VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Keylogger

https://forum.viry.cz:443/viewtopic.php?t=139273

Stránka 1 z 1

Keylogger

Napsal: 22 črc 2014 09:35
od MeaAtFlyy
Dobrý den,
Mám pocit, že mám v PC keylogger, tak bych chtěl aby jste mi zkontrolovali nějaký log nebo co to je z RSIT, díky.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Drak at 2014-07-22 10:33:41
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 474 MB (2%) free of 30 GB
Total RAM: 3767 MB (62% free)


======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
"C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL mmsys.cpl
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "16448638911253595360-1225271928-620179701-1742591015-1531509868539175101449348404
"C:\Program Files (x86)\AVG PC TuneUp 2014\TuneUpUtilitiesService64.exe"
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\AVG PC TuneUp 2014\TuneUpUtilitiesApp64.exe" /TUStart /pid:3068
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe"
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2040 CREDAT:275457 /prefetch:2
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Users\Drak\AppData\Local\Akamai\netsession_win.exe"
"C:/Users/Drak/AppData/Local/Akamai/netsession_win.exe" --client
"D:\razerhid.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"D:\razerofa.exe"
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto -critical
taskmgr.exe /3
"taskhost.exe"
"C:\Windows\system32\calc.exe"
"D:\razertra.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe8_ Global\UsGthrCtrlFltPipeMssGthrPipe8 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 524 528 536 65536 532
"C:\Windows\system32\wuauclt.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\trend micro\Drak.exe" /silentautolog

"D:\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\DLL-Files FixerASKUSER.job - C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe -askuser
C:\Windows\tasks\DLL-Files.Com Fixer_MONTHLY.job - C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe scan
C:\Windows\tasks\DLL-Files.Com Fixer_Updates.job - C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe -updatecheck
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-81993594-2078596248-339905091-1000Core.job - C:\Users\Drak\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-81993594-2078596248-339905091-1000UA.job - C:\Users\Drak\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-81993594-2078596248-339905091-1000Core.job - C:\Users\Drak\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-81993594-2078596248-339905091-1000UA.job - C:\Users\Drak\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\Drak\AppData\Roaming\Mozilla\Firefox\Profiles\3awxiqb6.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0]
"Description"=DivX Web Player
"Path"=C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=D:\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.60.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@ngm.nexoneu.com/NxGame]
"Description"=Nexon Game Controller
"Path"=C:\ProgramData\NexonEU\NGM\npnxgameEU.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-05-07 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-05-07 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}
{AD4F3CE2-762A-4084-8C9A-7B2ED7A01173} - FindWide Toolbar - C:\Program Files (x86)\TNT2\Profiles\10809\passport64.dll [2013-12-26 12032]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{AD4F3CE2-762A-4084-8C9A-7B2ED7A01173} - FindWide Toolbar - C:\Program Files (x86)\TNT2\Profiles\10809\passport.dll [2013-12-26 11520]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-01-10 167704]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-01-10 392984]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-01-10 417560]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-12-10 1890088]
"Nvtmru"=C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [2013-09-19 1028896]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2014-02-24 5581888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ConduitFloatingPlugin_cflheckfmhopnialghigdlggahiomebp"=C:\Windows\SysWOW64\Rundll32.exe [2009-07-14 44544]
"Akamai NetSession Interface"=C:\Users\Drak\AppData\Local\Akamai\netsession_win.exe [2014-04-17 4672920]
"Facebook Update"=C:\Users\Drak\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-04 138096]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-05-08 21446272]
"Steam"=D:\Steam\Steam.exe [2014-05-29 1754816]
"Google Update"=C:\Users\Drak\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-15 116648]
"Google+ Auto Backup"=C:\Users\Drak\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [2014-06-06 3701064]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
""= []
"Razer Synapse"=C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [2013-09-28 442200]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui []
"DeathAdder"=D:\razerhid.exe [2010-05-05 251392]
"DivXMediaServer"=C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [2014-02-14 450560]
"DivXUpdate"=C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2014-01-10 1861968]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-05-07 256896]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
GamePark klient 2.lnk - D:\GamePark2\gpcl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll C:\Windows\system32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2012-01-10 390656]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.LAGS"=lagarith.dll
"VIDC.X264"=x264vfw64.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.FFDS"=ff_vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.l3codecp"=l3codecp.acm
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"vidc.mjpg"=bdmjpeg64.dll
"vidc.mpeg"=bdmpegv64.dll
"msacm.bdmpeg"=bdmpega64.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-07-22 10:17:40 ----D---- C:\Program Files\trend micro
2014-07-22 10:17:39 ----D---- C:\rsit
2014-07-10 11:01:16 ----A---- C:\Windows\system32\aepdu.dll
2014-07-10 11:01:14 ----A---- C:\Windows\system32\aeinv.dll
2014-07-10 11:01:01 ----A---- C:\Windows\SYSWOW64\osk.exe
2014-07-10 11:01:01 ----A---- C:\Windows\system32\win32k.sys
2014-07-10 11:01:01 ----A---- C:\Windows\system32\osk.exe
2014-07-10 11:00:59 ----A---- C:\Windows\SYSWOW64\qedit.dll
2014-07-10 11:00:59 ----A---- C:\Windows\system32\qedit.dll
2014-07-10 11:00:59 ----A---- C:\Windows\system32\drivers\afd.sys
2014-07-10 11:00:56 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2014-07-10 11:00:56 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2014-07-10 11:00:56 ----A---- C:\Windows\SYSWOW64\schannel.dll
2014-07-10 11:00:56 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2014-07-10 11:00:56 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2014-07-10 11:00:56 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2014-07-10 11:00:56 ----A---- C:\Windows\system32\wdigest.dll
2014-07-10 11:00:56 ----A---- C:\Windows\system32\TSpkg.dll
2014-07-10 11:00:56 ----A---- C:\Windows\system32\schannel.dll
2014-07-10 11:00:56 ----A---- C:\Windows\system32\ncrypt.dll
2014-07-10 11:00:56 ----A---- C:\Windows\system32\msv1_0.dll
2014-07-10 11:00:56 ----A---- C:\Windows\system32\kerberos.dll
2014-07-10 11:00:56 ----A---- C:\Windows\system32\credssp.dll
2014-07-10 11:00:55 ----A---- C:\Windows\SYSWOW64\credssp.dll
2014-07-10 11:00:47 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-07-10 11:00:47 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-07-10 11:00:47 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-07-10 11:00:47 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-07-10 11:00:47 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-07-10 11:00:47 ----A---- C:\Windows\system32\iernonce.dll
2014-07-10 11:00:46 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-07-10 11:00:46 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-07-10 11:00:46 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-07-10 11:00:46 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-07-10 11:00:46 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-10 11:00:46 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-07-10 11:00:46 ----A---- C:\Windows\system32\iedkcs32.dll
2014-07-10 11:00:45 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-07-10 11:00:45 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-07-10 11:00:45 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-07-10 11:00:45 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2014-07-10 11:00:45 ----A---- C:\Windows\system32\urlmon.dll
2014-07-10 11:00:45 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-07-10 11:00:44 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-07-10 11:00:44 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-07-10 11:00:44 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-07-10 11:00:44 ----A---- C:\Windows\system32\msfeeds.dll
2014-07-10 11:00:44 ----A---- C:\Windows\system32\iesetup.dll
2014-07-10 11:00:44 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-07-10 11:00:44 ----A---- C:\Windows\system32\ie4uinit.exe
2014-07-10 11:00:44 ----A---- C:\Windows\system32\dxtmsft.dll
2014-07-10 11:00:43 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2014-07-10 11:00:43 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-07-10 11:00:43 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-07-10 11:00:43 ----A---- C:\Windows\system32\iertutil.dll
2014-07-10 11:00:42 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-07-10 11:00:42 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-07-10 11:00:42 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-07-10 11:00:42 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2014-07-10 11:00:42 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-07-10 11:00:42 ----A---- C:\Windows\system32\jsproxy.dll
2014-07-10 11:00:41 ----A---- C:\Windows\system32\ieui.dll
2014-07-10 11:00:41 ----A---- C:\Windows\system32\ieframe.dll
2014-07-10 11:00:41 ----A---- C:\Windows\system32\dxtrans.dll
2014-07-10 11:00:40 ----A---- C:\Windows\system32\vbscript.dll
2014-07-10 11:00:40 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-07-10 11:00:40 ----A---- C:\Windows\system32\mshtmled.dll
2014-07-10 11:00:40 ----A---- C:\Windows\system32\jscript9diag.dll
2014-07-10 11:00:40 ----A---- C:\Windows\system32\jscript9.dll
2014-07-10 11:00:40 ----A---- C:\Windows\system32\ieUnatt.exe
2014-07-10 11:00:39 ----A---- C:\Windows\system32\wininet.dll
2014-07-10 11:00:39 ----A---- C:\Windows\system32\msrating.dll
2014-07-10 11:00:39 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-07-10 11:00:39 ----A---- C:\Windows\system32\ieapfltr.dll
2014-07-10 11:00:38 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-10 11:00:38 ----A---- C:\Windows\system32\mshtml.dll
2014-07-10 10:58:32 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2014-07-10 10:58:32 ----A---- C:\Windows\SYSWOW64\secur32.dll
2014-07-10 10:58:32 ----A---- C:\Windows\system32\lsasrv.dll
2014-07-06 15:30:23 ----D---- C:\Users\Drak\AppData\Roaming\ESET
2014-07-06 15:28:40 ----D---- C:\ProgramData\ESET
2014-07-06 15:28:40 ----D---- C:\Program Files\ESET

======List of files/folders modified in the last 1 month======

2014-07-22 10:33:30 ----D---- C:\Windows\Temp
2014-07-22 10:17:40 ----RD---- C:\Program Files
2014-07-22 09:42:18 ----D---- C:\Windows\system32\config
2014-07-22 09:21:25 ----D---- C:\Windows\Prefetch
2014-07-22 09:21:06 ----SHD---- C:\System Volume Information
2014-07-21 18:57:05 ----D---- C:\Users\Drak\AppData\Roaming\Skype
2014-07-20 22:22:52 ----D---- C:\Windows\system32\Tasks
2014-07-20 22:21:20 ----D---- C:\Program Files (x86)\Microsoft
2014-07-20 21:17:02 ----D---- C:\Windows
2014-07-20 21:17:00 ----D---- C:\Windows\inf
2014-07-20 19:27:08 ----D---- C:\Program Files (x86)\Razer
2014-07-20 03:31:24 ----D---- C:\Windows\system32\NDF
2014-07-18 11:06:06 ----D---- C:\Windows\winsxs
2014-07-18 11:02:05 ----SD---- C:\Windows\system32\CompatTel
2014-07-18 11:02:05 ----D---- C:\Program Files\Windows Journal
2014-07-18 11:02:04 ----D---- C:\Windows\SYSWOW64\Dism
2014-07-18 11:02:04 ----D---- C:\Windows\system32\Dism
2014-07-18 11:02:04 ----D---- C:\Windows\System32
2014-07-18 11:02:03 ----D---- C:\Windows\SysWOW64
2014-07-18 11:02:03 ----D---- C:\Windows\system32\drivers
2014-07-18 11:02:03 ----D---- C:\Windows\ehome
2014-07-18 11:02:02 ----D---- C:\Windows\system32\cs-CZ
2014-07-18 11:02:01 ----D---- C:\Program Files\Internet Explorer
2014-07-18 11:02:00 ----D---- C:\Windows\SYSWOW64\en-US
2014-07-18 11:01:59 ----D---- C:\Windows\system32\en-US
2014-07-18 11:01:58 ----D---- C:\Program Files (x86)\Internet Explorer
2014-07-17 03:30:22 ----SHD---- C:\Windows\Installer
2014-07-17 03:30:16 ----D---- C:\ProgramData\Microsoft Help
2014-07-10 10:58:07 ----D---- C:\Windows\system32\catroot2
2014-07-10 10:58:07 ----D---- C:\Windows\system32\catroot
2014-07-08 19:21:09 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-07-06 16:02:59 ----D---- C:\ProgramData\YoutubeAdblocker
2014-07-06 16:02:55 ----D---- C:\ProgramData\saffeweb
2014-07-06 15:29:55 ----D---- C:\Program Files (x86)\WinRAR
2014-07-06 15:29:19 ----D---- C:\Windows\system32\DriverStore
2014-07-06 15:28:40 ----HD---- C:\ProgramData
2014-06-30 17:14:09 ----D---- C:\Program Files (x86)\SearchProtect
2014-06-29 16:36:27 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-06-26 17:47:55 ----RD---- C:\Program Files (x86)

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-04-20 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-04-20 208416]
R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2013-09-17 62136]
R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2013-10-16 32544]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2014-04-20 28184]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-04-20 93568]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-05-17 1039096]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-05-17 423240]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-12-28 283064]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2013-09-17 239320]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2013-09-17 168256]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2013-09-17 44120]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-04-20 29208]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-04-20 79184]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-05-17 85328]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2013-09-17 220232]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-08-05 2768384]
R3 danewFltr;NewDeathAdder Mouse; C:\Windows\system32\drivers\danew.sys [2010-03-23 12032]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-01-10 12311904]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2013-08-20 39200]
R3 rzudd;Razer Keyboard Driver; C:\Windows\system32\DRIVERS\rzudd.sys [2013-09-13 142008]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-12-10 301104]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\Windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG PC TuneUp 2014\TuneUpUtilitiesDriver64.sys [2013-09-18 14112]
R3 vhidmini;Razer Gaming Device; C:\Windows\system32\DRIVERS\vHidDev.sys [2009-12-21 7552]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 BioNT_BS;BioNT_BS; \??\D:\bluescrn\BioNT_bs.sys []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 epmntdrv;epmntdrv; \??\C:\Windows\syswow64\epmntdrv.sys [2013-03-07 13896]
S3 EuGdiDrv;EuGdiDrv; \??\C:\Windows\syswow64\EuGdiDrv.sys [2013-03-07 9160]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 rzdaendpt;Razer DeathAdder end point; C:\Windows\system32\DRIVERS\rzdaendpt.sys [2013-09-13 33464]
S3 rzvkeyboard;Razer Virtual Keyboard Driver; C:\Windows\system32\DRIVERS\rzvkeyboard.sys [2013-09-13 30904]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ss_bus.sys [2009-09-21 127488]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\Windows\system32\DRIVERS\ss_mdfl.sys [2009-09-21 18944]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\Windows\system32\DRIVERS\ss_mdm.sys [2009-09-21 161280]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2014-02-24 1343408]
R2 HP DS Service;HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [2010-10-27 13824]
R2 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
R2 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-09-19 14997280]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-10-15 922912]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-09-19 2155296]
R2 TeamViewer9;TeamViewer 9; C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-17 5341536]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service; C:\Program Files (x86)\AVG PC TuneUp 2014\TuneUpUtilitiesService64.exe [2013-10-12 2099000]
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-04-20 50344]
S2 avast! Firewall;avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-04-20 109048]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-21 116648]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08 262320]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-21 116648]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2014-06-06 136120]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-06-19 111616]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-05-30 119408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-11-19 489256]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-11-05 1255736]
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2014-04-19 69632]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

Díky.

Re: Keylogger

Napsal: 22 črc 2014 09:42
od Márty84
Zdravim :)

:arrow: Nejprve uvolnete nejake misto na disku!!! System se dusi, potrebuje minimalne 3GB


:arrow: Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s
Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

Re: Keylogger

Napsal: 22 črc 2014 11:40
od MeaAtFlyy
Díky za odpověď. Na vyčištění používám ccleaner, ale prostě mi to vymaže někdy třeba 15 MB a někdy třeba 200MB.
Ale někdy stahuju přes Megu a vždy, když to stáhnu tak mi to zabere místo na C, ale potom když stahuju znovu tak se to místo uvolní.
Když tak bych byl rád, kdybys mi tu hodil nějaký šikovný program na vyčištění disku.:)
Už mi to jede asik 30-60min. je to normální ?

