokusu odebrat program přes ovládací panely -> odinstalovat programy -> Daemon Tools zablokoval Avast malware a hodil ho do truhly. Je možné program a infikovaný soubor odebrat jiným způsobem?
Děkuji
Problém bude zřejmě s Daemon Tools Lite, program nepoužívám a nelze odebrat. Při pokusu odebrat program přes ovládací panely -> odinstalovat programy -> Daemon Tools zablokoval Avast malware a hodil ho do truhly. Je možné program a infikovaný soubor odebrat jiným způsobem?
Děkuji
Re: Preventivní kontrola logu
Obcas se to stane, ze OTL tuhle chybku vyhodi 
Spustte ho podle stejneho navodu jeste jednou, ale s timto upravenym skriptem
Udelejte !!!kompletni!!! kontrolu s MBAM http://www.bleepingcomputer.com/downloa ... re/dl/241/ a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce. Navod zde http://forum.viry.cz/viewtopic.php?f=29&t=115222
Spustte ho podle stejneho navodu jeste jednou, ale s timto upravenym skriptem
Kód: Vybrat vše
CREATERESTOREPOINT
netsvcs
drivers32
savembr:0
/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe
*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /sPokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Preventivní kontrola logu
Momentálně test proběhl, vytvořil se pouze nový otl.txt, extra ne.
OTL logfile created on: 12.6.2014 18:00:07 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kopecky\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
7,95 Gb Total Physical Memory | 6,42 Gb Available Physical Memory | 80,85% Memory free
7,94 Gb Paging File | 6,32 Gb Available in Paging File | 79,53% Paging File free
Paging file location(s): [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 83,75 Gb Total Space | 28,23 Gb Free Space | 33,71% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 165,36 Gb Free Space | 17,75% Space Free | Partition Type: NTFS
Computer Name: KOPECKYNB | User Name: Kopecky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014.06.11 21:23:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kopecky\Desktop\OTL.exe
PRC - [2014.06.05 18:01:09 | 003,890,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014.05.07 08:05:40 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013.10.23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe
PRC - [2013.09.03 15:58:26 | 002,237,328 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
PRC - [2013.09.03 15:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.02.18 09:20:50 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.11.19 13:52:54 | 000,174,064 | ---- | M] (Panasonic Corporation) -- C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
PRC - [2010.11.17 03:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
========== Modules (No Company Name) ==========
MOD - [2014.05.19 22:15:10 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\562bdd62e51e3eaac4e7c3c30fc6a200\IAStorUtil.ni.dll
MOD - [2014.05.19 20:19:33 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\98c91b8d3f1d54c41ada5f37e0935303\System.Runtime.Remoting.ni.dll
MOD - [2014.05.19 20:19:32 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4f66c3dc2cd6583df3fcc393edcb48a7\System.Transactions.ni.dll
MOD - [2014.05.19 20:19:31 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dbc236ca6655e4e3839ee4f802eb3f99\System.Data.ni.dll
MOD - [2014.03.04 07:57:21 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2014.02.13 20:10:19 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014.02.13 20:10:14 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014.02.13 20:10:01 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014.02.13 20:09:58 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014.02.13 20:09:58 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014.02.13 20:09:53 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2013.12.12 17:01:08 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013.07.08 14:43:52 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_cs_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2012.07.24 19:40:16 | 000,296,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Data.SqlServerCe\3.5.1.0__89845dcd8080cc91\System.Data.SqlServerCe.dll
MOD - [2010.11.13 04:36:45 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_cs_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 03:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
========== Services (SafeList) ==========
SRV - [2014.05.14 21:09:04 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.10.23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Running] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.09.03 15:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.07.16 22:03:51 | 000,607,040 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2013.03.15 18:29:10 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.03.28 21:51:25 | 004,323,256 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011.02.18 09:20:54 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.12.21 11:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.12.21 11:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.08.27 15:01:22 | 001,403,200 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.08.27 14:56:30 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV - [2010.02.25 11:18:08 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.02 23:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... d=ie7&rlz=
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4150626791-4065493338-2529544-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
IE - HKU\S-1-5-21-4150626791-4065493338-2529544-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/search?q={searchT ... d=ie7&rlz=
IE - HKU\S-1-5-21-4150626791-4065493338-2529544-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKU\S-1-5-21-4150626791-4065493338-2529544-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-4150626791-4065493338-2529544-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4150626791-4065493338-2529544-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE11SR
IE - HKU\S-1-5-21-4150626791-4065493338-2529544-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www2.delta-search.com/?q={search ... 4&tsp=4986
IE - HKU\S-1-5-21-4150626791-4065493338-2529544-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... d=ie7&rlz=
IE - HKU\S-1-5-21-4150626791-4065493338-2529544-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kopecky\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kopecky\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: E:\Hry\Settlers\Data\Base\_Dbg\Bin\Release\orbit\npuplaypc.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\7go@7go.com: C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\7go@7go.com [2013.08.26 21:16:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\speedanalysis02@SpeedAnalysis.com: C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com [2013.08.26 21:17:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@VideoPlayerV3beta748.net: C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta748\ff [2014.01.11 13:49:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\7go@7go.com: C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\7go@7go.com [2013.08.26 21:16:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\speedanalysis02@SpeedAnalysis.com: C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com [2013.08.26 21:17:05 | 000,000,000 | ---D | M]
[2013.08.26 21:17:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions
[2013.08.26 21:16:56 | 000,000,000 | ---D | M] (7Go Games) -- C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\7go@7go.com
[2013.08.26 21:17:05 | 000,000,000 | ---D | M] (Speed Analysis 2) -- C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = https://www.google.com/complete/search? ... earchTerms},
CHR - homepage: www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Kopecky\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kopecky\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kopecky\AppData\Local\Google\Chrome\Application\35.0.1916.114\gcswf32.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Kopecky\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Kopecky\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - Extension: YouTube = C:\Users\Kopecky\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Vyhledávánà Google = C:\Users\Kopecky\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Peněženka Google = C:\Users\Kopecky\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Kopecky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2014.03.16 14:05:15 | 000,000,941 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 genuine.microsoft.com
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O1 - Hosts: 127.0.0.1 sls.microsoft.com
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Adobe Creative Cloud] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCEPServiceManager] C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4150626791-4065493338-2529544-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra Button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.36 213.46.172.37
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5ACE836E-D1EF-4A7E-AD7B-3E9488DFF904}: DhcpNameServer = 213.46.172.36 213.46.172.37
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7A3C0CE-69E7-4CDE-852E-70A2D96DECDE}: DhcpNameServer = 213.46.172.36 213.46.172.37
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.08.26 02:41:05 | 000,000,000 | RH-D | M] - E:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002.10.16 14:56:50 | 000,000,036 | RH-- | M] () - E:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{c8ff6e49-8797-11e1-89c3-3859f9fc7ea1}\Shell - "" = AutoRun
O33 - MountPoints2\{c8ff6e49-8797-11e1-89c3-3859f9fc7ea1}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{cad61f6a-6996-11e3-b43b-3859f9fc7ea1}\Shell - "" = AutoRun
O33 - MountPoints2\{cad61f6a-6996-11e3-b43b-3859f9fc7ea1}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\laucher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 30 Days ==========
[2014.06.11 21:23:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kopecky\Desktop\OTL.exe
[2014.06.10 22:50:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014.06.10 22:24:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2014.06.10 22:24:12 | 000,000,000 | ---D | C] -- C:\rsit
[2014.05.19 19:04:01 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014.05.19 19:03:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014.05.19 18:59:56 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014.05.19 18:59:56 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014.05.19 18:59:55 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\objsel.dll
[2014.05.19 18:59:54 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cngprovider.dll
[2014.05.19 18:59:54 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adprovider.dll
[2014.05.19 18:59:54 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capiprovider.dll
[2014.05.19 18:59:54 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapiprovider.dll
[2014.05.19 18:59:54 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll
[2014.05.19 18:59:54 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wincredprovider.dll
========== Files - Modified Within 30 Days ==========
[2014.06.12 18:00:58 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014.06.12 17:59:05 | 000,000,116 | ---- | M] () -- C:\.dir
[2014.06.12 17:58:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.06.12 07:13:05 | 000,000,970 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4150626791-4065493338-2529544-1000UA.job
[2014.06.12 07:08:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.06.11 22:20:04 | 000,007,605 | ---- | M] () -- C:\Users\Kopecky\AppData\Local\Resmon.ResmonCfg
[2014.06.11 21:23:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kopecky\Desktop\OTL.exe
[2014.06.10 22:59:56 | 000,213,696 | ---- | M] () -- C:\Users\Kopecky\Documents\cc_20140610_225940.reg
[2014.06.10 22:50:24 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014.06.07 14:13:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4150626791-4065493338-2529544-1000Core.job
[2014.06.04 07:04:29 | 000,002,399 | ---- | M] () -- C:\Users\Kopecky\Desktop\Google Chrome.lnk
[2014.06.03 21:12:59 | 000,000,854 | ---- | M] () -- C:\Users\Kopecky\Desktop\µTorrent.lnk
[2014.05.27 19:16:32 | 000,000,873 | ---- | M] () -- C:\Users\Kopecky\Desktop\Play DmC Devil May Cry.lnk
[2014.05.14 21:09:04 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014.05.14 21:09:04 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
========== Files Created - No Company Name ==========
[2014.06.11 22:20:04 | 000,007,605 | ---- | C] () -- C:\Users\Kopecky\AppData\Local\Resmon.ResmonCfg
[2014.06.11 21:26:46 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014.06.10 22:59:43 | 000,213,696 | ---- | C] () -- C:\Users\Kopecky\Documents\cc_20140610_225940.reg
[2014.06.10 22:50:24 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014.05.27 19:16:32 | 000,000,873 | ---- | C] () -- C:\Users\Kopecky\Desktop\Play DmC Devil May Cry.lnk
[2014.03.16 14:05:15 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\winver.exe
[2013.12.27 23:29:34 | 000,000,043 | ---- | C] () -- C:\Windows\MezzmoMediaServer.INI
[2013.08.26 21:17:13 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.11.06 19:07:36 | 000,000,132 | ---- | C] () -- C:\Users\Kopecky\AppData\Roaming\Adobe Formát BMP CS5 – předvolby
[2012.10.17 10:54:30 | 000,057,856 | ---- | C] () -- C:\Windows\Fce32.dll
[2012.10.17 10:54:29 | 000,092,672 | ---- | C] () -- C:\Windows\SysWow64\See32.dll
[2012.10.17 10:54:29 | 000,057,856 | ---- | C] () -- C:\Windows\SysWow64\Fce32.dll
[2012.09.30 21:49:07 | 000,000,600 | ---- | C] () -- C:\Users\Kopecky\AppData\Local\PUTTY.RND
[2012.09.30 21:18:48 | 000,003,280 | ---- | C] () -- C:\Windows\SysWow64\LOWERP.ini
[2012.09.30 21:18:48 | 000,001,760 | ---- | C] () -- C:\Windows\SysWow64\LPOff.ini
[2012.07.24 19:41:57 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012.07.24 19:41:57 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012.07.24 19:41:57 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012.07.24 19:41:57 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012.07.24 19:41:57 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012.07.24 19:41:57 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012.07.24 19:41:57 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012.07.24 19:41:57 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012.07.24 19:41:57 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012.07.24 19:41:57 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2012.07.24 19:41:57 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012.07.24 19:41:57 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012.07.24 19:41:57 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012.07.24 19:41:57 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012.07.24 19:41:57 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012.07.24 19:41:57 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2012.07.24 19:41:57 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2012.07.24 19:41:57 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012.07.24 19:41:57 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011.12.24 10:22:38 | 000,000,037 | -HS- | C] () -- C:\Users\Kopecky\AppData\Local\1754111884ee9ab5277ca00.95260103
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014.03.25 04:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.03.25 04:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013.08.26 21:16:56 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\7go