Re: Keylogger

Napsal: 22 črc 2014 11:44
od Márty84
Chtelo by to vetsi disk, nebo premistit data na jiny. Ono 30GB je dneska malo.


Je to normalni, OTL miva dlouhy sken.

Re: Keylogger

Napsal: 22 črc 2014 14:05
od MeaAtFlyy
Na D mám 500GB

extra
OTL Extras logfile created on: 22.7.2014 11:42:45 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Drak\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,68 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 48,24% Memory free
7,36 Gb Paging File | 5,25 Gb Available in Paging File | 71,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 29,20 Gb Total Space | 0,58 Gb Free Space | 2,00% Space Free | Partition Type: NTFS
Drive D: | 349,54 Gb Total Space | 228,35 Gb Free Space | 65,33% Space Free | Partition Type: NTFS

Computer Name: DRAK-PC | User Name: Drak | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-81993594-2078596248-339905091-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{014CC07A-133D-4624-96AA-65C3D3437D79}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{02CD4C10-B66B-4446-95D5-9EB902DE6404}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{03556D00-BC20-4C12-94BB-3647945F879C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{044A983F-9CD8-4DF0-9987-5322B7F21A0B}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{07B8EE82-A010-4000-8511-A194986F75F1}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{07DB891A-B7C3-4EA1-BC2B-94171E4512C7}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{084E9812-3E7D-4F23-980B-55F03AAA9F0C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{08D547DB-179D-417C-ADB4-ABEE1A7EC4D9}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{08E0D6E9-743B-47CF-BC0F-879225A80A95}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{09870535-A66E-4BD2-B593-72314566A557}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{0A5BBE4C-6D66-4B53-A3FB-66BA21D01B89}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{0A9A03B4-DD58-4889-8632-CFC76224262B}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{0CC12B44-A178-41FF-9115-3EAFFBE8B7D6}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{0CDD48EB-EB6D-4525-9243-1ECF08592A68}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{0F069C41-7D5C-4E4B-BE5C-03A20481BEB0}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{0FEE8CA4-FD54-4881-909E-ED06CB41060A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{11052EBE-11A9-4D08-B5DC-1B7E2C6A7F33}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{114CF426-444C-49DB-83E7-60C6D677B046}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{11D6E195-FEFC-4DEF-8F00-12F80283ADF1}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{12D43195-30D7-473B-944E-024ECABAB806}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{142D744A-9CE8-4C41-BF4B-AF3E872D7736}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{15C2AA07-2A24-4869-BB7F-7A2535D5744C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{1640CE02-AC68-41E5-9D70-E2B8FE6A2C6D}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{164C0554-7C5B-458B-A7AF-FDAAAE27438D}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{170FD3C1-3243-46FF-A115-5C155FD0EBC5}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{177A2863-D053-4B25-9305-E0047B1F2F06}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{19A63DAA-5A49-4EAD-8C7B-215B61069D96}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{1B2AA68E-716D-4C74-A43B-A72D623A3D12}" = lport=137 | protocol=17 | dir=in | app=system |
"{1B981395-402B-4691-A103-5761729A5F0B}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{1C9DB254-E121-466F-90B8-D5C05842017B}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{1D2295FB-5E3C-47A0-BE9A-180A3EC864A8}" = rport=137 | protocol=17 | dir=out | app=system |
"{1E63F130-C3BA-4BFD-9F27-B3482148AA79}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{1F082944-544F-442B-B286-F37BA4750974}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2014D1D6-8C76-4095-9813-72B7EC2BF3B2}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{22584869-8B5B-471C-83E2-0590896DB438}" = rport=139 | protocol=6 | dir=out | app=system |
"{24167A03-5A2E-4CAE-8E56-116643F3EE45}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{25EE3D63-0F4E-42F7-9CE7-68F8A3641392}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{261F0D05-26E1-4BD1-9D65-9105662F5432}" = lport=445 | protocol=6 | dir=in | app=system |
"{261FC51A-D46A-4E85-87F1-649EECEA1994}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{263BA690-C8E8-4E35-86F5-AF8148FEE94C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{283A146B-410B-49D8-AFBA-9AF36C05104D}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{286804CA-2ABE-49CC-87AC-E871DF54AB4D}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{290389BD-253E-423B-81BF-37E1E0E0CE63}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{29712A3E-F63D-4F4A-97A3-89FF7C39D090}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{2A65AA64-8C8E-4076-9972-86542D3D0B2E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{2D0133CD-AB49-47E0-93ED-BB6B7DB334C9}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{2D8D78B7-8B81-473D-B3C8-E2AFD4B5745D}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{2FBA4439-D5D6-4B79-AD45-44C3B47E82D6}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{3057565D-F0A1-44DA-BC2B-AC41D53334A1}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{30D086B8-41E3-42E5-9502-F5BC923D9769}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{30DD897E-72C9-4B4D-9AD6-51A336B95DFF}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{31012006-DE2F-4A14-9221-29D935377C79}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{311B023D-F73A-4795-ACF6-E54B96FC709F}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{34F5D904-5208-4584-88D0-BDB78C03236A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{3A4EB4D8-101B-4417-B482-843933EFC8F2}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{3AF2F544-D920-4DB9-82B7-10ABAE9B0A44}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{3BE34013-80D1-463B-BE89-6841807FADB0}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{3CB2D7F8-8327-496F-8825-56B9A023A634}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{3D3D77B7-507A-4025-858C-09D078F6FC5B}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{3D6D29A1-E617-4D57-AD82-136541F6EF62}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{3E33F778-6ED5-466C-81ED-81FEDAB567B5}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{3FD94E51-8EB2-4B66-AC1C-B4306DD785E6}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{410A006F-D7C3-462E-B542-1D34CB0AC32E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{41E37067-AC90-4A73-B61A-42E27B0070B8}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{42B32B64-160F-438E-A855-85CC2222E290}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{43A92085-E362-4DEE-BAC9-4702D3826B95}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{43ED5420-6460-4BFB-848D-529A34DCDE64}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{43F7D97E-6BBD-40B5-AE57-C3858F889D22}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{442823F4-D5D3-47EA-8DDC-3DE88353AF1F}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{455456CE-4DFF-4CBE-8661-7AD545314891}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{463A9A98-2957-4131-88EB-4FAB7176E3B7}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{46F3A8B2-65F2-4C21-8422-D535510194C1}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{47B771FE-D93E-4DA0-898E-1760251F01BE}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{4875EC75-9BAD-483E-B32A-B2754ADED9AA}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{487FE0E7-64FA-4ACA-B4B1-F3865407C4B0}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{4945E690-50F7-44AE-A569-CA793DF6B406}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{496E2538-AB99-4162-88F9-002ED336EF26}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{4EDCA81B-3A07-4E42-A53D-45EE08525F79}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{527E6DE0-E9BD-43DF-8F32-6141E16C1578}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{53FA009D-A59D-42C1-9F9B-43C7EB561494}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{5480DE5C-5387-439A-8901-34A224A5418C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{5521A73D-1EB9-4C40-B1AB-563DA50432F7}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{55691295-E801-493C-A570-09711075512B}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{56231D1E-F620-4149-92FE-3BA2DF603006}" = lport=139 | protocol=6 | dir=in | app=system |
"{570E4156-37FB-4A94-A387-75C6097BB94F}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{57958122-777F-419E-8755-E5620683E433}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{581FF369-ECFD-4E7C-80CD-2A0FE052B527}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{5A6DDCA1-CF0B-4565-A2A3-6BBC0B39888A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{5D0E6B41-7782-45E2-B0B3-5EBEB8AD540F}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{5D11ADC0-210A-4738-95E6-DCC6EBB0F9B3}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{5D4F084F-0E55-46A3-A25C-C04AF9936756}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{5E805EB9-C4C4-40E1-BBCB-C02DE56EEC07}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{5EE8AA10-668E-4083-A540-C595F6BA32C4}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{5FC5EB73-BC94-4F6E-B249-07501ABD1B11}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{602E162F-12F6-4DC1-94B7-04356A5DBE94}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{60FD21AB-3E20-4575-B44A-168E7E7355FD}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{61A63E52-1F1E-4024-B505-491EF33EE58E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{62742FF3-E257-4B4F-B7F2-CE60BDBF59B0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{64C1BC39-26E9-4916-9C8B-7862D8F7878D}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{65B89DDA-47DC-4C0F-B9B7-F226C1D6BCC0}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{661EA42B-6341-4E4A-B47D-B2C21F7F957E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{66697024-D1D9-492D-8506-19E72D020418}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{667D763A-18C3-4626-B83D-804EA7EB07D7}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{66821810-E6B9-4BA8-980E-996EFAD265A8}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{67554A7B-5206-4B73-91AE-F14F5F4D8D32}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{67F5C7DA-F72F-40EF-A01B-8C4B222E18D1}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{68FCE084-9222-48A6-A02F-677FBC75940D}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{694583CC-CC9D-400A-AD11-94E1326367FD}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{6CD806FC-3C6C-4B75-831C-248AF11E00E6}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{6E1C7CC8-6E18-4350-88A6-DBC58C470045}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{6E903061-CB01-4F05-BF6B-EAC961CE2511}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{7003BFAC-AC38-4D49-8E9B-8706B03E0AF7}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{735BB048-D5A8-4D0D-B422-46A27A8C7A91}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{73B2B6E6-3407-43E7-8704-291C939182A1}" = rport=138 | protocol=17 | dir=out | app=system |
"{7406D98B-0B00-4CD2-99DE-87DE84BEDC7E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{746A2FDD-E13B-437E-9D01-D4736508910D}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{74B5064A-7286-4790-8DD2-8965F08548F5}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{74B55507-6764-4D91-922C-7D97B81F8841}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{7510CE3A-676E-44EE-A740-7CE1762C34D4}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{753DA76E-55F4-4291-819E-822902621D18}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{754EDD67-7032-4EEF-8BCC-259CAEE7CD17}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{775D39EE-C7A9-4922-814F-213A301367EA}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{79C8EAED-6849-49BC-8DEA-EE21EF51277E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{79E3470F-736C-4062-A119-B2BA6AF9BA2D}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{7A26E086-A2BD-4FEF-8EA1-A49622523DD7}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{7DB56D7C-FC7F-4EC2-ADDD-E9B173EF63A1}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{7E56A0C0-B0FC-421D-9D1D-13A04E37ED54}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{80D47C7B-B828-428A-8CF2-AD1E7E2E1DE8}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{81AD63F1-FAAA-451F-B925-B59DB6DFB260}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{81E3E2AC-B6D0-4430-96B5-6B0A1DF63F56}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{821B1AB2-B3ED-4018-9B20-D1BD637AD458}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{821F8AEF-13A2-4FB7-B286-9C04EAE037D1}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{82B410A4-F650-4E2E-AC03-6107F3B46CA3}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{82F2D83D-A8A9-4606-A39C-5BFC467B7549}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{82F32421-6445-4E6E-A17B-B103A9608F24}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{841223C0-85E1-4638-8792-04809AB5EE66}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{873F8970-737A-4932-ADDD-142724152C3C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{87958B58-03F7-48C6-BC88-C98C0A0C68EB}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{87AE58D4-4842-419A-BE53-DCE74CCE71FC}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{893D6C0D-C4A7-46B8-AC4D-93C43D6898E7}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{89585610-3B83-4118-8AD0-D808839C6D64}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{8A68AD89-7828-48B8-B0FE-DF9248E03872}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{8AD28547-E1CE-461E-AF26-3B15E3F5FF1D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8B1CDF75-A2D2-4B62-B332-D48370215717}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{8B9FD80E-342F-478F-9AF5-4E44A1447212}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{8E0C3805-4E65-41C1-9A68-9F1C4044D16C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8ECEA659-26C1-41A2-9151-B19256213045}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{8FC11600-D661-4A26-AD58-3AEAFDBFB93D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{92093652-7B93-41F4-AC69-34AF0EB47C9D}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{92867260-AFD4-4300-85D7-5AE4A68BB35D}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{934B58F4-026E-471C-B017-F89BF9335DF9}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{94AD10B1-A293-4BFD-B51F-34BB57F2480F}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{9507E64A-7DAE-4DB1-B250-3FC678EDF191}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{95462E57-2D59-4A05-B742-829598ABE73E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{97ABD98C-5272-43B8-9667-99048ADB0D11}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{98352C4D-CD78-4DD7-91A0-0126BC53D0BC}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{9893CFA4-9BA4-40B9-8F6E-F6536156FCA5}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{98BF31E5-7739-4A78-B974-614C54F005E6}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{99B33105-CD72-434C-BA93-3EF9157A0CA6}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{9AC6FC23-8912-4273-AD27-E3A697745D98}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{9C0F73FC-BB1E-4107-B9C1-6E5A9456411E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{9C8CA522-30C2-4BD5-9AF3-78B83E6AAF51}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{9CB0363B-539C-4489-A00C-1F24ED18E76A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9EC9E4D1-3DBC-41A4-B435-197F3DDF0775}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{9F449145-4CE9-4E24-826A-E9203B4A5720}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{9FD65A82-AD0E-4B43-BFE4-B3B38129B341}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{A0156C0B-8FF3-4822-82E6-8C31A5B6434F}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{A0541CA0-06EF-43BF-B456-117992AAAA22}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A05490FD-04E7-4345-85A7-E4F41BFB22E0}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{A2542453-DA20-4BB4-BB24-2F9057150704}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{A36F1036-9305-400A-B62A-19A7F051780A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{A606E13D-BCBE-4F26-9BE0-ADE1EEB518A5}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{A7349DAD-5CFC-418E-92C8-EAB20404A327}" = lport=138 | protocol=17 | dir=in | app=system |
"{A7E01BD8-4CA0-43B1-AA96-0BA45E742E56}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{A81B9E2D-84C6-463D-B1CE-27F9C0C5B7BD}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{A86B7E60-3B02-4388-86A4-06BE200CC86F}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{A885847E-63B3-4E3F-AD16-BA960C1A1854}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{A8DA49E1-8A46-44B6-A0C3-7DC761B42EC0}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{A8E43234-4952-4AB0-B1F9-13CCA6F076B4}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{AA1031FC-E496-48F3-AD47-B28BBDA17373}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{AB38DBAB-5BE5-44ED-83FD-AEE5A69B4F16}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{AC35F41D-A239-4D7A-A777-6459982B42D2}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{ACBFBC5B-D866-47C7-AF35-E5BD90CB5CED}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{AD1B4AE5-7033-439D-9998-B32665E235B8}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{ADF3DB2C-9BAD-4E46-BAE9-30FAFD5A5CEB}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{B0F97F72-548C-4507-906F-98FB543C7577}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{B1137DBA-C60F-4971-8999-56BA9D603277}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{B288B04E-04CE-42AC-A072-3B9EF282A240}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{B2E1BDBD-2CD0-4682-B9CA-49D9C4B5447E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B3FB0882-4DFD-40F7-AC94-73B9C29E5AD6}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{B408C949-3F99-41D5-9F11-319A5BAD6C1C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{B417A6CC-2EC5-4BFD-8308-7120E54AB22B}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{B5491647-0150-46B3-8D91-3D9F011EDC95}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{B5494682-D174-45D3-AECF-782D4ABB013F}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{B742DFC0-AB37-4678-9255-3B774EE75613}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{BE3FB7D2-9A8C-4901-9C12-959ABD6508FB}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{C0167D4A-F29C-49DE-B45E-825677A530FC}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{C0C93A16-2606-423C-B57E-4C5902386A07}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{C1025F53-57EB-4C51-B97A-5F26E2D09E87}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{C160D2A3-F0A7-491C-9FBB-6669B07DA53E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{C636661E-ECFD-4596-AEA9-66F5F3F491D0}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{C99A5961-7A64-4A6B-826A-85826B8FFA94}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{C9E1B8BA-B8B5-4E2D-A672-9AB4385D55A9}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{CD2F2A00-14BE-4809-9B6E-CF18BA2E5788}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{CD43B4B2-0E97-45FA-B372-900970E98E1B}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{CF97635C-9F0E-4324-AF46-781BE4D6BC12}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{D0DF8780-F36E-401E-BB6D-7FD1B6FFAD64}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{D1FD8C59-69AF-4A82-9456-D3C3FB731E7E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{D2B8E93C-F3E1-4AF7-97EC-231B2A143298}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{D300BDED-0A8C-497D-BC57-6403FC3AB31C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{D3DEC4AA-89D9-4137-9259-227FA7994008}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{D40C455A-B3BA-4EAC-84E5-AA8EA5745A9F}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{D55473B2-E739-453E-9717-475EED2C1C1F}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{D5FFF543-90B4-4B3C-B94B-BBD752CB1B5C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{D689040B-7788-4029-A44B-1D2223AAEE7C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{D81B1F11-7756-478F-B625-E0BB5B93024E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{D824EC4C-5C30-4783-BEF0-DBB6B267201D}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{E01508EE-BA47-416B-9A6C-DECAB495A087}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{E1EF169B-2BA2-4BD5-896F-81CB0C47E90E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{E2082171-9485-48A5-B199-D952767167E8}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{E20CC8E2-F65C-4C92-AEC5-D5F0A43550E4}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{E244800C-9191-4AC2-A30F-6AD52D1B50E8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E2E6FA9B-30B6-456B-9BA3-7D9382A688FC}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{E4323FD3-4F5E-4B2B-936E-C6884685A424}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{E449BDD3-D33E-42B9-B4EC-A3AF9ED3ECF4}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{E6658D4A-6CA7-43E0-81A8-8258A48DE2BF}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{E6B9CCF8-4499-425F-9310-274725EB529B}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{E8597E54-C918-4035-B723-00806197BEB8}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{E89E57A1-7CE1-4AA8-8A14-F0077A37C58B}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{EA0ED701-DF0B-418B-B5CB-BEEDF9396BD5}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{EAEB962D-FF25-4B34-B3C5-06F0B79824FF}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{EC50F60F-13C0-4A90-A03C-6C0BBD77A994}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{ED0D2D9D-B674-4255-A70C-DDF02C5BDB0A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{EE345161-F497-4C0C-87DE-3A669DE3708A}" = rport=445 | protocol=6 | dir=out | app=system |
"{EEB67A34-E32B-4F85-87EB-FF5591258C7D}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{F18EEC33-AB1C-472C-BC57-1A25280C7F8F}" = lport=49198 | protocol=6 | dir=in | name=akamai netsession interface |