[2013.12.12 17:19:28 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\AVAST Software
[2013.08.26 21:16:53 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Babylon
[2013.04.06 13:14:43 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\BSplayer
[2013.04.06 13:10:11 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\BSplayer Pro
[2014.06.10 22:58:38 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\DAEMON Tools Lite
[2013.12.06 18:46:34 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\DriverCure
[2014.05.07 18:05:18 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Dropbox
[2013.03.03 19:15:26 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\ESET
[2011.12.15 17:34:13 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\GHISLER
[2013.03.24 14:24:44 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\ICQ
[2014.02.08 15:30:52 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\library_dir
[2013.01.12 01:11:13 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\LiveCAD3
[2011.12.15 14:08:40 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\LolClient
[2012.05.24 19:54:57 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\LolClient2
[2012.01.24 13:34:05 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\NetworkTunnel
[2011.12.15 11:14:39 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Nitro PDF
[2011.12.15 11:13:14 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\OpenCandy
[2013.12.06 18:46:34 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\ParetoLogic
[2013.10.01 18:31:37 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\PDAppFlex
[2013.08.26 21:19:21 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\PerformerSoft
[2014.02.19 23:22:55 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Raptr
[2014.05.10 20:40:43 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Riot Games
[2013.08.26 21:17:20 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\SeeSimilar02
[2014.04.22 22:52:33 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Seznam.cz
[2013.08.26 21:17:05 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\SpeedAnalysis2
[2012.10.24 18:42:10 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013.12.15 13:36:37 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\The Creative Assembly
[2013.06.11 20:53:08 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Theta
[2014.06.10 22:58:37 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\TS3Client
[2012.10.16 18:11:38 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\TuneUp Software
[2014.06.10 22:58:37 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\uTorrent
[2012.10.17 11:02:56 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\WebcamMax
[2012.09.30 21:19:14 | 000,000,000 | -HSD | M] -- C:\Users\Kopecky\AppData\Roaming\wyUpdate AU
========== Purity Check ==========
========== Custom Scans ==========
< >
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,576 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.12.16 19:20:37 | 000,000,918 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4150626791-4065493338-2529544-1000Core.job
[2011.12.16 19:20:37 | 000,000,970 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4150626791-4065493338-2529544-1000UA.job
[2012.11.14 19:12:02 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
< >
< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2010.11.20 15:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010.11.20 15:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009.07.14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
[2010.11.20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010.11.20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe
< MD5 for: CDROM.SYS >
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
[2010.11.20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010.11.20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010.11.20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys
< MD5 for: EXPLORER.EXE >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: HAL.DLL >
[2009.07.14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
[2010.11.20 15:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\SysNative\hal.dll
[2010.11.20 15:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll
< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: TCPIP.SYS >
[2011.04.25 07:28:24 | 001,893,248 | ---- | M] (Microsoft Corporation) MD5=1F748D5439B65E0BEBD92F65048F030D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys
[2011.09.29 19:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[2013.05.08 08:14:42 | 001,900,392 | ---- | M] (Microsoft Corporation) MD5=3E94650745D4DAB67E161F5F32CEA597 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22319_none_11d29984961f0be0\tcpip.sys
[2013.11.17 14:39:52 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\SysNative\drivers\tcpip.sys
[2013.11.17 14:39:52 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_1118bb977d265d27\tcpip.sys
[2010.11.20 15:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2013.01.04 07:41:01 | 001,893,224 | ---- | M] (Microsoft Corporation) MD5=5CFB7AB8F9524D1A1E14369DE63B83CC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.17206_none_0f6a6af57fd59de6\tcpip.sys
[2012.03.30 12:19:17 | 001,877,872 | ---- | M] (Microsoft Corporation) MD5=5EFD096DEF47F8B88EF591DA92143440 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_0faa5514992a39a7\tcpip.sys
[2011.04.25 07:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys
[2012.03.30 13:09:53 | 001,895,280 | ---- | M] (Microsoft Corporation) MD5=624C5B3AA4C99B3184BB922D9ECE3FF0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_0f140fa780164fde\tcpip.sys
[2013.01.03 07:57:12 | 001,876,824 | ---- | M] (Microsoft Corporation) MD5=692969AB90BDA19F56E27BF89A9260E2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21415_none_0fe8397098fc3d71\tcpip.sys
[2013.11.17 14:39:52 | 001,896,896 | ---- | M] (Microsoft Corporation) MD5=75F9106B74585D38C8FF6BB5CAD262D7 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_11ad2a34963bde27\tcpip.sys
[2012.08.22 20:06:13 | 001,901,936 | ---- | M] (Microsoft Corporation) MD5=7880A26B7D3B96FDA8EFD9F985036B1D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_117a13de9661c145\tcpip.sys
[2012.03.30 12:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2009.07.14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2011.04.25 07:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2013.05.08 08:39:01 | 001,910,632 | ---- | M] (Microsoft Corporation) MD5=9849EA3843A2ADBDD1497E97A85D8CAE -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18148_none_11278ac57d1aa96b\tcpip.sys
[2011.09.29 18:17:51 | 001,886,064 | ---- | M] (Microsoft Corporation) MD5=AC3E29880DB5659532A1AA3439304A43 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_0fad20ca992955d7\tcpip.sys
[2012.03.30 13:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2013.07.06 07:20:38 | 001,900,992 | ---- | M] (Microsoft Corporation) MD5=B27F13153343BC37A27EAE01634D94E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_1190b9b296509a2f\tcpip.sys
[2013.01.03 08:00:54 | 001,913,192 | ---- | M] (Microsoft Corporation) MD5=B62A953F2BF3922C8764A29C34A22899 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_112187237d20143a\tcpip.sys
[2011.04.25 08:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2013.01.04 07:47:43 | 001,901,416 | ---- | M] (Microsoft Corporation) MD5=B8C1AAC0523E1C33AEB0EF7572144BA2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_11dd678a9616f2c8\tcpip.sys
[2013.07.06 08:03:53 | 001,910,208 | ---- | M] (Microsoft Corporation) MD5=DB74544B75566C974815E79A62433F29 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_114dcae97cfeb81b\tcpip.sys
[2011.09.29 18:24:44 | 001,897,328 | ---- | M] (Microsoft Corporation) MD5=F18F56EFC0BFB9C87BA01C37B27F4DA5 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_0f170e9f80139ebc\tcpip.sys
[2012.08.22 20:12:50 | 001,913,200 | ---- | M] (Microsoft Corporation) MD5=F782CAD3CEDBB3F9FFE3BF2775D92DDC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_113380f37d117668\tcpip.sys
[2011.09.29 18:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys
< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2014.03.04 13:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014.03.04 11:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\SysNative\winlogon.exe
[2014.03.04 11:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< >
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs
< >
< %systemroot%*.* /U /s >
[3 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[16 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[23 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2013.08.26 21:16:56 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\7go
[2013.10.01 18:30:59 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Adobe
[2012.10.24 18:42:10 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Adobe Mini Bridge CS5
[2011.12.15 10:53:16 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\ATI
[2013.12.12 17:19:28 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\AVAST Software
[2013.08.26 21:16:53 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Babylon
[2013.04.06 13:14:43 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\BSplayer
[2013.04.06 13:10:11 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\BSplayer Pro
[2014.06.10 22:58:38 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\DAEMON Tools Lite
[2013.12.06 18:46:34 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\DriverCure
[2014.05.07 18:05:18 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Dropbox
[2013.03.27 19:47:50 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\dvdcss
[2013.03.03 19:15:26 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\ESET
[2011.12.15 17:34:13 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\GHISLER
[2012.09.25 20:24:39 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Hamachi
[2011.12.23 16:49:05 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\HpUpdate
[2013.03.24 14:24:44 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\ICQ
[2011.12.15 10:30:32 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Identities
[2011.12.15 10:41:42 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\InstallShield
[2011.12.15 10:45:50 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Intel Corporation
[2014.02.08 15:30:52 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\library_dir
[2013.01.12 01:11:13 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\LiveCAD3
[2011.12.15 14:08:40 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\LolClient
[2012.05.24 19:54:57 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\LolClient2
[2011.12.15 11:08:02 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Macromedia
[2009.07.14 17:36:38 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Media Center Programs
[2013.08.28 12:42:00 | 000,000,000 | --SD | M] -- C:\Users\Kopecky\AppData\Roaming\Microsoft
[2013.08.26 21:16:56 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Mozilla
[2012.01.24 13:34:05 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\NetworkTunnel
[2011.12.15 11:14:39 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Nitro PDF
[2011.12.15 11:13:14 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\OpenCandy
[2013.12.06 18:46:34 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\ParetoLogic
[2013.10.01 18:31:37 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\PDAppFlex
[2013.08.26 21:19:21 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\PerformerSoft
[2013.12.27 21:20:46 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\PSpad
[2014.02.19 23:22:55 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Raptr
[2014.05.10 20:40:43 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Riot Games
[2013.08.26 21:17:20 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\SeeSimilar02
[2014.04.22 22:52:33 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Seznam.cz
[2014.06.10 22:58:37 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Skype
[2013.08.26 21:17:05 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\SpeedAnalysis2
[2012.10.24 18:42:10 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013.12.15 13:36:37 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\The Creative Assembly
[2013.06.11 20:53:08 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Theta
[2014.06.10 22:58:37 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\TS3Client
[2012.10.16 18:11:38 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\TuneUp Software
[2014.06.10 22:58:37 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\uTorrent
[2013.03.10 21:49:37 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Ventrilo
[2014.01.09 20:02:20 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\vlc
[2012.10.17 11:02:56 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\WebcamMax
[2012.01.01 02:16:57 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Winamp
[2011.12.15 17:43:35 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\WinRAR
[2012.09.30 21:19:14 | 000,000,000 | -HSD | M] -- C:\Users\Kopecky\AppData\Roaming\wyUpdate AU
< %APPDATA%\*.exe /s >
[2009.08.11 21:21:26 | 000,087,552 | ---- | M] () -- C:\Users\Kopecky\AppData\Roaming\BSplayer\AC3 Filter\ac3config.exe
[2009.08.11 21:21:30 | 000,090,112 | ---- | M] () -- C:\Users\Kopecky\AppData\Roaming\BSplayer\AC3 Filter\spdif_test.exe
[2010.03.22 14:52:04 | 000,697,690 | ---- | M] () -- C:\Users\Kopecky\AppData\Roaming\BSplayer\AC3 Filter\unins000.exe
[2012.10.11 09:01:20 | 001,175,371 | ---- | M] () -- C:\Users\Kopecky\AppData\Roaming\BSplayer\FFDShow\unins000.exe
[2010.08.14 10:42:54 | 000,113,152 | ---- | M] () -- C:\Users\Kopecky\AppData\Roaming\BSplayer\Haali media splitter\dsmux.exe
[2010.08.14 10:45:10 | 000,358,400 | ---- | M] () -- C:\Users\Kopecky\AppData\Roaming\BSplayer\Haali media splitter\gdsmux.exe
[2010.08.14 10:42:06 | 000,137,728 | ---- | M] () -- C:\Users\Kopecky\AppData\Roaming\BSplayer\Haali media splitter\mkv2vfr.exe
[2010.09.30 15:30:22 | 000,042,305 | ---- | M] () -- C:\Users\Kopecky\AppData\Roaming\BSplayer\Haali media splitter\uninstall.exe
[2014.01.25 10:33:07 | 000,054,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Kopecky\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.12.15 10:51:35 | 000,010,134 | R--- | M] () -- C:\Users\Kopecky\AppData\Roaming\Microsoft\Installer\{271B24E3-1505-B13A-BF3E-282CF0C54B68}\ARPPRODUCTICON.exe
[2011.12.15 11:14:10 | 033,975,384 | ---- | M] () -- C:\Users\Kopecky\AppData\Roaming\OpenCandy\79F0FE156C424F5692C0D67F9B695528\NitroPDFen64_p2v1Installer.exe
[2014.02.19 19:22:47 | 042,022,848 | ---- | M] () -- C:\Users\Kopecky\AppData\Roaming\Raptr\raptr-3.7.1-r80454-release.exe
[2014.06.03 21:12:59 | 001,272,400 | ---- | M] (BitTorrent Inc.) -- C:\Users\Kopecky\AppData\Roaming\uTorrent\uTorrent.exe
[2014.01.25 10:38:45 | 001,307,736 | ---- | M] (BitTorrent Inc.) -- C:\Users\Kopecky\AppData\Roaming\uTorrent\updates\3.3.2_30488.exe
[2014.04.28 22:27:35 | 001,270,352 | ---- | M] (BitTorrent Inc.) -- C:\Users\Kopecky\AppData\Roaming\uTorrent\updates\3.4.1_30888.exe
[2014.06.03 21:12:31 | 001,272,400 | ---- | M] (BitTorrent Inc.) -- C:\Users\Kopecky\AppData\Roaming\uTorrent\updates\3.4.1_31139.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job >
[2014.06.12 18:08:00 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2014.06.07 14:13:00 | 000,000,918 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4150626791-4065493338-2529544-1000Core.job