"{F2F336C0-FED9-4E27-A694-0F3AA4A7D5A5}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{F56831F5-1CA7-4014-B38C-126BBE5A8797}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{F57A17D2-925B-442D-8316-97B747409227}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{F717C0AF-B610-49A0-94E1-1A6C79BC0735}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{F7B3CCC9-3DCC-4528-8115-831476A9CB11}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{F857DE66-1A18-4C38-A8DC-2A6D5A59DDF6}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{F8D125C2-9B6B-41E1-8679-52C14B168828}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{FA6B2335-1C2F-4D91-902A-C01260830E88}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{FA7DD3DC-8FBE-4BBF-87D8-7D50D45ED1C6}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{FC069B7F-4FA0-4029-A222-36D2AB70A0EC}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{FD3EA14D-2D64-4695-A50D-FE3B498EC4A9}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{FE2F75FC-9306-4C00-B298-567895A51A9D}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{FF09208E-48C1-4389-BB95-7AA32E563571}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{FF6F2103-F9A8-4EFF-8B1D-088EECBDC53B}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{FFBEA081-B192-43DE-B9DC-8D0B6A0B7464}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01970A95-C5A9-4758-94D4-4412B4B0DD01}" = dir=in | app=c:\users\drak\appdata\local\tnt2\2.0.0.1702\tnt2user.exe |
"{076136B5-BA29-479C-946C-2289E1D9BBF4}" = dir=in | app=c:\users\drak\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{11CBD128-AF19-4558-A0AC-67F676F3839E}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{12706A05-3996-445D-A4FD-E2516E922357}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\sniper elite\sniperelite.exe |
"{1DD75259-5CFF-4CEB-AD4E-F9A657C3D832}" = protocol=17 | dir=in | app=c:\users\drak\appdata\roaming\utorrent\utorrent.exe |
"{1E752497-4A82-4C84-A867-F984BD6E0595}" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"{1F8BD5BC-A77C-49A9-B225-AFAC9E503A7D}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{245F67CF-D499-4F6A-A981-1EAD7BE28B63}" = protocol=6 | dir=in | app=d:\gameforgelive\gfl_client.exe |
"{2B07D265-F750-4651-8300-0A65AB286E16}" = protocol=17 | dir=in | app=c:\users\drak\appdata\roaming\dropbox\bin\dropbox.exe |
"{2C10A80B-D063-4A57-8B99-AEAE9B55B2CD}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\sniper elite\sniperelite.exe |
"{2C8F1818-2BAD-412C-AE77-DD2CFF41CDD1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{367FF267-4105-42CB-A0E2-3E7AEEA87601}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{49A412AE-E537-4CA9-9098-1A18655D9206}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{4A1CC72F-6421-4BDA-B648-59B970015B3B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{51A5CD42-51FA-47D2-93CA-B8006CFF5986}" = protocol=6 | dir=in | app=d:\assassin's creed\assassinscreed_launcher.exe |
"{5C052943-0BB4-4A22-B7C5-639BD674E6A7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{79D91B23-F9B3-458F-8FBB-2F9021FA0832}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{7AD170CA-6C13-4346-AD09-D1AFC43BA926}" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"{7C8B9365-542F-46D0-8FE5-D3F1DEF81465}" = protocol=6 | dir=in | app=d:\assassin's creed\assassinscreed_dx10.exe |
"{801013C0-3D80-442B-B67F-62B97CBF0059}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\sniper elite v2\bin\sniperelitev2.exe |
"{861B136C-1D71-4F4C-8D13-59D632D1130E}" = protocol=17 | dir=in | app=d:\assassin's creed\assassinscreed_dx9.exe |
"{896C8E08-B21D-4067-9C3C-61B2927F723A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{8A33B36B-6EAC-4D59-AD60-03D0F231E1D4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{92B60922-EFBB-40FE-9EF9-6D4188FC829C}" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"{933AE420-049E-4E59-80AD-A307626E8D88}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9474CD28-976A-452B-9874-BFECE03575FD}" = protocol=6 | dir=in | app=c:\users\drak\appdata\roaming\utorrent\utorrent.exe |
"{A77000B1-6A2D-4081-BAA1-C3F38C1A8504}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A8B45E7B-3340-48B5-8BBA-B042B60C09F9}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{A9808BDC-748A-4CD3-A432-DB4F2CAA61FA}" = protocol=17 | dir=in | app=d:\assassin's creed\assassinscreed_launcher.exe |
"{ADCE972A-01AC-4531-94B1-75FA0A926702}" = protocol=6 | dir=in | app=d:\assassin's creed\assassinscreed_dx9.exe |
"{AE56E24A-AE56-4F55-AB31-68BB45A89C1F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B812F648-7A0F-4F45-9EFD-D12188467716}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B9E4D237-3C10-41C4-8E9C-DE528F721532}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BF6307E0-421C-409F-9C52-6232A5F6D1BB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{C29982CB-2C41-4B74-8EB7-1521A6E3B673}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C2F4CA01-02CA-48CC-A69E-CA5F5343A178}" = protocol=17 | dir=in | app=d:\assassin's creed\assassinscreed_dx10.exe |
"{D0010461-2163-4B04-B1D8-E77A2B8D376F}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\sniper elite v2\bin\sniperelitev2.exe |
"{D4314361-BB56-4A3F-BDC9-B6564FD5B038}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{D7E20C62-1145-43BB-AAEB-BFDCD1936472}" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"{E9F01561-9015-44B3-A61A-0B5B218638C9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EE39D77F-A211-4E90-88A7-B3E93147A15E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F65A2B53-8501-45F3-9721-9753B63FC7D1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FEEA3634-E4C3-4B87-8A14-51FD15661E0E}" = protocol=6 | dir=in | app=c:\users\drak\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{043229A2-6242-46EB-91BE-5539ED295C92}D:\attomey ---\metin2client.bin" = protocol=6 | dir=in | app=d:\attomey ---\metin2client.bin |
"TCP Query User{08EF9EB4-CB17-479B-ADE7-2F5B312EFF41}D:\attomey ---\metin2client.bin" = protocol=6 | dir=in | app=d:\attomey ---\metin2client.bin |
"TCP Query User{0BEF5A30-3002-4E2D-AD40-E493B4AC4F1E}D:\the-lost-island\metin2.bin" = protocol=6 | dir=in | app=d:\the-lost-island\metin2.bin |
"TCP Query User{14C930B5-7DAA-4CE8-9525-57A12D2DBF72}D:\microsoft.windowslauncher.dll" = protocol=6 | dir=in | app=d:\microsoft.windowslauncher.dll |
"TCP Query User{15A8EA2F-69AF-4BB9-9ACE-3789408BA065}D:\worldofextinction\wolrdofextinction.exe" = protocol=6 | dir=in | app=d:\worldofextinction\wolrdofextinction.exe |
"TCP Query User{17A94D2D-744F-4083-AD7A-8DAE4E7BD39C}D:\gold-dream-patcher\patchskin\gd.exe" = protocol=6 | dir=in | app=d:\gold-dream-patcher\patchskin\gd.exe |
"TCP Query User{18BFF22E-9070-4559-91E3-CF9840780600}D:\w.o.e. - metin2\w.o.e. - metin2.exe" = protocol=6 | dir=in | app=d:\w.o.e. - metin2\w.o.e. - metin2.exe |
"TCP Query User{3282773E-337F-4119-97B4-7F2CBCDB0E4A}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{3E1A8CFC-730E-4027-AB8A-D6AD1C7CB816}D:\libenton\libenton.exe" = protocol=6 | dir=in | app=d:\libenton\libenton.exe |
"TCP Query User{3F110F41-5656-4E31-9175-49A62E7D3890}D:\aqua - pvp\aqua2.exe" = protocol=6 | dir=in | app=d:\aqua - pvp\aqua2.exe |
"TCP Query User{4653AA25-4A1D-4AA8-87C5-001E6B4866D8}C:\users\drak\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\drak\appdata\local\akamai\netsession_win.exe |
"TCP Query User{4950AF2A-41A5-44D1-A169-E212FB360AA8}D:\ekura\game.exe" = protocol=6 | dir=in | app=d:\ekura\game.exe |
"TCP Query User{504920DE-8F20-43EA-8EE8-BA9337FF4B88}D:\spaceworld\spaceworldlauncher.exe" = protocol=6 | dir=in | app=d:\spaceworld\spaceworldlauncher.exe |
"TCP Query User{50807006-986D-49E7-AF6E-F229B8F6437B}D:\aureria classic\metin2client.bin" = protocol=6 | dir=in | app=d:\aureria classic\metin2client.bin |
"TCP Query User{547ECBE0-CEB2-43D2-B4C9-DAB2677210EF}D:\unknown - world-alfa client\spoustec.exe" = protocol=6 | dir=in | app=d:\unknown - world-alfa client\spoustec.exe |
"TCP Query User{63F5B377-0992-4678-8B80-10F47A0F7AA2}D:\fear inside\jadro.bin" = protocol=6 | dir=in | app=d:\fear inside\jadro.bin |
"TCP Query User{63FE88F9-B494-4ACF-8563-43B6E7BEB00F}C:\users\drak\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\drak\appdata\local\akamai\netsession_win.exe |
"TCP Query User{660D96FD-B7EC-4B93-A4CC-809F884DABE9}D:\the-lost-island\metin2.bin" = protocol=6 | dir=in | app=d:\the-lost-island\metin2.bin |
"TCP Query User{6655477B-C9AF-4BCA-93C7-D46B6A145CDB}D:\last-world\lw.bin" = protocol=6 | dir=in | app=d:\last-world\lw.bin |
"TCP Query User{6715A772-0BA7-4562-86B3-8E708FB620BA}D:\lothira3\data.exe" = protocol=6 | dir=in | app=d:\lothira3\data.exe |
"TCP Query User{6F00460A-F625-46E6-A091-51FDE258FF7A}D:\fi pvm\dex.bin" = protocol=6 | dir=in | app=d:\fi pvm\dex.bin |
"TCP Query User{7973CDF4-A28A-40BE-9C08-EDEB0129CB54}D:\fear-inside pvp\fearinside.exe" = protocol=6 | dir=in | app=d:\fear-inside pvp\fearinside.exe |
"TCP Query User{7CEDED1D-EF92-4F0D-A4BB-F9763619EC4D}D:\luxion client\luxion client\luxion.exe" = protocol=6 | dir=in | app=d:\luxion client\luxion client\luxion.exe |
"TCP Query User{8651BFD7-F4EB-48F1-9391-F143C0FE6098}D:\darkage 2 klient v 1.0\darkage2.exe" = protocol=6 | dir=in | app=d:\darkage 2 klient v 1.0\darkage2.exe |
"TCP Query User{8A28773B-A29D-4F3E-816D-651AF690A349}D:\rivalia2\data.dll" = protocol=6 | dir=in | app=d:\rivalia2\data.dll |
"TCP Query User{9234B4CD-5DC3-4A30-BB02-0ECC202BF7C0}D:\laroxion\graves.dll" = protocol=6 | dir=in | app=d:\laroxion\graves.dll |
"TCP Query User{98CD4018-1AED-4D02-9548-345E3AF4D410}D:\ekura\game.exe" = protocol=6 | dir=in | app=d:\ekura\game.exe |
"TCP Query User{A816ACFF-5AAE-482B-A129-B54A34CF4BDC}D:\candylongjuskcz\metin2.exe" = protocol=6 | dir=in | app=d:\candylongjuskcz\metin2.exe |
"TCP Query User{AA8A6084-791A-41B3-ACDA-74DAD6E84502}D:\etacidnys new\eg.dlleg" = protocol=6 | dir=in | app=d:\etacidnys new\eg.dlleg |
"TCP Query User{AAC11FDD-12A3-45F3-8ACE-D063F1F6DEF7}D:\metin2 anubis official\anubis.bin" = protocol=6 | dir=in | app=d:\metin2 anubis official\anubis.bin |
"TCP Query User{B57EBA64-3F2B-4E75-8DB6-79E043D63E13}F:\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=f:\call of duty 2\cod2mp_s.exe |
"TCP Query User{BCFA9BB6-3325-46F0-BA59-B9376651F988}D:\w.o.e. - client\w.o.e. - metin2.exe" = protocol=6 | dir=in | app=d:\w.o.e. - client\w.o.e. - metin2.exe |
"TCP Query User{D2D2AB7C-912D-49DE-9B83-D5060B965D2A}D:\newgeneration\microsoft.windowslauncher.dll" = protocol=6 | dir=in | app=d:\newgeneration\microsoft.windowslauncher.dll |
"TCP Query User{E5B04BDD-1AC8-4FDA-A242-C238849759B6}D:\unlimitedworld\uw.bin" = protocol=6 | dir=in | app=d:\unlimitedworld\uw.bin |
"TCP Query User{E64AA0D5-DB8E-4BCD-A61F-C650CF27BC00}D:\newgeneration\microsoft.windowslauncher.dll" = protocol=6 | dir=in | app=d:\newgeneration\microsoft.windowslauncher.dll |
"TCP Query User{E69542DC-2592-43F5-A1CC-7BF9B853E40B}D:\nether-world\nether-world.bin" = protocol=6 | dir=in | app=d:\nether-world\nether-world.bin |
"TCP Query User{E8F088AA-B8F6-43D8-B254-E517A62630B0}D:\unlimitedworld\uw.bin" = protocol=6 | dir=in | app=d:\unlimitedworld\uw.bin |
"TCP Query User{EADA9E5C-4397-4C74-AB2C-AC6A1A8FD2B9}D:\the endless journey\data.dll" = protocol=6 | dir=in | app=d:\the endless journey\data.dll |
"TCP Query User{EE2D53AD-D621-490C-ADA2-6DE5EF0FD594}D:\laroxion\graves.dll" = protocol=6 | dir=in | app=d:\laroxion\graves.dll |
"TCP Query User{F08C5DEB-F331-4278-AF93-E8296F92D3DC}D:\nether-world\nether-world.bin" = protocol=6 | dir=in | app=d:\nether-world\nether-world.bin |
"TCP Query User{FBAC5DAB-906A-43B9-A55B-91EC86F563E4}D:\ultimaonline version 8.0\lanceur ultimaonline.exe" = protocol=6 | dir=in | app=d:\ultimaonline version 8.0\lanceur ultimaonline.exe |
"TCP Query User{FBC3045C-9871-447F-9B26-7D8FFC18A12B}D:\celestialworld\mt2.exe" = protocol=6 | dir=in | app=d:\celestialworld\mt2.exe |
"TCP Query User{FD857A5B-6DB1-4C01-8DA6-BCF01A5B6AAF}D:\xmoon v 2.0\speedtreetr.dll" = protocol=6 | dir=in | app=d:\xmoon v 2.0\speedtreetr.dll |
"UDP Query User{01F47894-7FA4-42AD-A05F-132B085DE548}D:\spaceworld\spaceworldlauncher.exe" = protocol=17 | dir=in | app=d:\spaceworld\spaceworldlauncher.exe |
"UDP Query User{06E81696-BB75-4A75-A718-E7334936EC85}D:\w.o.e. - metin2\w.o.e. - metin2.exe" = protocol=17 | dir=in | app=d:\w.o.e. - metin2\w.o.e. - metin2.exe |
"UDP Query User{096EAA78-E83F-42B8-9E0F-EE0527A2C2BB}D:\ultimaonline version 8.0\lanceur ultimaonline.exe" = protocol=17 | dir=in | app=d:\ultimaonline version 8.0\lanceur ultimaonline.exe |
"UDP Query User{11A0EF46-51F8-40E8-AA22-6227ACEC3E51}D:\the-lost-island\metin2.bin" = protocol=17 | dir=in | app=d:\the-lost-island\metin2.bin |
"UDP Query User{222ED140-6DCE-4B50-BF4B-30336F659BEB}D:\rivalia2\data.dll" = protocol=17 | dir=in | app=d:\rivalia2\data.dll |
"UDP Query User{2EDC80CA-3E90-4974-A6A8-6DEFD832D277}F:\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=f:\call of duty 2\cod2mp_s.exe |
"UDP Query User{31C7BF03-2626-4834-B0D0-07BDED3778FB}D:\unlimitedworld\uw.bin" = protocol=17 | dir=in | app=d:\unlimitedworld\uw.bin |
"UDP Query User{32A76ABC-FB1F-4D1B-8DCF-1BB895ECED33}D:\gold-dream-patcher\patchskin\gd.exe" = protocol=17 | dir=in | app=d:\gold-dream-patcher\patchskin\gd.exe |
"UDP Query User{344A3385-CA8A-407A-8972-D746A7021257}D:\w.o.e. - client\w.o.e. - metin2.exe" = protocol=17 | dir=in | app=d:\w.o.e. - client\w.o.e. - metin2.exe |
"UDP Query User{362A5717-CAA2-43CD-B4BD-83283169BFD6}C:\users\drak\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\drak\appdata\local\akamai\netsession_win.exe |
"UDP Query User{3DB26EEF-7583-4970-B237-6DDFF984A639}D:\aqua - pvp\aqua2.exe" = protocol=17 | dir=in | app=d:\aqua - pvp\aqua2.exe |
"UDP Query User{47B8FB8F-A0AF-48E6-B716-6293384D0FE1}D:\microsoft.windowslauncher.dll" = protocol=17 | dir=in | app=d:\microsoft.windowslauncher.dll |
"UDP Query User{4FEF3E85-971C-4B63-97E4-387FC6BAF3DE}D:\luxion client\luxion client\luxion.exe" = protocol=17 | dir=in | app=d:\luxion client\luxion client\luxion.exe |
"UDP Query User{547A851A-569C-429B-B1F2-0707C1E2A444}D:\lothira3\data.exe" = protocol=17 | dir=in | app=d:\lothira3\data.exe |
"UDP Query User{5A0073F0-DF31-4326-8351-18380A49FC4A}D:\the-lost-island\metin2.bin" = protocol=17 | dir=in | app=d:\the-lost-island\metin2.bin |
"UDP Query User{5CB719B5-83E1-4AB5-91E9-FEC86B3FD933}D:\fear inside\jadro.bin" = protocol=17 | dir=in | app=d:\fear inside\jadro.bin |
"UDP Query User{5D850B4D-8D09-4484-B2DC-8F8EA29C454C}D:\fi pvm\dex.bin" = protocol=17 | dir=in | app=d:\fi pvm\dex.bin |
"UDP Query User{6042CB7A-8A35-48DD-A533-67584E59A930}D:\etacidnys new\eg.dlleg" = protocol=17 | dir=in | app=d:\etacidnys new\eg.dlleg |
"UDP Query User{670696FE-71C8-401C-96C5-E5CDBCB74B66}D:\unknown - world-alfa client\spoustec.exe" = protocol=17 | dir=in | app=d:\unknown - world-alfa client\spoustec.exe |
"UDP Query User{69E46677-B962-4C40-A35E-AA032250D75D}D:\last-world\lw.bin" = protocol=17 | dir=in | app=d:\last-world\lw.bin |
"UDP Query User{6D7A403E-32A2-47E7-8346-2790E2628D1E}D:\darkage 2 klient v 1.0\darkage2.exe" = protocol=17 | dir=in | app=d:\darkage 2 klient v 1.0\darkage2.exe |
"UDP Query User{77B8E44D-BDC0-4A76-8095-BC90A1B4E5E3}D:\attomey ---\metin2client.bin" = protocol=17 | dir=in | app=d:\attomey ---\metin2client.bin |
"UDP Query User{7C03682F-843B-47A3-8663-B95995C44308}D:\fear-inside pvp\fearinside.exe" = protocol=17 | dir=in | app=d:\fear-inside pvp\fearinside.exe |
"UDP Query User{87AFEE99-8E9B-4379-9742-11DE92F34824}D:\xmoon v 2.0\speedtreetr.dll" = protocol=17 | dir=in | app=d:\xmoon v 2.0\speedtreetr.dll |
"UDP Query User{89429E14-0A7B-48C7-A052-618E4B54A0D1}D:\nether-world\nether-world.bin" = protocol=17 | dir=in | app=d:\nether-world\nether-world.bin |
"UDP Query User{8F21449F-FEDE-41B3-96E2-851C2473D36D}D:\libenton\libenton.exe" = protocol=17 | dir=in | app=d:\libenton\libenton.exe |
"UDP Query User{92E32A4A-F7FE-46F2-A8B7-6E6EFFED705E}D:\the endless journey\data.dll" = protocol=17 | dir=in | app=d:\the endless journey\data.dll |
"UDP Query User{96319B1E-D22C-4EFA-BB8F-9C392600EF3E}D:\unlimitedworld\uw.bin" = protocol=17 | dir=in | app=d:\unlimitedworld\uw.bin |
"UDP Query User{97004CD9-D21E-404D-B81C-341E22A73702}D:\worldofextinction\wolrdofextinction.exe" = protocol=17 | dir=in | app=d:\worldofextinction\wolrdofextinction.exe |
"UDP Query User{992A3F39-B083-4FF4-9659-E0AF0551BAC5}D:\ekura\game.exe" = protocol=17 | dir=in | app=d:\ekura\game.exe |
"UDP Query User{9A9DBEE6-8BF0-4760-8516-8113A4512D66}C:\users\drak\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\drak\appdata\local\akamai\netsession_win.exe |
"UDP Query User{AA8D60A8-BE22-48AC-B26B-50058D52583B}D:\nether-world\nether-world.bin" = protocol=17 | dir=in | app=d:\nether-world\nether-world.bin |
"UDP Query User{AC17F6B7-7FD7-4FAC-8BEE-87180EA72285}D:\aureria classic\metin2client.bin" = protocol=17 | dir=in | app=d:\aureria classic\metin2client.bin |
"UDP Query User{B551CF03-A910-4A44-A93A-FB7FD6F8468D}D:\celestialworld\mt2.exe" = protocol=17 | dir=in | app=d:\celestialworld\mt2.exe |
"UDP Query User{BF13D72B-0D9C-4F90-8D20-FB92B0ABDC0C}D:\ekura\game.exe" = protocol=17 | dir=in | app=d:\ekura\game.exe |
"UDP Query User{C0D694CC-5523-4E9F-83F8-B1151688DA6D}D:\metin2 anubis official\anubis.bin" = protocol=17 | dir=in | app=d:\metin2 anubis official\anubis.bin |
"UDP Query User{CC1CBF79-9F0E-4D7F-9CD4-A6AF8E30D7BA}D:\laroxion\graves.dll" = protocol=17 | dir=in | app=d:\laroxion\graves.dll |
"UDP Query User{D7F264E8-B78B-447C-88A2-62234E63707D}D:\laroxion\graves.dll" = protocol=17 | dir=in | app=d:\laroxion\graves.dll |
"UDP Query User{DB88A42E-318B-4F8C-89AA-223A8BD239E6}D:\newgeneration\microsoft.windowslauncher.dll" = protocol=17 | dir=in | app=d:\newgeneration\microsoft.windowslauncher.dll |
"UDP Query User{DC26FFEF-9DCD-4079-971F-56882C6F68C8}D:\attomey ---\metin2client.bin" = protocol=17 | dir=in | app=d:\attomey ---\metin2client.bin |
"UDP Query User{DEE73E87-F113-4BA9-B054-2D11BB1907E7}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{E15A3C37-FDE5-4395-B1E5-9AD1B7262EF4}D:\candylongjuskcz\metin2.exe" = protocol=17 | dir=in | app=d:\candylongjuskcz\metin2.exe |
"UDP Query User{E74B466D-BD12-499F-8889-D757F12D01FA}D:\newgeneration\microsoft.windowslauncher.dll" = protocol=17 | dir=in | app=d:\newgeneration\microsoft.windowslauncher.dll |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{50813B8C-FCBB-3C61-8039-EAAA93029066}" = Microsoft .NET Framework 4.5.1 (CSY)
"{5737101A-27C4-408A-8A57-D1DC78DF84B4}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6B00F0E1-2680-11E3-95F5-F04DA23A5C58}" = MSVCRT Redists
"{750374DE-064B-403F-8F3E-252760CE6381}" = ESET Smart Security
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2007
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029" = Microsoft .NET Framework 4.5.1 (čeština)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 331.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Ovladače grafiky 331.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 8.3.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Systémový software PhysX 9.13.0725
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizace NVIDIA 8.3.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.5
"{C2B8CBDE-5232-11E3-B494-F04DA23A5C58}" = MSVCRT Redists
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"CCleaner" = CCleaner
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01BD4FC9-2F86-4706-A62E-774BB7E9D308}" = AVG PC TuneUp 2014
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0CA2063D-D43F-41F2-A8AC-A3C4A4C722D2}" = Qualcomm Atheros Fast Reconnect
"{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}" = Razer Synapse 2.0
"{101F30DF-3204-473B-A0DD-037A53983DEA}" = QuadcoreM2
"{1A05C238-2E6A-4CB5-8600-E6C1E509E0CB}" = Paragon Hard Disk Manager 6.0 Demo
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 60
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{47E5588F-C3A0-11DE-9857-005056C00008}" = Paragon Partition Manager™ 2014 Free
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.16
"{7A8B5F7D-6736-4DC4-A7A5-223BE131EB34}" = AVG PC TuneUp 2014 (cs-CZ)
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}" = Facebook Video Calling 2.0.0.447
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{0B7A4B67-2A38-42B1-9857-662FAB361E08}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{FDF9A959-241A-4662-A8DE-7DED9C22D160}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0405-1000-0000000FF1CE}_ENTERPRISE_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9767CBB5-2A81-427D-8F05-497737D56AA0}" = hpbDSService
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1" = Gameforge Live 2.0.3
"{A407FC22-36BF-4C82-A516-59D94BC505A9}" = System Requirements Lab Detection
"{A5949B71-46FB-43F3-8852-4E74D9FC7564}" = hpbM175DSService
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder(TM) Mouse
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F78AC3C0-578C-49AB-BD4E-3107A6036A13}" = Tom Clancy's Ghost Recon Advanced Warfighter® 2
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"AVG PC TuneUp" = AVG PC TuneUp 2014
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"CFG Maker" = CFG Maker
"Czech Soccer Manager" = Czech Soccer Manager
"DivX Setup" = DivX Setup
"Dll-Files Fixer_is1" = Dll-Files Fixer
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fraps" = Fraps (remove only)
"Google Chrome" = Google Chrome
"Halo 2_is1" = Halo 2 version 1.0
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"Cheat Engine 6.3_is1" = Cheat Engine 6.3
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 10.0.5
"Metin2_is1" = Metin2
"Mobogenie" = Mobogenie
"Mozilla Firefox 29.0.1 (x86 cs)" = Mozilla Firefox 29.0.1 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NewBlue 3D Explosions for Windows" = NewBlue 3D Explosions for Windows
"NewBlue Art Blends for Windows" = NewBlue Art Blends for Windows
"NewBlue Art Effects for Windows" = NewBlue Art Effects for Windows
"NewBlue Motion Blends for Windows" = NewBlue Motion Blends for Windows
"NewGeneration" = NewGeneration
"Picasa 3" = Picasa 3
"QuadcoreM2 1.12.2012" = QuadcoreM2
"SearchProtect" = Search Protect
"Steam" = Steam
"Steam App 3700" = Sniper Elite
"Steam App 63380" = Sniper Elite V2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 9" = TeamViewer 9
"WinRAR archiver" = WinRAR 4.20 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-81993594-2078596248-339905091-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{706DE580-4369-4A11-81F6-2931328B112E}" = FindWide.com
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Google+ Auto Backup" = Google+ Auto Backup
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9.7.2014 14:32:30 | Computer Name = domme | Source = Application Hang | ID = 1002
Description = Program Microsoft.WindowsLauncher.dll verze 1.0.36469.0 přestal spolupracovat
se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací
o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID
procesu: 1728 Čas spuštění: 01cf9b9db3d22bf6 Čas ukončení: 1215 Cesta k aplikaci:
D:\NewGeneration\Microsoft.WindowsLauncher.dll ID hlášení: 6028f35e-0797-11e4-a9af-86393fe405bd