[2014.06.12 07:13:05 | 000,000,970 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4150626791-4065493338-2529544-1000UA.job
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2014.06.12 18:01:03 | 000,000,018 | ---- | M] () -- C:\Windows\system32\log.txt
< %SYSTEMDRIVE%\*.exe >
< >
< *crack* /s >
[2012.08.06 18:37:26 | 000,017,431 | ---- | M] () -- \Users\Kopecky\AppData\Roaming\uTorrent\DiRT Showdown+Crack-FLT[EtGamez].torrent
[2012.09.24 19:41:34 | 000,002,128 | ---- | M] () -- \Users\Kopecky\AppData\Roaming\uTorrent\F1 2012 Crack Fixed - SKIDROW.torrent
[2013.02.17 11:53:55 | 000,011,257 | ---- | M] () -- \Users\Kopecky\AppData\Roaming\uTorrent\Hitman.Absolution.CRACK.ONLY-SKIDROW.torrent
[2013.12.06 17:31:03 | 000,013,733 | ---- | M] () -- \Users\Kopecky\AppData\Roaming\uTorrent\Need.for.Speed.Rivals.v1.2.0.0.Update.and.No.Origin.X86.and.X64.Crack-3DM.torrent
[2014.01.30 21:12:11 | 000,009,320 | ---- | M] () -- \Users\Kopecky\AppData\Roaming\uTorrent\The Witcher 2 Assassins of Kings Crack Only - SKIDROW.torrent
< *keygen* /s >
[2010.05.01 03:24:54 | 000,063,365 | ---- | M] () -- \Dokumenty\Programy\Keygen.exe
[2010.09.13 09:33:34 | 000,085,504 | ---- | M] () -- \Users\Public\tune\TuneUp Utilities 2010 v9.0.4600.4KeyGen + Cz(vista_7)_ Gio\keygen.exe
< *AntiWPA* /s >
< *loader* /s >
[2006.10.26 14:40:34 | 000,057,344 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006.10.26 14:40:34 | 000,005,120 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2014.01.22 23:58:36 | 000,791,552 | ---- | M] () -- \Program Files (x86)\Raptr\amddriverdownloader.exe
[2010.11.23 00:57:34 | 000,009,216 | ---- | M] () -- \Program Files (x86)\Raptr\_win32sysloader.pyd
[2009.09.25 14:00:00 | 000,001,849 | ---- | M] () -- \Program Files (x86)\TuneUp Utilities 2010\data\TuneUpUtilities.gadget\images\loader.gif
[2014.05.07 08:05:40 | 000,072,480 | ---- | M] () -- \Program Files\AVAST Software\Avast\aswWrcIELoader32.exe
[2014.05.07 08:05:40 | 000,085,888 | ---- | M] () -- \Program Files\AVAST Software\Avast\aswWrcIELoader64.exe
[2013.03.29 23:28:18 | 000,099,328 | ---- | M] () -- \Program Files\Common Files\Adobe\dynamiclinkmediaserver\7.0\MXF_SDK_MetaMetadata_BinaryLoader_4.4.13.dll
[2013.03.29 23:28:18 | 000,196,608 | ---- | M] () -- \Program Files\Common Files\Adobe\dynamiclinkmediaserver\7.0\MXF_SDK_MetaMetadata_XSDLoader2_4.4.13.dll
[2013.03.29 23:28:18 | 000,148,480 | ---- | M] () -- \Program Files\Common Files\Adobe\dynamiclinkmediaserver\7.0\MXF_SDK_MetaMetadata_XSDLoader_4.4.13.dll
[2009.09.25 14:00:00 | 000,001,849 | ---- | M] () -- \Program Files\Windows Sidebar\Shared Gadgets\TuneUpUtilities.gadget\images\loader.gif
[2013.02.20 16:28:38 | 000,072,638 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.gif
[2013.02.20 16:28:38 | 000,003,032 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.png
[2013.11.11 15:39:40 | 000,006,012 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\normal\loader_15fps.gif
[2013.11.11 15:39:40 | 000,021,956 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\normal\loader_30fps.gif
[2013.02.20 16:28:38 | 000,009,772 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\retina\loader@2x.png
[2014.05.10 20:46:47 | 000,000,404 | ---- | M] () -- \Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.94\deploy\assets\storeImages\layout\small_loader.gif
[2013.02.20 16:28:38 | 000,072,638 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.gif
[2013.02.20 16:28:38 | 000,003,032 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.png
[2013.11.11 15:39:40 | 000,006,012 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\normal\loader_15fps.gif
[2013.11.11 15:39:40 | 000,021,956 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\normal\loader_30fps.gif
[2013.02.20 16:28:38 | 000,009,772 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\retina\loader@2x.png
[2011.12.27 12:26:30 | 000,082,784 | ---- | M] () -- \Windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
[2009.07.14 14:25:34 | 002,202,645 | R--- | M] () -- \Windows\Setup\SCRIPTS\Windows7Loader.exe
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2009.07.14 03:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009.07.14 03:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 07:04:54 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16850_none_66c2596d956d1920\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 19:28:57 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17135_none_66dcd6a595588d81\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 07:26:58 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17206_none_66fe4899953f502c\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 07:06:43 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21010_none_67770e0aae6a7c68\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 19:26:17 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21335_none_67667556ae762a72\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 16:12:39 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21416_none_677d175eae65090e\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 07:21:03 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 19:38:48 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_68a2edab92971725\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 04:12:19 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 07:12:44 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_691eb3faabbf8f66\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 19:35:00 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_6957a248ab947a6d\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 07:32:07 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22209_none_6971452eab80a50e\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.07.08 07:11:20 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22379_none_692597a0abb965cc\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 08:20:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_695e76beab8ff095\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.11.17 14:40:00 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22436_none_694dd858ab9ba72a\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.03.04 13:03:17 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22616_none_69637bfcab8b6996\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.04.12 04:28:21 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_69353b6eabae8d55\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 17:17:49 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2009.07.14 17:17:49 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.efi.mui_35ee487d
[2009.07.14 17:17:49 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.exe.mui_3bc5b827
[2009.07.14 17:17:49 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.efi.mui_f412814e
[2009.07.14 17:17:49 | 000,030,288 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.exe.mui_ff8b5358
[2011.12.21 11:07:48 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2011.12.21 11:07:48 | 000,642,944 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.efi_75834aa0
[2011.12.21 11:07:48 | 000,605,552 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.exe_75835076
[2011.12.21 11:07:48 | 000,566,208 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.efi_85cd069f
[2011.12.21 11:07:48 | 000,518,672 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.exe_85cd1215
[2009.07.14 04:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 04:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2009.07.14 17:15:51 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2009.07.14 04:13:42 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef.manifest
[2011.02.05 15:09:31 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66.manifest
[2011.02.05 15:04:44 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20897_none_b79c80e49f7bc9f4.manifest
[2010.11.20 07:12:44 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89.manifest
[2011.02.05 19:34:23 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2011.02.05 15:09:57 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e.manifest
[2009.07.14 04:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:19:58 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16850_none_0aa3bde9dd0fa7ea\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:45:38 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17135_none_0abe3b21dcfb1c4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 06:43:53 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17206_none_0adfad15dce1def6\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:12:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21010_none_0b587286f60d0b32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:48:05 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21335_none_0b47d9d2f618b93c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 06:39:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21416_none_0b5e7bdaf60797d8\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:15:45 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:40:37 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_0c845227da39a5ef\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:36:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_0d001876f3621e30\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:29:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_0d3906c4f3370937\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 06:43:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22209_none_0d52a9aaf32333d8\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.07.08 06:59:24 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22379_none_0d06fc1cf35bf496\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 07:53:29 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_0d3fdb3af3327f5f\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.11.17 14:40:00 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22436_none_0d2f3cd4f33e35f4\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.03.04 12:35:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22616_none_0d44e078f32df860\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.04.12 04:03:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_0d169feaf3511c1f\api-ms-win-core-libraryloader-l1-1-0.dll
< *minodlogin* /s >
< *tnod* /s >
< *AutoKMS* /s >
< *activator* /s >
OTL logfile created on: 12.6.2014 18:00:07 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kopecky\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
7,95 Gb Total Physical Memory | 6,42 Gb Available Physical Memory | 80,85% Memory free
7,94 Gb Paging File | 6,32 Gb Available in Paging File | 79,53% Paging File free
Paging file location(s): [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 83,75 Gb Total Space | 28,23 Gb Free Space | 33,71% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 165,36 Gb Free Space | 17,75% Space Free | Partition Type: NTFS
Computer Name: KOPECKYNB | User Name: Kopecky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014.06.11 21:23:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kopecky\Desktop\OTL.exe
PRC - [2014.06.05 18:01:09 | 003,890,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014.05.07 08:05:40 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013.10.23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe
PRC - [2013.09.03 15:58:26 | 002,237,328 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
PRC - [2013.09.03 15:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.02.18 09:20:50 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.11.19 13:52:54 | 000,174,064 | ---- | M] (Panasonic Corporation) -- C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
PRC - [2010.11.17 03:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
========== Modules (No Company Name) ==========
MOD - [2014.05.19 22:15:10 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\562bdd62e51e3eaac4e7c3c30fc6a200\IAStorUtil.ni.dll
MOD - [2014.05.19 20:19:33 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\98c91b8d3f1d54c41ada5f37e0935303\System.Runtime.Remoting.ni.dll
MOD - [2014.05.19 20:19:32 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4f66c3dc2cd6583df3fcc393edcb48a7\System.Transactions.ni.dll
MOD - [2014.05.19 20:19:31 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dbc236ca6655e4e3839ee4f802eb3f99\System.Data.ni.dll
MOD - [2014.03.04 07:57:21 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2014.02.13 20:10:19 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014.02.13 20:10:14 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014.02.13 20:10:01 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014.02.13 20:09:58 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014.02.13 20:09:58 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014.02.13 20:09:53 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2013.12.12 17:01:08 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013.07.08 14:43:52 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_cs_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2012.07.24 19:40:16 | 000,296,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Data.SqlServerCe\3.5.1.0__89845dcd8080cc91\System.Data.SqlServerCe.dll
MOD - [2010.11.13 04:36:45 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_cs_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 03:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
========== Services (SafeList) ==========
SRV - [2014.05.14 21:09:04 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.10.23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Running] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.09.03 15:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.07.16 22:03:51 | 000,607,040 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2013.03.15 18:29:10 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.03.28 21:51:25 | 004,323,256 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011.02.18 09:20:54 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.12.21 11:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.12.21 11:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.08.27 15:01:22 | 001,403,200 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.08.27 14:56:30 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV - [2010.02.25 11:18:08 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.02 23:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... d=ie7&rlz=
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4150626791-4065493338-2529544-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
IE - HKU\S-1-5-21-4150626791-4065493338-2529544-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/search?q={searchT ... d=ie7&rlz=
IE - HKU\S-1-5-21-4150626791-4065493338-2529544-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKU\S-1-5-21-4150626791-4065493338-2529544-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-4150626791-4065493338-2529544-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4150626791-4065493338-2529544-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE11SR
IE - HKU\S-1-5-21-4150626791-4065493338-2529544-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www2.delta-search.com/?q={search ... 4&tsp=4986
IE - HKU\S-1-5-21-4150626791-4065493338-2529544-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... d=ie7&rlz=
IE - HKU\S-1-5-21-4150626791-4065493338-2529544-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kopecky\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kopecky\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: E:\Hry\Settlers\Data\Base\_Dbg\Bin\Release\orbit\npuplaypc.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\7go@7go.com: C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\7go@7go.com [2013.08.26 21:16:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\speedanalysis02@SpeedAnalysis.com: C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com [2013.08.26 21:17:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@VideoPlayerV3beta748.net: C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta748\ff [2014.01.11 13:49:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\7go@7go.com: C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\7go@7go.com [2013.08.26 21:16:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\speedanalysis02@SpeedAnalysis.com: C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com [2013.08.26 21:17:05 | 000,000,000 | ---D | M]
[2013.08.26 21:17:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions
[2013.08.26 21:16:56 | 000,000,000 | ---D | M] (7Go Games) -- C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\7go@7go.com
[2013.08.26 21:17:05 | 000,000,000 | ---D | M] (Speed Analysis 2) -- C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = https://www.google.com/complete/search? ... earchTerms},
CHR - homepage: www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Kopecky\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kopecky\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kopecky\AppData\Local\Google\Chrome\Application\35.0.1916.114\gcswf32.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Kopecky\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Kopecky\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - Extension: YouTube = C:\Users\Kopecky\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Vyhledávánà Google = C:\Users\Kopecky\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Peněženka Google = C:\Users\Kopecky\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Kopecky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2014.03.16 14:05:15 | 000,000,941 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 genuine.microsoft.com
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O1 - Hosts: 127.0.0.1 sls.microsoft.com
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Adobe Creative Cloud] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCEPServiceManager] C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4150626791-4065493338-2529544-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra Button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.36 213.46.172.37
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5ACE836E-D1EF-4A7E-AD7B-3E9488DFF904}: DhcpNameServer = 213.46.172.36 213.46.172.37
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7A3C0CE-69E7-4CDE-852E-70A2D96DECDE}: DhcpNameServer = 213.46.172.36 213.46.172.37
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.08.26 02:41:05 | 000,000,000 | RH-D | M] - E:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002.10.16 14:56:50 | 000,000,036 | RH-- | M] () - E:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{c8ff6e49-8797-11e1-89c3-3859f9fc7ea1}\Shell - "" = AutoRun
O33 - MountPoints2\{c8ff6e49-8797-11e1-89c3-3859f9fc7ea1}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{cad61f6a-6996-11e3-b43b-3859f9fc7ea1}\Shell - "" = AutoRun
O33 - MountPoints2\{cad61f6a-6996-11e3-b43b-3859f9fc7ea1}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\laucher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 30 Days ==========
[2014.06.11 21:23:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kopecky\Desktop\OTL.exe
[2014.06.10 22:50:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014.06.10 22:24:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2014.06.10 22:24:12 | 000,000,000 | ---D | C] -- C:\rsit
[2014.05.19 19:04:01 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014.05.19 19:03:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014.05.19 18:59:56 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014.05.19 18:59:56 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014.05.19 18:59:55 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\objsel.dll
[2014.05.19 18:59:54 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cngprovider.dll
[2014.05.19 18:59:54 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adprovider.dll
[2014.05.19 18:59:54 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capiprovider.dll
[2014.05.19 18:59:54 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapiprovider.dll
[2014.05.19 18:59:54 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll
[2014.05.19 18:59:54 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wincredprovider.dll
========== Files - Modified Within 30 Days ==========
[2014.06.12 18:00:58 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014.06.12 17:59:05 | 000,000,116 | ---- | M] () -- C:\.dir
[2014.06.12 17:58:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.06.12 07:13:05 | 000,000,970 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4150626791-4065493338-2529544-1000UA.job
[2014.06.12 07:08:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.06.11 22:20:04 | 000,007,605 | ---- | M] () -- C:\Users\Kopecky\AppData\Local\Resmon.ResmonCfg
[2014.06.11 21:23:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kopecky\Desktop\OTL.exe
[2014.06.10 22:59:56 | 000,213,696 | ---- | M] () -- C:\Users\Kopecky\Documents\cc_20140610_225940.reg
[2014.06.10 22:50:24 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014.06.07 14:13:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4150626791-4065493338-2529544-1000Core.job
[2014.06.04 07:04:29 | 000,002,399 | ---- | M] () -- C:\Users\Kopecky\Desktop\Google Chrome.lnk
[2014.06.03 21:12:59 | 000,000,854 | ---- | M] () -- C:\Users\Kopecky\Desktop\µTorrent.lnk
[2014.05.27 19:16:32 | 000,000,873 | ---- | M] () -- C:\Users\Kopecky\Desktop\Play DmC Devil May Cry.lnk
[2014.05.14 21:09:04 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014.05.14 21:09:04 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
========== Files Created - No Company Name ==========
[2014.06.11 22:20:04 | 000,007,605 | ---- | C] () -- C:\Users\Kopecky\AppData\Local\Resmon.ResmonCfg
[2014.06.11 21:26:46 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014.06.10 22:59:43 | 000,213,696 | ---- | C] () -- C:\Users\Kopecky\Documents\cc_20140610_225940.reg
[2014.06.10 22:50:24 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014.05.27 19:16:32 | 000,000,873 | ---- | C] () -- C:\Users\Kopecky\Desktop\Play DmC Devil May Cry.lnk
[2014.03.16 14:05:15 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\winver.exe
[2013.12.27 23:29:34 | 000,000,043 | ---- | C] () -- C:\Windows\MezzmoMediaServer.INI
[2013.08.26 21:17:13 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.11.06 19:07:36 | 000,000,132 | ---- | C] () -- C:\Users\Kopecky\AppData\Roaming\Adobe Formát BMP CS5 – předvolby
[2012.10.17 10:54:30 | 000,057,856 | ---- | C] () -- C:\Windows\Fce32.dll
[2012.10.17 10:54:29 | 000,092,672 | ---- | C] () -- C:\Windows\SysWow64\See32.dll
[2012.10.17 10:54:29 | 000,057,856 | ---- | C] () -- C:\Windows\SysWow64\Fce32.dll
[2012.09.30 21:49:07 | 000,000,600 | ---- | C] () -- C:\Users\Kopecky\AppData\Local\PUTTY.RND
[2012.09.30 21:18:48 | 000,003,280 | ---- | C] () -- C:\Windows\SysWow64\LOWERP.ini
[2012.09.30 21:18:48 | 000,001,760 | ---- | C] () -- C:\Windows\SysWow64\LPOff.ini
[2012.07.24 19:41:57 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012.07.24 19:41:57 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012.07.24 19:41:57 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012.07.24 19:41:57 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012.07.24 19:41:57 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012.07.24 19:41:57 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012.07.24 19:41:57 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012.07.24 19:41:57 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012.07.24 19:41:57 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012.07.24 19:41:57 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2012.07.24 19:41:57 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012.07.24 19:41:57 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012.07.24 19:41:57 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012.07.24 19:41:57 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012.07.24 19:41:57 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012.07.24 19:41:57 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2012.07.24 19:41:57 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2012.07.24 19:41:57 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012.07.24 19:41:57 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011.12.24 10:22:38 | 000,000,037 | -HS- | C] () -- C:\Users\Kopecky\AppData\Local\1754111884ee9ab5277ca00.95260103
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014.03.25 04:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.03.25 04:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013.08.26 21:16:56 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\7go
[2013.12.12 17:19:28 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\AVAST Software
[2013.08.26 21:16:53 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Babylon
[2013.04.06 13:14:43 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\BSplayer
[2013.04.06 13:10:11 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\BSplayer Pro
[2014.06.10 22:58:38 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\DAEMON Tools Lite
[2013.12.06 18:46:34 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\DriverCure
[2014.05.07 18:05:18 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Dropbox
[2013.03.03 19:15:26 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\ESET
[2011.12.15 17:34:13 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\GHISLER
[2013.03.24 14:24:44 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\ICQ
[2014.02.08 15:30:52 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\library_dir
[2013.01.12 01:11:13 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\LiveCAD3
[2011.12.15 14:08:40 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\LolClient
[2012.05.24 19:54:57 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\LolClient2
[2012.01.24 13:34:05 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\NetworkTunnel
[2011.12.15 11:14:39 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Nitro PDF
[2011.12.15 11:13:14 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\OpenCandy
[2013.12.06 18:46:34 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\ParetoLogic
[2013.10.01 18:31:37 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\PDAppFlex
[2013.08.26 21:19:21 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\PerformerSoft
[2014.02.19 23:22:55 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Raptr
[2014.05.10 20:40:43 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Riot Games
[2013.08.26 21:17:20 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\SeeSimilar02
[2014.04.22 22:52:33 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Seznam.cz
[2013.08.26 21:17:05 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\SpeedAnalysis2
[2012.10.24 18:42:10 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013.12.15 13:36:37 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\The Creative Assembly
[2013.06.11 20:53:08 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Theta
[2014.06.10 22:58:37 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\TS3Client
[2012.10.16 18:11:38 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\TuneUp Software
[2014.06.10 22:58:37 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\uTorrent
[2012.10.17 11:02:56 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\WebcamMax
[2012.09.30 21:19:14 | 000,000,000 | -HSD | M] -- C:\Users\Kopecky\AppData\Roaming\wyUpdate AU
========== Purity Check ==========
========== Custom Scans ==========
< >
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,576 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.12.16 19:20:37 | 000,000,918 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4150626791-4065493338-2529544-1000Core.job
[2011.12.16 19:20:37 | 000,000,970 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4150626791-4065493338-2529544-1000UA.job
[2012.11.14 19:12:02 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
< >
< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2010.11.20 15:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010.11.20 15:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009.07.14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
[2010.11.20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010.11.20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe
< MD5 for: CDROM.SYS >
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
[2010.11.20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010.11.20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010.11.20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys
< MD5 for: EXPLORER.EXE >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: HAL.DLL >
[2009.07.14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
[2010.11.20 15:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\SysNative\hal.dll
[2010.11.20 15:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll
< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: TCPIP.SYS >
[2011.04.25 07:28:24 | 001,893,248 | ---- | M] (Microsoft Corporation) MD5=1F748D5439B65E0BEBD92F65048F030D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys
[2011.09.29 19:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[2013.05.08 08:14:42 | 001,900,392 | ---- | M] (Microsoft Corporation) MD5=3E94650745D4DAB67E161F5F32CEA597 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22319_none_11d29984961f0be0\tcpip.sys
[2013.11.17 14:39:52 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\SysNative\drivers\tcpip.sys
[2013.11.17 14:39:52 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_1118bb977d265d27\tcpip.sys
[2010.11.20 15:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2013.01.04 07:41:01 | 001,893,224 | ---- | M] (Microsoft Corporation) MD5=5CFB7AB8F9524D1A1E14369DE63B83CC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.17206_none_0f6a6af57fd59de6\tcpip.sys
[2012.03.30 12:19:17 | 001,877,872 | ---- | M] (Microsoft Corporation) MD5=5EFD096DEF47F8B88EF591DA92143440 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_0faa5514992a39a7\tcpip.sys
[2011.04.25 07:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys
[2012.03.30 13:09:53 | 001,895,280 | ---- | M] (Microsoft Corporation) MD5=624C5B3AA4C99B3184BB922D9ECE3FF0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_0f140fa780164fde\tcpip.sys
[2013.01.03 07:57:12 | 001,876,824 | ---- | M] (Microsoft Corporation) MD5=692969AB90BDA19F56E27BF89A9260E2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21415_none_0fe8397098fc3d71\tcpip.sys
[2013.11.17 14:39:52 | 001,896,896 | ---- | M] (Microsoft Corporation) MD5=75F9106B74585D38C8FF6BB5CAD262D7 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_11ad2a34963bde27\tcpip.sys
[2012.08.22 20:06:13 | 001,901,936 | ---- | M] (Microsoft Corporation) MD5=7880A26B7D3B96FDA8EFD9F985036B1D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_117a13de9661c145\tcpip.sys