Error - 13.7.2014 13:00:01 | Computer Name = domme | Source = Windows Backup | ID = 4103
Description =

Error - 14.7.2014 0:13:48 | Computer Name = domme | Source = Application Error | ID = 1000
Description = Název chybující aplikace: winlogon.exe, verze: 6.1.7601.18409, časové
razítko: 0x53159240 Název chybujícího modulu: ntdll.dll, verze: 6.1.7601.18247,
časové razítko: 0x521eaf24 Kód výjimky: 0xc0000005 Posun chyby: 0x000000000004e4e4
ID
chybujícího procesu: 0x3c0 Čas spuštění chybující aplikace: 0x01cf9ab8979f0aef Cesta
k chybující aplikaci: C:\Windows\system32\winlogon.exe Cesta k chybujícímu modulu:
C:\Windows\SYSTEM32\ntdll.dll ID zprávy: 40affad4-0b0d-11e4-a9af-86393fe405bd

Error - 14.7.2014 3:21:21 | Computer Name = domme | Source = NvStreamSvc | ID = 131073
Description =

Error - 14.7.2014 3:21:21 | Computer Name = domme | Source = NvStreamSvc | ID = 131073
Description =

Error - 16.7.2014 3:30:32 | Computer Name = domme | Source = Application Hang | ID = 1002
Description = Program FearInside.exe verze 1.0.34669.0 přestal spolupracovat se
systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací
o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID
procesu: 14f0 Čas spuštění: 01cfa0b600ded2f0 Čas ukončení: 241 Cesta k aplikaci: D:\FearInside
PvP\FearInside.exe ID hlášení: 0cc43e98-0cbb-11e4-a48d-ae3e64624c74

Error - 16.7.2014 8:53:38 | Computer Name = domme | Source = NvStreamSvc | ID = 131073
Description =

Error - 16.7.2014 8:53:38 | Computer Name = domme | Source = NvStreamSvc | ID = 131073
Description =

Error - 16.7.2014 16:15:02 | Computer Name = domme | Source = Application Error | ID = 1000
Description = Název chybující aplikace: Dll-Injector by Slait.exe, verze: 1.0.0.0,
časové razítko: 0x00000000 Název chybujícího modulu: Switch-Bot (Vista & 7).dll,
verze: 1.0.0.4, časové razítko: 0x4efdce51 Kód výjimky: 0xc0000005 Posun chyby: 0x00004ef8
ID
chybujícího procesu: 0x1144 Čas spuštění chybující aplikace: 0x01cfa1328b413fbf Cesta
k chybující aplikaci: C:\Users\Drak\AppData\Local\Temp\Rar$EXa0.309\SwitchBotCZ
(1)\Dll-Injector by Slait.exe Cesta k chybujícímu modulu: D:\FearInside PvP\Switch-Bot
(Vista & 7).dll ID zprávy: ddc03484-0d25-11e4-8349-909926726fb8

Error - 16.7.2014 21:30:20 | Computer Name = domme | Source = Windows Search Service | ID = 3007
Description =

[ System Events ]
Error - 26.5.2014 10:25:07 | Computer Name = domme | Source = volmgr | ID = 262190
Description = Inicializace výpisu stavu systému se nezdařila.