[2012.03.30 12:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2009.07.14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2011.04.25 07:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2013.05.08 08:39:01 | 001,910,632 | ---- | M] (Microsoft Corporation) MD5=9849EA3843A2ADBDD1497E97A85D8CAE -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18148_none_11278ac57d1aa96b\tcpip.sys
[2011.09.29 18:17:51 | 001,886,064 | ---- | M] (Microsoft Corporation) MD5=AC3E29880DB5659532A1AA3439304A43 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_0fad20ca992955d7\tcpip.sys
[2012.03.30 13:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2013.07.06 07:20:38 | 001,900,992 | ---- | M] (Microsoft Corporation) MD5=B27F13153343BC37A27EAE01634D94E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_1190b9b296509a2f\tcpip.sys
[2013.01.03 08:00:54 | 001,913,192 | ---- | M] (Microsoft Corporation) MD5=B62A953F2BF3922C8764A29C34A22899 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_112187237d20143a\tcpip.sys
[2011.04.25 08:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2013.01.04 07:47:43 | 001,901,416 | ---- | M] (Microsoft Corporation) MD5=B8C1AAC0523E1C33AEB0EF7572144BA2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_11dd678a9616f2c8\tcpip.sys
[2013.07.06 08:03:53 | 001,910,208 | ---- | M] (Microsoft Corporation) MD5=DB74544B75566C974815E79A62433F29 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_114dcae97cfeb81b\tcpip.sys
[2011.09.29 18:24:44 | 001,897,328 | ---- | M] (Microsoft Corporation) MD5=F18F56EFC0BFB9C87BA01C37B27F4DA5 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_0f170e9f80139ebc\tcpip.sys
[2012.08.22 20:12:50 | 001,913,200 | ---- | M] (Microsoft Corporation) MD5=F782CAD3CEDBB3F9FFE3BF2775D92DDC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_113380f37d117668\tcpip.sys
[2011.09.29 18:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys
< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2014.03.04 13:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014.03.04 11:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\SysNative\winlogon.exe
[2014.03.04 11:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< >
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs
< >
< %systemroot%*.* /U /s >
[3 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[16 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[23 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2013.08.26 21:16:56 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\7go
[2013.10.01 18:30:59 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Adobe
[2012.10.24 18:42:10 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Adobe Mini Bridge CS5
[2011.12.15 10:53:16 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\ATI
[2013.12.12 17:19:28 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\AVAST Software
[2013.08.26 21:16:53 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Babylon
[2013.04.06 13:14:43 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\BSplayer
[2013.04.06 13:10:11 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\BSplayer Pro
[2014.06.10 22:58:38 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\DAEMON Tools Lite
[2013.12.06 18:46:34 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\DriverCure
[2014.05.07 18:05:18 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Dropbox
[2013.03.27 19:47:50 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\dvdcss
[2013.03.03 19:15:26 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\ESET
[2011.12.15 17:34:13 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\GHISLER
[2012.09.25 20:24:39 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Hamachi
[2011.12.23 16:49:05 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\HpUpdate
[2013.03.24 14:24:44 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\ICQ
[2011.12.15 10:30:32 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Identities
[2011.12.15 10:41:42 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\InstallShield
[2011.12.15 10:45:50 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Intel Corporation
[2014.02.08 15:30:52 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\library_dir
[2013.01.12 01:11:13 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\LiveCAD3
[2011.12.15 14:08:40 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\LolClient
[2012.05.24 19:54:57 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\LolClient2
[2011.12.15 11:08:02 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Macromedia
[2009.07.14 17:36:38 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Media Center Programs
[2013.08.28 12:42:00 | 000,000,000 | --SD | M] -- C:\Users\Kopecky\AppData\Roaming\Microsoft
[2013.08.26 21:16:56 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Mozilla
[2012.01.24 13:34:05 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\NetworkTunnel
[2011.12.15 11:14:39 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Nitro PDF
[2011.12.15 11:13:14 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\OpenCandy
[2013.12.06 18:46:34 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\ParetoLogic
[2013.10.01 18:31:37 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\PDAppFlex
[2013.08.26 21:19:21 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\PerformerSoft
[2013.12.27 21:20:46 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\PSpad
[2014.02.19 23:22:55 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Raptr
[2014.05.10 20:40:43 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Riot Games
[2013.08.26 21:17:20 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\SeeSimilar02
[2014.04.22 22:52:33 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Seznam.cz
[2014.06.10 22:58:37 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Skype
[2013.08.26 21:17:05 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\SpeedAnalysis2
[2012.10.24 18:42:10 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013.12.15 13:36:37 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\The Creative Assembly
[2013.06.11 20:53:08 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Theta
[2014.06.10 22:58:37 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\TS3Client
[2012.10.16 18:11:38 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\TuneUp Software
[2014.06.10 22:58:37 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\uTorrent
[2013.03.10 21:49:37 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Ventrilo
[2014.01.09 20:02:20 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\vlc
[2012.10.17 11:02:56 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\WebcamMax
[2012.01.01 02:16:57 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\Winamp
[2011.12.15 17:43:35 | 000,000,000 | ---D | M] -- C:\Users\Kopecky\AppData\Roaming\WinRAR
[2012.09.30 21:19:14 | 000,000,000 | -HSD | M] -- C:\Users\Kopecky\AppData\Roaming\wyUpdate AU
< %APPDATA%\*.exe /s >
[2009.08.11 21:21:26 | 000,087,552 | ---- | M] () -- C:\Users\Kopecky\AppData\Roaming\BSplayer\AC3 Filter\ac3config.exe
[2009.08.11 21:21:30 | 000,090,112 | ---- | M] () -- C:\Users\Kopecky\AppData\Roaming\BSplayer\AC3 Filter\spdif_test.exe
[2010.03.22 14:52:04 | 000,697,690 | ---- | M] () -- C:\Users\Kopecky\AppData\Roaming\BSplayer\AC3 Filter\unins000.exe
[2012.10.11 09:01:20 | 001,175,371 | ---- | M] () -- C:\Users\Kopecky\AppData\Roaming\BSplayer\FFDShow\unins000.exe
[2010.08.14 10:42:54 | 000,113,152 | ---- | M] () -- C:\Users\Kopecky\AppData\Roaming\BSplayer\Haali media splitter\dsmux.exe
[2010.08.14 10:45:10 | 000,358,400 | ---- | M] () -- C:\Users\Kopecky\AppData\Roaming\BSplayer\Haali media splitter\gdsmux.exe
[2010.08.14 10:42:06 | 000,137,728 | ---- | M] () -- C:\Users\Kopecky\AppData\Roaming\BSplayer\Haali media splitter\mkv2vfr.exe
[2010.09.30 15:30:22 | 000,042,305 | ---- | M] () -- C:\Users\Kopecky\AppData\Roaming\BSplayer\Haali media splitter\uninstall.exe
[2014.01.25 10:33:07 | 000,054,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Kopecky\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.12.15 10:51:35 | 000,010,134 | R--- | M] () -- C:\Users\Kopecky\AppData\Roaming\Microsoft\Installer\{271B24E3-1505-B13A-BF3E-282CF0C54B68}\ARPPRODUCTICON.exe
[2011.12.15 11:14:10 | 033,975,384 | ---- | M] () -- C:\Users\Kopecky\AppData\Roaming\OpenCandy\79F0FE156C424F5692C0D67F9B695528\NitroPDFen64_p2v1Installer.exe
[2014.02.19 19:22:47 | 042,022,848 | ---- | M] () -- C:\Users\Kopecky\AppData\Roaming\Raptr\raptr-3.7.1-r80454-release.exe
[2014.06.03 21:12:59 | 001,272,400 | ---- | M] (BitTorrent Inc.) -- C:\Users\Kopecky\AppData\Roaming\uTorrent\uTorrent.exe
[2014.01.25 10:38:45 | 001,307,736 | ---- | M] (BitTorrent Inc.) -- C:\Users\Kopecky\AppData\Roaming\uTorrent\updates\3.3.2_30488.exe
[2014.04.28 22:27:35 | 001,270,352 | ---- | M] (BitTorrent Inc.) -- C:\Users\Kopecky\AppData\Roaming\uTorrent\updates\3.4.1_30888.exe
[2014.06.03 21:12:31 | 001,272,400 | ---- | M] (BitTorrent Inc.) -- C:\Users\Kopecky\AppData\Roaming\uTorrent\updates\3.4.1_31139.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job >
[2014.06.12 18:08:00 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2014.06.07 14:13:00 | 000,000,918 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4150626791-4065493338-2529544-1000Core.job
[2014.06.12 07:13:05 | 000,000,970 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4150626791-4065493338-2529544-1000UA.job
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2014.06.12 18:01:03 | 000,000,018 | ---- | M] () -- C:\Windows\system32\log.txt
< %SYSTEMDRIVE%\*.exe >
< >
< *crack* /s >
[2012.08.06 18:37:26 | 000,017,431 | ---- | M] () -- \Users\Kopecky\AppData\Roaming\uTorrent\DiRT Showdown+Crack-FLT[EtGamez].torrent
[2012.09.24 19:41:34 | 000,002,128 | ---- | M] () -- \Users\Kopecky\AppData\Roaming\uTorrent\F1 2012 Crack Fixed - SKIDROW.torrent
[2013.02.17 11:53:55 | 000,011,257 | ---- | M] () -- \Users\Kopecky\AppData\Roaming\uTorrent\Hitman.Absolution.CRACK.ONLY-SKIDROW.torrent
[2013.12.06 17:31:03 | 000,013,733 | ---- | M] () -- \Users\Kopecky\AppData\Roaming\uTorrent\Need.for.Speed.Rivals.v1.2.0.0.Update.and.No.Origin.X86.and.X64.Crack-3DM.torrent
[2014.01.30 21:12:11 | 000,009,320 | ---- | M] () -- \Users\Kopecky\AppData\Roaming\uTorrent\The Witcher 2 Assassins of Kings Crack Only - SKIDROW.torrent
< *keygen* /s >
[2010.05.01 03:24:54 | 000,063,365 | ---- | M] () -- \Dokumenty\Programy\Keygen.exe
[2010.09.13 09:33:34 | 000,085,504 | ---- | M] () -- \Users\Public\tune\TuneUp Utilities 2010 v9.0.4600.4KeyGen + Cz(vista_7)_ Gio\keygen.exe
< *AntiWPA* /s >
< *loader* /s >
[2006.10.26 14:40:34 | 000,057,344 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006.10.26 14:40:34 | 000,005,120 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2014.01.22 23:58:36 | 000,791,552 | ---- | M] () -- \Program Files (x86)\Raptr\amddriverdownloader.exe
[2010.11.23 00:57:34 | 000,009,216 | ---- | M] () -- \Program Files (x86)\Raptr\_win32sysloader.pyd
[2009.09.25 14:00:00 | 000,001,849 | ---- | M] () -- \Program Files (x86)\TuneUp Utilities 2010\data\TuneUpUtilities.gadget\images\loader.gif
[2014.05.07 08:05:40 | 000,072,480 | ---- | M] () -- \Program Files\AVAST Software\Avast\aswWrcIELoader32.exe
[2014.05.07 08:05:40 | 000,085,888 | ---- | M] () -- \Program Files\AVAST Software\Avast\aswWrcIELoader64.exe
[2013.03.29 23:28:18 | 000,099,328 | ---- | M] () -- \Program Files\Common Files\Adobe\dynamiclinkmediaserver\7.0\MXF_SDK_MetaMetadata_BinaryLoader_4.4.13.dll
[2013.03.29 23:28:18 | 000,196,608 | ---- | M] () -- \Program Files\Common Files\Adobe\dynamiclinkmediaserver\7.0\MXF_SDK_MetaMetadata_XSDLoader2_4.4.13.dll
[2013.03.29 23:28:18 | 000,148,480 | ---- | M] () -- \Program Files\Common Files\Adobe\dynamiclinkmediaserver\7.0\MXF_SDK_MetaMetadata_XSDLoader_4.4.13.dll
[2009.09.25 14:00:00 | 000,001,849 | ---- | M] () -- \Program Files\Windows Sidebar\Shared Gadgets\TuneUpUtilities.gadget\images\loader.gif
[2013.02.20 16:28:38 | 000,072,638 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.gif
[2013.02.20 16:28:38 | 000,003,032 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.png
[2013.11.11 15:39:40 | 000,006,012 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\normal\loader_15fps.gif
[2013.11.11 15:39:40 | 000,021,956 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\normal\loader_30fps.gif
[2013.02.20 16:28:38 | 000,009,772 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\retina\loader@2x.png
[2014.05.10 20:46:47 | 000,000,404 | ---- | M] () -- \Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.94\deploy\assets\storeImages\layout\small_loader.gif
[2013.02.20 16:28:38 | 000,072,638 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.gif
[2013.02.20 16:28:38 | 000,003,032 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.png
[2013.11.11 15:39:40 | 000,006,012 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\normal\loader_15fps.gif
[2013.11.11 15:39:40 | 000,021,956 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\normal\loader_30fps.gif
[2013.02.20 16:28:38 | 000,009,772 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\retina\loader@2x.png
[2011.12.27 12:26:30 | 000,082,784 | ---- | M] () -- \Windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
[2009.07.14 14:25:34 | 002,202,645 | R--- | M] () -- \Windows\Setup\SCRIPTS\Windows7Loader.exe
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2009.07.14 03:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009.07.14 03:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 07:04:54 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16850_none_66c2596d956d1920\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 19:28:57 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17135_none_66dcd6a595588d81\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 07:26:58 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17206_none_66fe4899953f502c\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 07:06:43 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21010_none_67770e0aae6a7c68\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 19:26:17 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21335_none_67667556ae762a72\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 16:12:39 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21416_none_677d175eae65090e\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 07:21:03 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 19:38:48 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_68a2edab92971725\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 04:12:19 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 07:12:44 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_691eb3faabbf8f66\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 19:35:00 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_6957a248ab947a6d\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 07:32:07 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22209_none_6971452eab80a50e\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.07.08 07:11:20 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22379_none_692597a0abb965cc\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 08:20:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_695e76beab8ff095\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.11.17 14:40:00 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22436_none_694dd858ab9ba72a\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.03.04 13:03:17 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22616_none_69637bfcab8b6996\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.04.12 04:28:21 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_69353b6eabae8d55\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 17:17:49 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2009.07.14 17:17:49 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.efi.mui_35ee487d