Error - 26.5.2014 10:25:21 | Computer Name = domme | Source = NetBT | ID = 4311
Description = Inicializace se nezdařila, protože ovladač zařízení nemohl být vytvořen.
K
identifikaci rozhraní, jehož inicializace se nezdařila, lze použít řetězec C0F8DA8A122A.
Je reprezentován adresou MAC tohoto rozhraní nebo globálně jedinečným identifikátorem
(GUID), pokud nemohlo rozhraní NetBT získat adresu MAC podle identifikátoru GUID.
Pokud nebyla k dispozici adresa MAC ani identifikátor GUID, je řetězec reprezentován
názvem zařízení clusteru.

Error - 26.5.2014 10:25:21 | Computer Name = domme | Source = NetBT | ID = 4311
Description = Inicializace se nezdařila, protože ovladač zařízení nemohl být vytvořen.
K
identifikaci rozhraní, jehož inicializace se nezdařila, lze použít řetězec C0F8DA8A122A.
Je reprezentován adresou MAC tohoto rozhraní nebo globálně jedinečným identifikátorem
(GUID), pokud nemohlo rozhraní NetBT získat adresu MAC podle identifikátoru GUID.
Pokud nebyla k dispozici adresa MAC ani identifikátor GUID, je řetězec reprezentován
názvem zařízení clusteru.

Error - 26.5.2014 10:25:27 | Computer Name = domme | Source = NetBT | ID = 4311
Description = Inicializace se nezdařila, protože ovladač zařízení nemohl být vytvořen.
K
identifikaci rozhraní, jehož inicializace se nezdařila, lze použít řetězec E2F8DA8A122A.
Je reprezentován adresou MAC tohoto rozhraní nebo globálně jedinečným identifikátorem
(GUID), pokud nemohlo rozhraní NetBT získat adresu MAC podle identifikátoru GUID.
Pokud nebyla k dispozici adresa MAC ani identifikátor GUID, je řetězec reprezentován
názvem zařízení clusteru.

Error - 26.5.2014 10:25:27 | Computer Name = domme | Source = NetBT | ID = 4311
Description = Inicializace se nezdařila, protože ovladač zařízení nemohl být vytvořen.
K
identifikaci rozhraní, jehož inicializace se nezdařila, lze použít řetězec E2F8DA8A122A.
Je reprezentován adresou MAC tohoto rozhraní nebo globálně jedinečným identifikátorem
(GUID), pokud nemohlo rozhraní NetBT získat adresu MAC podle identifikátoru GUID.
Pokud nebyla k dispozici adresa MAC ani identifikátor GUID, je řetězec reprezentován
názvem zařízení clusteru.

Error - 26.5.2014 10:26:24 | Computer Name = domme | Source = Service Control Manager | ID = 7009
Description = Při čekání na připojení služby HP DS Service bylo dosaženo časového
limitu (30000 ms).

Error - 26.5.2014 10:26:24 | Computer Name = domme | Source = Service Control Manager | ID = 7000
Description = Služba HP DS Service neuspěla při spuštění v důsledku následující
chyby: %%1053

Error - 26.5.2014 10:26:56 | Computer Name = domme | Source = Service Control Manager | ID = 7009
Description = Při čekání na připojení služby Služba sdílení portů Net.Tcp bylo dosaženo
časového limitu (30000 ms).

Error - 26.5.2014 10:26:56 | Computer Name = domme | Source = Service Control Manager | ID = 7000
Description = Služba Služba sdílení portů Net.Tcp neuspěla při spuštění v důsledku
následující chyby: %%1053

Error - 26.5.2014 10:27:51 | Computer Name = domme | Source = Service Control Manager | ID = 7001
Description = Služba Adaptér naslouchání Net.Tcp závisí na službě Služba sdílení
portů Net.Tcp, která neuspěla při spuštění v důsledku následující chyby: %%1053


< End of report >

Re: Keylogger

Napsal: 22 črc 2014 14:07
od MeaAtFlyy
OTL

OTL logfile created on: 22.7.2014 11:42:45 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Drak\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,68 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 48,24% Memory free
7,36 Gb Paging File | 5,25 Gb Available in Paging File | 71,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 29,20 Gb Total Space | 0,58 Gb Free Space | 2,00% Space Free | Partition Type: NTFS
Drive D: | 349,54 Gb Total Space | 228,35 Gb Free Space | 65,33% Space Free | Partition Type: NTFS

Computer Name: DRAK-PC | User Name: Drak | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014.07.22 11:40:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Drak\Desktop\OTL.exe
PRC - [2014.07.15 11:24:50 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014.07.06 16:09:06 | 000,218,112 | ---- | M] () -- D:\razertra.exe
PRC - [2014.05.07 14:44:30 | 000,511,872 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2014.04.17 21:07:28 | 004,672,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Drak\AppData\Local\Akamai\netsession_win.exe
PRC - [2014.02.24 16:27:06 | 001,343,408 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2014.01.10 07:26:44 | 001,861,968 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2013.12.17 12:38:33 | 005,341,536 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2013.09.19 22:42:01 | 001,028,896 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013.09.19 22:34:46 | 002,155,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011.08.10 15:09:56 | 000,057,344 | ---- | M] (Atheros) -- C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe
PRC - [2010.10.27 14:02:58 | 000,013,824 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
PRC - [2010.05.05 16:56:06 | 000,251,392 | ---- | M] () -- D:\razerhid.exe
PRC - [2007.12.19 11:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- D:\razerofa.exe


========== Modules (No Company Name) ==========

MOD - [2014.07.15 11:24:48 | 000,353,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppgooglenaclpluginchrome.dll
MOD - [2014.07.15 11:24:44 | 008,537,928 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
MOD - [2014.07.15 11:24:38 | 000,718,664 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
MOD - [2014.07.15 11:24:36 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
MOD - [2014.07.15 11:24:35 | 001,732,936 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
MOD - [2014.07.06 16:09:06 | 000,218,112 | ---- | M] () -- D:\razertra.exe
MOD - [2014.01.10 07:28:18 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2014.01.10 07:26:44 | 001,861,968 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2013.10.16 02:48:05 | 000,013,088 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2010.05.05 16:56:06 | 000,251,392 | ---- | M] () -- D:\razerhid.exe


========== Services (SafeList) ==========

SRV:64bit: - [2014.06.19 02:24:12 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014.04.20 23:35:42 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014.04.20 23:35:26 | 000,109,048 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2014.02.24 16:27:06 | 001,343,408 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2013.09.19 22:54:06 | 014,997,280 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013.05.27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014.07.08 19:21:11 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.05.30 23:12:39 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.12.17 12:38:33 | 005,341,536 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2013.10.12 00:34:02 | 002,099,000 | ---- | M] (AVG) [Auto | Running] -- C:\Program Files (x86)\AVG PC TuneUp 2014\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2013.09.19 22:34:46 | 002,155,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.09.11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012.11.19 17:03:24 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.08.10 15:09:56 | 000,057,344 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent)
SRV - [2010.11.20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.11.20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010.11.20 14:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010.10.27 14:02:58 | 000,013,824 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe -- (HP DS Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014.05.17 09:06:44 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014.05.17 09:06:44 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014.05.17 09:06:44 | 000,085,328 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014.04.20 23:35:46 | 000,208,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014.04.20 23:35:46 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014.04.20 23:35:46 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014.04.20 23:35:46 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014.04.20 23:35:45 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014.04.20 23:35:32 | 000,028,184 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2013.12.28 10:09:37 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013.10.16 02:48:05 | 000,032,544 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2013.09.17 14:17:38 | 000,239,320 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2013.09.17 14:17:38 | 000,220,232 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2013.09.17 14:17:38 | 000,168,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2013.09.17 14:17:38 | 000,062,136 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2013.09.17 14:17:38 | 000,044,120 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2013.09.13 07:50:04 | 000,033,464 | ---- | M] (Razer Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rzdaendpt.sys -- (rzdaendpt)
DRV:64bit: - [2013.09.13 07:50:00 | 000,030,904 | ---- | M] (Razer Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rzvkeyboard.sys -- (rzvkeyboard)
DRV:64bit: - [2013.09.13 07:49:50 | 000,142,008 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
DRV:64bit: - [2013.08.20 15:33:40 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013.03.07 10:49:18 | 000,017,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2013.03.07 10:49:18 | 000,009,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.10 22:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.08.05 16:33:48 | 002,768,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.03.23 16:37:34 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\danew.sys -- (danewFltr)
DRV:64bit: - [2009.12.21 21:50:00 | 000,007,552 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vHidDev.sys -- (vhidmini)
DRV:64bit: - [2009.12.10 19:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.09.21 01:43:52 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_mdm.sys -- (ss_mdm)
DRV:64bit: - [2009.09.21 01:43:52 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bus.sys -- (ss_bus)
DRV:64bit: - [2009.09.21 01:43:52 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV:64bit: - [2009.09.17 19:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.09.16 09:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013.09.18 11:14:34 | 000,014,112 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG PC TuneUp 2014\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2013.03.07 10:49:20 | 000,013,896 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2013.03.07 10:49:20 | 000,009,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2C 5B 6B 7E 90 A5 CF 01 [binary data]
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE11SR
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2C 5B 6B 7E 90 A5 CF 01 [binary data]
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE11SR
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-81993594-2078596248-339905091-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.findwide.com/?guid={706DE ... }&serpv=22
IE - HKU\S-1-5-21-81993594-2078596248-339905091-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?gd=&ctid=CT3 ... 7851&SSPV=
IE - HKU\S-1-5-21-81993594-2078596248-339905091-1000\..\SearchScopes,DefaultScope = {B6603FCC-91E3-43D6-AE79-E137B4D6BD05}
IE - HKU\S-1-5-21-81993594-2078596248-339905091-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE11SR
IE - HKU\S-1-5-21-81993594-2078596248-339905091-1000\..\SearchScopes\{B6603FCC-91E3-43D6-AE79-E137B4D6BD05}: "URL" = http://search.findwide.com/serp?guid={7 ... earchTerms}
IE - HKU\S-1-5-21-81993594-2078596248-339905091-1000\..\SearchScopes\{CF9CD79E-31C3-4B76-80AF-138B9B1CD9E0}: "URL" = http://search.yahoo.com/search?p={searc ... type=10809
IE - HKU\S-1-5-21-81993594-2078596248-339905091-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-81993594-2078596248-339905091-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npnxgameEU.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Drak\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tnt2ghost.com/Plugin: C:\Users\Drak\AppData\Local\TNT2\2.0.0.1702\npTNT2ghost.dll File not found
FF - HKCU\Software\MozillaPlugins\@tnt2npapi.com/Plugin: C:\Users\Drak\AppData\Local\TNT2\2.0.0.1702\npTNT2.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Drak\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Drak\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2014.07.06 15:28:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014.07.06 15:28:41 | 000,000,000 | ---D | M]