[2009.07.14 17:17:49 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.exe.mui_3bc5b827
[2009.07.14 17:17:49 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.efi.mui_f412814e
[2009.07.14 17:17:49 | 000,030,288 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.exe.mui_ff8b5358
[2011.12.21 11:07:48 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2011.12.21 11:07:48 | 000,642,944 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.efi_75834aa0
[2011.12.21 11:07:48 | 000,605,552 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.exe_75835076
[2011.12.21 11:07:48 | 000,566,208 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.efi_85cd069f
[2011.12.21 11:07:48 | 000,518,672 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.exe_85cd1215
[2009.07.14 04:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 04:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2009.07.14 17:15:51 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2009.07.14 04:13:42 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef.manifest
[2011.02.05 15:09:31 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66.manifest
[2011.02.05 15:04:44 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20897_none_b79c80e49f7bc9f4.manifest
[2010.11.20 07:12:44 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89.manifest
[2011.02.05 19:34:23 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2011.02.05 15:09:57 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e.manifest
[2009.07.14 04:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:19:58 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16850_none_0aa3bde9dd0fa7ea\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:45:38 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17135_none_0abe3b21dcfb1c4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 06:43:53 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17206_none_0adfad15dce1def6\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:12:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21010_none_0b587286f60d0b32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:48:05 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21335_none_0b47d9d2f618b93c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 06:39:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21416_none_0b5e7bdaf60797d8\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:15:45 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:40:37 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_0c845227da39a5ef\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:36:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_0d001876f3621e30\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:29:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_0d3906c4f3370937\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 06:43:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22209_none_0d52a9aaf32333d8\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.07.08 06:59:24 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22379_none_0d06fc1cf35bf496\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 07:53:29 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_0d3fdb3af3327f5f\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.11.17 14:40:00 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22436_none_0d2f3cd4f33e35f4\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.03.04 12:35:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22616_none_0d44e078f32df860\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.04.12 04:03:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_0d169feaf3511c1f\api-ms-win-core-libraryloader-l1-1-0.dll
< *minodlogin* /s >
< *tnod* /s >
< *AutoKMS* /s >
< *activator* /s >
Re: Preventivní kontrola logu
< *serial* /s >
[2014.02.13 23:57:42 | 000,434,368 | ---- | M] () -- \Program Files (x86)\Microsoft Silverlight\5.1.30214.0\System.Runtime.Serialization.dll
[2014.03.12 17:41:14 | 001,164,288 | ---- | M] () -- \Program Files (x86)\Microsoft Silverlight\5.1.30214.0\System.Runtime.Serialization.ni.dll
[2012.10.05 12:53:23 | 000,970,752 | ---- | M] () -- \Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2010.11.05 03:53:39 | 000,090,112 | ---- | M] () -- \Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[2014.02.14 00:30:04 | 000,434,368 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.1.30214.0\System.Runtime.Serialization.dll
[2014.03.12 17:41:36 | 001,546,240 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.1.30214.0\System.Runtime.Serialization.ni.dll
[2012.10.05 12:52:37 | 000,847,872 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2010.11.05 03:54:42 | 000,090,112 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[2009.07.14 17:17:20 | 000,011,776 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.06.10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2010.11.13 04:02:06 | 000,090,112 | ---- | M] () -- \Windows\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
[2012.10.05 12:53:23 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2014.02.13 20:10:19 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\553e7bfc9cac5e4feaa83d8ee1e187bd\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.02.13 20:13:38 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f177ea74036d5fdc6c6b9c967dc877cf\System.Runtime.Serialization.ni.dll
[2014.02.13 20:08:06 | 000,396,288 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\8653acb87b4a219a84e4ce58df35e62a\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.02.13 20:18:25 | 003,073,536 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\b73fbf8a2db2192752ad2b13744a393b\System.Runtime.Serialization.ni.dll
[2014.02.13 20:15:11 | 000,311,296 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\046c2851963b30d0e14194051c03de33\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.02.13 20:15:32 | 002,658,304 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\fa954900a6cf3a095efadfa4c683a32c\System.Runtime.Serialization.ni.dll
[2014.02.13 20:31:57 | 003,424,768 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\93693d8043d32885f194493db37ec189\System.Runtime.Serialization.ni.dll
[2014.02.13 20:41:23 | 000,376,832 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\a6d5113221e92b37937dfa2725f37bf4\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2010.03.18 14:16:28 | 001,026,936 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.Runtime.Serialization.dll.amd64
[2010.03.18 14:16:28 | 001,026,936 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.Runtime.Serialization.dll.x86
[2014.05.19 19:01:32 | 000,122,264 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2014.05.19 19:01:31 | 001,039,040 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2009.06.10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2010.11.05 03:53:33 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2012.10.05 12:53:24 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2013.09.11 07:06:54 | 001,039,040 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2010.03.18 14:16:28 | 000,122,264 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2009.06.10 22:40:06 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2010.11.05 03:54:38 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2012.10.05 12:52:38 | 000,847,872 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2013.09.11 07:06:54 | 001,039,040 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.dll
[2010.03.18 14:16:28 | 000,122,264 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2009.07.14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2009.07.14 17:17:13 | 000,005,120 | ---- | M] () -- \Windows\System32\cs-CZ\serialui.dll.mui
[2009.07.14 02:00:40 | 000,094,208 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_amd64_neutral_fdcfb86ce78678d1\serial.sys
[2009.06.10 22:37:50 | 000,038,400 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_amd64_neutral_6fb75ea318f84fe5\grserial.sys
[2009.07.14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\SysWOW64\serialui.dll
[2009.07.14 17:17:13 | 000,005,120 | ---- | M] () -- \Windows\SysWOW64\cs-CZ\serialui.dll.mui
[2009.07.14 17:17:19 | 000,011,776 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_1c215c9ac50719c5\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2010.11.05 03:54:38 | 000,011,776 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_1e527062c1f59d5f\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2009.07.14 17:17:22 | 000,005,120 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_aa5fd338fd5bcb23\serialui.dll.mui
[2009.07.14 03:41:54 | 000,017,920 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360\serialui.dll
[2009.07.14 17:17:32 | 000,090,112 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_b96904386c2fe002\System.RunTime.Serialization.Resources.dll
[2010.11.05 03:54:42 | 000,090,112 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_bb9a1800691e639c\System.RunTime.Serialization.Resources.dll
[2009.07.14 17:17:25 | 000,009,728 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_20ab142d65ed6acc\serial.sys.mui
[2009.07.14 02:00:40 | 000,094,208 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_548ca258d20f4ada\serial.sys
[2009.06.10 22:40:06 | 000,131,072 | ---- | M] () -- \Windows\winsxs\amd64_netfx-system.runtim..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_a9d1bee515273f56\System.Runtime.Serialization.Formatters.Soap.dll
[2009.06.10 22:37:50 | 000,038,400 | ---- | M] () -- \Windows\winsxs\amd64_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_ce9ed3064deed3aa\grserial.sys
[2009.06.10 22:30:46 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7600.16385_none_5943b25a748cb06c\System.Runtime.Serialization.dll
[2010.11.05 03:52:16 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17514_none_5918bfde74e3f722\System.Runtime.Serialization.dll
[2012.10.05 12:52:38 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17966_none_591d933074dfaa5b\System.Runtime.Serialization.dll
[2012.10.05 12:56:11 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.22126_none_424bee728e8a9f53\System.Runtime.Serialization.dll
[2009.06.10 22:30:43 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_941abf24c884ab05\System.Runtime.Serialization.dll
[2010.11.05 03:52:08 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_93efcca8c8dbf1bb\System.Runtime.Serialization.dll
[2012.10.05 12:52:37 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_93f49ffac8d7a4f4\System.Runtime.Serialization.dll
[2012.10.05 12:56:11 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_7d22fb3ce28299ec\System.Runtime.Serialization.dll
[2011.12.21 11:07:46 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8.manifest
[2011.12.21 11:07:46 | 000,017,792 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8_kdcom.dll_db5e7744
[2009.07.14 17:17:49 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_aa5fd338fd5bcb23_serialui.dll.mui_7d29d2a3
[2009.07.14 04:57:29 | 000,017,920 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360_serialui.dll_bea29328
[2009.07.14 17:17:47 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed_serialui.dll.mui_7d29d2a3
[2009.07.14 04:58:37 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a_serialui.dll_bea29328
[2009.07.14 04:15:17 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_6daa7ec5c65bf5bc.manifest
[2011.02.05 15:10:43 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16757_none_6dccf6b5c641c933.manifest
[2011.02.05 15:05:47 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.20897_none_6e2b53d0df7fd8c1.manifest
[2011.02.05 19:35:45 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8.manifest
[2011.02.05 15:11:05 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.21655_none_703aeff2dc87a23b.manifest
[2009.07.14 04:11:30 | 000,000,868 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.1.7600.16385_none_88b1c48f2026fe3f.manifest
[2009.07.14 04:26:23 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7600.16385_none_5943b25a748cb06c.manifest
[2010.11.20 07:21:24 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17514_none_5918bfde74e3f722.manifest
[2012.10.05 20:18:30 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17966_none_591d933074dfaa5b.manifest
[2012.10.05 20:10:31 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.22126_none_424bee728e8a9f53.manifest
[2009.07.14 04:27:09 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_941abf24c884ab05.manifest
[2010.11.20 07:22:10 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_93efcca8c8dbf1bb.manifest
[2012.10.05 20:19:07 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_93f49ffac8d7a4f4.manifest
[2012.10.05 20:11:10 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_7d22fb3ce28299ec.manifest
[2009.07.14 03:52:33 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896.manifest
[2010.11.20 06:06:16 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c.manifest
[2012.10.05 19:15:39 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17966_none_a683f56a74d63285.manifest
[2012.10.05 19:17:50 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22126_none_8fb250ac8e81277d.manifest
[2009.07.14 17:16:38 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0.manifest
[2012.10.05 22:12:17 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17966_cs-cz_342f3c238422529f.manifest
[2012.10.05 21:59:28 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22126_cs-cz_1d5d97659dcd4797.manifest
[2009.07.14 03:51:52 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9.manifest
[2010.11.20 06:05:38 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f.manifest
[2012.10.05 19:15:03 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17966_none_d6c72b049c7d33b8.manifest
[2012.10.05 19:17:15 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22126_none_bff58646b62828b0.manifest
[2009.07.14 03:57:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b.manifest
[2010.11.20 06:10:46 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1.manifest
[2012.10.05 19:19:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_dba1d6d1dd53cdfa.manifest
[2012.10.05 19:22:10 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_c4d03213f6fec2f2.manifest
[2009.06.10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll
[2009.07.14 17:17:20 | 000,011,776 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.1.7600.16385_cs-cz_d5c3552dd9b47144\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.06.10 23:14:06 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896\System.Runtime.Serialization.dll
[2010.11.05 03:52:39 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c\System.Runtime.Serialization.dll
[2012.10.05 12:53:24 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17966_none_a683f56a74d63285\System.Runtime.Serialization.dll
[2012.10.05 12:56:07 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22126_none_8fb250ac8e81277d\System.Runtime.Serialization.dll
[2009.07.14 17:17:32 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0\System.RunTime.Serialization.Resources.dll
[2010.11.13 04:02:06 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17966_cs-cz_342f3c238422529f\System.RunTime.Serialization.Resources.dll
[2010.11.13 04:37:37 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22126_cs-cz_1d5d97659dcd4797\System.RunTime.Serialization.Resources.dll
[2009.06.10 23:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9\System.Runtime.Serialization.dll
[2010.11.05 03:52:27 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f\System.Runtime.Serialization.dll
[2012.10.05 12:53:23 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17966_none_d6c72b049c7d33b8\System.Runtime.Serialization.dll
[2012.10.05 12:56:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22126_none_bff58646b62828b0\System.Runtime.Serialization.dll
[2009.07.14 17:17:21 | 000,011,776 | ---- | M] () -- \Windows\winsxs\wow64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_267606ecf967dbc0\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010.11.05 03:53:33 | 000,011,776 | ---- | M] () -- \Windows\winsxs\wow64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_28a71ab4f6565f5a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.07.14 17:17:13 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed\serialui.dll.mui
[2009.07.14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a\serialui.dll
[2009.07.14 17:17:32 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_5d4a68b4b3d26ecc\System.RunTime.Serialization.Resources.dll
[2010.11.05 03:53:39 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_5f7b7c7cb0c0f266\System.RunTime.Serialization.Resources.dll
[2009.06.10 23:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b\System.Runtime.Serialization.dll
[2010.11.05 03:52:27 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1\System.Runtime.Serialization.dll
[2012.10.05 12:53:23 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_dba1d6d1dd53cdfa\System.Runtime.Serialization.dll
[2012.10.05 12:56:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_c4d03213f6fec2f2\System.Runtime.Serialization.dll
< *w7lxe* /s >
========== Alternate Data Streams ==========
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:AF4CCAAD
< End of report >
[2014.02.13 23:57:42 | 000,434,368 | ---- | M] () -- \Program Files (x86)\Microsoft Silverlight\5.1.30214.0\System.Runtime.Serialization.dll
[2014.03.12 17:41:14 | 001,164,288 | ---- | M] () -- \Program Files (x86)\Microsoft Silverlight\5.1.30214.0\System.Runtime.Serialization.ni.dll
[2012.10.05 12:53:23 | 000,970,752 | ---- | M] () -- \Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2010.11.05 03:53:39 | 000,090,112 | ---- | M] () -- \Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[2014.02.14 00:30:04 | 000,434,368 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.1.30214.0\System.Runtime.Serialization.dll
[2014.03.12 17:41:36 | 001,546,240 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.1.30214.0\System.Runtime.Serialization.ni.dll
[2012.10.05 12:52:37 | 000,847,872 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2010.11.05 03:54:42 | 000,090,112 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[2009.07.14 17:17:20 | 000,011,776 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.06.10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2010.11.13 04:02:06 | 000,090,112 | ---- | M] () -- \Windows\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
[2012.10.05 12:53:23 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2014.02.13 20:10:19 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\553e7bfc9cac5e4feaa83d8ee1e187bd\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.02.13 20:13:38 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f177ea74036d5fdc6c6b9c967dc877cf\System.Runtime.Serialization.ni.dll
[2014.02.13 20:08:06 | 000,396,288 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\8653acb87b4a219a84e4ce58df35e62a\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.02.13 20:18:25 | 003,073,536 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\b73fbf8a2db2192752ad2b13744a393b\System.Runtime.Serialization.ni.dll
[2014.02.13 20:15:11 | 000,311,296 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\046c2851963b30d0e14194051c03de33\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.02.13 20:15:32 | 002,658,304 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\fa954900a6cf3a095efadfa4c683a32c\System.Runtime.Serialization.ni.dll
[2014.02.13 20:31:57 | 003,424,768 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\93693d8043d32885f194493db37ec189\System.Runtime.Serialization.ni.dll
[2014.02.13 20:41:23 | 000,376,832 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\a6d5113221e92b37937dfa2725f37bf4\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2010.03.18 14:16:28 | 001,026,936 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.Runtime.Serialization.dll.amd64
[2010.03.18 14:16:28 | 001,026,936 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.Runtime.Serialization.dll.x86
[2014.05.19 19:01:32 | 000,122,264 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2014.05.19 19:01:31 | 001,039,040 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2009.06.10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2010.11.05 03:53:33 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2012.10.05 12:53:24 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2013.09.11 07:06:54 | 001,039,040 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2010.03.18 14:16:28 | 000,122,264 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2009.06.10 22:40:06 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2010.11.05 03:54:38 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2012.10.05 12:52:38 | 000,847,872 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2013.09.11 07:06:54 | 001,039,040 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.dll
[2010.03.18 14:16:28 | 000,122,264 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2009.07.14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2009.07.14 17:17:13 | 000,005,120 | ---- | M] () -- \Windows\System32\cs-CZ\serialui.dll.mui
[2009.07.14 02:00:40 | 000,094,208 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_amd64_neutral_fdcfb86ce78678d1\serial.sys
[2009.06.10 22:37:50 | 000,038,400 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_amd64_neutral_6fb75ea318f84fe5\grserial.sys
[2009.07.14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\SysWOW64\serialui.dll
[2009.07.14 17:17:13 | 000,005,120 | ---- | M] () -- \Windows\SysWOW64\cs-CZ\serialui.dll.mui
[2009.07.14 17:17:19 | 000,011,776 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_1c215c9ac50719c5\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2010.11.05 03:54:38 | 000,011,776 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_1e527062c1f59d5f\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2009.07.14 17:17:22 | 000,005,120 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_aa5fd338fd5bcb23\serialui.dll.mui
[2009.07.14 03:41:54 | 000,017,920 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360\serialui.dll
[2009.07.14 17:17:32 | 000,090,112 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_b96904386c2fe002\System.RunTime.Serialization.Resources.dll
[2010.11.05 03:54:42 | 000,090,112 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_bb9a1800691e639c\System.RunTime.Serialization.Resources.dll
[2009.07.14 17:17:25 | 000,009,728 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_20ab142d65ed6acc\serial.sys.mui
[2009.07.14 02:00:40 | 000,094,208 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_548ca258d20f4ada\serial.sys
[2009.06.10 22:40:06 | 000,131,072 | ---- | M] () -- \Windows\winsxs\amd64_netfx-system.runtim..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_a9d1bee515273f56\System.Runtime.Serialization.Formatters.Soap.dll
[2009.06.10 22:37:50 | 000,038,400 | ---- | M] () -- \Windows\winsxs\amd64_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_ce9ed3064deed3aa\grserial.sys
[2009.06.10 22:30:46 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7600.16385_none_5943b25a748cb06c\System.Runtime.Serialization.dll
[2010.11.05 03:52:16 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17514_none_5918bfde74e3f722\System.Runtime.Serialization.dll
[2012.10.05 12:52:38 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17966_none_591d933074dfaa5b\System.Runtime.Serialization.dll
[2012.10.05 12:56:11 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.22126_none_424bee728e8a9f53\System.Runtime.Serialization.dll
[2009.06.10 22:30:43 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_941abf24c884ab05\System.Runtime.Serialization.dll
[2010.11.05 03:52:08 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_93efcca8c8dbf1bb\System.Runtime.Serialization.dll
[2012.10.05 12:52:37 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_93f49ffac8d7a4f4\System.Runtime.Serialization.dll
[2012.10.05 12:56:11 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_7d22fb3ce28299ec\System.Runtime.Serialization.dll
[2011.12.21 11:07:46 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8.manifest
[2011.12.21 11:07:46 | 000,017,792 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8_kdcom.dll_db5e7744
[2009.07.14 17:17:49 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_aa5fd338fd5bcb23_serialui.dll.mui_7d29d2a3
[2009.07.14 04:57:29 | 000,017,920 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360_serialui.dll_bea29328
[2009.07.14 17:17:47 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed_serialui.dll.mui_7d29d2a3
[2009.07.14 04:58:37 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a_serialui.dll_bea29328
[2009.07.14 04:15:17 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_6daa7ec5c65bf5bc.manifest
[2011.02.05 15:10:43 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16757_none_6dccf6b5c641c933.manifest
[2011.02.05 15:05:47 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.20897_none_6e2b53d0df7fd8c1.manifest
[2011.02.05 19:35:45 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8.manifest
[2011.02.05 15:11:05 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.21655_none_703aeff2dc87a23b.manifest
[2009.07.14 04:11:30 | 000,000,868 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.1.7600.16385_none_88b1c48f2026fe3f.manifest
[2009.07.14 04:26:23 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7600.16385_none_5943b25a748cb06c.manifest
[2010.11.20 07:21:24 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17514_none_5918bfde74e3f722.manifest
[2012.10.05 20:18:30 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17966_none_591d933074dfaa5b.manifest
[2012.10.05 20:10:31 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.22126_none_424bee728e8a9f53.manifest
[2009.07.14 04:27:09 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_941abf24c884ab05.manifest
[2010.11.20 07:22:10 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_93efcca8c8dbf1bb.manifest
[2012.10.05 20:19:07 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_93f49ffac8d7a4f4.manifest
[2012.10.05 20:11:10 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_7d22fb3ce28299ec.manifest
[2009.07.14 03:52:33 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896.manifest
[2010.11.20 06:06:16 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c.manifest
[2012.10.05 19:15:39 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17966_none_a683f56a74d63285.manifest
[2012.10.05 19:17:50 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22126_none_8fb250ac8e81277d.manifest
[2009.07.14 17:16:38 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0.manifest
[2012.10.05 22:12:17 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17966_cs-cz_342f3c238422529f.manifest
[2012.10.05 21:59:28 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22126_cs-cz_1d5d97659dcd4797.manifest
[2009.07.14 03:51:52 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9.manifest
[2010.11.20 06:05:38 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f.manifest
[2012.10.05 19:15:03 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17966_none_d6c72b049c7d33b8.manifest
[2012.10.05 19:17:15 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22126_none_bff58646b62828b0.manifest
[2009.07.14 03:57:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b.manifest
[2010.11.20 06:10:46 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1.manifest
[2012.10.05 19:19:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_dba1d6d1dd53cdfa.manifest
[2012.10.05 19:22:10 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_c4d03213f6fec2f2.manifest
[2009.06.10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll
[2009.07.14 17:17:20 | 000,011,776 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.1.7600.16385_cs-cz_d5c3552dd9b47144\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.06.10 23:14:06 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896\System.Runtime.Serialization.dll
[2010.11.05 03:52:39 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c\System.Runtime.Serialization.dll
[2012.10.05 12:53:24 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17966_none_a683f56a74d63285\System.Runtime.Serialization.dll
[2012.10.05 12:56:07 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22126_none_8fb250ac8e81277d\System.Runtime.Serialization.dll
[2009.07.14 17:17:32 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0\System.RunTime.Serialization.Resources.dll
[2010.11.13 04:02:06 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17966_cs-cz_342f3c238422529f\System.RunTime.Serialization.Resources.dll
[2010.11.13 04:37:37 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22126_cs-cz_1d5d97659dcd4797\System.RunTime.Serialization.Resources.dll
[2009.06.10 23:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9\System.Runtime.Serialization.dll
[2010.11.05 03:52:27 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f\System.Runtime.Serialization.dll
[2012.10.05 12:53:23 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17966_none_d6c72b049c7d33b8\System.Runtime.Serialization.dll
[2012.10.05 12:56:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22126_none_bff58646b62828b0\System.Runtime.Serialization.dll
[2009.07.14 17:17:21 | 000,011,776 | ---- | M] () -- \Windows\winsxs\wow64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_267606ecf967dbc0\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010.11.05 03:53:33 | 000,011,776 | ---- | M] () -- \Windows\winsxs\wow64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_28a71ab4f6565f5a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.07.14 17:17:13 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed\serialui.dll.mui
[2009.07.14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a\serialui.dll
[2009.07.14 17:17:32 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_5d4a68b4b3d26ecc\System.RunTime.Serialization.Resources.dll
[2010.11.05 03:53:39 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_5f7b7c7cb0c0f266\System.RunTime.Serialization.Resources.dll
[2009.06.10 23:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b\System.Runtime.Serialization.dll
[2010.11.05 03:52:27 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1\System.Runtime.Serialization.dll
[2012.10.05 12:53:23 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_dba1d6d1dd53cdfa\System.Runtime.Serialization.dll
[2012.10.05 12:56:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_c4d03213f6fec2f2\System.Runtime.Serialization.dll
< *w7lxe* /s >
========== Alternate Data Streams ==========
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:AF4CCAAD
< End of report >
Re: Preventivní kontrola logu
OK, tak jeste ten MBAM.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Preventivní kontrola logu
Přikládám, díky za kontrolu.
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 12.6.2014
Scan Time: 20:07:41
Logfile: malware.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.06.12.09
Rootkit Database: v2014.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Kopecky
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 272459
Time Elapsed: 5 min, 36 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 2
PUP.Optional.SpeedAnalysis.A, HKU\S-1-5-21-4150626791-4065493338-2529544-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{18DBB6CE-3148-4FEC-B481-103CB3290427}, , [adec8deae09b72c439430d6626dce31d],
PUP.Optional.BestToolbars, HKU\S-1-5-21-4150626791-4065493338-2529544-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FF103732-4528-4322-AA8B-F7849AB7776B}, , [b1e8accb235891a550a98ce853afc739],
Registry Values: 3
PUP.Optional.SpeedAnalysis.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|speedanalysis02@SpeedAnalysis.com, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com, , [6a2fa4d32d4e0432ab24cfcf837f10f0]
PUP.Optional.VideoPlayer.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|ext@VideoPlayerV3beta748.net, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta748\ff, , [1a7f1166483390a6c192dbd7fc060af6]
PUP.Optional.SpeedAnalysis.A, HKU\S-1-5-21-4150626791-4065493338-2529544-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|speedanalysis02@SpeedAnalysis.com, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com, , [e9b08aedb9c264d2547ce3bbd62c669a]
Registry Data: 0
(No malicious items detected)
Folders: 19
Adware.InstallBrain, C:\ProgramData\IBUpdaterService, , [a2f789ee1b60c07665879a14976c3ec2],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\SpeedAnalysis2, , [b5e479fed7a45cdab57cd9fab74c857b],
PUP.Optional.7Go.A, C:\Users\Kopecky\AppData\Roaming\7go, , [9dfc15629cdf67cfe93628b29a69ef11],
PUP.Optional.OpenCandy, C:\Users\Kopecky\AppData\Roaming\OpenCandy, , [a9f070075d1e0a2cbc8eb8cfda28be42],
PUP.Optional.OpenCandy, C:\Users\Kopecky\AppData\Roaming\OpenCandy\79F0FE156C424F5692C0D67F9B695528, , [a9f070075d1e0a2cbc8eb8cfda28be42],
PUP.Optional.OpenCandy, C:\Users\Kopecky\AppData\Roaming\OpenCandy\OpenCandy_79F0FE156C424F5692C0D67F9B695528, , [a9f070075d1e0a2cbc8eb8cfda28be42],
PUP.Optional.VideoPlayer.A, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta748, , [673298dff7843501d34b1c72eb171de3],
PUP.Optional.VideoPlayer.A, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta748\ch, , [673298dff7843501d34b1c72eb171de3],
PUP.Optional.VideoPlayer.A, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta748\ff, , [673298dff7843501d34b1c72eb171de3],
PUP.Optional.VideoPlayer.A, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta748\ff\chrome, , [673298dff7843501d34b1c72eb171de3],
PUP.Optional.VideoPlayer.A, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta748\ff\chrome\content, , [673298dff7843501d34b1c72eb171de3],
PUP.Optional.VideoPlayer.A, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta748\ff\chrome\content\icons, , [673298dff7843501d34b1c72eb171de3],
PUP.Optional.VideoPlayer.A, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta748\ff\chrome\content\icons\default, , [673298dff7843501d34b1c72eb171de3],
PUP.Optional.VideoPlayer.A, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta748\ie, , [673298dff7843501d34b1c72eb171de3],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\mz, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\skin, , [0a8f84f3b2c965d16fecb3e90af805fb],
Files: 40
PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, , [e6b3fc7baad196a00ad3a080a55b27d9],
Adware.InstallBrain, C:\ProgramData\IBUpdaterService\repository.xml, , [a2f789ee1b60c07665879a14976c3ec2],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\SpeedAnalysis2\speedanalysis.crx, , [b5e479fed7a45cdab57cd9fab74c857b],
PUP.Optional.SpeedAnalysis2.A, C:\Users\Kopecky\AppData\Roaming\speedanalysis.ico, , [56437700fe7d60d640cf439360a311ef],
PUP.Optional.7Go.A, C:\Users\Kopecky\AppData\Roaming\7go\7go.crx, , [9dfc15629cdf67cfe93628b29a69ef11],
PUP.Optional.7Go.A, C:\Users\Kopecky\AppData\Roaming\7go\icon.ico, , [9dfc15629cdf67cfe93628b29a69ef11],
PUP.Optional.OpenCandy, C:\Users\Kopecky\AppData\Roaming\OpenCandy\79F0FE156C424F5692C0D67F9B695528\NitroPDFen64_p2v1Installer.exe, , [a9f070075d1e0a2cbc8eb8cfda28be42],
PUP.Optional.VideoPlayer.A, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta748\ch\VideoPlayerV3beta748.crx, , [673298dff7843501d34b1c72eb171de3],
PUP.Optional.VideoPlayer.A, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta748\ff\chrome.manifest, , [673298dff7843501d34b1c72eb171de3],
PUP.Optional.VideoPlayer.A, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta748\ff\install.rdf, , [673298dff7843501d34b1c72eb171de3],
PUP.Optional.VideoPlayer.A, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta748\ff\chrome\content\ffVideoPlayerV3beta748.js, , [673298dff7843501d34b1c72eb171de3],
PUP.Optional.VideoPlayer.A, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta748\ff\chrome\content\ffVideoPlayerV3beta748ffaction.js, , [673298dff7843501d34b1c72eb171de3],
PUP.Optional.VideoPlayer.A, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta748\ff\chrome\content\overlay.xul, , [673298dff7843501d34b1c72eb171de3],
PUP.Optional.VideoPlayer.A, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta748\ff\chrome\content\icons\Thumbs.db, , [673298dff7843501d34b1c72eb171de3],
PUP.Optional.VideoPlayer.A, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta748\ff\chrome\content\icons\default\VideoPlayerV3beta748_32.png, , [673298dff7843501d34b1c72eb171de3],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome.manifest, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\install.rdf, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\background.html, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\bg.js, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\button.xml, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\config.js, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\content.js, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\framework.js, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\framework.png, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\framework.xul, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\icon128.png, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\icon16.png, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\icon18.ico, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\icon18.png, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\icon24.ico, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\icon24.png, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\icon32.ico, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\icon32.png, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\icon48.png, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\jquery-1.9.1.min.js, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\options.xul, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\settings.json, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\mz\background.js, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\mz\content.js, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\skin\framework.css, , [0a8f84f3b2c965d16fecb3e90af805fb],
Physical Sectors: 0
(No malicious items detected)
(end)
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 12.6.2014
Scan Time: 20:07:41
Logfile: malware.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.06.12.09
Rootkit Database: v2014.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Kopecky
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 272459
Time Elapsed: 5 min, 36 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 2
PUP.Optional.SpeedAnalysis.A, HKU\S-1-5-21-4150626791-4065493338-2529544-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{18DBB6CE-3148-4FEC-B481-103CB3290427}, , [adec8deae09b72c439430d6626dce31d],
PUP.Optional.BestToolbars, HKU\S-1-5-21-4150626791-4065493338-2529544-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FF103732-4528-4322-AA8B-F7849AB7776B}, , [b1e8accb235891a550a98ce853afc739],
Registry Values: 3
PUP.Optional.SpeedAnalysis.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|speedanalysis02@SpeedAnalysis.com, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com, , [6a2fa4d32d4e0432ab24cfcf837f10f0]
PUP.Optional.VideoPlayer.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|ext@VideoPlayerV3beta748.net, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta748\ff, , [1a7f1166483390a6c192dbd7fc060af6]
PUP.Optional.SpeedAnalysis.A, HKU\S-1-5-21-4150626791-4065493338-2529544-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|speedanalysis02@SpeedAnalysis.com, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com, , [e9b08aedb9c264d2547ce3bbd62c669a]
Registry Data: 0
(No malicious items detected)
Folders: 19
Adware.InstallBrain, C:\ProgramData\IBUpdaterService, , [a2f789ee1b60c07665879a14976c3ec2],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\SpeedAnalysis2, , [b5e479fed7a45cdab57cd9fab74c857b],
PUP.Optional.7Go.A, C:\Users\Kopecky\AppData\Roaming\7go, , [9dfc15629cdf67cfe93628b29a69ef11],
PUP.Optional.OpenCandy, C:\Users\Kopecky\AppData\Roaming\OpenCandy, , [a9f070075d1e0a2cbc8eb8cfda28be42],
PUP.Optional.OpenCandy, C:\Users\Kopecky\AppData\Roaming\OpenCandy\79F0FE156C424F5692C0D67F9B695528, , [a9f070075d1e0a2cbc8eb8cfda28be42],
PUP.Optional.OpenCandy, C:\Users\Kopecky\AppData\Roaming\OpenCandy\OpenCandy_79F0FE156C424F5692C0D67F9B695528, , [a9f070075d1e0a2cbc8eb8cfda28be42],
PUP.Optional.VideoPlayer.A, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta748, , [673298dff7843501d34b1c72eb171de3],
PUP.Optional.VideoPlayer.A, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta748\ch, , [673298dff7843501d34b1c72eb171de3],
PUP.Optional.VideoPlayer.A, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta748\ff, , [673298dff7843501d34b1c72eb171de3],
PUP.Optional.VideoPlayer.A, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta748\ff\chrome, , [673298dff7843501d34b1c72eb171de3],
PUP.Optional.VideoPlayer.A, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta748\ff\chrome\content, , [673298dff7843501d34b1c72eb171de3],
PUP.Optional.VideoPlayer.A, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta748\ff\chrome\content\icons, , [673298dff7843501d34b1c72eb171de3],
PUP.Optional.VideoPlayer.A, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta748\ff\chrome\content\icons\default, , [673298dff7843501d34b1c72eb171de3],
PUP.Optional.VideoPlayer.A, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta748\ie, , [673298dff7843501d34b1c72eb171de3],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\mz, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\skin, , [0a8f84f3b2c965d16fecb3e90af805fb],
Files: 40
PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, , [e6b3fc7baad196a00ad3a080a55b27d9],
Adware.InstallBrain, C:\ProgramData\IBUpdaterService\repository.xml, , [a2f789ee1b60c07665879a14976c3ec2],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\SpeedAnalysis2\speedanalysis.crx, , [b5e479fed7a45cdab57cd9fab74c857b],
PUP.Optional.SpeedAnalysis2.A, C:\Users\Kopecky\AppData\Roaming\speedanalysis.ico, , [56437700fe7d60d640cf439360a311ef],
PUP.Optional.7Go.A, C:\Users\Kopecky\AppData\Roaming\7go\7go.crx, , [9dfc15629cdf67cfe93628b29a69ef11],
PUP.Optional.7Go.A, C:\Users\Kopecky\AppData\Roaming\7go\icon.ico, , [9dfc15629cdf67cfe93628b29a69ef11],
PUP.Optional.OpenCandy, C:\Users\Kopecky\AppData\Roaming\OpenCandy\79F0FE156C424F5692C0D67F9B695528\NitroPDFen64_p2v1Installer.exe, , [a9f070075d1e0a2cbc8eb8cfda28be42],
PUP.Optional.VideoPlayer.A, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta748\ch\VideoPlayerV3beta748.crx, , [673298dff7843501d34b1c72eb171de3],
PUP.Optional.VideoPlayer.A, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta748\ff\chrome.manifest, , [673298dff7843501d34b1c72eb171de3],
PUP.Optional.VideoPlayer.A, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta748\ff\install.rdf, , [673298dff7843501d34b1c72eb171de3],
PUP.Optional.VideoPlayer.A, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta748\ff\chrome\content\ffVideoPlayerV3beta748.js, , [673298dff7843501d34b1c72eb171de3],
PUP.Optional.VideoPlayer.A, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta748\ff\chrome\content\ffVideoPlayerV3beta748ffaction.js, , [673298dff7843501d34b1c72eb171de3],
PUP.Optional.VideoPlayer.A, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta748\ff\chrome\content\overlay.xul, , [673298dff7843501d34b1c72eb171de3],
PUP.Optional.VideoPlayer.A, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta748\ff\chrome\content\icons\Thumbs.db, , [673298dff7843501d34b1c72eb171de3],
PUP.Optional.VideoPlayer.A, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta748\ff\chrome\content\icons\default\VideoPlayerV3beta748_32.png, , [673298dff7843501d34b1c72eb171de3],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome.manifest, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\install.rdf, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\background.html, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\bg.js, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\button.xml, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\config.js, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\content.js, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\framework.js, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\framework.png, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\framework.xul, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\icon128.png, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\icon16.png, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\icon18.ico, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\icon18.png, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\icon24.ico, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\icon24.png, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\icon32.ico, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\icon32.png, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\icon48.png, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\jquery-1.9.1.min.js, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\options.xul, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\settings.json, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\mz\background.js, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\mz\content.js, , [0a8f84f3b2c965d16fecb3e90af805fb],
PUP.Optional.SpeedAnalysis.A, C:\Users\Kopecky\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\skin\framework.css, , [0a8f84f3b2c965d16fecb3e90af805fb],
Physical Sectors: 0
(No malicious items detected)
(end)
Re: Preventivní kontrola logu
Nalezy nechte odstranit. Po odstraneni a restartu pc test zopakujte, at vime, ze se to nevraci. Napiste vysledek testu.
Jak je to s legalitou systemu? Ultimate neni zrovna bezna domaci verze Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Preventivní kontrola logu
Výsledek testu se tváří, že bylo vše odstraněno - zkoušel jsem preventivně dvakrát.
Malwarebytes Anti-Malware
www.malwarebytes.org
Datum skenování: 12.6.2014
Čas skenování: 21:36:40
Protokol: malware.txt
Správce: Ano
Verze: 2.00.2.1012
Databáze malwaru: v2014.06.12.09
Databáze rootkitů: v2014.06.02.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Self-protection: Vypnuto
OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Kopecky
Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 426355
Uplynulý čas: 42 min, 6 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristics: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(No malicious items detected)
Moduly: 0
(No malicious items detected)
Klíče registru: 0
(No malicious items detected)
Hodnoty registru: 0
(No malicious items detected)
Data registru: 0
(No malicious items detected)
Složky: 0
(No malicious items detected)
Soubory: 0
(No malicious items detected)
Fyzické sektory: 0
(No malicious items detected)
(end)
Co se týče win7, mám originální DVD v šuplíku k tomuto PC (SSD disk se ještě neformátoval a pamatuji se, že při vložení SSD namísto HDD do NTB byl problém s instalací Win7 na SSD, Lenovo se bránilo zuby nehty, pomáhala mi s tím osoba blízká a nějak se to vyřešilo, každopádně by pomohl formát PC znovu).
Malwarebytes Anti-Malware
www.malwarebytes.org
Datum skenování: 12.6.2014
Čas skenování: 21:36:40
Protokol: malware.txt
Správce: Ano
Verze: 2.00.2.1012
Databáze malwaru: v2014.06.12.09
Databáze rootkitů: v2014.06.02.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Self-protection: Vypnuto
OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Kopecky
Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 426355
Uplynulý čas: 42 min, 6 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristics: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(No malicious items detected)
Moduly: 0
(No malicious items detected)
Klíče registru: 0
(No malicious items detected)
Hodnoty registru: 0
(No malicious items detected)
Data registru: 0
(No malicious items detected)
Složky: 0
(No malicious items detected)
Soubory: 0
(No malicious items detected)
Fyzické sektory: 0
(No malicious items detected)
(end)
Co se týče win7, mám originální DVD v šuplíku k tomuto PC (SSD disk se ještě neformátoval a pamatuji se, že při vložení SSD namísto HDD do NTB byl problém s instalací Win7 na SSD, Lenovo se bránilo zuby nehty, pomáhala mi s tím osoba blízká a nějak se to vyřešilo, každopádně by pomohl formát PC znovu).
Re: Preventivní kontrola logu
Hm, osoba blizka crackla windows.
A pravidla fora hovori jasne http://forum.viry.cz/viewtopic.php?f=12&t=115512
A pravidla fora hovori jasne http://forum.viry.cz/viewtopic.php?f=12&t=115512
Pomáhat NELZE:
2) Pokud stroj uživatele prokazatelně obsahuje nelegální hostitelský čí ochranný software
(operační systém, antivir, firewall, atd.), je nutné navést uživatele k nápravě, např. skrze neplacený software,
a začít řešit, až v době kdy je PC "v pořádku". V případě že uživatel nechce na pravidla přistoupit,
je nutné jej vyzvat ať fórum opustí, a vrátí se až je splní.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Přispějete na provoz fóra?