[2014.05.19 18:56:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Drak\AppData\Roaming\Mozilla\Extensions
[2014.05.19 19:04:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Drak\AppData\Roaming\Mozilla\Firefox\Profiles\3awxiqb6.default\extensions
[2014.05.30 23:12:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014.05.30 23:12:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://search.conduit.com/?gd=&ctid=CT3 ... 7851&SSPV=
CHR - plugin: Error reading preferences file
CHR - Extension: uTorrentControl_v6 = C:\Users\Drak\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\
CHR - Extension: uTorrentControl_v6 = C:\Users\Drak\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\nativeMessaging\nmHost
CHR - Extension: Peněženka Google = C:\Users\Drak\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {AD4F3CE2-762A-4084-8C9A-7B2ED7A01173} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {AD4F3CE2-762A-4084-8C9A-7B2ED7A01173} - No CLSID value found.
O3:HKU - HKU\S-1-5-21-81993594-2078596248-339905091-1000\..\Toolbar\WebBrowser: (FindWide Toolbar) - {AD4F3CE2-762A-4084-8C9A-7B2ED7A01173} - C:\Program Files (x86)\TNT2\Profiles\10809\passport.dll (Findwide)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui File not found
O4 - HKLM..\Run: [DeathAdder] D:\razerhid.exe ()
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-81993594-2078596248-339905091-1000..\Run: [Akamai NetSession Interface] C:\Users\Drak\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-81993594-2078596248-339905091-1000..\Run: [ConduitFloatingPlugin_cflheckfmhopnialghigdlggahiomebp] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Drak\AppData\Local\Temp\CT3289075\plugins\TBVerifier.dll",RunConduitFloatingPlugin cflheckfmhopnialghigdlggahiomebp File not found
O4 - HKU\S-1-5-21-81993594-2078596248-339905091-1000..\Run: [Facebook Update] C:\Users\Drak\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-81993594-2078596248-339905091-1000..\Run: [Google+ Auto Backup] C:\Users\Drak\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe (Google Inc.)
O4 - HKU\S-1-5-21-81993594-2078596248-339905091-1000..\Run: [Steam] D:\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-81993594-2078596248-339905091-1002..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-81993594-2078596248-339905091-1002..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-81993594-2078596248-339905091-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CCCE1356-470C-44FE-9B34-73C6C69BAD4E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (Client Connect LTD)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Client Connect LTD)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7d0e70f3-6e00-11e3-99fc-c3f340b784b8}\Shell - "" = AutoRun
O33 - MountPoints2\{7d0e70f3-6e00-11e3-99fc-c3f340b784b8}\Shell\AutoRun\command - "" = F:\setup\rsrc\Autorun.exe
O33 - MountPoints2\{7d0e70f3-6e00-11e3-99fc-c3f340b784b8}\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (bluescrn.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.ac3acm - ac3acm.acm (fccHandler)
Drivers32:64bit: msacm.bdmpeg - bdmpega64.acm ()
Drivers32:64bit: msacm.l3acm - l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.l3codecp - l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FFDS - ff_vfw.dll ()
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: VIDC.LAGS - lagarith.dll ( )
Drivers32:64bit: vidc.mjpg - bdmjpeg64.dll ()
Drivers32:64bit: vidc.mpeg - bdmpegv64.dll ()
Drivers32:64bit: VIDC.X264 - x264vfw64.dll (x264vfw project)
Drivers32:64bit: VIDC.XVID - xvidvfw.dll ()
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.bdmpeg - C:\Windows\SysWow64\bdmpega.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.LAGS - C:\Windows\SysWow64\lagarith.dll ( )
Drivers32: vidc.mjpg - C:\Windows\SysWow64\bdmjpeg.dll ()
Drivers32: vidc.mpeg - C:\Windows\SysWow64\bdmpegv.dll ()
Drivers32: VIDC.X264 - C:\Windows\SysWow64\x264vfw.dll (x264vfw project)
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2014.07.22 11:41:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Drak\Desktop\OTL.exe
[2014.07.22 10:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014.07.22 10:17:39 | 000,000,000 | ---D | C] -- C:\rsit
[2014.07.17 18:16:37 | 000,000,000 | ---D | C] -- C:\Users\Drak\Desktop\Nová složka
[2014.07.10 11:01:16 | 000,519,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014.07.10 11:01:14 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014.07.10 11:01:01 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\osk.exe
[2014.07.10 11:01:01 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\osk.exe
[2014.07.10 11:00:59 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014.07.10 11:00:59 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014.07.10 11:00:56 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2014.07.10 11:00:47 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014.07.10 11:00:47 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014.07.10 11:00:47 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014.07.10 11:00:47 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014.07.10 11:00:47 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014.07.10 11:00:46 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014.07.10 11:00:46 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014.07.10 11:00:46 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014.07.10 11:00:45 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014.07.10 11:00:45 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014.07.10 11:00:45 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014.07.10 11:00:44 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014.07.10 11:00:44 | 000,608,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014.07.10 11:00:44 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014.07.10 11:00:44 | 000,442,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014.07.10 11:00:44 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014.07.10 11:00:44 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014.07.10 11:00:43 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014.07.10 11:00:43 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014.07.10 11:00:43 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014.07.10 11:00:42 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014.07.10 11:00:42 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014.07.10 11:00:42 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014.07.10 11:00:41 | 000,598,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014.07.10 11:00:41 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014.07.10 11:00:40 | 005,721,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014.07.10 11:00:40 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014.07.10 11:00:40 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014.07.10 11:00:40 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014.07.10 11:00:40 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014.07.10 11:00:40 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014.07.10 11:00:39 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014.07.10 11:00:39 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014.07.10 11:00:39 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014.07.10 11:00:38 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014.07.10 10:58:32 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014.07.07 22:18:28 | 000,000,000 | ---D | C] -- C:\Users\Drak\Documents\CSM
[2014.07.07 20:22:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Czech Soccer Manager
[2014.07.06 18:22:54 | 000,000,000 | ---D | C] -- C:\Users\Drak\Desktop\SwitchBot in CZ
[2014.07.06 15:30:23 | 000,000,000 | ---D | C] -- C:\Users\Drak\AppData\Roaming\ESET
[2014.07.06 15:29:47 | 000,000,000 | ---D | C] -- C:\Users\Drak\AppData\Local\ESET
[2014.07.06 15:28:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2014.07.06 15:28:40 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2014.07.06 15:28:40 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014.07.22 11:45:36 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014.07.22 11:43:45 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.07.22 11:43:45 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.07.22 11:40:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Drak\Desktop\OTL.exe
[2014.07.22 11:40:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-81993594-2078596248-339905091-1000UA.job
[2014.07.22 11:34:14 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.07.22 11:32:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.07.22 11:32:44 | 2962,255,872 | -HS- | M] () -- C:\hiberfil.sys
[2014.07.22 11:20:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.07.22 11:18:13 | 000,000,958 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-81993594-2078596248-339905091-1000UA.job
[2014.07.22 10:52:00 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.07.21 14:40:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-81993594-2078596248-339905091-1000Core.job
[2014.07.21 14:18:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-81993594-2078596248-339905091-1000Core.job
[2014.07.21 11:54:07 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\DLL-Files FixerASKUSER.job
[2014.07.20 22:44:30 | 000,008,574 | ---- | M] () -- C:\Users\Drak\Desktop\10313507_813096358711709_4211746307730525016_n.jpg
[2014.07.20 21:19:24 | 000,630,733 | ---- | M] () -- C:\Users\Drak\Desktop\lacinka.png
[2014.07.19 09:55:03 | 000,000,290 | ---- | M] () -- C:\Windows\tasks\DLL-Files.Com Fixer_Updates.job
[2014.07.18 23:06:47 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014.07.18 11:05:21 | 005,052,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014.07.09 09:55:52 | 000,000,274 | ---- | M] () -- C:\Windows\tasks\DLL-Files.Com Fixer_MONTHLY.job
[2014.07.08 19:21:09 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014.07.08 19:21:09 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014.07.07 20:22:01 | 000,000,461 | ---- | M] () -- C:\Users\Public\Desktop\Czech Soccer Manager.lnk
[2014.06.30 04:09:33 | 000,519,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014.06.30 04:04:49 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014.06.29 16:36:27 | 001,039,214 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2014.06.29 16:36:27 | 000,822,392 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.06.29 16:36:27 | 000,276,226 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2014.06.29 16:36:27 | 000,237,898 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.06.29 16:36:27 | 000,007,178 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014.07.22 11:45:36 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014.07.20 22:44:30 | 000,008,574 | ---- | C] () -- C:\Users\Drak\Desktop\10313507_813096358711709_4211746307730525016_n.jpg
[2014.07.20 21:19:24 | 000,630,733 | ---- | C] () -- C:\Users\Drak\Desktop\lacinka.png
[2014.07.07 20:22:01 | 000,000,461 | ---- | C] () -- C:\Users\Public\Desktop\Czech Soccer Manager.lnk
[2014.04.20 23:42:47 | 001,180,099 | ---- | C] () -- C:\Windows\unins001.exe
[2014.04.20 23:42:47 | 000,001,229 | ---- | C] () -- C:\Windows\unins001.dat
[2014.01.25 13:23:32 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\UimExt.dll
[2014.01.10 20:51:17 | 000,000,173 | ---- | C] () -- C:\Windows\Readiris.ini
[2013.12.28 10:29:31 | 002,499,656 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2013.12.28 10:29:31 | 000,087,112 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2013.12.28 10:29:31 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2013.12.28 10:29:31 | 000,013,896 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2013.12.28 10:29:31 | 000,009,160 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2013.12.03 11:30:02 | 000,251,144 | ---- | C] () -- C:\Windows\SysWow64\prgiso.dll
[2013.11.23 20:53:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2013.10.30 16:02:38 | 000,003,584 | ---- | C] () -- C:\Users\Drak\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.10.21 21:43:38 | 000,007,374 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.10.21 16:01:52 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2013.10.21 16:01:51 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013.10.21 16:01:51 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013.10.21 16:01:51 | 000,217,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013.10.21 16:01:49 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013.08.05 08:15:08 | 000,066,104 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2013.08.05 08:15:06 | 000,023,080 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014.03.25 04:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.03.25 04:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014.03.12 20:46:09 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\.minecraft
[2014.03.29 10:23:00 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\AVAST Software
[2014.04.09 16:27:48 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\AVG
[2013.10.30 16:19:14 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\BANDISOFT
[2013.12.27 00:38:37 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\dll-files.com
[2014.03.29 10:05:55 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\Dropbox
[2014.03.29 10:05:53 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\DropboxMaster
[2014.07.06 15:30:23 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\ESET
[2013.10.22 21:57:58 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\IObit
[2014.02.22 11:44:42 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\newnext.me
[2014.04.09 16:25:02 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\OpenCandy
[2013.10.30 13:12:17 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\Publish Providers
[2014.03.02 22:42:26 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\Quadcore Games
[2014.04.13 17:26:46 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\Razer
[2013.11.02 11:54:13 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\Solveig Multimedia
[2014.03.03 10:49:13 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\TS3Client
[2013.11.24 17:40:25 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\Tunngle
[2014.05.09 09:36:19 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\Ubisoft
[2014.04.19 21:58:06 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\uTorrent

========== Purity Check ==========



========== Custom Scans ==========

< >
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,024,954 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013.10.21 15:49:05 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013.10.21 15:50:57 | 000,000,944 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013.10.21 15:50:58 | 000,000,948 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013.12.27 00:38:45 | 000,000,274 | ---- | C] () -- C:\Windows\Tasks\DLL-Files.Com Fixer_MONTHLY.job
[2013.12.27 00:38:46 | 000,000,290 | ---- | C] () -- C:\Windows\Tasks\DLL-Files.Com Fixer_Updates.job
[2014.03.03 10:54:34 | 000,000,282 | ---- | C] () -- C:\Windows\Tasks\DLL-Files FixerASKUSER.job
[2014.03.04 15:35:21 | 000,000,902 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-81993594-2078596248-339905091-1000Core.job
[2014.03.04 15:35:24 | 000,000,924 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-81993594-2078596248-339905091-1000UA.job
[2014.06.15 09:58:47 | 000,000,906 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-81993594-2078596248-339905091-1000Core.job
[2014.06.15 09:58:55 | 000,000,958 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-81993594-2078596248-339905091-1000UA.job

< >

< MD5 for: AGP440.SYS >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010.11.20 15:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010.11.20 15:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2010.11.20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010.11.20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2010.11.20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010.11.20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010.11.20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2012.06.02 06:52:32 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=063DD65889D21035311463337BD268E7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_788c7cc71232cc19\cryptsvc.dll
[2010.11.20 15:25:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[2013.05.10 06:49:59 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=33ADF6E0853AB39EA1723BE82842C1D3 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_77d7a417f9359661\cryptsvc.dll
[2013.05.13 06:45:55 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=3897DFF247D9ED0006190349DE264E14 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_77d8a461f934afb8\cryptsvc.dll
[2013.07.09 16:47:30 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=434CCE8E7150CD1324C5FAA088D1D061 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_d45f6e88cac8f85b\cryptsvc.dll
[2013.10.05 04:25:30 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=509D31797A4B8A3D6ED78A330B19A919 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_d46d4138cabe2596\cryptsvc.dll
[2013.07.09 07:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=6B400F211BEE880A37A1ED0368776BF4 -- C:\Windows\SysNative\cryptsvc.dll
[2013.07.09 07:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=6B400F211BEE880A37A1ED0368776BF4 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_d431528fb165f7bc\cryptsvc.dll
[2013.07.09 15:57:37 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=6DB499DEFCC827317C5371164A7CDB27 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_7840d305126b8725\cryptsvc.dll
[2013.07.09 06:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=7CA1BECEA5DE2643ADDAD32670E7A4C9 -- C:\Windows\SysWOW64\cryptsvc.dll
[2013.07.09 06:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=7CA1BECEA5DE2643ADDAD32670E7A4C9 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_7812b70bf9088686\cryptsvc.dll
[2012.06.04 09:52:35 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=7E7D2DACF65D750D466F36BD3D09AE20 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_d4ab184aca903d4f\cryptsvc.dll
[2013.05.10 07:49:28 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=7FDC4626B01106A8EF328C88C7C0DEE3 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_d3f63f9bb1930797\cryptsvc.dll
[2013.05.11 07:18:23 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=8122252F0A4ACFA92FA0C1D50D18493B -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_d4a24ea4ca968363\cryptsvc.dll
[2012.06.02 06:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=96C0E38905CFD788313BE8E11DAE3F2F -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_77ddc9e5f93000db\cryptsvc.dll
[2012.06.02 07:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=9C01375BE382E834CC26D1B7EAF2C4FE -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_d3fc6569b18d7211\cryptsvc.dll
[2010.11.20 14:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2013.05.11 06:59:05 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=AC04D05309BB2C418D0D80B9FB014642 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_7883b3211239122d\cryptsvc.dll
[2013.05.10 07:18:53 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=CA13C4F92BEE66DB48E58AB3223DDF6E -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_d4a14e5aca976a0c\cryptsvc.dll
[2013.05.13 07:51:01 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=D8129C49798CBBFB2E4351D4B7B8EF9C -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_d3f73fe5b19220ee\cryptsvc.dll
[2013.05.10 07:06:21 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=E122AA1C9A3CC46FF9DDDE46E5EB0C58 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_7882b2d71239f8d6\cryptsvc.dll
[2013.10.05 03:52:03 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=F2D9242C3BBD1C36467FCAE1AE01733F -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_784ea5b51260b460\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: HAL.DLL >
[2010.11.20 15:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\SysNative\hal.dll
[2010.11.20 15:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll

< MD5 for: IASTORV.SYS >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

< MD5 for: ISAPNP.SYS >

Re: Keylogger

Napsal: 22 črc 2014 14:07
od MeaAtFlyy
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\drivers\isapnp.sys
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\isapnp.sys
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\isapnp.sys

< MD5 for: LSASS.EXE >
[2014.05.30 10:00:12 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=04F6C08B30C599D301CE8530A6F6A703 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22705_none_0505e8508c7f766f\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
[2011.11.17 08:20:34 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0A10B74FBB437FF9A23F1D5DE4446A83 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe
[2014.04.12 04:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=204F3F58212B3E422C90BD9691A2DF28 -- C:\Windows\SysNative\lsass.exe
[2014.04.12 04:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=204F3F58212B3E422C90BD9691A2DF28 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18443_none_044f07757384196d\lsass.exe
[2014.04.12 04:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=204F3F58212B3E422C90BD9691A2DF28 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18496_none_041bf8b773a9f127\lsass.exe
[2013.09.25 03:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=4D71227301DD8D09097B9E4CC6527E5A -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18270_none_042b9307739f26ed\lsass.exe
[2014.04.12 04:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22653_none_04cdd63a8ca9d24f\lsass.exe
[2014.04.12 04:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22712_none_04f817868c8a465b\lsass.exe
[2011.11.17 08:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe
[2013.09.25 03:08:17 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=F021DAFB1F87616FCEBA159C2ED7042F -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22465_none_04c503168cb026a0\lsass.exe
[2014.05.30 10:07:57 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=F23812F9F7B130854E4BC0389F7C688C -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18489_none_0429c981739f213b\lsass.exe

< MD5 for: NDIS.SYS >
[2012.08.22 20:06:07 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=5E74508FCB5820B29EEAFE24E6035BCF -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.22097_none_06232d534c0a8d67\ndis.sys
[2012.08.22 20:12:40 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=760E38053BF56E501D562B70AD796B88 -- C:\Windows\SysNative\drivers\ndis.sys
[2012.08.22 20:12:40 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=760E38053BF56E501D562B70AD796B88 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_05dc9a6832ba428a\ndis.sys
[2010.11.20 15:33:45 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys

< MD5 for: NETLOGON.DLL >
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

< MD5 for: NVRAID.SYS >
[2011.03.11 08:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\Windows\SysNative\drivers\nvraid.sys
[2011.03.11 08:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvraid.sys
[2011.03.11 08:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvraid.sys
[2010.11.20 15:33:48 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=5D9FD91F3D38DC9DA01E3CB5FA89CD48 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvraid.sys
[2010.11.20 15:33:48 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=5D9FD91F3D38DC9DA01E3CB5FA89CD48 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvraid.sys
[2011.03.11 08:19:21 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=666CA16F17914C1CD3616CF16DE0A6EA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SMSS.EXE >
[2009.07.14 03:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe
[2014.04.12 04:31:44 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=3442A918386D4716D74C661543151746 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22653_none_0abdf375491039d3\smss.exe
[2013.03.19 04:57:17 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=498E2A20E145199709CD100CDBA8603D -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22280_none_0a9a7b3b492b4d05\smss.exe
[2013.08.29 03:04:30 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=B2B31D4C79EFD883097FA24D02E79C12 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22436_none_0ad6905f48fd53a8\smss.exe
[2013.08.02 07:06:34 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=CB5DA3E44456D1084BCD87F5B1B3152B -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22411_none_0ae72ec548f19d13\smss.exe
[2013.03.19 05:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=F0371DE302FFFF8F086661611BE60848 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18113_none_0a5f8ec22fd235a9\smss.exe
[2013.08.02 02:59:09 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=F0970A4BC8395659C22BF53D0FADF16F -- C:\Windows\SysNative\smss.exe
[2013.08.02 02:59:09 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=F0970A4BC8395659C22BF53D0FADF16F -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18229_none_0a5ac2782fd4e6cb\smss.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2014.04.05 04:47:20 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=04ADD18EE5CC9FBEDAEC1DD1CD0CB45E -- C:\Windows\SysNative\drivers\tcpip.sys
[2014.04.05 04:47:20 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=04ADD18EE5CC9FBEDAEC1DD1CD0CB45E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18438_none_113260637d1284ef\tcpip.sys
[2012.10.03 19:56:54 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[2013.09.08 04:30:37 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_1118bb977d265d27\tcpip.sys
[2014.04.05 04:37:43 | 001,897,408 | ---- | M] (Microsoft Corporation) MD5=4F80944B03112F486212DC20BE166079 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22648_none_11b12f2896383dd1\tcpip.sys
[2010.11.20 15:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2013.09.07 04:27:48 | 001,896,896 | ---- | M] (Microsoft Corporation) MD5=75F9106B74585D38C8FF6BB5CAD262D7 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_11ad2a34963bde27\tcpip.sys
[2012.10.03 19:44:29 | 001,902,472 | ---- | M] (Microsoft Corporation) MD5=D5707FC2300AA5B04B7BFE86D40C0133 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys
[2013.11.26 13:34:34 | 001,897,408 | ---- | M] (Microsoft Corporation) MD5=F55B41AA6114568AC558ADBABDA85620 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22525_none_11c3cc3c962abcc3\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2014.03.04 13:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014.03.04 11:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\SysNative\winlogon.exe
[2014.03.04 11:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe

< MD5 for: WS2_32.DLL >
[2010.11.20 15:27:29 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- C:\Windows\SysNative\ws2_32.dll
[2010.11.20 15:27:29 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_50ddb631e4f59005\ws2_32.dll
[2010.11.20 14:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\SysWOW64\ws2_32.dll
[2010.11.20 14:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[7 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[9 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[141 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[5 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2014.03.12 20:46:09 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\.minecraft
[2014.01.12 01:48:09 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\Adobe
[2014.03.29 10:23:00 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\AVAST Software
[2014.04.09 16:27:48 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\AVG
[2013.10.30 16:19:14 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\BANDISOFT
[2014.04.14 21:01:48 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\DivX
[2013.12.27 00:38:37 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\dll-files.com
[2014.03.29 10:05:55 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\Dropbox
[2014.03.29 10:05:53 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\DropboxMaster
[2014.07.06 15:30:23 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\ESET
[2013.10.21 15:03:09 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\Identities
[2013.10.21 15:38:44 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\InstallShield
[2013.10.22 21:57:58 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\IObit
[2013.10.21 15:49:13 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\Macromedia
[2009.07.14 17:36:38 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\Media Center Programs
[2014.04.13 11:17:54 | 000,000,000 | --SD | M] -- C:\Users\Drak\AppData\Roaming\Microsoft
[2014.04.13 11:16:03 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\Microsoft Game Studios
[2014.05.19 18:56:02 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\Mozilla
[2014.02.22 11:44:42 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\newnext.me
[2013.10.30 13:12:25 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\NVIDIA
[2014.04.09 16:25:02 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\OpenCandy
[2013.10.30 13:12:17 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\Publish Providers
[2014.03.02 22:42:26 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\Quadcore Games
[2014.04.13 17:26:46 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\Razer
[2014.07.22 11:35:02 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\Skype
[2013.11.02 11:54:13 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\Solveig Multimedia
[2014.03.03 10:49:13 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\TS3Client
[2013.11.24 17:40:25 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\Tunngle
[2014.05.09 09:36:19 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\Ubisoft
[2014.04.19 21:58:06 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\uTorrent
[2013.10.21 15:58:11 | 000,000,000 | ---D | M] -- C:\Users\Drak\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2014.03.19 14:17:02 | 032,667,896 | ---- | M] (Dropbox, Inc.) -- C:\Users\Drak\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2014.03.19 14:18:14 | 000,244,648 | ---- | M] (Dropbox, Inc.) -- C:\Users\Drak\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
[2014.03.19 14:17:06 | 000,143,616 | ---- | M] (Dropbox, Inc.) -- C:\Users\Drak\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2013.10.24 20:24:08 | 032,794,024 | ---- | M] (AVG) -- C:\Users\Drak\AppData\Roaming\OpenCandy\7EA67E3776D14E6CA661CFB6745078AF\avg_tuht_stf_cs_2014_206_CZ.exe
[2014.03.02 22:31:29 | 001,307,736 | ---- | M] (BitTorrent Inc.) -- C:\Users\Drak\AppData\Roaming\uTorrent\uTorrent.exe
[2014.03.02 22:31:29 | 001,307,736 | ---- | M] (BitTorrent Inc.) -- C:\Users\Drak\AppData\Roaming\uTorrent\updates\3.3.2_30488.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"ConduitFloatingPlugin_cflheckfmhopnialghigdlggahiomebp" = "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Drak\AppData\Local\Temp\CT3289075\plugins\TBVerifier.dll",RunConduitFloatingPlugin cflheckfmhopnialghigdlggahiomebp -- [2009.07.14 03:14:31 | 000,044,544 | ---- | M] (Microsoft Corporation)
"Akamai NetSession Interface" = "C:\Users\Drak\AppData\Local\Akamai\netsession_win.exe" -- [2014.04.17 21:07:28 | 004,672,920 | ---- | M] (Akamai Technologies, Inc.)
"Facebook Update" = "C:\Users\Drak\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver -- [2014.03.04 15:35:06 | 000,138,096 | ---- | M] (Facebook Inc.)
"Skype" = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun -- [2014.05.08 11:25:40 | 021,446,272 | R--- | M] (Skype Technologies S.A.)
"Steam" = "D:\Steam\Steam.exe" -silent -- [2014.05.29 19:36:48 | 001,754,816 | ---- | M] (Valve Corporation)
"Google Update" = "C:\Users\Drak\AppData\Local\Google\Update\GoogleUpdate.exe" /c -- [2014.06.15 09:58:31 | 000,116,648 | ---- | M] (Google Inc.)
"Google+ Auto Backup" = "C:\Users\Drak\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart -- [2014.06.06 12:25:56 | 003,701,064 | ---- | M] (Google Inc.)

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< >

< type c:\boot.ini >> test.txt /c >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014.07.22 11:45:36 | 000,000,512 | ---- | M] () MD5=740A5172000462ED7FED6D8DC86648E4 -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2014.03.29 09:08:20 | 142,568,098 | ---- | M] () -- \Users\Drak\Downloads\Avast-Premier-Antivirus-8.0.1482--Full-CRACK-do-roku-2050.rar

< *keygen* /s >

< *AntiWPA* /s >

< *loader* /s >
[2014.04.19 21:45:36 | 000,057,344 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006.10.26 13:40:34 | 000,005,120 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2014.03.08 11:27:32 | 000,002,545 | ---- | M] () -- \Program Files (x86)\Mobogenie\templates\web\images\prettyPhoto\dark_rounded\loader.gif
[2014.03.08 11:27:33 | 000,002,545 | ---- | M] () -- \Program Files (x86)\Mobogenie\templates\web\images\prettyPhoto\dark_square\loader.gif
[2014.03.08 11:27:33 | 000,006,331 | ---- | M] () -- \Program Files (x86)\Mobogenie\templates\web\images\prettyPhoto\default\loader.gif
[2014.03.08 11:27:33 | 000,002,545 | ---- | M] () -- \Program Files (x86)\Mobogenie\templates\web\images\prettyPhoto\facebook\loader.gif
[2014.03.08 11:27:33 | 000,002,545 | ---- | M] () -- \Program Files (x86)\Mobogenie\templates\web\images\prettyPhoto\light_rounded\loader.gif
[2014.03.08 11:27:33 | 000,002,545 | ---- | M] () -- \Program Files (x86)\Mobogenie\templates\web\images\prettyPhoto\light_square\loader.gif
[2013.09.19 22:38:04 | 001,177,888 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\ExtensionLoader.dll
[2013.07.25 03:43:28 | 000,065,344 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2013.07.25 03:43:30 | 000,067,904 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader64.dll
[2013.07.25 03:43:12 | 000,073,024 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader.dll
[2013.07.25 03:43:12 | 000,080,704 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader64.dll
[2014.06.26 11:30:04 | 000,182,080 | ---- | M] () -- \Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
[2014.06.26 11:30:04 | 000,220,992 | ---- | M] () -- \Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
[2013.09.19 22:38:04 | 001,177,888 | ---- | M] () -- \Program Files\NVIDIA Corporation\Installer2\Display.GFExperience.{9B086AC3-0179-4AAF-B977-165C2AD508DC}\ExtensionLoader.dll
[2013.11.24 21:05:00 | 000,001,963 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader\EZDownloader.lnk
[2013.11.24 21:05:00 | 000,001,963 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\EZDownloader\EZDownloader.lnk
[2014.06.15 21:12:30 | 000,050,849 | ---- | M] () -- \Users\Drak\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\js\chromeBackstageLoader.js
[2014.06.15 21:12:30 | 000,003,090 | ---- | M] () -- \Users\Drak\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\js\pluginLoader.js
[2014.06.15 21:12:28 | 000,000,847 | ---- | M] () -- \Users\Drak\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ac\img\ajax-loader.gif
[2014.06.15 21:12:28 | 000,001,135 | ---- | M] () -- \Users\Drak\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ac\img\loader-icon.png
[2014.06.15 21:12:27 | 000,003,208 | ---- | M] () -- \Users\Drak\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\tb\al\ui\gf\img\loader.gif
[2014.03.08 11:27:32 | 000,002,545 | ---- | M] () -- \Users\Drak\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\dark_rounded\loader.gif
[2014.03.08 11:27:33 | 000,002,545 | ---- | M] () -- \Users\Drak\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\dark_square\loader.gif
[2014.03.08 11:27:33 | 000,006,331 | ---- | M] () -- \Users\Drak\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\default\loader.gif
[2014.03.08 11:27:33 | 000,002,545 | ---- | M] () -- \Users\Drak\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\facebook\loader.gif
[2014.03.08 11:27:33 | 000,002,545 | ---- | M] () -- \Users\Drak\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\light_rounded\loader.gif
[2014.03.08 11:27:33 | 000,002,545 | ---- | M] () -- \Users\Drak\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\light_square\loader.gif
[2014.07.06 16:22:10 | 003,215,360 | ---- | M] () -- \Users\Drak\AppData\Local\Programs\Google\Google+ Auto Backup\gpuploader_i18n.dll
[2014.06.06 12:13:32 | 000,000,972 | ---- | M] () -- \Users\Drak\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_about.fen
[2014.06.06 12:13:32 | 000,000,686 | ---- | M] () -- \Users\Drak\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_advoptions.fen
[2014.06.06 12:13:32 | 000,000,770 | ---- | M] () -- \Users\Drak\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_debug.fen
[2014.06.06 12:13:32 | 000,000,706 | ---- | M] () -- \Users\Drak\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_download.fen
[2014.06.06 12:13:32 | 000,000,676 | ---- | M] () -- \Users\Drak\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_file_errors.fen
[2014.06.06 12:13:32 | 000,000,620 | ---- | M] () -- \Users\Drak\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_manage_devices.fen
[2014.06.06 12:13:32 | 000,002,336 | ---- | M] () -- \Users\Drak\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_onboard.fen
[2014.06.06 12:13:32 | 000,001,386 | ---- | M] () -- \Users\Drak\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_options.fen
[2014.06.06 12:13:32 | 000,001,330 | ---- | M] () -- \Users\Drak\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_pinwheel_72.png
[2014.06.06 12:13:32 | 000,002,541 | ---- | M] () -- \Users\Drak\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_pinwheel_72x2.png
[2014.06.06 12:13:32 | 000,002,131 | ---- | M] () -- \Users\Drak\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_prefs.fen
[2014.06.06 12:13:32 | 000,000,934 | ---- | M] () -- \Users\Drak\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_quota_error1.fen
[2014.06.06 12:13:32 | 000,001,057 | ---- | M] () -- \Users\Drak\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_quota_error2.fen
[2014.06.06 12:13:32 | 000,001,116 | ---- | M] () -- \Users\Drak\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_quota_error_estimate.fen
[2014.06.06 12:13:32 | 000,002,181 | ---- | M] () -- \Users\Drak\AppData\Local\Programs\Google\Google+ Auto Backup\runtime\gpuploader_welcome.fen
[2014.02.18 18:46:42 | 000,072,638 | ---- | M] () -- \Users\Drak\AppData\Local\Skype\Apps\login\images\loader.gif
[2014.02.18 18:46:42 | 000,003,032 | ---- | M] () -- \Users\Drak\AppData\Local\Skype\Apps\login\images\loader.png
[2014.02.18 18:46:42 | 000,006,012 | ---- | M] () -- \Users\Drak\AppData\Local\Skype\Apps\login\images\normal\loader_15fps.gif
[2014.02.18 18:46:42 | 000,021,956 | ---- | M] () -- \Users\Drak\AppData\Local\Skype\Apps\login\images\normal\loader_30fps.gif
[2014.02.18 18:46:42 | 000,009,772 | ---- | M] () -- \Users\Drak\AppData\Local\Skype\Apps\login\images\retina\loader@2x.png
[2013.10.21 15:13:04 | 000,082,784 | ---- | M] () -- \Windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
[2010.07.01 20:09:54 | 002,202,645 | R--- | M] () -- \Windows\Setup\SCRIPTS\Windows7Loader.exe
[2011.02.05 15:09:31 | 000,005,745 | ---- | M] () -- \Windows\SoftwareDistribution\Download\d639f7376b627c8f37f9acbbf7c6234a\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66.manifest
[2011.02.05 15:04:44 | 000,005,745 | ---- | M] () -- \Windows\SoftwareDistribution\Download\d639f7376b627c8f37f9acbbf7c6234a\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20897_none_b79c80e49f7bc9f4.manifest
[2011.02.05 19:34:23 | 000,005,745 | ---- | M] () -- \Windows\SoftwareDistribution\Download\d639f7376b627c8f37f9acbbf7c6234a\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2011.02.05 15:09:57 | 000,005,745 | ---- | M] () -- \Windows\SoftwareDistribution\Download\d639f7376b627c8f37f9acbbf7c6234a\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e.manifest
[2011.02.05 15:09:50 | 000,005,799 | ---- | M] () -- \Windows\SoftwareDistribution\Download\d639f7376b627c8f37f9acbbf7c6234a\amd64_microsoft-windows-e..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_9c05f879842e1792.manifest
[2011.02.05 15:05:03 | 000,005,799 | ---- | M] () -- \Windows\SoftwareDistribution\Download\d639f7376b627c8f37f9acbbf7c6234a\amd64_microsoft-windows-e..vironment-os-loader_31bf3856ad364e35_6.1.7600.20897_none_9c6455949d6c2720.manifest
[2011.02.05 19:34:40 | 000,005,799 | ---- | M] () -- \Windows\SoftwareDistribution\Download\d639f7376b627c8f37f9acbbf7c6234a\amd64_microsoft-windows-e..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_9deb553581556a27.manifest
[2011.02.05 15:10:12 | 000,005,799 | ---- | M] () -- \Windows\SoftwareDistribution\Download\d639f7376b627c8f37f9acbbf7c6234a\amd64_microsoft-windows-e..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_9e73f1b69a73f09a.manifest
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2009.07.14 03:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009.07.14 03:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 04:12:19 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 07:39:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_69239340abbb38d0\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 08:20:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_695e76beab8ff095\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.29 04:18:31 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22436_none_694dd858ab9ba72a\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.03.04 13:03:17 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22616_none_69637bfcab8b6996\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.04.12 04:28:21 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_69353b6eabae8d55\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 17:17:49 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2009.07.14 17:17:49 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.efi.mui_35ee487d
[2009.07.14 17:17:49 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.exe.mui_3bc5b827
[2009.07.14 17:17:49 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.efi.mui_f412814e
[2009.07.14 17:17:49 | 000,030,288 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.exe.mui_ff8b5358
[2013.12.30 10:12:29 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2013.12.30 10:12:29 | 000,642,944 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.efi_75834aa0
[2013.12.30 10:12:29 | 000,605,552 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.exe_75835076
[2013.12.30 10:12:29 | 000,566,208 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.efi_85cd069f
[2013.12.30 10:12:29 | 000,518,672 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.exe_85cd1215
[2009.07.14 04:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 04:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2009.07.14 17:15:51 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2010.11.20 07:12:44 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89.manifest
[2011.02.05 19:34:23 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2011.02.05 15:09:57 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e.manifest
[2009.07.14 04:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:46:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_0d04f7bcf35dc79a\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 07:53:29 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_0d3fdb3af3327f5f\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.29 03:54:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22436_none_0d2f3cd4f33e35f4\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.03.04 12:35:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22616_none_0d44e078f32df860\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.04.12 04:03:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_0d169feaf3511c1f\api-ms-win-core-libraryloader-l1-1-0.dll

< *minodlogin* /s >

< *tnod* /s >

< *AutoKMS* /s >

< *activator* /s >
[2013.10.12 00:32:30 | 000,345,912 | ---- | M] () -- \Program Files (x86)\AVG PC TuneUp 2014\ProgramDeactivator.exe
[2013.10.12 00:34:04 | 000,123,192 | ---- | M] () -- \Program Files (x86)\AVG PC TuneUp 2014\TUAutoReactivator64.exe
[2009.09.25 14:00:00 | 000,003,006 | ---- | M] () -- \Program Files (x86)\AVG PC TuneUp 2014\data\deinstallation_programDeactivator_40x40.png
[2009.09.25 14:00:00 | 000,001,534 | ---- | M] () -- \Program Files (x86)\AVG PC TuneUp 2014\data\icon_ProgramDeactivator_16.png
[2009.09.25 14:00:00 | 000,004,191 | ---- | M] () -- \Program Files (x86)\AVG PC TuneUp 2014\data\icon_ProgramDeactivator_24x24.png
[2009.09.25 14:00:00 | 000,003,100 | ---- | M] () -- \Program Files (x86)\AVG PC TuneUp 2014\data\icon_ProgramDeactivator_32.png
[2009.09.25 14:00:00 | 000,006,373 | ---- | M] () -- \Program Files (x86)\AVG PC TuneUp 2014\data\icon_ProgramDeactivator_64.png

< *serial* /s >
[2014.02.13 23:57:42 | 000,434,368 | ---- | M] () -- \Program Files (x86)\Microsoft Silverlight\5.1.30214.0\System.Runtime.Serialization.dll
[2014.03.14 15:22:23 | 001,164,288 | ---- | M] () -- \Program Files (x86)\Microsoft Silverlight\5.1.30214.0\System.Runtime.Serialization.ni.dll
[2012.10.05 12:53:23 | 000,970,752 | ---- | M] () -- \Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2010.11.05 03:53:39 | 000,090,112 | ---- | M] () -- \Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[2014.02.14 00:30:04 | 000,434,368 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.1.30214.0\System.Runtime.Serialization.dll
[2014.03.14 15:23:03 | 001,546,240 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.1.30214.0\System.Runtime.Serialization.ni.dll
[2012.10.05 12:52:37 | 000,847,872 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2010.11.05 03:54:42 | 000,090,112 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[2014.07.21 18:44:13 | 002,158,592 | ---- | M] () -- \Users\Drak\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.sledujuserialy.cz_0.localstorage
[2014.07.21 18:44:13 | 000,005,672 | ---- | M] () -- \Users\Drak\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.sledujuserialy.cz_0.localstorage-journal
[2014.06.15 10:13:09 | 000,000,024 | ---- | M] () -- \Users\Drak\AppData\Local\Google\Picasa2\cache\cacheindex_serial.pmp
[2009.07.14 17:17:20 | 000,011,776 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.06.10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2010.11.13 04:02:06 | 000,090,112 | ---- | M] () -- \Windows\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
[2012.10.05 12:53:23 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2014.03.01 08:27:23 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\553e7bfc9cac5e4feaa83d8ee1e187bd\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.03.01 08:49:19 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f177ea74036d5fdc6c6b9c967dc877cf\System.Runtime.Serialization.ni.dll
[2014.03.01 08:30:39 | 000,396,288 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\8653acb87b4a219a84e4ce58df35e62a\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.03.01 08:53:13 | 003,073,536 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\b73fbf8a2db2192752ad2b13744a393b\System.Runtime.Serialization.ni.dll
[2014.03.14 15:35:32 | 000,309,760 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#\abb3fbf787b74b7d2513a8c409b5ef74\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.03.14 15:35:32 | 000,000,580 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#\abb3fbf787b74b7d2513a8c409b5ef74\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux
[2014.03.14 15:35:47 | 002,825,216 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
[2014.03.14 15:35:47 | 000,001,308 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll.aux
[2014.03.15 10:39:52 | 000,026,624 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.84e525b7#\94ce7a3b39b335283a0087f9964e9099\System.Xml.Serialization.ni.dll
[2014.03.15 10:39:52 | 000,000,376 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.84e525b7#\94ce7a3b39b335283a0087f9964e9099\System.Xml.Serialization.ni.dll.aux
[2014.03.14 19:56:11 | 000,376,832 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\3b1e2119f9cdfbc454bf08eb1ed9f023\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.03.14 19:56:11 | 000,000,580 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\3b1e2119f9cdfbc454bf08eb1ed9f023\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux
[2014.03.14 19:57:45 | 003,640,320 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runteb92aa12#\7e7ed14f2b9a7e3d94307462aa99f5b9\System.Runtime.Serialization.ni.dll
[2014.03.14 19:57:45 | 000,001,308 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runteb92aa12#\7e7ed14f2b9a7e3d94307462aa99f5b9\System.Runtime.Serialization.ni.dll.aux
[2014.03.14 20:00:25 | 000,028,672 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Xml.84e525b7#\7c4a5c747f2dcdac0329022b43a7be6b\System.Xml.Serialization.ni.dll
[2014.03.14 20:00:24 | 000,000,376 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Xml.84e525b7#\7c4a5c747f2dcdac0329022b43a7be6b\System.Xml.Serialization.ni.dll.aux
[2013.09.11 23:33:38 | 000,027,920 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\v4.0_4.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2013.09.11 23:33:38 | 000,133,344 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2013.09.11 22:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Json\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Json.dll
[2013.09.11 22:21:54 | 000,022,208 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Primitives.dll
[2013.09.11 23:33:38 | 000,113,864 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.RunTime.Serialization.resources\v4.0_4.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.resources.dll
[2013.09.11 22:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Xml\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Xml.dll
[2013.09.11 23:33:38 | 001,052,320 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2013.09.11 22:21:54 | 000,036,480 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
[2013.09.11 22:21:54 | 000,022,656 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.XmlSerializer\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Xml.XmlSerializer.dll
[2009.06.10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2010.11.05 03:53:33 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2012.10.05 12:53:24 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2013.09.11 23:33:38 | 001,052,320 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2013.09.11 23:33:38 | 000,133,344 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2013.09.11 22:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Json.dll
[2013.09.11 22:21:54 | 000,022,208 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Primitives.dll
[2013.09.11 22:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Xml.dll
[2013.09.11 22:21:54 | 000,036,480 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll
[2013.09.11 22:21:54 | 000,022,656 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.XmlSerializer.dll
[2013.09.11 23:33:38 | 000,027,920 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2013.09.11 23:33:38 | 000,113,864 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\cs\System.RunTime.Serialization.resources.dll
[2009.06.10 22:40:06 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2010.11.05 03:54:38 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2012.10.05 12:52:38 | 000,847,872 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2013.09.11 23:33:38 | 001,052,320 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.dll
[2013.09.11 23:33:38 | 000,133,344 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2013.09.11 22:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Json.dll
[2013.09.11 22:21:54 | 000,022,208 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Primitives.dll
[2013.09.11 22:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Xml.dll
[2013.09.11 22:21:54 | 000,036,480 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.Serialization.dll
[2013.09.11 22:21:54 | 000,022,656 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.XmlSerializer.dll
[2013.09.11 21:32:16 | 000,027,920 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2013.09.11 21:32:16 | 000,113,864 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\cs\System.RunTime.Serialization.resources.dll
[2011.02.05 15:10:43 | 000,002,766 | ---- | M] () -- \Windows\SoftwareDistribution\Download\d639f7376b627c8f37f9acbbf7c6234a\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16757_none_6dccf6b5c641c933.manifest
[2011.02.05 15:05:47 | 000,002,766 | ---- | M] () -- \Windows\SoftwareDistribution\Download\d639f7376b627c8f37f9acbbf7c6234a\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.20897_none_6e2b53d0df7fd8c1.manifest
[2011.02.05 19:35:45 | 000,002,766 | ---- | M] () -- \Windows\SoftwareDistribution\Download\d639f7376b627c8f37f9acbbf7c6234a\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8.manifest
[2011.02.05 15:11:05 | 000,002,766 | ---- | M] () -- \Windows\SoftwareDistribution\Download\d639f7376b627c8f37f9acbbf7c6234a\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.21655_none_703aeff2dc87a23b.manifest
[2009.07.14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2009.07.14 17:17:13 | 000,005,120 | ---- | M] () -- \Windows\System32\cs-CZ\serialui.dll.mui
[2009.07.14 02:00:40 | 000,094,208 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_amd64_neutral_fdcfb86ce78678d1\serial.sys
[2009.06.10 22:37:50 | 000,038,400 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_amd64_neutral_6fb75ea318f84fe5\grserial.sys
[2009.07.14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\SysWOW64\serialui.dll
[2009.07.14 17:17:13 | 000,005,120 | ---- | M] () -- \Windows\SysWOW64\cs-CZ\serialui.dll.mui
[2010.11.05 03:54:38 | 000,011,776 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_1e527062c1f59d5f\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2009.07.14 17:17:22 | 000,005,120 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_aa5fd338fd5bcb23\serialui.dll.mui
[2009.07.14 03:41:54 | 000,017,920 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360\serialui.dll
[2010.11.05 03:54:42 | 000,090,112 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_bb9a1800691e639c\System.RunTime.Serialization.Resources.dll
[2009.07.14 17:17:25 | 000,009,728 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_20ab142d65ed6acc\serial.sys.mui
[2009.07.14 02:00:40 | 000,094,208 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_548ca258d20f4ada\serial.sys
[2009.06.10 22:40:06 | 000,131,072 | ---- | M] () -- \Windows\winsxs\amd64_netfx-system.runtim..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_a9d1bee515273f56\System.Runtime.Serialization.Formatters.Soap.dll
[2009.06.10 22:37:50 | 000,038,400 | ---- | M] () -- \Windows\winsxs\amd64_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_ce9ed3064deed3aa\grserial.sys
[2010.11.05 03:52:16 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17514_none_5918bfde74e3f722\System.Runtime.Serialization.dll
[2012.10.05 12:52:38 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17966_none_591d933074dfaa5b\System.Runtime.Serialization.dll
[2012.10.06 12:56:09 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.22126_none_424bee728e8a9f53\System.Runtime.Serialization.dll
[2010.11.05 03:52:08 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_93efcca8c8dbf1bb\System.Runtime.Serialization.dll
[2012.10.05 12:52:37 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_93f49ffac8d7a4f4\System.Runtime.Serialization.dll
[2012.10.06 12:56:08 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_7d22fb3ce28299ec\System.Runtime.Serialization.dll
[2013.12.30 10:12:04 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8.manifest
[2013.12.30 10:12:04 | 000,017,792 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8_kdcom.dll_db5e7744
[2009.07.14 17:17:49 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_aa5fd338fd5bcb23_serialui.dll.mui_7d29d2a3
[2009.07.14 04:57:29 | 000,017,920 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360_serialui.dll_bea29328
[2009.07.14 17:17:47 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed_serialui.dll.mui_7d29d2a3
[2009.07.14 04:58:37 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a_serialui.dll_bea29328
[2009.07.14 04:15:17 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_6daa7ec5c65bf5bc.manifest
[2011.02.05 19:35:45 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8.manifest
[2011.02.05 15:11:05 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.21655_none_703aeff2dc87a23b.manifest
[2009.07.14 04:11:30 | 000,000,868 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.1.7600.16385_none_88b1c48f2026fe3f.manifest
[2010.11.20 07:21:24 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17514_none_5918bfde74e3f722.manifest
[2012.10.05 20:18:30 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17966_none_591d933074dfaa5b.manifest
[2012.10.05 20:10:31 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.22126_none_424bee728e8a9f53.manifest
[2010.11.20 07:22:10 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_93efcca8c8dbf1bb.manifest
[2012.10.05 20:19:07 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_93f49ffac8d7a4f4.manifest
[2012.10.05 20:11:10 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_7d22fb3ce28299ec.manifest
[2010.11.20 06:06:16 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c.manifest
[2012.10.05 19:15:39 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17966_none_a683f56a74d63285.manifest
[2012.10.05 19:17:50 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22126_none_8fb250ac8e81277d.manifest
[2009.07.14 17:16:38 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0.manifest
[2012.10.05 22:12:17 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17966_cs-cz_342f3c238422529f.manifest
[2012.10.05 21:59:28 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22126_cs-cz_1d5d97659dcd4797.manifest
[2010.11.20 06:05:38 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f.manifest
[2012.10.05 19:15:03 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17966_none_d6c72b049c7d33b8.manifest
[2012.10.05 19:17:15 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22126_none_bff58646b62828b0.manifest
[2010.11.20 06:10:46 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1.manifest
[2012.10.05 19:19:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_dba1d6d1dd53cdfa.manifest
[2012.10.05 19:22:10 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_c4d03213f6fec2f2.manifest
[2009.06.10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll
[2009.07.14 17:17:20 | 000,011,776 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.1.7600.16385_cs-cz_d5c3552dd9b47144\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010.11.05 03:52:39 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c\System.Runtime.Serialization.dll
[2012.10.05 12:53:24 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17966_none_a683f56a74d63285\System.Runtime.Serialization.dll
[2012.10.06 12:57:06 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22126_none_8fb250ac8e81277d\System.Runtime.Serialization.dll
[2009.07.14 17:17:32 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0\System.RunTime.Serialization.Resources.dll
[2010.11.13 04:02:06 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17966_cs-cz_342f3c238422529f\System.RunTime.Serialization.Resources.dll
[2010.11.13 04:37:37 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22126_cs-cz_1d5d97659dcd4797\System.RunTime.Serialization.Resources.dll
[2010.11.05 03:52:27 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f\System.Runtime.Serialization.dll
[2012.10.05 12:53:23 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17966_none_d6c72b049c7d33b8\System.Runtime.Serialization.dll
[2012.10.06 12:57:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22126_none_bff58646b62828b0\System.Runtime.Serialization.dll
[2010.11.05 03:53:33 | 000,011,776 | ---- | M] () -- \Windows\winsxs\wow64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_28a71ab4f6565f5a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.07.14 17:17:13 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed\serialui.dll.mui
[2009.07.14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a\serialui.dll
[2010.11.05 03:53:39 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_5f7b7c7cb0c0f266\System.RunTime.Serialization.Resources.dll
[2010.11.05 03:52:27 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1\System.Runtime.Serialization.dll
[2012.10.05 12:53:23 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_dba1d6d1dd53cdfa\System.Runtime.Serialization.dll
[2012.10.06 12:57:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_c4d03213f6fec2f2\System.Runtime.Serialization.dll

< *w7lxe* /s >

< End of report >

Re: Keylogger

Napsal: 22 črc 2014 15:11
od Márty84
Na D je vam misto houby platne, kdyz system je na C :D System potrebuje mit na svem disku alespon 3GB mista. To je minimum. Jinak se dusi a zpomaluje.


:???: Jen takova kontrolni otazka. jak je to s legalitou systemu? Ultimate neni zrovna bezna domaci verze :?:


:arrow: Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=29&t=137928 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce




1.9. pro neaktivitu :lock: http://forum.viry.cz/viewtopic.php?f=12&t=123975
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz