Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Preventivní kontrola

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
cinci
Návštěvník
Návštěvník
Příspěvky: 48
Registrován: 17 říj 2006 16:50

Preventivní kontrola

#1 Příspěvek od cinci »

Prosím o kontrolu logu, předem děkuji :)

info.txt logfile of random's system information tool 1.10 2014-08-02 10:22:41

======MBR======

0x000003060000D8182F011400E39EE3DDE39EE3DD0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007D1C0EA5000000000200EEFFFFFF01000000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000055AA

======Uninstall list======

Active@ ISO Burner-->"C:\Program Files (x86)\InstallShield Installation Information\{7694E0B1-2332-448B-9235-929F84B41E3F}\setup.exe" -runfromtemp -l0x0009 -removeonly
Adobe Flash Player 14 Plugin-->C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_145_Plugin.exe -maintain plugin
Adobe Photoshop 7.0 CE-->C:\WINDOWS\ISUN0405.EXE -f"C:\Program Files (x86)\Adobe\Photoshop 7.0 CE\Uninst.isu" -c"C:\Program Files (x86)\Adobe\Photoshop 7.0 CE\Uninst.dll"
Adobe Reader XI (11.0.07) - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AB0000000001}
AMD Accelerated Video Transcoding-->MsiExec.exe /X{08F2F75D-7E7D-10C2-3ED9-E711554514E0}
AMD APP SDK Runtime-->MsiExec.exe /I{503F672D-6C84-448A-8F8F-4BC35AC83441}
AMD Catalyst Install Manager-->msiexec /q/x{5B136AD7-384E-C2CC-6D1A-70B0C6216C25} REBOOT=ReallySuppress
avast! Pro Antivirus-->C:\Program Files\AVAST Software\Avast\Setup\Instup.exe /control_panel /instop:uninstall
Bonjour-->MsiExec.exe /X{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}
Catalyst Control Center - Branding-->MsiExec.exe /I{AF2FBFD5-9565-4B2E-BB48-7477BFE4F7E4}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Classic Shell-->MsiExec.exe /X{BF8CC8E1-3D54-4A54-B985-5190F18AFDBB}
CyberLink Media Suite 10-->"C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall
CyberLink Media Suite 10-->"C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall
Cyberlink PhotoDirector-->"C:\Program Files (x86)\InstallShield Installation Information\{39337565-330E-4ab6-A9AE-AC81E0720B10}\Setup.exe" /z-uninstall
Cyberlink PhotoDirector-->"C:\Program Files (x86)\InstallShield Installation Information\{39337565-330E-4ab6-A9AE-AC81E0720B10}\Setup.exe" /z-uninstall
CyberLink Power2Go 8-->"C:\Program Files (x86)\InstallShield Installation Information\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}\Setup.exe" /z-uninstall
CyberLink Power2Go 8-->"C:\Program Files (x86)\InstallShield Installation Information\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}\Setup.exe" /z-uninstall
CyberLink PowerDirector 10-->"C:\Program Files (x86)\InstallShield Installation Information\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}\setup.exe" /z-uninstall
CyberLink PowerDirector 10-->"C:\Program Files (x86)\InstallShield Installation Information\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}\setup.exe" /z-uninstall
CyberLink PowerDVD 12-->"C:\Program Files (x86)\InstallShield Installation Information\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}\Setup.exe" /z-uninstall
CyberLink PowerDVD 12-->"C:\Program Files (x86)\InstallShield Installation Information\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}\Setup.exe" /z-uninstall
CyberLink Webcam Sharing Manager 4-->"C:\Program Files (x86)\InstallShield Installation Information\{296F7F3B-C75A-45e9-AD22-CC19DF86E9D3}\Setup.exe" /z-uninstall
CyberLink Webcam Sharing Manager 4-->"C:\Program Files (x86)\InstallShield Installation Information\{296F7F3B-C75A-45e9-AD22-CC19DF86E9D3}\Setup.exe" /z-uninstall
CyberLink YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
CyberLink YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}" "1029" "0"
Energy Star-->MsiExec.exe /I{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}
Evernote v. 4.6-->MsiExec.exe /X{A23AADDA-3DBF-11E2-A6F2-984BE15F174E}
GeoGebra 4.2-->"C:\Program Files (x86)\GeoGebra 4.2\uninstaller.exe"
GPL Ghostscript-->"C:\MikTeX\uninstgs.exe"
GSview 5.0-->C:\MikTeX\gsview\uninstgs.exe "C:\MikTeX\gsview\uninstal.txt"
Hewlett-Packard ACLM.NET v1.2.1.1-->MsiExec.exe /I{6F340107-F9AA-47C6-B54C-C3A19F11553F}
HP 3D DriveGuard-->MsiExec.exe /X{AE2F1669-5B1F-47C5-B639-78D74DD0BCE4}
HP Client Security Manager-->c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\setup.exe
HP Client Security Manager-->MsiExec.exe /X{3B46DFDA-6155-423B-BCBB-F1C267E4ADD9}
HP Customer Experience Enhancements-->MsiExec.exe /X{07FA4960-B038-49EB-891B-9F95930AA544}
HP Device Access Manager-->MsiExec.exe /X{274A948D-DD41-4B8F-B66F-0F4AD233200F}
HP Documentation-->MsiExec.exe /X{F3F74675-3700-4C55-A9AC-924D4E36DC40}
HP Drive Encryption-->C:\windows\SysWOW64\msiexec.exe /i {19484EF1-E27A-43D1-9EEB-685D41888AC8}
HP ESU for Microsoft Windows 8-->MsiExec.exe /X{482FF7A0-EA03-487A-9112-862D3341B76C}
HP File Sanitizer-->MsiExec.exe /I{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}
HP HD Webcam Driver-->C:\Program Files (x86)\HP HD Webcam Driver\uninstall.exe
HP Hotkey Support-->MsiExec.exe /X{C97CC14E-4789-4FC5-BC75-79191F7CE009}
HP Postscript Converter-->MsiExec.exe /I{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}
HP Quick Start-->MsiExec.exe /X{574F0207-8E98-46CD-8F79-318348C98C46}
HP Registration Service-->MsiExec.exe /X{D1E8F2D7-7794-4245-B286-87ED86C1893C}
HP SoftPaq Download Manager-->MsiExec.exe /I{3F728815-C7E8-40EA-8D1A-F7B8E2382325}
HP Software Setup-->MsiExec.exe /X{D1E7D876-6B86-4B35-A93D-15B0D6C43EAF}
HP Support Assistant-->"C:\Program Files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe" -runfromtemp -l0x0409 -removeonly
HP System Default Settings-->MsiExec.exe /X{357FE1E9-5890-4697-95DD-B15E01B4AA2A}
HP Theft Recovery-->"C:\Program Files (x86)\InstallShield Installation Information\{10F5A72A-1E07-4FAE-A7E7-14B10CC66B17}\setup.exe" -runfromtemp -l0x0409 -removeonly
HP Theft Recovery-->MsiExec.exe /X{10F5A72A-1E07-4FAE-A7E7-14B10CC66B17}
HP Wireless Button Driver-->MsiExec.exe /X{941DE69D-6CEE-4171-8F1F-3D7E352AA498}
HP Wireless Hotspot-->MsiExec.exe /X{A15C2201-F69C-4DB0-AEBF-454B13B468BD}
IDT Audio-->"C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\Setup.exe" -remove -removeonly
Intel(R) Management Engine Components-->C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall
Intel(R) Processor Graphics-->C:\Program Files (x86)\Intel\Intel(R) Processor Graphics\Uninstall\setup.exe -uninstall
Intel(R) Rapid Storage Technology-->C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\Uninstall\setup.exe -uninstall
Intel(R) SDK for OpenCL - CPU Only Runtime Package-->C:\Program Files (x86)\Intel\OpenCL SDK\2.0\Uninstall\setup.exe -uninstall
Intel® Trusted Connect Service Client-->MsiExec.exe /I{7AB8C73F-03FE-48AE-990C-CCB8D6C4FAB8}
IrfanView (remove only)-->C:\Program Files (x86)\IrfanView\iv_uninstall.exe
Java 7 Update 55-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217045FF}
Maple 18-->C:\Program Files\Maple 18\uninstall\uninstall.exe
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64)-->MsiExec.exe /I{E9F0BCD8-6BD5-1ED7-EDA3-9FCF2A478AA1}
Microsoft Office Access MUI (Czech) 2010-->MsiExec.exe /X{90140000-0015-0405-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2010-->MsiExec.exe /X{90140000-0016-0405-0000-0000000FF1CE}
Microsoft Office Groove MUI (Czech) 2010-->MsiExec.exe /X{90140000-00BA-0405-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Czech) 2010-->MsiExec.exe /X{90140000-0044-0405-0000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2010-->MsiExec.exe /X{90140000-002A-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2010-->MsiExec.exe /X{90140000-00A1-0405-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2010-->MsiExec.exe /X{90140000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2010-->MsiExec.exe /X{90140000-0018-0405-0000-0000000FF1CE}
Microsoft Office Professional Plus 2010-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2010-->MsiExec.exe /X{90140000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2010-->MsiExec.exe /X{90140000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2010-->MsiExec.exe /X{90140000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2010-->MsiExec.exe /X{90140000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2010-->MsiExec.exe /X{90140000-002C-0405-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Czech) 2010-->MsiExec.exe /X{90140000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (Czech) 2010-->MsiExec.exe /X{90140000-002A-0405-1000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2010-->MsiExec.exe /X{90140000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2010-->MsiExec.exe /X{90140000-001B-0405-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022-->MsiExec.exe /X{350AA351-21FA-3270-8B7A-835434E766AD}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727-->"C:\ProgramData\Package Cache\{15134cb0-b767-4960-a911-f2d16ae54797}\vcredist_x64.exe" /uninstall
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106-->"C:\ProgramData\Package Cache\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}\vcredist_x64.exe" /uninstall
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106-->"C:\ProgramData\Package Cache\{8e70e4e1-06d7-470b-9f74-a51bef21088e}\vcredist_x86.exe" /uninstall
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727-->MsiExec.exe /X{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106-->MsiExec.exe /X{3C28BFD4-90C7-3138-87EF-418DC16E9598}
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727-->MsiExec.exe /X{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106-->MsiExec.exe /X{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106-->MsiExec.exe /X{6C772996-BFF3-3C8C-860B-B3D48FF05D65}
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106-->MsiExec.exe /X{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}
MiKTeX 2.9-->C:\MikTeX\TeXMF\miktex/bin/x64/internal\copystart_admin.exe C:\MikTeX\TeXMF\miktex/bin/x64/internal\uninstall_admin.exe
Mozilla Firefox 31.0 (x86 cs)-->"C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
PDF Complete Corporate Edition-->C:\Program Files (x86)\PDF Complete\uninstall.exe
PDFCreator-->C:\Program Files (x86)\PDFCreator\unins000.exe
Ralink Bluetooth Stack64-->MsiExec.exe /X{9041BE08-21DA-4916-EC0B-9375C5B624D9}
Ralink RT3290 802.11bgn Wi-Fi Adapter-->C:\Program Files (x86)\InstallShield Installation Information\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek Ethernet Controller Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
Realtek PCIE Card Reader-->"C:\Program Files (x86)\InstallShield Installation Information\{BCDA54F6-C4B6-4519-A09E-FA064A6B4098}\setup.exe" -runfromtemp -removeonly
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0405-0000-0000000FF1CE}" "{0665F3BA-FCE2-4CB1-ACDD-19544B0E4C14}" "1029" "0"
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{4D6FE7B6-559F-4DAC-92CF-A01C24046AEB}" "1029" "0"
Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0405-0000-0000000FF1CE}" "{A5B39813-17B0-4481-B19E-9C57C0BF1EE0}" "1029" "0"
Security Update for Microsoft Office 2010 (KB2767915) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{049FE6FA-0D59-4C24-960E-FDA1DDF045EE}" "1029" "0"
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{1EE5FA17-F624-438C-B7AC-7C5A41E90FA2}" "1029" "0"
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{7AC3F78E-ECA0-45F4-A9CC-3E885DA23662}" "1029" "0"
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{5EE42B42-1159-435C-898A-2A3298453B20}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0015-0405-0000-0000000FF1CE}" "{DAB3EE22-FB0E-401F-9418-E9F0B08AEB39}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0405-0000-0000000FF1CE}" "{DAB3EE22-FB0E-401F-9418-E9F0B08AEB39}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0018-0405-0000-0000000FF1CE}" "{DAB3EE22-FB0E-401F-9418-E9F0B08AEB39}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0019-0405-0000-0000000FF1CE}" "{DAB3EE22-FB0E-401F-9418-E9F0B08AEB39}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0405-0000-0000000FF1CE}" "{DAB3EE22-FB0E-401F-9418-E9F0B08AEB39}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0405-0000-0000000FF1CE}" "{DAB3EE22-FB0E-401F-9418-E9F0B08AEB39}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0405-0000-0000000FF1CE}" "{A71E3AD4-5545-4D59-9F11-75F363563C6A}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0407-0000-0000000FF1CE}" "{8925227F-C7B5-4C95-AB58-4FCF2433DAEE}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-0000-0000000FF1CE}" "{09A9DF49-DA06-4093-A2FD-F339211E39EA}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-041B-0000-0000000FF1CE}" "{0C337AF5-E6A7-4B6B-8F8E-08F9C6F956B4}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{E4D76E88-C65F-4003-9C71-EC4306679D17}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0405-1000-0000000FF1CE}" "{7F5CE17A-23B9-4EED-B017-A7EF4547476C}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002C-0405-0000-0000000FF1CE}" "{EA82267F-4AAB-46BA-AD6A-9EBB544D0EF7}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0044-0405-0000-0000000FF1CE}" "{DAB3EE22-FB0E-401F-9418-E9F0B08AEB39}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0405-0000-0000000FF1CE}" "{2C911571-C8B6-400B-B323-417C1806E866}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-0405-0000-0000000FF1CE}" "{DAB3EE22-FB0E-401F-9418-E9F0B08AEB39}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00BA-0405-0000-0000000FF1CE}" "{DAB3EE22-FB0E-401F-9418-E9F0B08AEB39}" "1029" "0"
Skype™ 6.14-->MsiExec.exe /X{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}
SpywareBlaster 5.0-->"C:\Program Files (x86)\SpywareBlaster\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Total Commander 64-bit (Remove or Repair)-->C:\Program Files (x86)\totalcmd\tcunin64.exe
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}" "1029" "0"
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{4ACD847E-547D-493F-9A86-F73EAE1B5174}" "1029" "0"
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{302A8FE3-EBF5-486C-A431-16A1CD914443}" "1029" "0"
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{302A8FE3-EBF5-486C-A431-16A1CD914443}" "1029" "0"
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}" "1029" "0"
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{39767ECA-1731-45DB-AB5B-6BF40E151D66}" "1029" "0"
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}" "1029" "0"
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}" "1029" "0"
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}" "1029" "0"
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{287A1E92-9E41-4BC1-8920-B3D0E9220800}" "1029" "0"
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{9D69691D-823D-4C3E-9B12-563A3F520366}" "1029" "0"
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}" "1029" "0"
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}" "1029" "0"
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{35698CB7-AAA2-4577-B505-DBFF504AEF23}" "1029" "0"
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{5AA578BB-759C-40FD-9661-A737C0884541}" "1029" "0"
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}" "1029" "0"
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{BA610006-2C39-4419-9834-CF61AB24810A}" "1029" "0"
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}" "1029" "0"
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{B0D672F7-883E-4279-8E75-D97A5445AB46}" "1029" "0"
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}" "1029" "0"
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0407-0000-0000000FF1CE}" "{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}" "1029" "0"
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-0000-0000000FF1CE}" "{C0BDC1DE-C35E-422B-8CBD-C1D555468720}" "1029" "0"
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{51CCA922-A0CC-47C4-8910-6936D97CAC2E}" "1029" "0"
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{51CCA922-A0CC-47C4-8910-6936D97CAC2E}" "1029" "0"
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{2AB483F1-C86E-427A-83B4-23889B03512D}" "1029" "0"
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0405-0000-0000000FF1CE}" "{D02AE7ED-5B00-4251-B7D5-F9590899EEEA}" "1029" "0"
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}" "1029" "0"
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0018-0405-0000-0000000FF1CE}" "{7F5448C9-AC6C-41E4-8C35-66288813014C}" "1029" "0"
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{F9F5A080-AF38-4966-9A6B-C43DCA465035}" "1029" "0"
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{F9F5A080-AF38-4966-9A6B-C43DCA465035}" "1029" "0"
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{7B29D8B8-6A87-496C-A65E-B935E740448A}" "1029" "0"
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{38CF30E4-3348-4BD1-A859-B630C355A56F}" "1029" "0"
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}" "1029" "0"
VLC media player 2.0.8-->C:\Program Files (x86)\VLC\uninstall.exe
WebMon-->"C:\Program Files (x86)\WebMon\unins000.exe"
WinEdt 7-->C:\MikTeX\WinEdt\Uninstall.exe
WinRAR 4.20 (64-bit)-->C:\Program Files (x86)\WinRAR\uninstall.exe
ZoneAlarm Firewall-->MsiExec.exe /I{3D305D7A-CD45-4876-94E6-F24FEB1690A3}
ZoneAlarm Free Firewall-->"C:\Program Files (x86)\CheckPoint\Install\Install.exe" /s uninstall
ZoneAlarm Security Toolbar -->"C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\uninstall.exe"
ZoneAlarm Security-->MsiExec.exe /I{337EDB0F-8505-4D14-9948-3A8A3D52CFCB}

======System event log======

Computer Name: 9B62VVU9S8GJV
Event Code: 7040
Message: Režim spuštění služby Windows Search byl změněn z Zakázáno na automatické spouštění.
Record Number: 1031
Source Name: Service Control Manager
Time Written: 20130524183004.551381-000
Event Type: Informace
User: NB_KMI\Administrator

Computer Name: 9B62VVU9S8GJV
Event Code: 7040
Message: Režim spuštění služby Windows Search byl změněn z automatické spouštění na Zakázáno.
Record Number: 1030
Source Name: Service Control Manager
Time Written: 20130524183003.488816-000
Event Type: Informace
User: NB_KMI\Administrator

Computer Name: 9B62VVU9S8GJV
Event Code: 104
Message: Byl vymazán soubor protokolu Setup.
Record Number: 1029
Source Name: Microsoft-Windows-Eventlog
Time Written: 20130524182953.457058-000
Event Type: Informace
User: NB_KMI\Administrator

Computer Name: 9B62VVU9S8GJV
Event Code: 104
Message: Byl vymazán soubor protokolu Application.
Record Number: 1028
Source Name: Microsoft-Windows-Eventlog
Time Written: 20130524182953.160167-000
Event Type: Informace
User: NB_KMI\Administrator

Computer Name: 9B62VVU9S8GJV
Event Code: 104
Message: Byl vymazán soubor protokolu System.
Record Number: 1027
Source Name: Microsoft-Windows-Eventlog
Time Written: 20130524182953.035162-000
Event Type: Informace
User: NB_KMI\Administrator

=====Application event log=====

Computer Name: 9B62VVU9S8GJV
Event Code: 3007
Message: Sledování výkonu objektu indexovacího modulu nebylo inicializováno, protože nejsou načteny čítače nebo nebyl otevřen sdílený objekt paměti. Tato skutečnost má vliv pouze na dostupnost čítačů výkonu. Restartujte počítač.

Kontext: aplikace , katalog SystemIndex

Record Number: 1029
Source Name: Microsoft-Windows-Search
Time Written: 20130524182958.000000-000
Event Type: Chyba
User:

Computer Name: 9B62VVU9S8GJV
Event Code: 326
Message: SearchIndexer (1656) Windows: Databázový stroj připojil databázi (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Čas=0 s)

Sekvence interního načasování: [1] 0.000, [2] 0.016, [3] 0.000, [4] 0.000, [5] 0.016, [6] 0.031, [7] 0.016, [8] 0.000, [9] 0.000, [10] 0.000, [11] 0.000, [12] 0.000.
Uložená mezipaměť: 1
Record Number: 1028
Source Name: ESENT
Time Written: 20130524182958.000000-000
Event Type: Informace
User:

Computer Name: 9B62VVU9S8GJV
Event Code: 105
Message: SearchIndexer (1656) Windows: Databázový stroj spustil novou instanci (0). (Čas=0 s)

Sekvence interního načasování: [1] 0.000, [2] 0.000, [3] 0.109, [4] 0.079, [5] 0.000, [6] 0.000, [7] 0.000, [8] 0.000, [9] 0.000, [10] 0.000.
Record Number: 1027
Source Name: ESENT
Time Written: 20130524182957.000000-000
Event Type: Informace
User:

Computer Name: 9B62VVU9S8GJV
Event Code: 102
Message: SearchIndexer (1656) Windows: Databázový stroj (6.02.9200.0000) spouští novou instanci (0).
Record Number: 1026
Source Name: ESENT
Time Written: 20130524182957.000000-000
Event Type: Informace
User:

Computer Name: 9B62VVU9S8GJV
Event Code: 3006
Message: Sledování výkonu služby indexovacího modulu nebylo inicializováno, protože nejsou načteny čítače nebo nebyl otevřen sdílený objekt paměti. Tato skutečnost má vliv pouze na dostupnost čítačů výkonu. Restartujte počítač.

Record Number: 1025
Source Name: Microsoft-Windows-Search
Time Written: 20130524182957.000000-000
Event Type: Chyba
User:

=====Security event log=====

Computer Name: 9B62VVU9S8GJV
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3E7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 1315
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130524182955.222752-000
Event Type: Úspěšný audit
User:

Computer Name: 9B62VVU9S8GJV
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: 9B62VVU9S8GJV$
Doména účtu: WORKGROUP
ID přihlášení: 0x3E7

Typ přihlášení: 5

Úroveň zosobnění: Zosobnění

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3E7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x284
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole úrovně zosobnění označuje rozsah, ve kterém může být proces v přihlašovací relaci zosobněn.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 1314
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130524182955.222752-000
Event Type: Úspěšný audit
User:

Computer Name: 9B62VVU9S8GJV
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3E7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 1313
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130524182954.894632-000
Event Type: Úspěšný audit
User:

Computer Name: 9B62VVU9S8GJV
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: 9B62VVU9S8GJV$
Doména účtu: WORKGROUP
ID přihlášení: 0x3E7

Typ přihlášení: 5

Úroveň zosobnění: Zosobnění

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3E7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x284
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole úrovně zosobnění označuje rozsah, ve kterém může být proces v přihlašovací relaci zosobněn.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 1312
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130524182954.894632-000
Event Type: Úspěšný audit
User:

Computer Name: 9B62VVU9S8GJV
Event Code: 1102
Message: Protokol auditu byl vymazán.
Předmět:
ID zabezpečení: S-1-5-21-728494050-748853550-4280414578-500
Název účtu: Administrator
Název domény: 9B62VVU9S8GJV
ID přihlášení: 0x2F616
Record Number: 1311
Source Name: Microsoft-Windows-Eventlog
Time Written: 20130524182953.363303-000
Event Type: Úspěšný audit
User:

======Environment variables======

"AMDAPPSDKROOT"=c:\Program Files (x86)\AMD APP\
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=4
"OnlineServices"=Online Services
"OS"=Windows_NT
"Path"=c:\Program Files (x86)\Intel\iCLS Client\;c:\Program Files\Intel\iCLS Client\;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\MikTeX\bin;C:\MikTeX\lib;C:\MikTeX\TeXMF\miktex\bin\x64\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"Platform"=BNB
"PROCESSOR_ARCHITECTURE"=AMD64
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=3a09
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"PTSMInstallPath_X86"=c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%

-----------------EOF-----------------

Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Preventivní kontrola

#2 Příspěvek od Márty84 »

Zdravim :)

Tohle je bohuzel spatny log :cry: Potrebuji ten druhy, co RSIT vytvoril. Spustte RSIT jeste jednou a tentokrat uz vyskoci jen ten spravny :wink:
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).

cinci
Návštěvník
Návštěvník
Příspěvky: 48
Registrován: 17 říj 2006 16:50

Re: Preventivní kontrola

#3 Příspěvek od cinci »

Omlouvám se, tady je nový :-)

Logfile of random's system information tool 1.10 (written by random/random)
Run by OEM at 2014-08-02 16:42:48
Microsoft Windows 8
System drive C: has 486 GB (70%) free of 700 GB
Total RAM: 8043 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:42:50, on 2. 8. 2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.17028)
Boot mode: Normal

Running processes:
c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Users\OEM\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
C:\Program Files (x86)\CyberLink\Webcam Sharing Manager\StreamProvider.exe
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Maple 18\jre\bin\maple.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Program Files\trend micro\OEM.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.zonealarm.com/?src=hp&tbi ... tsId=&ver=&
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files (x86)\Classic Shell\ClassicExplorer32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files (x86)\Classic Shell\ClassicIEDLL_32.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files (x86)\Classic Shell\ClassicExplorer32.dll
O3 - Toolbar: ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
O4 - HKLM\..\Run: [BtTray] "c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
O4 - HKLM\..\Run: [CLWCSM] "c:\Program Files (x86)\CyberLink\Webcam Sharing Manager\StreamProvider.exe"
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
O4 - HKLM\..\Run: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [YouCam Mirage] "c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
O4 - HKLM\..\Run: [CLVirtualDrive] "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - Startup: Dropbox.lnk = C:\Users\OEM\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\Program Files (x86)\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files (x86)\Classic Shell\ClassicIE_32.exe
O9 - Extra 'Tools' menuitem: Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files (x86)\Classic Shell\ClassicIE_32.exe
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Company - c:\windows\SysWOW64\flcdlock.exe
O23 - Service: HP HotSpot 1.0 Service (HotSpotSrv) - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Hotspot\HotSpotSrv.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP File Sanitizer (HPFSService) - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @oem4.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZoneAlarm Privacy Service (ZAPrivacyService) - Check Point Software Technologies, Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe

--
End of file - 15687 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe"
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
"dwm.exe"
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
atieclxx
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\windows\system32\Hpservice.exe
C:\windows\system32\svchost.exe -k NetworkService
"C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe" -service
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe"
C:\windows\Explorer.EXE
"c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
ClassicStartMenu.exe -startup
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
taskhostex.exe
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\windows\system32\svchost.exe -k apphost
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe"
"c:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\PDF Complete\pdfsvc.exe" /startedbyscm:66B66708-40E2BE4D-pdfcService
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\unsecapp.exe -Embedding
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe"
C:\windows\system32\SearchIndexer.exe /Embedding
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe"
"C:\Users\OEM\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" /start
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
"C:\Program Files (x86)\CyberLink\Webcam Sharing Manager\StreamProvider.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe"
"C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe"
"C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
"C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
"C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto -critical
"C:\Program Files\Maple 18\bin.X86_64_WINDOWS\maplew.exe"
"C:\Program Files\Maple 18\jre\bin\maple.exe" -Xmx919m -Xss4m -cp "C:\Program Files\Maple 18\java\externalcall.jar;C:\Program Files\Maple 18\java\freehep-base.jar;C:\Program Files\Maple 18\java\freehep-graphics2d.jar;C:\Program Files\Maple 18\java\freehep-graphicsio.jar;C:\Program Files\Maple 18\java\freehep-graphicsio-pdf.jar;C:\Program Files\Maple 18\java\freehep-graphicsio-ps.jar;C:\Program Files\Maple 18\java\gluegen-rt.jar;C:\Program Files\Maple 18\java\gstreamer-java.jar;C:\Program Files\Maple 18\java\iText-2.1.2u.jar;C:\Program Files\Maple 18\java\iTextAsian.jar;C:\Program Files\Maple 18\java\jai_codec.jar;C:\Program Files\Maple 18\java\jai_core.jar;C:\Program Files\Maple 18\java\jna-3.4.0.jar;C:\Program Files\Maple 18\java\jniwrap-2.5.jar;C:\Program Files\Maple 18\java\jogl.jar;C:\Program Files\Maple 18\java\mail.jar;C:\Program Files\Maple 18\java\platform-3.4.0.jar;C:\Program Files\Maple 18\java\rsyntaxtextarea.jar;C:\Program Files\Maple 18\java\autocomplete.jar;C:\Program Files\Maple 18\java\sliding-layout.jar;C:\Program Files\Maple 18\java\tween-engine-api.jar;C:\Program Files\Maple 18\java\commons-codec-1.8.jar;C:\Program Files\Maple 18\java\MapleActivation.jar;C:\Program Files\Maple 18\java\mapleclient.jar;C:\Program Files\Maple 18\java\mapleresource_el.jar;C:\Program Files\Maple 18\java\mapleresource_en.jar;C:\Program Files\Maple 18\java\mapleresource_es.jar;C:\Program Files\Maple 18\java\mapleresource_fr.jar;C:\Program Files\Maple 18\java\mapleresource_hu.jar;C:\Program Files\Maple 18\java\mapleresource_ja.jar;C:\Program Files\Maple 18\java\mapleresource.jar;C:\Program Files\Maple 18\java\mapleresource_ko.jar;C:\Program Files\Maple 18\java\mapleresource_pt_BR.jar;C:\Program Files\Maple 18\java\mapleresource_zh_CN.jar;C:\Program Files\Maple 18\java\mapleresource_zh_TW.jar;C:\Program Files\Maple 18\java\mapletbuilder.jar;C:\Program Files\Maple 18\java\maplets.jar;C:\Program Files\Maple 18\java\maplewks.jar;C:\Program Files\Maple 18\java\mathdoc.jar;C:\Program Files\Maple 18\java\mathworksheet.jar;C:\Program Files\Maple 18\java\pen.jar;C:\Program Files\Maple 18\java\mathxmltools.jar;C:\Program Files\Maple 18\java\dom4j-1.6.1.jar;C:\Program Files\Maple 18\java\jsr173_1.0_api.jar;C:\Program Files\Maple 18\java\poi-ooxml-3.7-20101029.jar;C:\Program Files\Maple 18\java\poi-3.7-20101029.jar;C:\Program Files\Maple 18\java\swing-layout-1.0.3.jar;C:\Program Files\Maple 18\java\log4j-1.2.3.jar;C:\Program Files\Maple 18\java\ooxml-schemas-1.0.jar;C:\Program Files\Maple 18\java\xmlbeans-2.3.0.jar;C:\Program Files\Maple 18\java\wksloader.jar;C:\Program Files\Maple 18\java\WMFWriter.jar;C:\Program Files\Maple 18\java\xalan.jar;C:\Program Files\Maple 18\java\xercesImpl.jar;C:\Program Files\Maple 18\java\xmlParserAPIs.jar" -Ddefault.browser="\"C:\Program Files (x86)\Mozilla Firefox\firefox.exe\" -osint -url \"%1\"" -Dmaple.bin.path="C:\Program Files\Maple 18\bin.X86_64_WINDOWS" com.maplesoft.application.Launcher -command Start Maple
\??\C:\windows\system32\conhost.exe 0x4
"C:\Program Files\Maple 18\bin.X86_64_WINDOWS\mserver" -kport 51580 -O "English_United States.1252"
\??\C:\windows\system32\conhost.exe 0x4
"C:\Program Files\Maple 18\bin.X86_64_WINDOWS\mserver" -kport 51580 -O "English_United States.1252"
\??\C:\windows\system32\conhost.exe 0x4
"C:\MikTeX\WinEdt\WinEdt.exe" "C:\Users\OEM\Dropbox\Public\Moodle-MATI\ukoly.tex"
"C:\Program Files\Maple 18\bin.X86_64_WINDOWS\mserver" -kport 51580 -O "English_United States.1252"
\??\C:\windows\system32\conhost.exe 0x4

"C:\Program Files\Maple 18\bin.X86_64_WINDOWS\mserver" -kport 51580 -O "English_United States.1252"
\??\C:\windows\system32\conhost.exe 0x4
C:\windows\system32\svchost.exe -k GPSvcGroup
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
C:\windows\system32\msiexec.exe /V
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=5052.151fd020.1852857074 "C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 5052 "\\.\pipe\gecko-crash-server-pipe.5052" plugin
"C:\windows\SYSTEM32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe" --proxy-stub-channel=Flash1244.5BA40D80.24701 --host-broker-channel=Flash1244.5BA40D80.30644 --host-pid=1244 --host-npapi-version=27 --plugin-path="C:\windows\SYSTEM32\Macromed\Flash\NPSWF32_14_0_0_145.dll"
"C:\windows\SYSTEM32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe" --channel=3924.002EF200.1610914123 --proxy-stub-channel=Flash1244.5BA40D80.24701 --plugin-path="C:\windows\SYSTEM32\Macromed\Flash\NPSWF32_14_0_0_145.dll" --host-npapi-version=27 --type=renderer
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\windows\splwow64.exe 8192
taskhost.exe $(Arg0)
C:\windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
C:\windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\OEM\Desktop\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\windows\tasks\Adobe Flash Player Updater.job - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\mmfcp6kt.default

prefs.js - "browser.startup.homepage" - "http://www.centrum.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 14.0.0.145 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.55.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\Program Files (x86)\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files (x86)\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.8]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\digitalpersona.com/ChromeDPAgent]
"Description"=
"Path"=c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\components\npChromeDPAgent.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 14.0.0.145 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\Program Files\MICROS~1\Office14\NPAUTHZ.DLL


C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\mmfcp6kt.default\extensions\
ffxtlbr@zonealarm.com

C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\mmfcp6kt.default\searchplugins\
zonealarm.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}]
ExplorerBHO Class - C:\Program Files (x86)\Classic Shell\ClassicExplorer64.dll [2013-10-04 774144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-05-03 581824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}]
ClassicIEBHO Class - C:\Program Files (x86)\Classic Shell\ClassicIEDLL_64.dll [2013-10-04 460288]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}]
Zonealarm Helper Object - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll [2013-07-22 302992]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3134413B-49B4-425C-98A5-893C1F195601}]
HP File Sanitizer - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2013-03-06 107736]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}]
ExplorerBHO Class - C:\Program Files (x86)\Classic Shell\ClassicExplorer32.dll [2013-10-04 627712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-05-03 436600]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files (x86)\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09 351136]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}]
ClassicIEBHO Class - C:\Program Files (x86)\Classic Shell\ClassicIEDLL_32.dll [2013-10-04 386048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -
{553891B7-A0D5-4526-BE18-D3CE461D6310} - Classic Explorer Bar - C:\Program Files (x86)\Classic Shell\ClassicExplorer64.dll [2013-10-04 774144]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{553891B7-A0D5-4526-BE18-D3CE461D6310} - Classic Explorer Bar - C:\Program Files (x86)\Classic Shell\ClassicExplorer32.dll [2013-10-04 627712]
{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - ZoneAlarm Security Toolbar - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll [2013-07-22 289168]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2013-02-04 1702912]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2012-12-18 172168]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2012-12-18 400008]
"Persistence"=C:\windows\system32\igfxpers.exe [2012-12-18 441992]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2013-01-10 56568]
"PDF Complete"=C:\Program Files (x86)\PDF Complete\pdfsty.exe [2013-02-07 683656]
"StartCCC"=c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2013-02-25 642656]
"QLBController"=C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [2013-01-31 337184]
""= []
"BtTray"=c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [2013-01-10 379904]
"CLWCSM"=c:\Program Files (x86)\CyberLink\Webcam Sharing Manager\StreamProvider.exe [2013-02-20 249096]
"AccelerometerSysTrayApplet"=C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [2013-03-11 77088]
"File Sanitizer"=c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [2013-03-06 13685464]
"YouCam Mirage"=c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2013-02-01 136488]
"YouCam Tray"=c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [2013-02-01 167488]
"CLMLServer_For_P2G8"=c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-11-21 111136]
"CLVirtualDrive"=c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [2012-11-21 493088]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"ZoneAlarm"=C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [2013-08-12 73832]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-06-29 3890208]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

C:\Users\OEM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\OEM\AppData\Roaming\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2012-12-12 442880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=DPPassFilter
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-08-02 10:22:27 ----D---- C:\Program Files\trend micro
2014-08-02 10:22:26 ----D---- C:\rsit
2014-08-01 18:38:24 ----A---- C:\windows\system32\WMIMPLEX.dll
2014-08-01 18:38:24 ----A---- C:\windows\system32\maplec.dll
2014-08-01 18:17:46 ----D---- C:\Users\OEM\AppData\Roaming\IsolatedStorage
2014-08-01 18:17:46 ----D---- C:\ProgramData\IsolatedStorage
2014-08-01 18:14:38 ----D---- C:\Users\OEM\AppData\Roaming\Solvusoft
2014-08-01 18:14:36 ----A---- C:\windows\system32\roboot64.exe
2014-08-01 18:13:15 ----D---- C:\Spacekace
2014-08-01 17:53:17 ----D---- C:\Program Files\Maple 18
2014-07-30 11:02:37 ----A---- C:\windows\system32\FNTCACHE.DAT
2014-07-30 10:43:01 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-07-29 22:37:40 ----HD---- C:\Program Files (x86)\Zero G Registry
2014-07-17 20:48:19 ----A---- C:\windows\SYSWOW64\FlashPlayerApp.exe
2014-07-14 16:29:45 ----A---- C:\windows\system32\win32k.sys
2014-07-14 16:29:44 ----A---- C:\windows\SYSWOW64\osk.exe
2014-07-14 16:29:44 ----A---- C:\windows\system32\osk.exe
2014-07-14 16:29:34 ----A---- C:\windows\system32\lsasrv.dll
2014-07-14 16:29:33 ----A---- C:\windows\system32\SHCore.dll
2014-07-14 16:29:30 ----A---- C:\windows\SYSWOW64\SHCore.dll
2014-07-14 16:29:30 ----A---- C:\windows\system32\lsm.dll
2014-07-14 16:28:54 ----A---- C:\windows\system32\ntoskrnl.exe
2014-07-14 16:28:53 ----A---- C:\windows\SYSWOW64\ntdll.dll
2014-07-14 16:28:53 ----A---- C:\windows\system32\ntdll.dll
2014-07-14 16:28:53 ----A---- C:\windows\system32\localspl.dll
2014-07-14 16:28:53 ----A---- C:\windows\system32\drivers\hdaudbus.sys
2014-07-14 16:28:52 ----A---- C:\windows\SYSWOW64\WSShared.dll
2014-07-14 16:28:52 ----A---- C:\windows\SYSWOW64\Robocopy.exe
2014-07-14 16:28:52 ----A---- C:\windows\system32\WSShared.dll
2014-07-14 16:28:52 ----A---- C:\windows\system32\Robocopy.exe
2014-07-14 16:28:51 ----A---- C:\windows\SYSWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-14 16:28:51 ----A---- C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-14 16:28:22 ----A---- C:\windows\SYSWOW64\mshtml.dll
2014-07-14 16:28:20 ----A---- C:\windows\system32\mshtml.dll
2014-07-14 16:28:13 ----A---- C:\windows\system32\ieframe.dll
2014-07-14 16:28:12 ----A---- C:\windows\system32\jscript9.dll
2014-07-14 16:28:10 ----A---- C:\windows\SYSWOW64\iedkcs32.dll
2014-07-14 16:28:09 ----A---- C:\windows\SYSWOW64\ieframe.dll
2014-07-14 16:28:09 ----A---- C:\windows\system32\iertutil.dll
2014-07-14 16:28:09 ----A---- C:\windows\system32\iedkcs32.dll
2014-07-14 16:28:08 ----A---- C:\windows\SYSWOW64\jscript9.dll
2014-07-14 16:28:08 ----A---- C:\windows\SYSWOW64\iertutil.dll
2014-07-14 16:28:08 ----A---- C:\windows\system32\wininet.dll
2014-07-14 16:28:08 ----A---- C:\windows\system32\urlmon.dll
2014-07-14 16:28:07 ----A---- C:\windows\SYSWOW64\wininet.dll
2014-07-14 16:28:07 ----A---- C:\windows\SYSWOW64\urlmon.dll
2014-07-14 16:28:07 ----A---- C:\windows\system32\jscript.dll
2014-07-14 16:28:07 ----A---- C:\windows\system32\dxtmsft.dll
2014-07-14 16:28:05 ----A---- C:\windows\SYSWOW64\dxtmsft.dll
2014-07-14 16:28:05 ----A---- C:\windows\system32\mshtmled.dll
2014-07-14 16:28:05 ----A---- C:\windows\system32\msfeeds.dll
2014-07-14 16:28:05 ----A---- C:\windows\system32\dxtrans.dll
2014-07-14 16:28:04 ----A---- C:\windows\SYSWOW64\jscript.dll
2014-07-14 16:28:04 ----A---- C:\windows\system32\uxtheme.dll
2014-07-14 16:28:03 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2014-07-14 16:28:03 ----A---- C:\windows\SYSWOW64\dxtrans.dll
2014-07-14 16:28:02 ----A---- C:\windows\SYSWOW64\mshtmled.dll
2014-07-14 16:28:02 ----A---- C:\windows\SYSWOW64\iesysprep.dll
2014-07-14 16:28:02 ----A---- C:\windows\system32\iesysprep.dll
2014-07-14 16:28:01 ----A---- C:\windows\SYSWOW64\msrating.dll
2014-07-14 16:28:01 ----A---- C:\windows\system32\msrating.dll
2014-07-14 16:28:01 ----A---- C:\windows\system32\iernonce.dll
2014-07-14 16:28:01 ----A---- C:\windows\system32\ie4uinit.exe
2014-07-14 16:28:00 ----A---- C:\windows\SYSWOW64\UXInit.dll
2014-07-14 16:28:00 ----A---- C:\windows\SYSWOW64\iernonce.dll
2014-07-14 16:28:00 ----A---- C:\windows\system32\UXInit.dll
2014-07-14 16:27:59 ----A---- C:\windows\SYSWOW64\jsproxy.dll
2014-07-14 16:27:59 ----A---- C:\windows\system32\jsproxy.dll
2014-07-14 16:27:58 ----A---- C:\windows\SYSWOW64\uxtheme.dll
2014-07-14 16:27:58 ----A---- C:\windows\SYSWOW64\iesetup.dll
2014-07-14 16:27:58 ----A---- C:\windows\system32\iesetup.dll
2014-07-14 16:27:47 ----A---- C:\windows\system32\drivers\afd.sys
2014-07-14 16:27:38 ----A---- C:\windows\system32\InkEd.dll
2014-07-14 16:27:18 ----A---- C:\windows\system32\qedit.dll
2014-07-14 16:27:17 ----A---- C:\windows\SYSWOW64\qedit.dll
2014-07-06 12:00:06 ----A---- C:\windows\SYSWOW64\wudriver.dll
2014-07-06 12:00:06 ----A---- C:\windows\system32\wudriver.dll
2014-07-06 12:00:06 ----A---- C:\windows\system32\storewuauth.dll
2014-07-06 11:59:59 ----A---- C:\windows\system32\wuauclt.exe
2014-07-06 11:59:58 ----A---- C:\windows\system32\WUSettingsProvider.dll
2014-07-06 11:59:57 ----A---- C:\windows\SYSWOW64\wuapi.dll
2014-07-06 11:59:57 ----A---- C:\windows\system32\wucltux.dll
2014-07-06 11:59:57 ----A---- C:\windows\system32\wuaueng.dll
2014-07-06 11:59:57 ----A---- C:\windows\system32\wuapi.dll
2014-07-06 11:59:27 ----A---- C:\windows\SYSWOW64\wuapp.exe
2014-07-06 11:59:27 ----A---- C:\windows\system32\wuapp.exe
2014-07-06 11:59:26 ----A---- C:\windows\SYSWOW64\wuwebv.dll
2014-07-06 11:59:26 ----A---- C:\windows\system32\wuwebv.dll

======List of files/folders modified in the last 1 month======

2014-08-02 16:41:22 ----A---- C:\windows\SYSWOW64\bscs.ini
2014-08-02 16:39:25 ----D---- C:\windows\Prefetch
2014-08-02 16:38:21 ----A---- C:\windows\SYSWOW64\LOCALSERVICE.INI
2014-08-02 16:38:20 ----D---- C:\windows\system32\sru
2014-08-02 16:38:20 ----A---- C:\windows\SYSWOW64\LOCALDEVICE.INI
2014-08-02 11:12:26 ----D---- C:\windows\Temp
2014-08-02 10:22:27 ----RD---- C:\Program Files
2014-08-02 10:18:26 ----D---- C:\Users\OEM\AppData\Roaming\vlc
2014-08-02 10:16:05 ----D---- C:\Users\OEM\AppData\Roaming\ClassicShell
2014-08-01 20:51:25 ----SHD---- C:\System Volume Information
2014-08-01 20:47:57 ----D---- C:\windows\Microsoft.NET
2014-08-01 19:09:27 ----RD---- C:\windows\System32
2014-08-01 19:09:27 ----D---- C:\windows\Inf
2014-08-01 19:09:27 ----A---- C:\windows\system32\PerfStringBackup.INI
2014-08-01 18:17:46 ----HD---- C:\ProgramData
2014-08-01 18:16:59 ----D---- C:\windows\system32\Tasks
2014-08-01 18:16:57 ----RD---- C:\Program Files (x86)
2014-08-01 18:16:57 ----D---- C:\windows\Tasks
2014-08-01 17:50:40 ----D---- C:\windows\system32\config
2014-08-01 17:48:41 ----RSD---- C:\windows\Fonts
2014-08-01 17:48:40 ----SHD---- C:\windows\Installer
2014-08-01 17:48:26 ----D---- C:\windows\WinSxS
2014-08-01 17:23:57 ----A---- C:\windows\SYSWOW64\log.txt
2014-08-01 17:23:10 ----D---- C:\Users\OEM\AppData\Roaming\Dropbox
2014-08-01 17:22:13 ----D---- C:\ProgramData\PDFC
2014-08-01 17:20:03 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-01 17:12:08 ----D---- C:\windows\SysWOW64
2014-08-01 15:52:21 ----HD---- C:\Program Files\WindowsApps
2014-08-01 15:52:21 ----D---- C:\windows\AUInstallAgent
2014-07-30 11:41:15 ----D---- C:\windows\rescache
2014-07-17 20:44:21 ----D---- C:\Program Files\Windows Journal
2014-07-17 20:44:20 ----D---- C:\windows\WinStore
2014-07-17 20:44:19 ----D---- C:\Program Files (x86)\Internet Explorer
2014-07-17 20:44:14 ----D---- C:\Program Files\Internet Explorer
2014-07-17 20:44:10 ----D---- C:\windows\system32\Drivers
2014-07-17 20:44:09 ----D---- C:\windows\system32\DriverStore
2014-07-17 20:44:06 ----D---- C:\windows\CbsTemp
2014-07-17 19:21:19 ----D---- C:\windows\system32\MRT
2014-07-17 19:18:54 ----A---- C:\windows\system32\MRT.exe
2014-07-14 16:42:23 ----D---- C:\ProgramData\Microsoft Help
2014-07-14 16:27:27 ----D---- C:\windows\system32\catroot2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amdkmpfd;@oem15.inf,%AMDKMPFD_svcdesc%;AMD PCI Root Bus Lower Filter; C:\windows\System32\drivers\amdkmpfd.sys [2012-09-14 36520]
R0 aswRvrt;avast! Revert; C:\windows\system32\drivers\aswRvrt.sys [2014-05-03 65776]
R0 aswVmm;avast! VM Monitor; C:\windows\system32\drivers\aswVmm.sys [2014-05-03 208416]
R0 hpdskflt;@oem4.inf,%service_desc%;HP Filter; C:\windows\System32\drivers\hpdskflt.sys [2013-03-02 30520]
R0 iaStorA;iaStorA; C:\windows\System32\drivers\iaStorA.sys [2013-01-02 641672]
R0 PinFile;PinFile; C:\windows\system32\DRIVERS\PinFile.sys [2013-03-18 49856]
R0 SDDisk2K;SDDisk2K; C:\windows\system32\DRIVERS\SDDisk2K.sys [2013-03-27 212672]
R0 SDDToki;SDDToki; C:\windows\system32\DRIVERS\SDDToki.sys [2013-01-07 131928]
R1 aswKbd;aswKbd; C:\windows\system32\drivers\aswKbd.sys [2014-04-10 28184]
R1 aswRdr;aswRdr; C:\windows\system32\drivers\aswRdr2.sys [2014-05-03 93568]
R1 aswSnx;aswSnx; C:\windows\system32\drivers\aswSnx.sys [2014-05-15 1039096]
R1 aswSP;aswSP; C:\windows\system32\drivers\aswSP.sys [2014-05-15 423240]
R1 CLVirtualDrive;CLVirtualDrive; C:\windows\system32\DRIVERS\CLVirtualDrive.sys [2012-06-25 92536]
R1 Vsdatant;@oem36.inf,%Vsdatant_Desc%;Zone Alarm Firewall Driver; C:\windows\System32\drivers\vsdatant.sys [2013-06-13 451096]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\windows\system32\DRIVERS\vwififlt.sys [2012-07-26 64000]
R2 aswMonFlt;aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [2014-05-03 79184]
R2 aswStm;aswStm; C:\windows\system32\drivers\aswStm.sys [2014-05-15 85328]
R3 Accelerometer;@oem4.inf,%accelerometer_desc%;HP Mobile Data Protection Sensor; C:\windows\System32\drivers\Accelerometer.sys [2013-03-02 43320]
R3 amdkmdag;amdkmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2013-02-26 11612672]
R3 amdkmdap;amdkmdap; C:\windows\system32\DRIVERS\atikmpag.sys [2013-02-26 578048]
R3 BtAudioBusSrv;@oem25.inf,%SvcDesc%;Ralink Bluetooth Audio Bus Service; C:\windows\System32\Drivers\BtAudioBus.sys [2012-06-15 23136]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:\windows\System32\drivers\BthEnum.sys [2013-04-29 51712]
R3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service; C:\windows\System32\Drivers\BtL2caScoIf.sys [2012-07-19 56904]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\windows\system32\DRIVERS\BthLEEnum.sys [2012-07-26 202752]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2012-07-26 119808]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2013-04-29 74752]
R3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service; C:\windows\System32\Drivers\IvtUrbBtFlt.sys [2012-12-05 49632]
R3 clwcsm;@oem31.inf,%clwcsm.DeviceDesc%;CyberLink Webcam Sharing Manager 4.2; C:\windows\system32\DRIVERS\clwcsm.sys [2013-02-19 42944]
R3 HpqKbFiltr;@oem19.inf,%HpqKbFiltr.SvcDesc%;HpqKbFilter Driver; C:\windows\System32\drivers\HpqKbFiltr.sys [2013-01-29 26504]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2012-12-12 5353888]
R3 IntcDAud;@oem2.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2012-12-13 342528]
R3 MEIx64;@oem6.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface ; C:\windows\System32\drivers\HECIx64.sys [2012-07-12 62784]
R3 netr28x;@oem39.inf,%Generic.Service.DispName%;Ralink 802.11n Extensible Wireless Driver; C:\windows\system32\DRIVERS\netr28x.sys [2013-12-04 2505904]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\System32\drivers\rfcomm.sys [2013-03-01 156672]
R3 rtbth;@oem38.inf,%General.Service.DispName%;RTBTH Bluetooth Device Driver; C:\windows\System32\drivers\rtbth.sys [2013-12-02 1204424]
R3 RTL8168;@oem20.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\windows\system32\DRIVERS\Rt630x64.sys [2013-02-26 772680]
R3 SPUVCbv;@oem29.inf,%SPUVCb.ServiceName%;SPUVCb Driver Service; C:\windows\System32\Drivers\SPUVCbv_x64.sys [2013-02-22 1446904]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10301; C:\windows\system32\DRIVERS\stwrt64.sys [2013-02-04 544768]
R3 SynTP;@oem37.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2013-10-30 549104]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\windows\system32\DRIVERS\vwifimp.sys [2012-07-26 17920]
S0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2014-06-22 834544]
S2 aswHwid;avast! HardwareID; C:\windows\system32\drivers\aswHwid.sys [2014-05-03 29208]
S3 athr;@netathrx.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athrx.sys [2012-06-02 2935808]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2013-03-01 1175040]
S3 DAMDrv;DAMDrv; C:\windows\system32\DRIVERS\DAMDrv64.sys [2013-02-18 65752]
S3 e1iexpress;@net1ic64.inf,%E1IExpress.Service.DispName%;Intel(R) PRO/1000 PCI Express Network Connection Driver I; C:\windows\system32\DRIVERS\e1i63x64.sys [2012-06-02 333824]
S3 RSP2STOR;@oem11.inf,%Rts5229%;Realtek PCIE CardReader Driver - P2; C:\windows\system32\DRIVERS\RtsP2Stor.sys [2013-01-23 288328]
S3 RTSPER;Realtek PCIe CardReader Driver; C:\windows\system32\DRIVERS\RtsPer.sys [2013-02-01 448072]
S3 SmbDrv;SmbDrv; C:\windows\System32\drivers\Smb_driver_AMDASF.sys [2013-01-11 28400]
S3 SmbDrvI;SmbDrvI; C:\windows\System32\drivers\Smb_driver_Intel.sys [2013-01-11 32496]
S3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\windows\System32\Drivers\usbvideo.sys [2013-07-06 210560]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
R2 AMD External Events Utility;AMD External Events Utility; C:\windows\system32\atiesrxx.exe [2013-02-26 241152]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\windows\system32\svchost.exe [2012-10-12 29696]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-05-03 50344]
R2 BlueSoleilCS;BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [2013-01-31 1626872]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184]
R2 DpHost;@c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [2013-03-12 491320]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
R2 HPFSService;HP File Sanitizer; c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2013-03-06 1730776]
R2 hpHotkeyMonitor;hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2013-01-31 553248]
R2 hpsrv;@oem4.inf,%hpservice_desc%;HP Service; C:\windows\system32\Hpservice.exe [2013-03-02 43320]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-01-02 15496]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-07-27 636952]
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-10-22 130592]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-10-22 166432]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-10-22 278560]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2013-02-07 1135752]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10101; C:\Program Files\IDT\WDM\STacSV64.exe [2013-02-04 332800]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-10-22 365600]
R2 vsmon;TrueVector Internet Monitor; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2013-08-12 2445304]
R3 BsHelpCS;BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [2013-01-10 138752]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2013-01-23 1006424]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-17 262320]
S3 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-12 51648]
S3 cphs;Intel(R) Content Protection HECI Service; C:\windows\SysWow64\IntelCpHeciSvc.exe [2012-12-18 277640]
S3 FLCDLOCK;HP Device Locking / Auditing; c:\windows\SysWOW64\flcdlock.exe [2013-03-04 556856]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2012-07-26 43616]
S3 HotSpotSrv;HP HotSpot 1.0 Service; C:\Program Files (x86)\Hewlett-Packard\HP Wireless Hotspot\HotSpotSrv.exe [2012-12-19 357816]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-07-30 119408]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S4 BthAvrcpTg;@bthaudhid.inf,%BthAvrcpTg_SvcDesc%;Bluetooth Audio/Video Remote Control HID; C:\windows\System32\drivers\BthAvrcpTg.sys [2013-06-01 37632]
S4 BthHFEnum;@bthhfenum.inf,%BthHFEnum.SVCDESC%;Bluetooth Hands-Free Audio and Call Control HID Enumerator; C:\windows\System32\drivers\bthhfenum.sys [2012-07-26 51200]
S4 bthhfhid;@bthaudhid.inf,%BthAudioHFHid.SVCDESC%;Bluetooth Hands-Free Call Control HID; C:\windows\System32\drivers\BthHFHid.sys [2013-04-29 29952]

-----------------EOF-----------------

Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Preventivní kontrola

#4 Příspěvek od Márty84 »

:arrow: Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).

cinci
Návštěvník
Návštěvník
Příspěvky: 48
Registrován: 17 říj 2006 16:50

Re: Preventivní kontrola

#5 Příspěvek od cinci »

Tady je to:

# AdwCleaner v3.302 - Report created 02/08/2014 at 20:56:33
# Updated 30/07/2014 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : OEM - NB_KMI
# Running from : C:\Users\OEM\Desktop\adwcleaner_3.302.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\OEM\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\OEM\AppData\Roaming\Solvusoft
Folder Deleted : C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\mmfcp6kt.default\Extensions\ffxtlbr@zonealarm.com
File Deleted : C:\windows\System32\roboot64.exe
File Deleted : C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\mmfcp6kt.default\searchplugins\zonealarm.xml
File Deleted : C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\mmfcp6kt.default\user.js

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17028


-\\ Mozilla Firefox v31.0 (x86 cs)

[ File : C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\mmfcp6kt.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [3516 octets] - [02/08/2014 20:47:08]
AdwCleaner[R1].txt - [3576 octets] - [02/08/2014 20:54:54]
AdwCleaner[S0].txt - [3567 octets] - [02/08/2014 20:56:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3627 octets] ##########

Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Preventivní kontrola

#6 Příspěvek od Márty84 »

:arrow: Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=29&t=137928 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).

cinci
Návštěvník
Návštěvník
Příspěvky: 48
Registrován: 17 říj 2006 16:50

Re: Preventivní kontrola

#7 Příspěvek od cinci »

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3. 8. 2014
Scan Time: 11:33:51
Logfile: malwarebytes_log.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.03.02
Rootkit Database: v2014.08.01.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: OEM

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 578454
Time Elapsed: 1 hr, 46 min, 2 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 3
PUP.Optional.Bandoo, C:\$RECYCLE.BIN\S-1-5-21-728494050-748853550-4280414578-1002\$RP5H7XG.exe, , [e44a467c6e0d37fff8595bb81fe214ec],
PUP.Optional.InstallCore, C:\$RECYCLE.BIN\S-1-5-21-728494050-748853550-4280414578-1002\$RRN788Q.exe, , [18168a383348cd699f64c8db689c659b],
PUP.Optional.Bandoo.A, C:\Users\OEM\AppData\Local\Temp\nsf2808.tmp\Uninstall.exe, , [2fffedd55328e55168bb2a0df40d18e8],

Physical Sectors: 0
(No malicious items detected)


(end)

Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Preventivní kontrola

#8 Příspěvek od Márty84 »

:arrow: Nalezy hodte do karanteny, pak MBAM odinstalujte.


:???: Je s tim pc nejaky konkretni problem, nebo jde ciste jen o prevenci?


:arrow: Dejte novy log z RSIT
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).

cinci
Návštěvník
Návštěvník
Příspěvky: 48
Registrován: 17 říj 2006 16:50

Re: Preventivní kontrola

#9 Příspěvek od cinci »

Žádné problémy zatím ne, jen prevence. Tady je nový log:

Logfile of random's system information tool 1.10 (written by random/random)
Run by OEM at 2014-08-06 09:43:00
Microsoft Windows 8
System drive C: has 487 GB (70%) free of 700 GB
Total RAM: 8043 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:43:03, on 6. 8. 2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.17028)
Boot mode: Normal

Running processes:
c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
C:\Program Files (x86)\CyberLink\Webcam Sharing Manager\StreamProvider.exe
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\OEM\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Program Files (x86)\Classic Shell\ClassicShellUpdate.exe
C:\Program Files\trend micro\OEM.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.zonealarm.com/?src=hp&tbi ... tsId=&ver=&
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files (x86)\Classic Shell\ClassicExplorer32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files (x86)\Classic Shell\ClassicIEDLL_32.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files (x86)\Classic Shell\ClassicExplorer32.dll
O3 - Toolbar: ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
O4 - HKLM\..\Run: [BtTray] "c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
O4 - HKLM\..\Run: [CLWCSM] "c:\Program Files (x86)\CyberLink\Webcam Sharing Manager\StreamProvider.exe"
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
O4 - HKLM\..\Run: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [YouCam Mirage] "c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
O4 - HKLM\..\Run: [CLVirtualDrive] "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - Startup: Dropbox.lnk = C:\Users\OEM\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\Program Files (x86)\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files (x86)\Classic Shell\ClassicIE_32.exe
O9 - Extra 'Tools' menuitem: Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files (x86)\Classic Shell\ClassicIE_32.exe
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Company - c:\windows\SysWOW64\flcdlock.exe
O23 - Service: HP HotSpot 1.0 Service (HotSpotSrv) - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Hotspot\HotSpotSrv.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP File Sanitizer (HPFSService) - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @oem4.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZoneAlarm Privacy Service (ZAPrivacyService) - Check Point Software Technologies, Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe

--
End of file - 15462 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe"
"dwm.exe"
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
atieclxx
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\windows\system32\Hpservice.exe
C:\windows\system32\svchost.exe -k NetworkService
"C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe" -service
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe"
C:\windows\Explorer.EXE
"c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\windows\System32\spoolsv.exe
taskhostex.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\windows\system32\svchost.exe -k apphost
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe"
"c:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\PDF Complete\pdfsvc.exe" /startedbyscm:66B66708-40E2BE4D-pdfcService
C:\windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe"
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\unsecapp.exe -Embedding
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe"
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
ClassicStartMenu.exe -startup
C:\windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" /start
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
"C:\Program Files (x86)\CyberLink\Webcam Sharing Manager\StreamProvider.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe"
"C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe"
"C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
"C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
taskeng.exe {82739066-EE8C-49A2-9B95-4226F705F4A0}
"C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Users\OEM\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup
C:\windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\windows\servicing\TrustedInstaller.exe
C:\windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe -Embedding
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=5056.14777580.1533747491 "C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 5056 "\\.\pipe\gecko-crash-server-pipe.5056" plugin
"C:\windows\SYSTEM32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe" --proxy-stub-channel=Flash5404.576B0D80.5090 --host-broker-channel=Flash5404.576B0D80.30564 --host-pid=5404 --host-npapi-version=27 --plugin-path="C:\windows\SYSTEM32\Macromed\Flash\NPSWF32_14_0_0_145.dll"
"C:\windows\SYSTEM32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe" --channel=6052.00A4F8C4.614114764 --proxy-stub-channel=Flash5404.576B0D80.5090 --plugin-path="C:\windows\SYSTEM32\Macromed\Flash\NPSWF32_14_0_0_145.dll" --host-npapi-version=27 --type=renderer

C:\windows\system32\msiexec.exe /V
"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\windows\system32\SearchFilterHost.exe" 0 556 560 568 65536 564
"C:\Program Files (x86)\Classic Shell\ClassicShellUpdate.exe" -popup
"C:\Users\OEM\Desktop\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\windows\tasks\Adobe Flash Player Updater.job - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\mmfcp6kt.default

prefs.js - "browser.startup.homepage" - "http://www.centrum.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 14.0.0.145 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.55.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\Program Files (x86)\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files (x86)\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.8]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\digitalpersona.com/ChromeDPAgent]
"Description"=
"Path"=c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\components\npChromeDPAgent.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 14.0.0.145 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\Program Files\MICROS~1\Office14\NPAUTHZ.DLL


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}]
ExplorerBHO Class - C:\Program Files (x86)\Classic Shell\ClassicExplorer64.dll [2013-10-04 774144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-05-03 581824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}]
ClassicIEBHO Class - C:\Program Files (x86)\Classic Shell\ClassicIEDLL_64.dll [2013-10-04 460288]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3134413B-49B4-425C-98A5-893C1F195601}]
HP File Sanitizer - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2013-03-06 107736]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}]
ExplorerBHO Class - C:\Program Files (x86)\Classic Shell\ClassicExplorer32.dll [2013-10-04 627712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-05-03 436600]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files (x86)\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09 351136]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}]
ClassicIEBHO Class - C:\Program Files (x86)\Classic Shell\ClassicIEDLL_32.dll [2013-10-04 386048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -
{553891B7-A0D5-4526-BE18-D3CE461D6310} - Classic Explorer Bar - C:\Program Files (x86)\Classic Shell\ClassicExplorer64.dll [2013-10-04 774144]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{553891B7-A0D5-4526-BE18-D3CE461D6310} - Classic Explorer Bar - C:\Program Files (x86)\Classic Shell\ClassicExplorer32.dll [2013-10-04 627712]
{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - ZoneAlarm Security Toolbar - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll [2013-07-22 289168]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2013-02-04 1702912]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2012-12-18 172168]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2012-12-18 400008]
"Persistence"=C:\windows\system32\igfxpers.exe [2012-12-18 441992]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2013-01-10 56568]
"PDF Complete"=C:\Program Files (x86)\PDF Complete\pdfsty.exe [2013-02-07 683656]
"StartCCC"=c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2013-02-25 642656]
"QLBController"=C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [2013-01-31 337184]
""= []
"BtTray"=c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [2013-01-10 379904]
"CLWCSM"=c:\Program Files (x86)\CyberLink\Webcam Sharing Manager\StreamProvider.exe [2013-02-20 249096]
"AccelerometerSysTrayApplet"=C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [2013-03-11 77088]
"File Sanitizer"=c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [2013-03-06 13685464]
"YouCam Mirage"=c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2013-02-01 136488]
"YouCam Tray"=c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [2013-02-01 167488]
"CLMLServer_For_P2G8"=c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-11-21 111136]
"CLVirtualDrive"=c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [2012-11-21 493088]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"ZoneAlarm"=C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [2013-08-12 73832]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-06-29 3890208]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

C:\Users\OEM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\OEM\AppData\Roaming\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2012-12-12 442880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=DPPassFilter
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-08-03 11:32:39 ----D---- C:\ProgramData\Malwarebytes
2014-08-02 20:47:05 ----D---- C:\AdwCleaner
2014-08-02 10:22:27 ----D---- C:\Program Files\trend micro
2014-08-02 10:22:26 ----D---- C:\rsit
2014-08-01 18:38:24 ----A---- C:\windows\system32\WMIMPLEX.dll
2014-08-01 18:38:24 ----A---- C:\windows\system32\maplec.dll
2014-08-01 18:17:46 ----D---- C:\Users\OEM\AppData\Roaming\IsolatedStorage
2014-08-01 18:17:46 ----D---- C:\ProgramData\IsolatedStorage
2014-08-01 18:13:15 ----D---- C:\Spacekace
2014-08-01 17:53:17 ----D---- C:\Program Files\Maple 18
2014-07-30 11:02:37 ----A---- C:\windows\system32\FNTCACHE.DAT
2014-07-30 10:43:01 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-07-29 22:37:40 ----HD---- C:\Program Files (x86)\Zero G Registry
2014-07-17 20:48:19 ----A---- C:\windows\SYSWOW64\FlashPlayerApp.exe
2014-07-14 16:29:45 ----A---- C:\windows\system32\win32k.sys
2014-07-14 16:29:44 ----A---- C:\windows\SYSWOW64\osk.exe
2014-07-14 16:29:44 ----A---- C:\windows\system32\osk.exe
2014-07-14 16:29:34 ----A---- C:\windows\system32\lsasrv.dll
2014-07-14 16:29:33 ----A---- C:\windows\system32\SHCore.dll
2014-07-14 16:29:30 ----A---- C:\windows\SYSWOW64\SHCore.dll
2014-07-14 16:29:30 ----A---- C:\windows\system32\lsm.dll
2014-07-14 16:28:54 ----A---- C:\windows\system32\ntoskrnl.exe
2014-07-14 16:28:53 ----A---- C:\windows\SYSWOW64\ntdll.dll
2014-07-14 16:28:53 ----A---- C:\windows\system32\ntdll.dll
2014-07-14 16:28:53 ----A---- C:\windows\system32\localspl.dll
2014-07-14 16:28:53 ----A---- C:\windows\system32\drivers\hdaudbus.sys
2014-07-14 16:28:52 ----A---- C:\windows\SYSWOW64\WSShared.dll
2014-07-14 16:28:52 ----A---- C:\windows\SYSWOW64\Robocopy.exe
2014-07-14 16:28:52 ----A---- C:\windows\system32\WSShared.dll
2014-07-14 16:28:52 ----A---- C:\windows\system32\Robocopy.exe
2014-07-14 16:28:51 ----A---- C:\windows\SYSWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-14 16:28:51 ----A---- C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-14 16:28:22 ----A---- C:\windows\SYSWOW64\mshtml.dll
2014-07-14 16:28:20 ----A---- C:\windows\system32\mshtml.dll
2014-07-14 16:28:13 ----A---- C:\windows\system32\ieframe.dll
2014-07-14 16:28:12 ----A---- C:\windows\system32\jscript9.dll
2014-07-14 16:28:10 ----A---- C:\windows\SYSWOW64\iedkcs32.dll
2014-07-14 16:28:09 ----A---- C:\windows\SYSWOW64\ieframe.dll
2014-07-14 16:28:09 ----A---- C:\windows\system32\iertutil.dll
2014-07-14 16:28:09 ----A---- C:\windows\system32\iedkcs32.dll
2014-07-14 16:28:08 ----A---- C:\windows\SYSWOW64\jscript9.dll
2014-07-14 16:28:08 ----A---- C:\windows\SYSWOW64\iertutil.dll
2014-07-14 16:28:08 ----A---- C:\windows\system32\wininet.dll
2014-07-14 16:28:08 ----A---- C:\windows\system32\urlmon.dll
2014-07-14 16:28:07 ----A---- C:\windows\SYSWOW64\wininet.dll
2014-07-14 16:28:07 ----A---- C:\windows\SYSWOW64\urlmon.dll
2014-07-14 16:28:07 ----A---- C:\windows\system32\jscript.dll
2014-07-14 16:28:07 ----A---- C:\windows\system32\dxtmsft.dll
2014-07-14 16:28:05 ----A---- C:\windows\SYSWOW64\dxtmsft.dll
2014-07-14 16:28:05 ----A---- C:\windows\system32\mshtmled.dll
2014-07-14 16:28:05 ----A---- C:\windows\system32\msfeeds.dll
2014-07-14 16:28:05 ----A---- C:\windows\system32\dxtrans.dll
2014-07-14 16:28:04 ----A---- C:\windows\SYSWOW64\jscript.dll
2014-07-14 16:28:04 ----A---- C:\windows\system32\uxtheme.dll
2014-07-14 16:28:03 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2014-07-14 16:28:03 ----A---- C:\windows\SYSWOW64\dxtrans.dll
2014-07-14 16:28:02 ----A---- C:\windows\SYSWOW64\mshtmled.dll
2014-07-14 16:28:02 ----A---- C:\windows\SYSWOW64\iesysprep.dll
2014-07-14 16:28:02 ----A---- C:\windows\system32\iesysprep.dll
2014-07-14 16:28:01 ----A---- C:\windows\SYSWOW64\msrating.dll
2014-07-14 16:28:01 ----A---- C:\windows\system32\msrating.dll
2014-07-14 16:28:01 ----A---- C:\windows\system32\iernonce.dll
2014-07-14 16:28:01 ----A---- C:\windows\system32\ie4uinit.exe
2014-07-14 16:28:00 ----A---- C:\windows\SYSWOW64\UXInit.dll
2014-07-14 16:28:00 ----A---- C:\windows\SYSWOW64\iernonce.dll
2014-07-14 16:28:00 ----A---- C:\windows\system32\UXInit.dll
2014-07-14 16:27:59 ----A---- C:\windows\SYSWOW64\jsproxy.dll
2014-07-14 16:27:59 ----A---- C:\windows\system32\jsproxy.dll
2014-07-14 16:27:58 ----A---- C:\windows\SYSWOW64\uxtheme.dll
2014-07-14 16:27:58 ----A---- C:\windows\SYSWOW64\iesetup.dll
2014-07-14 16:27:58 ----A---- C:\windows\system32\iesetup.dll
2014-07-14 16:27:47 ----A---- C:\windows\system32\drivers\afd.sys
2014-07-14 16:27:38 ----A---- C:\windows\system32\InkEd.dll
2014-07-14 16:27:18 ----A---- C:\windows\system32\qedit.dll
2014-07-14 16:27:17 ----A---- C:\windows\SYSWOW64\qedit.dll

======List of files/folders modified in the last 1 month======

2014-08-06 09:42:23 ----RD---- C:\Program Files (x86)
2014-08-06 09:42:23 ----D---- C:\windows\system32\Drivers
2014-08-06 09:42:04 ----D---- C:\windows\Prefetch
2014-08-06 09:41:03 ----A---- C:\windows\SYSWOW64\bscs.ini
2014-08-06 09:40:46 ----A---- C:\windows\SYSWOW64\log.txt
2014-08-06 09:40:17 ----D---- C:\windows\Temp
2014-08-06 09:40:14 ----D---- C:\Users\OEM\AppData\Roaming\Dropbox
2014-08-06 09:39:53 ----A---- C:\windows\SYSWOW64\LOCALSERVICE.INI
2014-08-06 09:38:40 ----D---- C:\ProgramData\PDFC
2014-08-06 09:38:01 ----A---- C:\windows\SYSWOW64\LOCALDEVICE.INI
2014-08-06 09:36:08 ----D---- C:\windows\Vss
2014-08-06 09:00:01 ----D---- C:\windows\system32\sru
2014-08-03 11:32:39 ----HD---- C:\ProgramData
2014-08-02 21:03:54 ----D---- C:\Users\OEM\AppData\Roaming\ClassicShell
2014-08-02 20:56:34 ----RD---- C:\windows\System32
2014-08-02 10:22:27 ----RD---- C:\Program Files
2014-08-02 10:18:26 ----D---- C:\Users\OEM\AppData\Roaming\vlc
2014-08-01 20:51:25 ----SHD---- C:\System Volume Information
2014-08-01 20:47:57 ----D---- C:\windows\Microsoft.NET
2014-08-01 19:09:27 ----D---- C:\windows\Inf
2014-08-01 19:09:27 ----A---- C:\windows\system32\PerfStringBackup.INI
2014-08-01 18:16:59 ----D---- C:\windows\system32\Tasks
2014-08-01 18:16:57 ----D---- C:\windows\Tasks
2014-08-01 17:50:40 ----D---- C:\windows\system32\config
2014-08-01 17:48:41 ----RSD---- C:\windows\Fonts
2014-08-01 17:48:40 ----SHD---- C:\windows\Installer
2014-08-01 17:48:26 ----D---- C:\windows\WinSxS
2014-08-01 17:20:03 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-01 17:12:08 ----D---- C:\windows\SysWOW64
2014-08-01 15:52:21 ----HD---- C:\Program Files\WindowsApps
2014-08-01 15:52:21 ----D---- C:\windows\AUInstallAgent
2014-07-30 11:41:15 ----D---- C:\windows\rescache
2014-07-17 20:44:21 ----D---- C:\Program Files\Windows Journal
2014-07-17 20:44:20 ----D---- C:\windows\WinStore
2014-07-17 20:44:19 ----D---- C:\Program Files (x86)\Internet Explorer
2014-07-17 20:44:14 ----D---- C:\Program Files\Internet Explorer
2014-07-17 20:44:09 ----D---- C:\windows\system32\DriverStore
2014-07-17 20:44:06 ----D---- C:\windows\CbsTemp
2014-07-17 20:43:59 ----A---- C:\windows\SYSWOW64\wuwebv.dll
2014-07-17 20:43:59 ----A---- C:\windows\SYSWOW64\wuapp.exe
2014-07-17 20:43:57 ----A---- C:\windows\system32\wuwebv.dll
2014-07-17 20:43:57 ----A---- C:\windows\system32\wuapp.exe
2014-07-17 20:43:42 ----A---- C:\windows\system32\wudriver.dll
2014-07-17 20:43:42 ----A---- C:\windows\system32\wuapi.dll
2014-07-17 20:43:40 ----A---- C:\windows\system32\WUSettingsProvider.dll
2014-07-17 20:43:40 ----A---- C:\windows\system32\wucltux.dll
2014-07-17 20:43:39 ----A---- C:\windows\system32\wuaueng.dll
2014-07-17 20:43:39 ----A---- C:\windows\system32\wuauclt.exe
2014-07-17 20:43:37 ----A---- C:\windows\SYSWOW64\wudriver.dll
2014-07-17 20:43:37 ----A---- C:\windows\SYSWOW64\wuapi.dll
2014-07-17 20:43:37 ----A---- C:\windows\system32\storewuauth.dll
2014-07-17 19:21:19 ----D---- C:\windows\system32\MRT
2014-07-17 19:18:54 ----A---- C:\windows\system32\MRT.exe
2014-07-14 16:42:23 ----D---- C:\ProgramData\Microsoft Help
2014-07-14 16:27:27 ----D---- C:\windows\system32\catroot2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amdkmpfd;@oem15.inf,%AMDKMPFD_svcdesc%;AMD PCI Root Bus Lower Filter; C:\windows\System32\drivers\amdkmpfd.sys [2012-09-14 36520]
R0 aswRvrt;avast! Revert; C:\windows\system32\drivers\aswRvrt.sys [2014-05-03 65776]
R0 aswVmm;avast! VM Monitor; C:\windows\system32\drivers\aswVmm.sys [2014-05-03 208416]
R0 hpdskflt;@oem4.inf,%service_desc%;HP Filter; C:\windows\System32\drivers\hpdskflt.sys [2013-03-02 30520]
R0 iaStorA;iaStorA; C:\windows\System32\drivers\iaStorA.sys [2013-01-02 641672]
R0 PinFile;PinFile; C:\windows\system32\DRIVERS\PinFile.sys [2013-03-18 49856]
R0 SDDisk2K;SDDisk2K; C:\windows\system32\DRIVERS\SDDisk2K.sys [2013-03-27 212672]
R0 SDDToki;SDDToki; C:\windows\system32\DRIVERS\SDDToki.sys [2013-01-07 131928]
R1 aswKbd;aswKbd; C:\windows\system32\drivers\aswKbd.sys [2014-04-10 28184]
R1 aswRdr;aswRdr; C:\windows\system32\drivers\aswRdr2.sys [2014-05-03 93568]
R1 aswSnx;aswSnx; C:\windows\system32\drivers\aswSnx.sys [2014-05-15 1039096]
R1 aswSP;aswSP; C:\windows\system32\drivers\aswSP.sys [2014-05-15 423240]
R1 CLVirtualDrive;CLVirtualDrive; C:\windows\system32\DRIVERS\CLVirtualDrive.sys [2012-06-25 92536]
R1 Vsdatant;@oem36.inf,%Vsdatant_Desc%;Zone Alarm Firewall Driver; C:\windows\System32\drivers\vsdatant.sys [2013-06-13 451096]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\windows\system32\DRIVERS\vwififlt.sys [2012-07-26 64000]
R2 aswMonFlt;aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [2014-05-03 79184]
R2 aswStm;aswStm; C:\windows\system32\drivers\aswStm.sys [2014-05-15 85328]
R3 Accelerometer;@oem4.inf,%accelerometer_desc%;HP Mobile Data Protection Sensor; C:\windows\System32\drivers\Accelerometer.sys [2013-03-02 43320]
R3 amdkmdag;amdkmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2013-02-26 11612672]
R3 amdkmdap;amdkmdap; C:\windows\system32\DRIVERS\atikmpag.sys [2013-02-26 578048]
R3 BtAudioBusSrv;@oem25.inf,%SvcDesc%;Ralink Bluetooth Audio Bus Service; C:\windows\System32\Drivers\BtAudioBus.sys [2012-06-15 23136]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:\windows\System32\drivers\BthEnum.sys [2013-04-29 51712]
R3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service; C:\windows\System32\Drivers\BtL2caScoIf.sys [2012-07-19 56904]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\windows\system32\DRIVERS\BthLEEnum.sys [2012-07-26 202752]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2012-07-26 119808]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2013-04-29 74752]
R3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service; C:\windows\System32\Drivers\IvtUrbBtFlt.sys [2012-12-05 49632]
R3 clwcsm;@oem31.inf,%clwcsm.DeviceDesc%;CyberLink Webcam Sharing Manager 4.2; C:\windows\system32\DRIVERS\clwcsm.sys [2013-02-19 42944]
R3 HpqKbFiltr;@oem19.inf,%HpqKbFiltr.SvcDesc%;HpqKbFilter Driver; C:\windows\System32\drivers\HpqKbFiltr.sys [2013-01-29 26504]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2012-12-12 5353888]
R3 IntcDAud;@oem2.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2012-12-13 342528]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys []
R3 MEIx64;@oem6.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface ; C:\windows\System32\drivers\HECIx64.sys [2012-07-12 62784]
R3 netr28x;@oem39.inf,%Generic.Service.DispName%;Ralink 802.11n Extensible Wireless Driver; C:\windows\system32\DRIVERS\netr28x.sys [2013-12-04 2505904]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\System32\drivers\rfcomm.sys [2013-03-01 156672]
R3 rtbth;@oem38.inf,%General.Service.DispName%;RTBTH Bluetooth Device Driver; C:\windows\System32\drivers\rtbth.sys [2013-12-02 1204424]
R3 RTL8168;@oem20.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\windows\system32\DRIVERS\Rt630x64.sys [2013-02-26 772680]
R3 SPUVCbv;@oem29.inf,%SPUVCb.ServiceName%;SPUVCb Driver Service; C:\windows\System32\Drivers\SPUVCbv_x64.sys [2013-02-22 1446904]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10301; C:\windows\system32\DRIVERS\stwrt64.sys [2013-02-04 544768]
R3 SynTP;@oem37.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2013-10-30 549104]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\windows\system32\DRIVERS\vwifimp.sys [2012-07-26 17920]
S0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2014-06-22 834544]
S2 aswHwid;avast! HardwareID; C:\windows\system32\drivers\aswHwid.sys [2014-05-03 29208]
S3 athr;@netathrx.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athrx.sys [2012-06-02 2935808]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2013-03-01 1175040]
S3 DAMDrv;DAMDrv; C:\windows\system32\DRIVERS\DAMDrv64.sys [2013-02-18 65752]
S3 e1iexpress;@net1ic64.inf,%E1IExpress.Service.DispName%;Intel(R) PRO/1000 PCI Express Network Connection Driver I; C:\windows\system32\DRIVERS\e1i63x64.sys [2012-06-02 333824]
S3 RSP2STOR;@oem11.inf,%Rts5229%;Realtek PCIE CardReader Driver - P2; C:\windows\system32\DRIVERS\RtsP2Stor.sys [2013-01-23 288328]
S3 RTSPER;Realtek PCIe CardReader Driver; C:\windows\system32\DRIVERS\RtsPer.sys [2013-02-01 448072]
S3 SmbDrv;SmbDrv; C:\windows\System32\drivers\Smb_driver_AMDASF.sys [2013-01-11 28400]
S3 SmbDrvI;SmbDrvI; C:\windows\System32\drivers\Smb_driver_Intel.sys [2013-01-11 32496]
S3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\windows\System32\Drivers\usbvideo.sys [2013-07-06 210560]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
R2 AMD External Events Utility;AMD External Events Utility; C:\windows\system32\atiesrxx.exe [2013-02-26 241152]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\windows\system32\svchost.exe [2012-10-12 29696]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-05-03 50344]
R2 BlueSoleilCS;BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [2013-01-31 1626872]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184]
R2 DpHost;@c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [2013-03-12 491320]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
R2 HPFSService;HP File Sanitizer; c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2013-03-06 1730776]
R2 hpHotkeyMonitor;hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2013-01-31 553248]
R2 hpsrv;@oem4.inf,%hpservice_desc%;HP Service; C:\windows\system32\Hpservice.exe [2013-03-02 43320]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-01-02 15496]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-07-27 636952]
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-10-22 130592]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-10-22 166432]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-10-22 278560]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2013-02-07 1135752]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10101; C:\Program Files\IDT\WDM\STacSV64.exe [2013-02-04 332800]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-10-22 365600]
R2 vsmon;TrueVector Internet Monitor; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2013-08-12 2445304]
R3 BsHelpCS;BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [2013-01-10 138752]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2013-01-23 1006424]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-17 262320]
S3 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-12 51648]
S3 cphs;Intel(R) Content Protection HECI Service; C:\windows\SysWow64\IntelCpHeciSvc.exe [2012-12-18 277640]
S3 FLCDLOCK;HP Device Locking / Auditing; c:\windows\SysWOW64\flcdlock.exe [2013-03-04 556856]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2012-07-26 43616]
S3 HotSpotSrv;HP HotSpot 1.0 Service; C:\Program Files (x86)\Hewlett-Packard\HP Wireless Hotspot\HotSpotSrv.exe [2012-12-19 357816]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-07-30 119408]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S4 BthAvrcpTg;@bthaudhid.inf,%BthAvrcpTg_SvcDesc%;Bluetooth Audio/Video Remote Control HID; C:\windows\System32\drivers\BthAvrcpTg.sys [2013-06-01 37632]
S4 BthHFEnum;@bthhfenum.inf,%BthHFEnum.SVCDESC%;Bluetooth Hands-Free Audio and Call Control HID Enumerator; C:\windows\System32\drivers\bthhfenum.sys [2012-07-26 51200]
S4 bthhfhid;@bthaudhid.inf,%BthAudioHFHid.SVCDESC%;Bluetooth Hands-Free Call Control HID; C:\windows\System32\drivers\BthHFHid.sys [2013-04-29 29952]

-----------------EOF-----------------

Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Preventivní kontrola

#10 Příspěvek od Márty84 »

cinci píše:Žádné problémy zatím ne, jen prevence.
Vyborne, tak si dame jeste jedem sken a budem mazat.


:!: Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne
:arrow: Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s
Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).

cinci
Návštěvník
Návštěvník
Příspěvky: 48
Registrován: 17 říj 2006 16:50

Re: Preventivní kontrola

#11 Příspěvek od cinci »

OTL logfile created on: 6. 8. 2014 18:50:47 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\OEM\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17028)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d. M. yyyy

7,85 Gb Total Physical Memory | 5,29 Gb Available Physical Memory | 67,32% Memory free
9,04 Gb Paging File | 6,18 Gb Available in Paging File | 68,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683,39 Gb Total Space | 475,02 Gb Free Space | 69,51% Space Free | Partition Type: NTFS
Drive D: | 13,76 Gb Total Space | 1,36 Gb Free Space | 9,90% Space Free | Partition Type: NTFS

Computer Name: NB_KMI | User Name: OEM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/08/06 18:49:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\OEM\Desktop\OTL.exe
PRC - [2014/07/30 10:43:08 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/07/21 23:02:50 | 035,464,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\OEM\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/07/17 18:46:25 | 001,869,488 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
PRC - [2014/06/29 14:40:54 | 003,890,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/05/08 15:48:40 | 001,457,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
PRC - [2014/05/03 14:40:47 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/02/11 01:14:05 | 000,481,056 | ---- | M] () -- C:\Program Files\Maple 18\jre\bin\maple.exe
PRC - [2013/12/21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/08/12 14:19:44 | 002,445,304 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2013/08/12 13:49:12 | 000,073,832 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2013/06/18 03:34:34 | 000,054,160 | ---- | M] (Check Point Software Technologies, Ltd.) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
PRC - [2013/03/12 12:11:08 | 001,108,280 | R--- | M] (DigitalPersona, Inc.) -- c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
PRC - [2013/03/06 15:37:24 | 001,730,776 | ---- | M] (Hewlett-Packard) -- c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2013/03/06 15:37:14 | 013,685,464 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
PRC - [2013/02/20 11:16:41 | 000,249,096 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Webcam Sharing Manager\StreamProvider.exe
PRC - [2013/02/07 12:37:38 | 001,135,752 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2013/02/01 17:58:04 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2013/01/31 19:31:42 | 001,626,872 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
PRC - [2013/01/31 11:19:24 | 000,553,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
PRC - [2013/01/10 14:23:30 | 000,379,904 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
PRC - [2013/01/02 11:18:44 | 000,285,832 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2013/01/02 11:18:42 | 000,015,496 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/11/21 08:50:01 | 000,111,136 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2012/10/22 10:29:44 | 000,365,600 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012/10/22 10:29:44 | 000,278,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012/10/22 10:29:42 | 000,166,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/10/22 10:29:42 | 000,130,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/10/12 03:19:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2012/04/24 15:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe


========== Modules (No Company Name) ==========

MOD - [2014/08/06 09:40:08 | 000,043,008 | ---- | M] () -- c:\users\oem\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_qfe7b.dll
MOD - [2014/07/30 10:43:08 | 003,800,688 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/07/21 22:53:38 | 003,610,624 | ---- | M] () -- C:\Users\OEM\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2014/07/17 18:46:24 | 017,029,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
MOD - [2014/05/05 10:22:19 | 001,090,048 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\6eafeb44ed0fa3b99855c65b8c0b508d\System.ServiceModel.Web.ni.dll
MOD - [2014/02/25 19:04:39 | 002,997,248 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\b8b2300d0bf9ba724da3be6102cad482\System.IdentityModel.ni.dll
MOD - [2014/02/25 19:04:37 | 000,030,208 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMcfeeca6f#\da566582b3a5863eb1e8d4171913f9ce\IAStorDataMgrSvcInterfaces.ni.dll
MOD - [2014/02/25 19:04:35 | 000,026,112 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\ddca0518229cb9d5a6b767c19bb28252\IAStorCommon.ni.dll
MOD - [2014/02/25 19:04:12 | 000,371,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\556d94ca2145931831189730778e6526\IAStorUtil.ni.dll
MOD - [2014/02/25 19:04:10 | 000,121,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\4e89df05173df61ef526394eeed4428e\SMDiagnostics.ni.dll
MOD - [2014/02/25 19:04:09 | 000,805,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\032b537c9d4bbefec6997f44ceb08485\System.ServiceModel.Internals.ni.dll
MOD - [2014/02/17 20:17:47 | 007,660,032 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d7aaae3b1c95a1a658446d302b9a7f88\System.Xml.ni.dll
MOD - [2014/02/17 20:17:43 | 001,900,544 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\0e9817b12da250f8d4c680e1cb26e1c0\System.Xaml.ni.dll
MOD - [2014/02/17 20:17:41 | 012,877,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\11b4af16e791a6b0ada4a97d3e64e27a\System.Windows.Forms.ni.dll
MOD - [2014/02/17 20:17:29 | 019,713,024 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\35742fb7e85a09be10d83cae494cd828\System.ServiceModel.ni.dll
MOD - [2014/02/17 20:17:09 | 002,822,656 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\deba9405e920eefee41a8efe93e93cc6\System.Runtime.Serialization.ni.dll
MOD - [2014/02/17 20:17:03 | 001,644,544 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\61be23d6a688188e3419a1eb46fc9d9d\System.Drawing.ni.dll
MOD - [2014/02/17 20:07:57 | 000,975,872 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ffb7bbc6548ff34bc125a8fec79315dc\System.Configuration.ni.dll
MOD - [2014/02/17 20:07:15 | 007,041,536 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\bca236f576ea12db3a9191f4586a445a\System.Core.ni.dll
MOD - [2014/02/17 20:07:10 | 010,051,072 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\f0602360211041a6be208f0b4138dddd\System.ni.dll
MOD - [2014/02/17 20:07:03 | 016,953,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\391541c89ed7585fc7e8936c43cee387\mscorlib.ni.dll
MOD - [2014/02/11 01:14:05 | 000,481,056 | ---- | M] () -- C:\Program Files\Maple 18\jre\bin\maple.exe
MOD - [2014/02/11 01:12:37 | 001,396,736 | ---- | M] () -- C:\Program Files\Maple 18\bin.X86_64_WINDOWS\gstreamer\bin\libxml2-2.dll
MOD - [2014/02/11 01:12:37 | 000,085,504 | ---- | M] () -- C:\Program Files\Maple 18\bin.X86_64_WINDOWS\gstreamer\bin\z.dll
MOD - [2014/02/11 01:12:36 | 000,682,496 | ---- | M] () -- C:\Program Files\Maple 18\bin.X86_64_WINDOWS\gstreamer\bin\libgstreamer-0.10.dll
MOD - [2013/11/27 19:04:23 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/10/19 01:55:02 | 025,100,288 | ---- | M] () -- C:\Users\OEM\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/03/04 14:59:06 | 000,358,712 | ---- | M] () -- C:\Windows\SysWOW64\flcdlmsg.dll
MOD - [2013/01/31 18:04:00 | 000,070,904 | ---- | M] () -- C:\Windows\SysWOW64\BsProfileFunc.dll
MOD - [2013/01/10 13:59:24 | 000,019,456 | ---- | M] () -- C:\Windows\SysWOW64\BsTrace.dll
MOD - [2013/01/10 12:25:58 | 000,353,280 | ---- | M] () -- C:\Windows\SysWOW64\BsExtendFunc.dll
MOD - [2013/01/10 12:25:56 | 000,049,664 | ---- | M] () -- C:\Windows\SysWOW64\BSWMPPlugin.dll
MOD - [2013/01/10 12:25:56 | 000,011,264 | ---- | M] () -- C:\Windows\SysWOW64\SCChangeMonitor.dll
MOD - [2012/09/23 20:43:36 | 000,313,992 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll
MOD - [2012/06/08 12:34:06 | 000,016,400 | ---- | M] () -- c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2012/06/08 05:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/05/30 01:02:28 | 000,439,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/05/03 14:40:47 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/03/29 10:05:59 | 000,016,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/08/16 07:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/06/25 00:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/06/01 11:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/05/04 08:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/04 08:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/29 16:43:13 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/04/29 16:34:57 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013/04/09 06:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/12 12:11:08 | 000,491,320 | R--- | M] (DigitalPersona, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2013/03/02 04:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/02 04:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/03/02 01:40:02 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2013/02/26 03:27:40 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/02/04 23:59:48 | 000,332,800 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2012/10/12 03:20:13 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/07/27 11:54:18 | 000,636,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- c:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2012/07/26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/07/26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV - [2014/07/30 10:43:08 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/07/17 18:46:25 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/08/12 14:19:44 | 002,445,304 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2013/06/18 03:34:34 | 000,054,160 | ---- | M] (Check Point Software Technologies, Ltd.) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe -- (ZAPrivacyService)
SRV - [2013/04/29 16:34:57 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/03/06 15:37:24 | 001,730,776 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2013/03/04 14:58:58 | 000,556,856 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- c:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK)
SRV - [2013/02/07 12:37:38 | 001,135,752 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2013/01/31 19:31:42 | 001,626,872 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2013/01/31 11:19:24 | 000,553,248 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2013/01/10 14:35:28 | 000,138,752 | ---- | M] (IVT Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe -- (BsHelpCS)
SRV - [2013/01/02 11:18:42 | 000,015,496 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012/12/19 17:33:32 | 000,357,816 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Wireless Hotspot\HotSpotSrv.exe -- (HotSpotSrv)
SRV - [2012/12/18 12:09:24 | 000,277,640 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/10/22 10:29:44 | 000,365,600 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/10/22 10:29:44 | 000,278,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/10/22 10:29:42 | 000,166,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/10/22 10:29:42 | 000,130,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/07/26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/26 05:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2012/07/26 05:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2012/04/24 15:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/06/22 14:28:12 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2014/05/15 12:58:01 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/05/15 12:58:01 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/05/15 12:58:00 | 000,085,328 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/05/03 14:40:51 | 000,208,416 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/05/03 14:40:50 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/05/03 14:40:50 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/05/03 14:40:50 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/05/03 14:40:50 | 000,029,208 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\Drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/04/10 15:29:17 | 000,028,184 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2014/03/28 21:19:38 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014/03/24 00:11:52 | 000,269,592 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/12/04 11:02:30 | 002,505,904 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2013/12/02 10:42:14 | 001,204,424 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rtbth.sys -- (rtbth)
DRV:64bit: - [2013/10/30 04:52:48 | 000,549,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/10/10 13:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/10/05 08:10:20 | 000,285,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/10/02 04:50:07 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/08/16 07:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/10 08:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/07/09 10:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/07/02 03:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/07/02 03:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/06/29 08:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/06/13 16:34:16 | 000,451,096 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2013/06/01 05:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Unknown (0) | Disabled | Unknown] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/04/29 16:43:13 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/04/29 16:38:45 | 000,029,952 | ---- | M] (Microsoft Corporation) [Unknown (0) | Disabled | Unknown] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/04/29 16:37:40 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/04/29 16:34:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/04/29 16:29:53 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2013/04/29 16:19:17 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/03/27 10:47:30 | 000,212,672 | ---- | M] (WinMagic Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\SDDisk2K.sys -- (SDDisk2K)
DRV:64bit: - [2013/03/18 18:08:44 | 000,049,856 | ---- | M] (WinMagic, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PinFile.sys -- (PinFile)
DRV:64bit: - [2013/03/02 12:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 12:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/03/02 01:40:02 | 000,043,320 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2013/03/02 01:40:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2013/02/26 14:58:54 | 000,772,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2013/02/26 04:20:10 | 011,612,672 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/02/26 03:00:52 | 000,578,048 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/02/22 11:25:00 | 001,446,904 | ---- | M] (Sunplus) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SPUVCBv_x64.sys -- (SPUVCbv)
DRV:64bit: - [2013/02/19 04:44:53 | 000,042,944 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\clwcsm.sys -- (clwcsm)
DRV:64bit: - [2013/02/18 16:16:50 | 000,065,752 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\DAMDrv64.sys -- (DAMDrv)
DRV:64bit: - [2013/02/08 21:49:59 | 000,020,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver)
DRV:64bit: - [2013/02/04 23:59:48 | 000,544,768 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2013/02/01 12:08:18 | 000,448,072 | ---- | M] (RTS Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsPer.sys -- (RTSPER)
DRV:64bit: - [2013/01/29 00:41:22 | 000,026,504 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2013/01/23 12:29:56 | 000,288,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2013/01/11 07:41:04 | 000,032,496 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2013/01/11 07:41:04 | 000,028,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
DRV:64bit: - [2013/01/07 15:46:58 | 000,131,928 | ---- | M] (WinMagic Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\SDDToki.sys -- (SDDToki)
DRV:64bit: - [2013/01/02 11:14:08 | 000,641,672 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/12/13 12:24:08 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/12/12 12:42:26 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/12/05 21:29:36 | 000,049,632 | ---- | M] (Ralink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IvtUrbBtFlt.sys -- (btUrbFilterDrv)
DRV:64bit: - [2012/10/12 03:19:21 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/10/12 03:19:21 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/09/14 02:12:38 | 000,036,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amdkmpfd.sys -- (amdkmpfd)
DRV:64bit: - [2012/07/26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Unknown (0) | Disabled | Unknown] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/26 04:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2012/07/26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/19 18:47:40 | 000,056,904 | ---- | M] (Ralink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BtL2caScoIf.sys -- (BthL2caScoIfSrv)
DRV:64bit: - [2012/07/12 15:56:32 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/25 11:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012/06/15 12:22:02 | 000,023,136 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BtAudioBus.sys -- (BtAudioBusSrv)
DRV:64bit: - [2012/06/02 16:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress)
DRV:64bit: - [2012/06/02 16:31:32 | 002,935,808 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\athrx.sys -- (athr)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-728494050-748853550-4280414578-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
IE - HKU\S-1-5-21-728494050-748853550-4280414578-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.zonealarm.com/?src=hp&tbi ... tsId=&ver=&
IE - HKU\S-1-5-21-728494050-748853550-4280414578-1002\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-728494050-748853550-4280414578-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... c=CMNTDFJS
IE - HKU\S-1-5-21-728494050-748853550-4280414578-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.centrum.cz/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files (x86)\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\digitalpersona.com/ChromeDPAgent: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\components\npChromeDPAgent.dll (DigitalPersona, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2013/05/24 19:53:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/05/03 14:40:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/10/26 09:02:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OEM\AppData\Roaming\mozilla\Extensions
[2014/07/17 16:37:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OEM\AppData\Roaming\mozilla\Firefox\Profiles\mmfcp6kt.default\extensions
[2014/07/30 10:43:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/07/30 10:43:09 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2012/07/26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files (x86)\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (ClassicIEBHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files (x86)\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
O2 - BHO: (HP File Sanitizer) - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files (x86)\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (ClassicIEBHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files (x86)\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files (x86)\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll (Check Point Software Technologies LTD)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files (x86)\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BtTray] c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe (IVT Corporation)
O4 - HKLM..\Run: [CLMLServer_For_P2G8] c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)
O4 - HKLM..\Run: [CLVirtualDrive] c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [CLWCSM] c:\Program Files (x86)\CyberLink\Webcam Sharing Manager\StreamProvider.exe (cyberlink)
O4 - HKLM..\Run: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [YouCam Mirage] c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - Startup: C:\Users\OEM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\OEM\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra 'Tools' menuitem : Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files (x86)\Classic Shell\ClassicIE_32.exe (IvoSoft)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files (x86)\Classic Shell\ClassicIE_32.exe (IvoSoft)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.37 213.46.172.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88F1B0F5-EE68-4F56-AFD7-62FB3B73571E}: DhcpNameServer = 192.168.108.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B06877B7-C565-4560-9760-3E4350B70416}: DhcpNameServer = 213.46.172.37 213.46.172.36
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
NetSvcs:64bit: SystemEventsBroker - C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2014/08/06 18:49:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\OEM\Desktop\OTL.exe
[2014/08/03 11:32:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/08/02 20:47:05 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/08/02 10:22:27 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014/08/02 10:22:26 | 000,000,000 | ---D | C] -- C:\rsit
[2014/08/01 19:06:09 | 000,000,000 | ---D | C] -- C:\Users\OEM\Desktop\Skydive
[2014/08/01 18:46:18 | 000,000,000 | ---D | C] -- C:\Users\OEM\Application Data
[2014/08/01 18:38:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maple 18
[2014/08/01 18:17:49 | 000,000,000 | ---D | C] -- C:\Users\OEM\AppData\Local\FileViewPro
[2014/08/01 18:17:46 | 000,000,000 | ---D | C] -- C:\Users\OEM\AppData\Roaming\IsolatedStorage
[2014/08/01 18:17:46 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage
[2014/08/01 18:13:15 | 000,000,000 | ---D | C] -- C:\Spacekace
[2014/08/01 18:03:44 | 000,000,000 | ---D | C] -- C:\Users\OEM\.gstreamer-0.10
[2014/08/01 18:03:36 | 000,000,000 | ---D | C] -- C:\Users\OEM\.maplesoft
[2014/08/01 17:53:17 | 000,000,000 | ---D | C] -- C:\Program Files\Maple 18
[2014/07/30 10:43:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/07/29 22:37:40 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Zero G Registry
[2014/07/29 21:50:34 | 000,000,000 | -H-D | C] -- C:\Users\OEM\Zero G Registry
[2014/07/28 17:27:26 | 000,000,000 | ---D | C] -- C:\Users\OEM\Desktop\Moodle-ukoly
[2014/07/17 20:48:19 | 000,703,968 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2014/07/17 20:48:19 | 000,105,440 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/07/14 16:29:44 | 001,557,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\osk.exe
[2014/07/14 16:29:44 | 001,440,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\osk.exe
[2014/07/14 16:29:34 | 001,281,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2014/07/14 16:29:33 | 000,588,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SHCore.dll
[2014/07/14 16:29:30 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SHCore.dll
[2014/07/14 16:29:30 | 000,439,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsm.dll
[2014/07/14 16:28:54 | 006,974,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2014/07/14 16:28:53 | 001,824,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
[2014/07/14 16:28:53 | 001,023,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\localspl.dll
[2014/07/14 16:28:52 | 000,693,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSShared.dll
[2014/07/14 16:28:52 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WSShared.dll
[2014/07/14 16:28:52 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Robocopy.exe
[2014/07/14 16:28:52 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Robocopy.exe
[2014/07/14 16:28:51 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2014/07/14 16:28:51 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2014/07/14 16:28:12 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2014/07/14 16:28:07 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2014/07/14 16:28:07 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2014/07/14 16:28:06 | 001,508,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2014/07/14 16:28:05 | 001,440,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2014/07/14 16:28:05 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2014/07/14 16:28:05 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2014/07/14 16:28:05 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2014/07/14 16:28:04 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\uxtheme.dll
[2014/07/14 16:28:04 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2014/07/14 16:28:02 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2014/07/14 16:28:02 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2014/07/14 16:28:02 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2014/07/14 16:28:01 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2014/07/14 16:28:01 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2014/07/14 16:28:01 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2014/07/14 16:28:01 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2014/07/14 16:28:00 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\UXInit.dll
[2014/07/14 16:28:00 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UXInit.dll
[2014/07/14 16:28:00 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2014/07/14 16:27:58 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2014/07/14 16:27:58 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2014/07/14 16:27:38 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\InkEd.dll
[2014/07/14 16:27:18 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qedit.dll
[2014/07/14 16:27:17 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qedit.dll
[5 C:\Users\OEM\*.tmp files -> C:\Users\OEM\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/08/06 18:53:17 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014/08/06 18:50:13 | 000,000,983 | ---- | M] () -- C:\windows\SysWow64\bscs.ini
[2014/08/06 18:49:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\OEM\Desktop\OTL.exe
[2014/08/06 18:47:09 | 000,003,620 | ---- | M] () -- C:\windows\SysWow64\LOCALSERVICE.INI
[2014/08/06 18:47:08 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/08/06 18:47:08 | 000,000,043 | ---- | M] () -- C:\windows\SysWow64\LOCALDEVICE.INI
[2014/08/06 11:46:00 | 000,000,914 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/08/06 09:37:10 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/08/06 09:37:05 | 2451,619,839 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/02 20:57:36 | 000,473,248 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/08/01 19:09:27 | 001,717,240 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/08/01 19:09:27 | 000,713,034 | ---- | M] () -- C:\windows\SysNative\perfh005.dat
[2014/08/01 19:09:27 | 000,699,060 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/08/01 19:09:27 | 000,163,656 | ---- | M] () -- C:\windows\SysNative\perfc005.dat
[2014/08/01 19:09:27 | 000,144,380 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/08/01 18:38:38 | 000,000,980 | ---- | M] () -- C:\Users\OEM\Desktop\Maple 18.lnk
[2014/07/29 22:05:03 | 000,000,016 | ---- | M] () -- C:\Users\OEM\persistent_state
[2014/07/29 14:50:49 | 000,336,825 | ---- | M] () -- C:\Users\OEM\Desktop\Jedovary.jpg
[2014/07/24 14:57:53 | 000,001,016 | ---- | M] () -- C:\Users\OEM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/07/24 14:57:06 | 000,000,980 | ---- | M] () -- C:\Users\OEM\Desktop\Dropbox.lnk
[2014/07/17 20:43:59 | 000,128,000 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wuwebv.dll
[2014/07/17 20:43:59 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wuapp.exe
[2014/07/17 20:43:57 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll
[2014/07/17 20:43:57 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe
[2014/07/17 20:43:42 | 000,773,632 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll
[2014/07/17 20:43:42 | 000,100,352 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll
[2014/07/17 20:43:40 | 001,623,040 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll
[2014/07/17 20:43:40 | 000,253,440 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WUSettingsProvider.dll
[2014/07/17 20:43:39 | 000,059,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe
[2014/07/17 20:43:37 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wuapi.dll
[2014/07/17 20:43:37 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\storewuauth.dll
[2014/07/17 20:43:37 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wudriver.dll
[5 C:\Users\OEM\*.tmp files -> C:\Users\OEM\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/08/06 18:53:17 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014/08/01 18:38:38 | 000,000,980 | ---- | C] () -- C:\Users\OEM\Desktop\Maple 18.lnk
[2014/08/01 18:38:24 | 002,295,064 | ---- | C] () -- C:\windows\SysNative\WMIMPLEX.dll
[2014/08/01 18:38:24 | 000,060,184 | ---- | C] () -- C:\windows\SysNative\maplec.dll
[2014/07/30 11:02:37 | 000,473,248 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/07/29 21:50:34 | 000,000,016 | ---- | C] () -- C:\Users\OEM\persistent_state
[2014/07/29 14:50:48 | 000,336,825 | ---- | C] () -- C:\Users\OEM\Desktop\Jedovary.jpg
[2013/11/02 19:14:20 | 000,007,168 | ---- | C] () -- C:\Users\OEM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/27 14:41:15 | 000,011,221 | ---- | C] () -- C:\Users\OEM\gsview64.ini
[2013/10/24 14:04:05 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2013/05/24 20:32:15 | 000,003,620 | ---- | C] () -- C:\windows\SysWow64\LOCALSERVICE.INI
[2013/05/24 20:32:15 | 000,000,043 | ---- | C] () -- C:\windows\SysWow64\LOCALDEVICE.INI
[2013/05/24 20:15:26 | 000,094,776 | ---- | C] () -- C:\windows\un_dext.exe
[2013/05/24 20:15:26 | 000,087,928 | ---- | C] () -- C:\windows\SPRemove_x64.exe
[2013/05/24 20:15:26 | 000,014,479 | ---- | C] () -- C:\windows\TWAIN2080.ini
[2013/05/24 20:15:26 | 000,005,240 | ---- | C] () -- C:\windows\remove.ini
[2013/05/24 20:15:26 | 000,004,088 | ---- | C] () -- C:\windows\Dext_12.ini
[2013/05/24 20:15:26 | 000,004,036 | ---- | C] () -- C:\windows\Dext_27.ini
[2013/05/24 20:15:26 | 000,004,036 | ---- | C] () -- C:\windows\Dext_21.ini
[2013/05/24 20:15:26 | 000,004,032 | ---- | C] () -- C:\windows\Dext_25.ini
[2013/05/24 20:15:26 | 000,003,940 | ---- | C] () -- C:\windows\Dext_11.ini
[2013/05/24 20:15:26 | 000,003,940 | ---- | C] () -- C:\windows\Dext_05.ini
[2013/05/24 20:15:26 | 000,003,934 | ---- | C] () -- C:\windows\Dext_14.ini
[2013/05/24 20:15:26 | 000,003,860 | ---- | C] () -- C:\windows\Dext_10.ini
[2013/05/24 20:15:26 | 000,003,844 | ---- | C] () -- C:\windows\Dext_16.ini
[2013/05/24 20:15:26 | 000,003,808 | ---- | C] () -- C:\windows\Dext_08.ini
[2013/05/24 20:15:26 | 000,003,790 | ---- | C] () -- C:\windows\Dext_31.ini
[2013/05/24 20:15:26 | 000,003,776 | ---- | C] () -- C:\windows\Dext_1046.ini
[2013/05/24 20:15:26 | 000,003,774 | ---- | C] () -- C:\windows\Dext_36.ini
[2013/05/24 20:15:26 | 000,003,750 | ---- | C] () -- C:\windows\Dext_20.ini
[2013/05/24 20:15:26 | 000,003,740 | ---- | C] () -- C:\windows\Dext_22.ini
[2013/05/24 20:15:26 | 000,003,714 | ---- | C] () -- C:\windows\Dext_06.ini
[2013/05/24 20:15:26 | 000,003,660 | ---- | C] () -- C:\windows\Dext_02.ini
[2013/05/24 20:15:26 | 000,003,650 | ---- | C] () -- C:\windows\Dext_07.ini
[2013/05/24 20:15:26 | 000,003,644 | ---- | C] () -- C:\windows\Dext_19.ini
[2013/05/24 20:15:26 | 000,003,636 | ---- | C] () -- C:\windows\Dext_24.ini
[2013/05/24 20:15:26 | 000,003,570 | ---- | C] () -- C:\windows\Dext_29.ini
[2013/05/24 20:15:26 | 000,003,532 | ---- | C] () -- C:\windows\Dext_01.ini
[2013/05/24 20:15:26 | 000,003,456 | ---- | C] () -- C:\windows\Dext_30.ini
[2013/05/24 20:15:26 | 000,003,316 | ---- | C] () -- C:\windows\Dext_09.ini
[2013/05/24 20:15:26 | 000,003,268 | ---- | C] () -- C:\windows\Dext_13.ini
[2013/05/24 20:15:26 | 000,002,912 | ---- | C] () -- C:\windows\Dext_04.ini
[2013/05/24 20:15:26 | 000,002,828 | ---- | C] () -- C:\windows\Dext_17.ini
[2013/05/24 20:15:26 | 000,002,744 | ---- | C] () -- C:\windows\Dext_18.ini
[2013/05/24 20:15:26 | 000,002,700 | ---- | C] () -- C:\windows\Dext_2052.ini
[2013/05/24 20:12:02 | 000,367,348 | ---- | C] () -- C:\windows\SysWow64\drivers\FW7650.bin
[2013/05/24 20:12:02 | 000,000,313 | ---- | C] () -- C:\windows\SysWow64\RaCheckBTDev.ini
[2013/05/24 20:06:03 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2013/05/24 20:06:02 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblup.dat
[2013/05/24 20:05:09 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat
[2013/05/24 20:05:09 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat
[2013/05/24 20:05:08 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2013/03/12 12:12:08 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApiUI.dll.hpsign
[2013/03/12 12:11:12 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPPassFilter.dll.hpsign
[2013/03/12 12:11:08 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPSCApi.dll.hpsign
[2013/03/12 12:11:08 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApi.dll.hpsign
[2013/03/12 12:11:08 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPClback.dll.hpsign
[2013/03/12 12:10:14 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPLic.dll.hpsign
[2013/03/04 14:59:06 | 000,358,712 | ---- | C] () -- C:\windows\SysWow64\flcdlmsg.dll
[2013/02/22 14:59:40 | 000,000,983 | ---- | C] () -- C:\windows\SysWow64\bscs.ini
[2013/01/31 18:04:00 | 000,070,904 | ---- | C] () -- C:\windows\SysWow64\BsProfileFunc.dll
[2013/01/10 13:59:24 | 000,019,456 | ---- | C] () -- C:\windows\SysWow64\BsTrace.dll
[2013/01/10 12:25:58 | 000,353,280 | ---- | C] () -- C:\windows\SysWow64\BsExtendFunc.dll
[2013/01/10 12:25:58 | 000,049,248 | ---- | C] () -- C:\windows\SysWow64\BSSkypeAgent.dll
[2013/01/10 12:25:56 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\BsVistaCommon.dll
[2013/01/10 12:25:56 | 000,073,820 | ---- | C] () -- C:\windows\SysWow64\BSVoIPComm.dll
[2013/01/10 12:25:56 | 000,049,664 | ---- | C] () -- C:\windows\SysWow64\BSWMPPlugin.dll
[2013/01/10 12:25:56 | 000,011,264 | ---- | C] () -- C:\windows\SysWow64\SCChangeMonitor.dll
[2012/12/12 12:41:24 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012/12/12 12:38:14 | 000,754,652 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng700.bin
[2012/12/12 12:38:14 | 000,598,384 | ---- | C] () -- C:\windows\SysWow64\igvpkrng700.bin
[2012/11/27 01:18:46 | 000,038,912 | ---- | C] () -- C:\windows\SysWow64\kdbsdk32.dll
[2012/08/10 16:35:26 | 001,679,332 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2013/04/29 07:54:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/28 10:23:06 | 019,759,104 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/28 08:18:26 | 017,562,112 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/11/27 19:39:19 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\AVAST Software
[2014/08/02 21:03:54 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\ClassicShell
[2013/10/24 12:51:17 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\DigitalPersona
[2014/08/06 09:40:14 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\Dropbox
[2014/04/08 20:06:10 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\e-academy Inc
[2013/11/04 19:03:40 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\GHISLER
[2014/05/12 19:48:10 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\IDT
[2013/10/26 10:22:04 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\IrfanView
[2014/08/01 18:17:46 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\IsolatedStorage
[2014/04/22 15:28:49 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\Oracle
[2013/10/24 12:50:46 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\Synaptics
[2013/10/26 11:27:16 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\WebMon
[2013/10/27 14:46:23 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\WinEdt Team

========== Purity Check ==========



========== Custom Scans ==========

< >
[2012/07/26 09:22:10 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
[2013/10/26 11:57:33 | 000,000,914 | ---- | C] () -- C:\windows\Tasks\Adobe Flash Player Updater.job

< >

< MD5 for: AGP440.SYS >
[2012/07/26 07:00:49 | 000,063,216 | ---- | M] (Microsoft Corporation) MD5=01590377A5AB19E792528C628A2A68F9 -- C:\windows\SysNative\drivers\AGP440.sys
[2012/07/26 07:00:49 | 000,063,216 | ---- | M] (Microsoft Corporation) MD5=01590377A5AB19E792528C628A2A68F9 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_81a4c6c9cc9d86a0\AGP440.sys
[2012/07/26 07:00:49 | 000,063,216 | ---- | M] (Microsoft Corporation) MD5=01590377A5AB19E792528C628A2A68F9 -- C:\Windows\WinSxS\amd64_machine.inf_31bf3856ad364e35_6.2.9200.16384_none_12dc94a048750f71\AGP440.sys

< MD5 for: ATAPI.SYS >
[2012/07/26 07:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\windows\SysNative\drivers\atapi.sys
[2012/07/26 07:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_69660e2be041f47b\atapi.sys
[2012/07/26 07:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_b733d17ea1e7f604\atapi.sys
[2012/07/26 07:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.2.9200.16384_none_3601cf7eab4e0493\atapi.sys
[2012/07/26 07:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.2.9200.16548_none_36311422ab29f479\atapi.sys
[2012/07/26 07:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.2.9200.20652_none_36a9df45c455182a\atapi.sys

cinci
Návštěvník
Návštěvník
Příspěvky: 48
Registrován: 17 říj 2006 16:50

Re: Preventivní kontrola

#12 Příspěvek od cinci »

< MD5 for: AUTOCHK.EXE >
[2013/05/15 04:24:10 | 000,793,088 | ---- | M] (Microsoft Corporation) MD5=61ADD65C9D1E2EAF8BB080A4D6AAB055 -- C:\Windows\SysWOW64\autochk.exe
[2013/05/15 04:24:10 | 000,793,088 | ---- | M] (Microsoft Corporation) MD5=61ADD65C9D1E2EAF8BB080A4D6AAB055 -- C:\Windows\WinSxS\x86_microsoft-windows-autochk_31bf3856ad364e35_6.2.9200.16612_none_dee8adbc92f0e8e0\autochk.exe
[2013/11/23 13:01:55 | 000,034,714 | ---- | M] () MD5=C686B2050DD3BF9CDEA8BFE3F6D07C2F -- C:\Windows\WinSxS\x86_microsoft-windows-autochk_31bf3856ad364e35_6.2.9200.16384_none_de9ef92a9327e7b0\autochk.exe
[2013/11/10 20:01:12 | 000,040,790 | ---- | M] () MD5=CBC49C31D590CC5DE9CEA25163C03079 -- C:\Windows\WinSxS\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.2.9200.16384_none_3abd94ae4b8558e6\autochk.exe
[2013/11/23 13:01:57 | 000,000,619 | ---- | M] () MD5=D4A70543245CACB2389BB0A875D5F975 -- C:\Windows\WinSxS\x86_microsoft-windows-autochk_31bf3856ad364e35_6.2.9200.20717_none_df774bf9ac0a075d\autochk.exe
[2013/05/15 04:25:59 | 000,888,320 | ---- | M] (Microsoft Corporation) MD5=E47235E8DF26CA48DA189ACFD756329C -- C:\windows\SysNative\autochk.exe
[2013/05/15 04:25:59 | 000,888,320 | ---- | M] (Microsoft Corporation) MD5=E47235E8DF26CA48DA189ACFD756329C -- C:\Windows\WinSxS\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.2.9200.16612_none_3b0749404b4e5a16\autochk.exe
[2013/11/10 20:01:13 | 000,000,596 | ---- | M] () MD5=FA36B2CDD584B0C3208DDA8DA72ABABF -- C:\Windows\WinSxS\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.2.9200.20717_none_3b95e77d64677893\autochk.exe

< MD5 for: CDROM.SYS >
[2012/07/26 04:26:36 | 000,174,080 | ---- | M] (Microsoft Corporation) MD5=339BFF85D788268752DA8C9644B188EE -- C:\windows\SysNative\drivers\cdrom.sys
[2012/07/26 04:26:36 | 000,174,080 | ---- | M] (Microsoft Corporation) MD5=339BFF85D788268752DA8C9644B188EE -- C:\windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_cf04adb457be1724\cdrom.sys
[2012/07/26 04:26:36 | 000,174,080 | ---- | M] (Microsoft Corporation) MD5=339BFF85D788268752DA8C9644B188EE -- C:\Windows\WinSxS\amd64_cdrom.inf_31bf3856ad364e35_6.2.9200.16384_none_b87303472d8ba041\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2013/11/10 20:03:42 | 000,010,706 | ---- | M] () MD5=2900AA4DB69817604823DDF12307F78D -- C:\Windows\WinSxS\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.2.9200.16384_none_cec940c9249383e0\cryptsvc.dll
[2013/07/13 08:16:06 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=5CE2742F063731EC10C1B2EE386A2C08 -- C:\windows\SysNative\cryptsvc.dll
[2013/07/13 08:16:06 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=5CE2742F063731EC10C1B2EE386A2C08 -- C:\Windows\WinSxS\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.2.9200.16666_none_cee0e6e724817621\cryptsvc.dll
[2013/11/10 20:03:42 | 000,001,071 | ---- | M] () MD5=9803A4762523A783836AEDCCE93E2520 -- C:\Windows\WinSxS\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.2.9200.16595_none_cebf74f3249ab376\cryptsvc.dll
[2013/11/10 20:03:42 | 000,010,481 | ---- | M] () MD5=A765DCC9DF6229500F3C41C893B39014 -- C:\Windows\WinSxS\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.2.9200.20699_none_cf4d12e63db4b89c\cryptsvc.dll
[2013/11/10 20:03:42 | 000,010,405 | ---- | M] () MD5=D90CB618DA5CC9428662D2EAA8E7B33E -- C:\Windows\WinSxS\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.2.9200.20774_none_cf5db3323da8ff2e\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2012/01/31 13:22:06 | 000,006,952 | ---- | M] () MD5=D9A27F35D231BAC3AD58E922C7644E8B -- C:\Program Files (x86)\CyberLink\PowerDirector10\EventLog.dll

< MD5 for: EXPLORER.EXE >
[2013/06/01 13:34:21 | 002,391,280 | ---- | M] (Microsoft Corporation) MD5=0E8E6463F81C80AFBED533E0F1F8895D -- C:\Windows\explorer.exe
[2013/06/01 13:34:21 | 002,391,280 | ---- | M] (Microsoft Corporation) MD5=0E8E6463F81C80AFBED533E0F1F8895D -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16628_none_aac334d9034c59e1\explorer.exe
[2013/11/10 20:07:36 | 000,217,360 | ---- | M] () MD5=329535D3A36EA69B5C3D4CD35F293055 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20733_none_ab3d00461c7696e9\explorer.exe
[2013/11/22 23:34:55 | 000,191,929 | ---- | M] () MD5=3DE5CC2E415C7D18E6635656DCF673B6 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_b592a71650d677ed\explorer.exe
[2013/11/22 23:34:58 | 000,190,101 | ---- | M] () MD5=42C5B431AA94508B172E76E26E3D3747 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20733_none_b591aa9850d758e4\explorer.exe
[2013/11/22 23:34:48 | 000,193,351 | ---- | M] () MD5=6603DAE7FA2F7C239890F4B7D6171743 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_b4d2f8c937e166b1\explorer.exe
[2013/11/22 23:34:51 | 000,191,911 | ---- | M] () MD5=8F6B7D080C86F424D4CFC5D57AF3B395 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_b5080a0137b9becc\explorer.exe
[2013/11/10 20:07:32 | 000,220,310 | ---- | M] () MD5=917451A7012926908FFC2EC8046EE956 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_aab35faf0358fcd1\explorer.exe
[2013/11/10 20:07:30 | 000,221,955 | ---- | M] () MD5=A62C3E37F5A1DC9B3FD8054CDB18910F -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_aa7e4e770380a4b6\explorer.exe
[2013/11/10 20:07:34 | 000,220,321 | ---- | M] () MD5=B1B07946BE7F86603F3F4E332AFE8BFE -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_ab3dfcc41c75b5f2\explorer.exe
[2013/06/01 12:24:46 | 002,106,176 | ---- | M] (Microsoft Corporation) MD5=EAFE46B0292D2BD2467835E2ACF717CC -- C:\Windows\SysWOW64\explorer.exe
[2013/06/01 12:24:46 | 002,106,176 | ---- | M] (Microsoft Corporation) MD5=EAFE46B0292D2BD2467835E2ACF717CC -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16628_none_b517df2b37ad1bdc\explorer.exe

< MD5 for: HAL.DLL >
[2013/11/10 20:08:15 | 000,001,298 | ---- | M] () MD5=22BD1F45EF537E0F1CD522BCD2474BC3 -- C:\Windows\WinSxS\amd64_microsoft-windows-hal_31bf3856ad364e35_6.2.9200.16420_none_042f7a4ee3415d71\hal.dll
[2013/11/10 20:08:14 | 000,011,988 | ---- | M] () MD5=469C36D237E21954FD7E3DF787DEDB0C -- C:\Windows\WinSxS\amd64_microsoft-windows-hal_31bf3856ad364e35_6.2.9200.16384_none_03f29a08e36e6d4c\hal.dll
[2013/11/10 20:08:15 | 000,002,020 | ---- | M] () MD5=8FE72AE4085A58B0B636A68FFE74FDEC -- C:\Windows\WinSxS\amd64_microsoft-windows-hal_31bf3856ad364e35_6.2.9200.20544_none_04a77869fc6b9a79\hal.dll
[2013/11/10 20:08:15 | 000,001,310 | ---- | M] () MD5=AD382AEBEAA62D6CC35844F1B41B1B22 -- C:\Windows\WinSxS\amd64_microsoft-windows-hal_31bf3856ad364e35_6.2.9200.20521_none_04ba1763fc5e1692\hal.dll
[2013/04/29 16:32:13 | 000,396,008 | ---- | M] (Microsoft Corporation) MD5=F021625F422966AD31F95CC494F7D188 -- C:\windows\SysNative\hal.dll
[2013/04/29 16:32:13 | 000,396,008 | ---- | M] (Microsoft Corporation) MD5=F021625F422966AD31F95CC494F7D188 -- C:\Windows\WinSxS\amd64_microsoft-windows-hal_31bf3856ad364e35_6.2.9200.16442_none_041bdb0ae34fc801\hal.dll

< MD5 for: IASTORV.SYS >
[2012/07/26 07:00:52 | 000,411,888 | ---- | M] (Intel Corporation) MD5=5E394EBD26FD68AA9300332C46BEDD62 -- C:\windows\SysNative\drivers\iaStorV.sys
[2012/07/26 07:00:52 | 000,411,888 | ---- | M] (Intel Corporation) MD5=5E394EBD26FD68AA9300332C46BEDD62 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_819876bbe5c3b25f\iaStorV.sys
[2012/07/26 07:00:52 | 000,411,888 | ---- | M] (Intel Corporation) MD5=5E394EBD26FD68AA9300332C46BEDD62 -- C:\Windows\WinSxS\amd64_iastorv.inf_31bf3856ad364e35_6.2.9200.16384_none_07daf9dd118c3086\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2012/07/26 07:00:52 | 000,022,256 | ---- | M] (Microsoft Corporation) MD5=D940C5BB9DC92E588533C19ABCC3D2C2 -- C:\windows\SysNative\drivers\isapnp.sys
[2012/07/26 07:00:52 | 000,022,256 | ---- | M] (Microsoft Corporation) MD5=D940C5BB9DC92E588533C19ABCC3D2C2 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_81a4c6c9cc9d86a0\isapnp.sys
[2012/07/26 07:00:52 | 000,022,256 | ---- | M] (Microsoft Corporation) MD5=D940C5BB9DC92E588533C19ABCC3D2C2 -- C:\Windows\WinSxS\amd64_machine.inf_31bf3856ad364e35_6.2.9200.16384_none_12dc94a048750f71\isapnp.sys

< MD5 for: LSASS.EXE >
[2014/05/19 11:35:39 | 000,004,225 | ---- | M] () MD5=00D5332FA1E708EE592328CC6A22F629 -- C:\Windows\WinSxS\amd64_microsoft-windows-lsa-minwin_31bf3856ad364e35_6.2.9200.20985_none_96bfef95352f47fa\lsass.exe
[2013/11/10 20:20:10 | 000,002,767 | ---- | M] () MD5=51A19833FE3A721878A574ED1DDDA6B0 -- C:\Windows\WinSxS\amd64_microsoft-windows-lsa-minwin_31bf3856ad364e35_6.2.9200.16384_none_963549021c129d16\lsass.exe
[2013/11/10 20:20:11 | 000,000,552 | ---- | M] () MD5=540DEA52656A273E31278D7F13114FE2 -- C:\Windows\WinSxS\amd64_microsoft-windows-lsa-minwin_31bf3856ad364e35_6.2.9200.20521_none_96fcc65d3502465c\lsass.exe
[2014/05/19 11:35:35 | 000,004,224 | ---- | M] () MD5=C32FF8B1E8A182E24C50980AA2944658 -- C:\Windows\WinSxS\amd64_microsoft-windows-lsa-minwin_31bf3856ad364e35_6.2.9200.16420_none_967229481be58d3b\lsass.exe
[2014/03/11 02:39:12 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=F1DA34D64F2BA200D28A7451804E2FEE -- C:\windows\SysNative\lsass.exe
[2014/03/11 02:39:12 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=F1DA34D64F2BA200D28A7451804E2FEE -- C:\Windows\WinSxS\amd64_microsoft-windows-lsa-minwin_31bf3856ad364e35_6.2.9200.16865_none_964bf2a21c01704e\lsass.exe

< MD5 for: NDIS.SYS >
[2013/11/10 20:24:42 | 000,132,457 | ---- | M] () MD5=2909FC426971FCFF7ED7C21554A65BDE -- C:\Windows\WinSxS\amd64_microsoft-windows-ndis-minwin_31bf3856ad364e35_6.2.9200.16420_none_b25c05dfb1a331d9\ndis.sys
[2013/11/10 20:24:41 | 000,132,490 | ---- | M] () MD5=4AE83619457FD37AC365F0E569E9EA75 -- C:\Windows\WinSxS\amd64_microsoft-windows-ndis-minwin_31bf3856ad364e35_6.2.9200.16384_none_b21f2599b1d041b4\ndis.sys
[2013/11/10 20:24:45 | 000,126,379 | ---- | M] () MD5=4C06E5E9C53320CAD43FE4DFD10941A7 -- C:\Windows\WinSxS\amd64_microsoft-windows-ndis-minwin_31bf3856ad364e35_6.2.9200.16518_none_b26eda01b193ddc7\ndis.sys
[2013/11/10 20:24:50 | 000,123,250 | ---- | M] () MD5=7685E26722E3C810935BC766AFD447C8 -- C:\Windows\WinSxS\amd64_microsoft-windows-ndis-minwin_31bf3856ad364e35_6.2.9200.20733_none_b2ddd768cac633e7\ndis.sys
[2013/06/17 00:41:31 | 000,997,632 | ---- | M] (Microsoft Corporation) MD5=A10E176F3B2BF83EDE7B5C4658C93B66 -- C:\windows\SysNative\drivers\ndis.sys
[2013/06/17 00:41:31 | 000,997,632 | ---- | M] (Microsoft Corporation) MD5=A10E176F3B2BF83EDE7B5C4658C93B66 -- C:\Windows\WinSxS\amd64_microsoft-windows-ndis-minwin_31bf3856ad364e35_6.2.9200.16643_none_b2496ab1b1b0b00e\ndis.sys
[2013/11/10 20:24:49 | 000,126,382 | ---- | M] () MD5=D7FDD013E9127C1DAC4C31BC2E66DCF9 -- C:\Windows\WinSxS\amd64_microsoft-windows-ndis-minwin_31bf3856ad364e35_6.2.9200.20623_none_b2e8a56ecabe1acf\ndis.sys
[2013/11/10 20:24:46 | 000,051,156 | ---- | M] () MD5=DD67ABE86B0DE030E1CCF989A949255C -- C:\Windows\WinSxS\amd64_microsoft-windows-ndis-minwin_31bf3856ad364e35_6.2.9200.16628_none_b2640bfbb19bf6df\ndis.sys
[2013/11/10 20:24:48 | 000,132,461 | ---- | M] () MD5=DE896951DDFE6A76838CD0302E59569F -- C:\Windows\WinSxS\amd64_microsoft-windows-ndis-minwin_31bf3856ad364e35_6.2.9200.20534_none_b2ded3e6cac552f0\ndis.sys
[2013/11/10 20:24:51 | 000,123,394 | ---- | M] () MD5=F33F41C15299F00A4F84720ED726D703 -- C:\Windows\WinSxS\amd64_microsoft-windows-ndis-minwin_31bf3856ad364e35_6.2.9200.20750_none_b2c536b2cad91fc4\ndis.sys
[2013/11/10 20:24:47 | 000,132,461 | ---- | M] () MD5=FB6685D923F656AF7B77A831DA827A84 -- C:\Windows\WinSxS\amd64_microsoft-windows-ndis-minwin_31bf3856ad364e35_6.2.9200.20521_none_b2e6a2f4cabfeafa\ndis.sys
[2013/11/10 20:24:43 | 000,132,458 | ---- | M] () MD5=FCDF3230B794FE1E65F11887D6431390 -- C:\Windows\WinSxS\amd64_microsoft-windows-ndis-minwin_31bf3856ad364e35_6.2.9200.16433_none_b25436d1b1a899cf\ndis.sys

< MD5 for: NETLOGON.DLL >
[2012/07/26 05:19:22 | 000,634,368 | ---- | M] (Microsoft Corporation) MD5=EEF9DA64D7B1DD51FB8AB9EFCC560E3E -- C:\Windows\SysWOW64\netlogon.dll
[2012/07/26 05:19:22 | 000,634,368 | ---- | M] (Microsoft Corporation) MD5=EEF9DA64D7B1DD51FB8AB9EFCC560E3E -- C:\Windows\WinSxS\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.2.9200.16384_none_60d608f9f61ee049\netlogon.dll
[2012/07/26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) MD5=FDC70965F0FC9DFEBC919627DED5DDFF -- C:\windows\SysNative\netlogon.dll
[2012/07/26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) MD5=FDC70965F0FC9DFEBC919627DED5DDFF -- C:\Windows\WinSxS\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.2.9200.16384_none_56815ea7c1be1e4e\netlogon.dll

< MD5 for: NVRAID.SYS >
[2012/07/26 07:00:55 | 000,150,256 | ---- | M] (NVIDIA Corporation) MD5=D6D34118263412D3AAA8348A9572B7F2 -- C:\windows\SysNative\drivers\nvraid.sys
[2012/07/26 07:00:55 | 000,150,256 | ---- | M] (NVIDIA Corporation) MD5=D6D34118263412D3AAA8348A9572B7F2 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_7ba65ba4b222e751\nvraid.sys
[2012/07/26 07:00:55 | 000,150,256 | ---- | M] (NVIDIA Corporation) MD5=D6D34118263412D3AAA8348A9572B7F2 -- C:\Windows\WinSxS\amd64_nvraid.inf_31bf3856ad364e35_6.2.9200.16384_none_92a46a8c48c2da5e\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2012/07/26 07:00:55 | 000,168,176 | ---- | M] (NVIDIA Corporation) MD5=27AFC428D1D32ABD04A86763A4EDDEA9 -- C:\windows\SysNative\drivers\nvstor.sys
[2012/07/26 07:00:55 | 000,168,176 | ---- | M] (NVIDIA Corporation) MD5=27AFC428D1D32ABD04A86763A4EDDEA9 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_7ba65ba4b222e751\nvstor.sys
[2012/07/26 07:00:55 | 000,168,176 | ---- | M] (NVIDIA Corporation) MD5=27AFC428D1D32ABD04A86763A4EDDEA9 -- C:\Windows\WinSxS\amd64_nvraid.inf_31bf3856ad364e35_6.2.9200.16384_none_92a46a8c48c2da5e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2012/07/26 05:07:07 | 000,224,768 | ---- | M] (Microsoft Corporation) MD5=4F6E1CA672370A9BCAC049CE3AB7F666 -- C:\windows\SysNative\scecli.dll
[2012/07/26 05:07:07 | 000,224,768 | ---- | M] (Microsoft Corporation) MD5=4F6E1CA672370A9BCAC049CE3AB7F666 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.2.9200.16384_none_90d789c062dfa509\scecli.dll
[2012/07/26 05:19:52 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=B95DC83FF580DD92F487C2F4D0854B6A -- C:\Windows\SysWOW64\scecli.dll
[2012/07/26 05:19:52 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=B95DC83FF580DD92F487C2F4D0854B6A -- C:\Windows\WinSxS\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.2.9200.16384_none_9b2c341297406704\scecli.dll

< MD5 for: SMSS.EXE >
[2012/07/26 07:26:45 | 000,132,096 | ---- | M] (Microsoft Corporation) MD5=08F850FEBDBDE7C89017B6B0CA0D1CD2 -- C:\windows\SysNative\smss.exe
[2012/07/26 07:26:45 | 000,132,096 | ---- | M] (Microsoft Corporation) MD5=08F850FEBDBDE7C89017B6B0CA0D1CD2 -- C:\Windows\WinSxS\amd64_microsoft-windows-smss-minwin_31bf3856ad364e35_6.2.9200.16384_none_d72a7da7728fa356\smss.exe

< MD5 for: SVCHOST.EXE >
[2013/11/23 16:20:13 | 000,003,208 | ---- | M] () MD5=01675DE3129DD12D3828CC7A85753ED3 -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_b2666581d6b482a6\svchost.exe
[2013/11/23 16:20:14 | 000,000,583 | ---- | M] () MD5=226A621F20CDD1EE0C224488B32C22F4 -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.20521_none_b32de2dcefa42bec\svchost.exe
[2013/11/12 21:21:32 | 000,000,609 | ---- | M] () MD5=3BC0B7EDDD321B562C79AD99C0D3B97C -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.20521_none_0f4c7e60a8019d22\svchost.exe
[2013/11/12 21:21:29 | 000,002,873 | ---- | M] () MD5=A30F01B6B1E9E02F76F8EAAA48166595 -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_0e8501058f11f3dc\svchost.exe
[2012/10/12 03:19:36 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=A46DC432F81473F526E3994AA483E366 -- C:\Windows\SysWOW64\svchost.exe
[2012/10/12 03:19:36 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=A46DC432F81473F526E3994AA483E366 -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_b2a345c7d68772cb\svchost.exe
[2012/10/12 03:19:22 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=EDE27EACE742EE2888C5DD36400A2EC0 -- C:\windows\SysNative\svchost.exe
[2012/10/12 03:19:22 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=EDE27EACE742EE2888C5DD36400A2EC0 -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_0ec1e14b8ee4e401\svchost.exe

< MD5 for: TCPIP.SYS >
[2013/11/12 21:50:32 | 000,239,494 | ---- | M] () MD5=066E838FF27F146F4E307D5F894EE241 -- C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.2.9200.16628_none_0c2ca018eff62c18\tcpip.sys
[2013/11/12 21:50:14 | 000,375,242 | ---- | M] () MD5=0951A9B34915D8A2458D21AE7CB57E82 -- C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.2.9200.16420_none_0c2499fceffd6712\tcpip.sys
[2014/04/03 13:22:14 | 002,233,176 | ---- | M] (Microsoft Corporation) MD5=0E0C16EE82E2F4EBC2FBCA24C8F00D9E -- C:\windows\SysNative\drivers\tcpip.sys
[2014/04/03 13:22:14 | 002,233,176 | ---- | M] (Microsoft Corporation) MD5=0E0C16EE82E2F4EBC2FBCA24C8F00D9E -- C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.2.9200.16886_none_0be9c3c8f0289b5e\tcpip.sys
[2014/05/08 09:52:17 | 000,363,232 | ---- | M] () MD5=2E8397D63D64EBFBB3F15B70E6BA4956 -- C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.2.9200.20927_none_0cb540660914acd9\tcpip.sys
[2013/11/12 21:51:04 | 000,365,875 | ---- | M] () MD5=387C3849B5DD81728B10493C00DC7AC9 -- C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.2.9200.20733_none_0ca66b8609206920\tcpip.sys
[2013/11/12 21:50:09 | 000,373,137 | ---- | M] () MD5=3A7B3203C88639C20A44D2E84E798F47 -- C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.2.9200.16384_none_0be7b9b6f02a76ed\tcpip.sys
[2014/07/07 08:30:55 | 000,227,708 | ---- | M] () MD5=3EA67A1F0566DF20052E81E5EFDBC9B4 -- C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.2.9200.16679_none_0bf790c6f01dd124\tcpip.sys
[2013/11/12 21:51:14 | 000,358,445 | ---- | M] () MD5=6E93CF26C245F35DCD3C8A76D4DFB903 -- C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.2.9200.20787_none_0c745d1209455a31\tcpip.sys
[2013/11/12 21:50:27 | 000,264,299 | ---- | M] () MD5=95EE673991E85BFBF25DD57A56A14678 -- C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.2.9200.16548_none_0c16fe5af00666d3\tcpip.sys
[2014/07/07 08:31:03 | 000,359,782 | ---- | M] () MD5=A71BE8D69A238FF2259BC6FA74639A5F -- C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.2.9200.21005_none_0cc8b7cc0906758b\tcpip.sys
[2013/11/12 21:50:58 | 000,371,879 | ---- | M] () MD5=B02C4140D603DAA422E2A97929A11175 -- C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.2.9200.20652_none_0c8fc97e09318a84\tcpip.sys
[2013/11/12 21:50:53 | 000,370,088 | ---- | M] () MD5=BC3A2150E33914A1E1CA39CA6B22C807 -- C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.2.9200.20623_none_0cb1398c09185008\tcpip.sys
[2013/11/12 21:50:43 | 000,375,206 | ---- | M] () MD5=D94C1C13D812075018C738B238991C5C -- C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.2.9200.20521_none_0caf3712091a2033\tcpip.sys
[2014/07/07 08:30:59 | 000,221,542 | ---- | M] () MD5=F3038816E330C191A46817B542D83C6C -- C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.2.9200.16808_none_0c4243bcefe5ee84\tcpip.sys
[2013/11/12 21:50:21 | 000,370,080 | ---- | M] () MD5=F4B76CF573B70898830AC7AB47782B74 -- C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.2.9200.16518_none_0c376e1eefee1300\tcpip.sys

< MD5 for: USERINIT.EXE >
[2012/07/26 05:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\windows\SysNative\userinit.exe
[2012/07/26 05:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_34f2617a5b742e02\userinit.exe
[2012/07/26 05:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\SysWOW64\userinit.exe
[2012/07/26 05:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_d8d3c5f6a316bccc\userinit.exe

< MD5 for: WINLOGON.EXE >
[2014/05/19 11:38:39 | 000,082,423 | ---- | M] () MD5=3643E4936EC85606FE604891565749A7 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16433_none_c8c1b9b35e8e0a07\winlogon.exe
[2014/07/21 15:21:54 | 000,072,808 | ---- | M] () MD5=48D3719B983F6C885D3253DE825FEE41 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.21133_none_c94b381e77abced6\winlogon.exe
[2014/04/12 11:10:31 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=75DD70A14145499C9F7D903CF9A8C91B -- C:\windows\SysNative\winlogon.exe
[2014/04/12 11:10:31 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=75DD70A14145499C9F7D903CF9A8C91B -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16891_none_c87ee12f5ec0739b\winlogon.exe
[2014/04/12 11:10:31 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=75DD70A14145499C9F7D903CF9A8C91B -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.17014_none_c8d83b755e7d1081\winlogon.exe
[2013/11/12 22:09:36 | 000,053,876 | ---- | M] () MD5=AC9452C257275AD669DFE79E035955A4 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16420_none_c8c988c15e88a211\winlogon.exe
[2013/11/12 22:09:37 | 000,001,620 | ---- | M] () MD5=CBE149F284FBF17AA48D1B6DEAAB358C -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20534_none_c94c56c877aac328\winlogon.exe
[2013/11/12 22:09:36 | 000,053,889 | ---- | M] () MD5=E3695CF8AE5138E7F5A5EE44B2E232ED -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16384_none_c88ca87b5eb5b1ec\winlogon.exe
[2014/05/19 11:38:42 | 000,072,808 | ---- | M] () MD5=E79388FE057CFFB75D8FCE36EF11CB4F -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.21012_none_c95fd5c6779c8076\winlogon.exe
[2013/11/12 22:09:37 | 000,053,884 | ---- | M] () MD5=F0C0EBFC3B1E60F891128581F1A5996C -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20521_none_c95425d677a55b32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2012/07/26 07:26:48 | 000,345,088 | ---- | M] (Microsoft Corporation) MD5=2E5B349ACDA36C20612795754DB93312 -- C:\windows\SysNative\ws2_32.dll
[2012/07/26 07:26:48 | 000,345,088 | ---- | M] (Microsoft Corporation) MD5=2E5B349ACDA36C20612795754DB93312 -- C:\Windows\WinSxS\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.2.9200.16384_none_4b815827581a3bbb\ws2_32.dll
[2012/07/26 05:20:38 | 000,310,784 | ---- | M] (Microsoft Corporation) MD5=B3CC9EDFD97F7087013A9A47089DF571 -- C:\Windows\SysWOW64\ws2_32.dll
[2012/07/26 05:20:38 | 000,310,784 | ---- | M] (Microsoft Corporation) MD5=B3CC9EDFD97F7087013A9A47089DF571 -- C:\Windows\WinSxS\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.2.9200.16384_none_ef62bca39fbcca85\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[2 C:\windows\Inf\Intel Storage Counters\*.tmp files -> C:\windows\Inf\Intel Storage Counters\*.tmp -> ]
[1 C:\windows\Inf\Intel Storage Counters\0000\*.tmp files -> C:\windows\Inf\Intel Storage Counters\0000\*.tmp -> ]
[1 C:\windows\Inf\Intel Storage Counters\0005\*.tmp files -> C:\windows\Inf\Intel Storage Counters\0005\*.tmp -> ]
[1 C:\windows\Inf\Intel Storage Counters\0009\*.tmp files -> C:\windows\Inf\Intel Storage Counters\0009\*.tmp -> ]
[2 C:\windows\Panther\*.tmp files -> C:\windows\Panther\*.tmp -> ]
[29 C:\windows\Temp\*.tmp files -> C:\windows\Temp\*.tmp -> ]
[1 C:\windows\Temp\_avast_\*.tmp files -> C:\windows\Temp\_avast_\*.tmp -> ]
[1 C:\windows\WinSxS\*.tmp files -> C:\windows\WinSxS\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2013/10/27 15:03:32 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\Adobe
[2013/10/24 12:52:12 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\ATI
[2013/11/27 19:39:19 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\AVAST Software
[2014/08/02 21:03:54 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\ClassicShell
[2013/10/26 17:39:46 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\CyberLink
[2013/10/24 12:51:17 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\DigitalPersona
[2014/08/06 09:40:14 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\Dropbox
[2014/03/20 16:33:09 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\dvdcss
[2014/04/08 20:06:10 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\e-academy Inc
[2013/11/04 19:03:40 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\GHISLER
[2013/10/24 12:51:52 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\Hewlett-Packard
[2013/10/24 12:52:12 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\hpqlog
[2014/05/12 19:48:10 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\IDT
[2013/10/24 12:53:11 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\Intel Corporation
[2013/10/26 10:22:04 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\IrfanView
[2014/08/01 18:17:46 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\IsolatedStorage
[2013/10/26 11:57:43 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\Macromedia
[2014/04/10 15:57:56 | 000,000,000 | --SD | M] -- C:\Users\OEM\AppData\Roaming\Microsoft
[2013/10/27 15:03:06 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\MiKTeX
[2013/10/26 09:02:48 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\Mozilla
[2014/04/22 15:28:49 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\Oracle
[2014/05/29 18:50:48 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\Skype
[2013/10/24 12:50:46 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\Synaptics
[2014/08/02 10:18:26 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\vlc
[2013/10/26 11:27:16 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\WebMon
[2013/10/27 14:46:23 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\WinEdt Team
[2013/10/26 10:11:59 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2014/07/21 23:02:50 | 035,464,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\OEM\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2014/07/21 23:06:00 | 000,262,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\OEM\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
[2014/07/21 23:02:54 | 000,280,640 | ---- | M] (Dropbox, Inc.) -- C:\Users\OEM\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2013/10/31 06:01:46 | 000,550,400 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\FirewallAPI.dll
[2014/06/19 02:52:42 | 013,732,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\ieframe.dll
[2014/03/28 08:18:26 | 017,562,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\shell32.dll
[2013/04/08 23:52:01 | 011,878,912 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\wmp.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >
[2013/10/31 06:01:46 | 000,550,400 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\FirewallAPI.dll
[2014/06/19 02:52:42 | 013,732,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\ieframe.dll
[2014/03/28 08:18:26 | 017,562,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\shell32.dll
[2013/04/08 23:52:01 | 011,878,912 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\wmp.dll

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2014/08/06 19:50:06 | 000,000,983 | ---- | M] () -- C:\windows\system32\bscs.ini
[2014/08/06 19:47:03 | 000,000,043 | ---- | M] () -- C:\windows\system32\LOCALDEVICE.INI
[2014/08/06 19:47:04 | 000,003,620 | ---- | M] () -- C:\windows\system32\LOCALSERVICE.INI
[2014/08/06 09:40:46 | 000,000,018 | ---- | M] () -- C:\windows\system32\log.txt

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< >

< type c:\boot.ini >> test.txt /c >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014/08/06 18:53:17 | 000,000,512 | ---- | M] () MD5=5563EE86216A1C21E78CFA8297C1CEA8 -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2014/08/01 18:45:25 | 000,000,703 | ---- | M] () -- \Users\OEM\AppData\Roaming\Microsoft\Windows\Recent\crack.lnk
[2014/08/01 18:47:19 | 000,000,453 | ---- | M] () -- \Users\OEM\AppData\Roaming\Microsoft\Windows\Recent\Jak_cracknout.txt.lnk

< *keygen* /s >

< *AntiWPA* /s >

< *loader* /s >
[2012/12/25 05:59:42 | 000,001,952 | ---- | M] () -- \AdwCleaner\Quarantine\C\Users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\mmfcp6kt.default\Extensions\ffxtlbr@zonealarm.com\content\loader.xul.vir
[2011/05/21 12:41:00 | 000,379,444 | ---- | M] () -- \MikTeX\TeXMF\doc\luatex\luatexbase\luatexbase-loader.pdf
[2011/05/21 12:41:00 | 000,000,555 | ---- | M] () -- \MikTeX\TeXMF\doc\luatex\luatexbase\test-loader-latex.tex
[2011/05/21 12:41:00 | 000,000,548 | ---- | M] () -- \MikTeX\TeXMF\doc\luatex\luatexbase\test-loader-plain.tex
[2011/05/21 12:41:00 | 000,000,411 | ---- | M] () -- \MikTeX\TeXMF\doc\luatex\luatexbase\test-loader.lua
[2011/05/21 12:41:00 | 000,000,419 | ---- | M] () -- \MikTeX\TeXMF\doc\luatex\luatexbase\test-loader.sub.lua
[2012/04/26 17:32:56 | 000,003,848 | ---- | M] () -- \MikTeX\TeXMF\tex\generic\oberdiek\luatex-loader.sty
[2012/10/26 14:56:18 | 000,002,093 | ---- | M] () -- \MikTeX\TeXMF\tex\generic\pgfplots\oldpgfcompatib\pgfplotsoldpgfsupp_loader.code.tex
[2011/05/21 12:41:00 | 000,002,580 | ---- | M] () -- \MikTeX\TeXMF\tex\luatex\luatexbase\luatexbase-loader.sty
[2011/05/21 12:41:00 | 000,002,075 | ---- | M] () -- \MikTeX\TeXMF\tex\luatex\luatexbase\luatexbase.loader.lua
[2002/09/25 21:05:38 | 000,113,664 | ---- | M] () -- \Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[2009/05/23 02:38:52 | 000,061,952 | ---- | M] () -- \Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\coloader80.dll
[2009/05/22 21:27:34 | 000,004,608 | ---- | M] () -- \Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\coloader80.tlb
[2013/03/09 09:17:04 | 000,268,440 | ---- | M] () -- \Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll
[2013/03/09 09:17:04 | 000,019,080 | ---- | M] () -- \Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2012/09/06 05:24:35 | 000,127,464 | ---- | M] () -- \Program Files (x86)\CyberLink\Media Suite\koan\pyloader.dll
[2013/01/03 13:24:46 | 002,475,304 | ---- | M] () -- \Program Files (x86)\CyberLink\PhotoDirector\Kernel\CES\CES_3DLoaderFBX.dll
[2013/01/03 13:36:14 | 000,140,400 | ---- | M] () -- \Program Files (x86)\CyberLink\PhotoDirector\Koan\pyloader.dll
[2013/01/03 13:25:12 | 000,006,619 | ---- | M] () -- \Program Files (x86)\CyberLink\PhotoDirector\Presentation\UI\Import\ThumbnailLoader.kc
[2013/01/03 13:25:22 | 000,013,205 | ---- | M] () -- \Program Files (x86)\CyberLink\PhotoDirector\System\PyUploader.kc
[2013/01/03 13:25:22 | 000,164,800 | ---- | M] () -- \Program Files (x86)\CyberLink\PhotoDirector\System\_PyUploader.pyd
[2013/01/03 13:25:26 | 000,007,401 | ---- | M] () -- \Program Files (x86)\CyberLink\PhotoDirector\System\Model\SlideShowProduction\ProfileLoader.kc
[2012/11/21 08:51:44 | 000,171,040 | ---- | M] () -- \Program Files (x86)\CyberLink\Power2Go8\runtime\CES\PlugIn\CES_3DLoaderC3S.dll
[2012/11/21 08:51:46 | 002,528,800 | ---- | M] () -- \Program Files (x86)\CyberLink\Power2Go8\runtime\CES\PlugIn\CES_3DLoaderFBX.dll
[2013/02/27 05:21:30 | 000,000,034 | ---- | M] () -- \Program Files (x86)\CyberLink\PowerDVD12\ComLoader.ini
[2013/02/27 05:37:25 | 000,126,728 | ---- | M] () -- \Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\pyloader.dll
[2013/02/07 11:18:10 | 000,028,102 | ---- | M] () -- \Program Files (x86)\CyberLink\PowerDVD12\Movie\PK\subsys\PyImpLoader\PyImpLoader.kc
[2013/02/27 05:54:07 | 000,122,632 | ---- | M] () -- \Program Files (x86)\CyberLink\PowerDVD12\Movie\PK\subsys\PyImpLoader\_PyImpLoader.pyd
[2012/06/04 10:04:24 | 000,012,020 | ---- | M] () -- \Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cox\mm\MediaCtrl\ImageLoader.kc
[2013/02/27 05:20:47 | 000,022,781 | ---- | M] () -- \Program Files (x86)\CyberLink\PowerDVD12\subsys\DataCenter\ImageLoader.kc
[2013/02/27 05:20:47 | 000,007,947 | ---- | M] () -- \Program Files (x86)\CyberLink\PowerDVD12\subsys\NetService\netThumbLoader.kc
[2013/02/27 05:20:49 | 000,001,566 | ---- | M] () -- \Program Files (x86)\CyberLink\PowerDVD12\subsys\Video\D3D9Loader.kc
[2012/04/09 07:20:34 | 002,533,160 | ---- | M] () -- \Program Files (x86)\CyberLink\Shared files\Plugin\8.0\CES_3DLoaderFBX.dll
[2013/02/01 18:41:18 | 000,126,728 | ---- | M] () -- \Program Files (x86)\CyberLink\YouCam\Koan\pyloader.dll
[2013/02/01 17:58:02 | 000,020,119 | ---- | M] () -- \Program Files (x86)\CyberLink\YouCam\subsys\Uploader\PyUploader.kc
[2013/02/01 17:58:02 | 000,233,024 | ---- | M] () -- \Program Files (x86)\CyberLink\YouCam\subsys\Uploader\_PyUploader.pyd
[2012/07/24 11:28:46 | 000,167,720 | ---- | M] () -- \Program Files (x86)\CyberLink\YouCam\subsys\YouCam\CES_3DLoaderC3S.dll
[2012/07/24 11:28:46 | 002,525,480 | ---- | M] () -- \Program Files (x86)\CyberLink\YouCam\subsys\YouCam\CES_3DLoaderFBX.dll
[2012/06/09 19:19:38 | 000,055,296 | ---- | M] () -- \Program Files (x86)\WinRAR\Formats\ace32loader.exe
[2014/05/03 14:40:47 | 000,072,480 | ---- | M] () -- \Program Files\AVAST Software\Avast\aswWrcIELoader32.exe
[2014/05/03 14:40:47 | 000,085,888 | ---- | M] () -- \Program Files\AVAST Software\Avast\aswWrcIELoader64.exe
[2013/03/09 09:52:18 | 000,364,168 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll
[2013/03/09 09:52:18 | 000,019,080 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2014/02/11 01:11:50 | 000,000,035 | ---- | M] () -- \Program Files\Maple 18\eBookTools\fop-1.0\examples\plan\resources\META-INF\services\org.apache.xmlgraphics.image.loader.spi.ImagePreloader
[2014/02/11 01:11:50 | 000,005,120 | ---- | M] () -- \Program Files\Maple 18\eBookTools\fop-1.0\examples\plan\src\org\apache\fop\plan\PreloaderPlan.java
[2014/02/11 02:10:11 | 002,906,723 | ---- | M] () -- \Program Files\Maple 18\java\wksloader.jar
[2013/02/12 16:01:10 | 000,001,849 | ---- | M] () -- \Program Files\WindowsApps\Evernote.Skitch_2.2.1405.4711_neutral__q4d96b2w5wcc2\app\win\map\images\ajax-loader_rev.gif
[2013/02/12 16:01:12 | 000,001,748 | ---- | M] () -- \Program Files\WindowsApps\Evernote.Skitch_2.2.1405.4711_neutral__q4d96b2w5wcc2\lib\require\deploader.js
[2012/07/26 11:48:29 | 000,039,485 | ---- | M] () -- \Program Files\WindowsApps\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe\shell\js\backgroundImageLoader.js
[2014/05/14 14:04:12 | 000,002,089 | ---- | M] () -- \Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\DependencyLoader\DependencyLoader.js
[2014/05/14 14:04:13 | 000,001,326 | ---- | M] () -- \Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernAttachmentWell\AttachmentWellComposeDependencyLoader.js
[2014/05/14 14:04:13 | 000,001,208 | ---- | M] () -- \Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernAttachmentWell\AttachmentWellReadDependencyLoader.js
[2014/05/14 14:04:13 | 000,002,552 | ---- | M] () -- \Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernAttachmentWell\AttachmentWellShareAnythingControlDependencyLoader.js
[2014/05/14 14:04:14 | 000,001,915 | ---- | M] () -- \Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernPeople\appframe\BackgroundLoader.js
[2014/05/14 14:04:16 | 000,005,019 | ---- | M] () -- \Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShareAnything\ShareDataLoader.js
[2012/07/26 11:48:26 | 000,049,108 | ---- | M] () -- \Program Files\WindowsApps\Microsoft.XboxLIVEGames_1.0.927.0_x64__8wekyb3d8bbwe\Framework\imageLoader.js
[2012/07/26 11:48:02 | 000,049,108 | ---- | M] () -- \Program Files\WindowsApps\Microsoft.ZuneMusic_1.0.927.0_x64__8wekyb3d8bbwe\Framework\imageLoader.js
[2012/07/26 11:48:10 | 000,049,108 | ---- | M] () -- \Program Files\WindowsApps\Microsoft.ZuneVideo_1.0.927.0_x64__8wekyb3d8bbwe\Framework\imageLoader.js
[2014/05/14 09:22:20 | 000,101,046 | ---- | M] () -- \Program Files\WindowsApps\Microsoft.ZuneVideo_1.5.886.0_x64__8wekyb3d8bbwe\Framework\imageLoader.js
[2014/05/14 09:22:20 | 000,101,046 | ---- | M] () -- \Program Files\WindowsApps\Microsoft.ZuneVideo_1.5.902.0_x64__8wekyb3d8bbwe\Framework\imageLoader.js
[2013/10/26 15:56:43 | 000,001,382 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\Adobe Gamma Loader.lnk
[2012/04/09 07:20:34 | 002,533,160 | ---- | M] () -- \SWSETUP\APP\Applications\CyberLink\CyberlinkPowerD\10.0.2.2531\src\ShareFiles\Share_x86\Plugin\8.0\CES_3DLoaderFBX.dll
[2013/10/26 15:56:43 | 000,001,382 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\StartUp\Adobe Gamma Loader.lnk
[2014/05/29 08:55:57 | 000,017,912 | ---- | M] () -- \Users\OEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4BE0V0YG\AdLoader-3b8e790904fffcf74f96367cd382e261.min[1].js
[2014/04/01 16:57:01 | 000,112,122 | ---- | M] () -- \Users\OEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4BE0V0YG\AdLoader-7b473315d0084c71df83cdee72aab144.min[1].js
[2014/01/10 20:22:24 | 000,001,537 | ---- | M] () -- \Users\OEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4BE0V0YG\AdLoader[1].htm
[2014/04/01 17:02:28 | 000,001,870 | ---- | M] () -- \Users\OEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4BE0V0YG\AdLoader[2].htm
[2013/11/17 19:42:13 | 000,000,723 | ---- | M] () -- \Users\OEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4BE0V0YG\downloaderror[1].js
[2014/04/21 17:02:06 | 000,001,174 | ---- | M] () -- \Users\OEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4BE0V0YG\downloader[1].js
[2014/01/10 20:22:24 | 000,110,991 | ---- | M] () -- \Users\OEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4VO1TN4\AdLoader-7b857a7be889bd57f92da60a9b6146bb.min[1].js
[2014/05/29 08:55:57 | 000,001,980 | ---- | M] () -- \Users\OEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4VO1TN4\AdLoader[2].htm
[2014/05/29 09:16:27 | 000,001,980 | ---- | M] () -- \Users\OEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4VO1TN4\AdLoader[3].htm
[2014/04/21 17:02:06 | 000,000,723 | ---- | M] () -- \Users\OEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ACSH62ZI\downloaderror[1].js
[2013/11/17 19:42:13 | 000,001,174 | ---- | M] () -- \Users\OEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ACSH62ZI\downloader[1].js
[2013/11/02 10:42:23 | 000,110,642 | ---- | M] () -- \Users\OEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AIM5E14L\AdLoader-05424a4ab7d836fbf1bc3b5c2b3458f1.min[1].js
[2014/04/01 16:57:01 | 000,001,870 | ---- | M] () -- \Users\OEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AIM5E14L\AdLoader[1].htm
[2014/01/28 19:35:56 | 000,072,638 | ---- | M] () -- \Users\OEM\AppData\Local\Skype\Apps\login\images\loader.gif
[2014/01/28 19:35:56 | 000,003,032 | ---- | M] () -- \Users\OEM\AppData\Local\Skype\Apps\login\images\loader.png
[2014/01/28 19:35:56 | 000,006,012 | ---- | M] () -- \Users\OEM\AppData\Local\Skype\Apps\login\images\normal\loader_15fps.gif
[2014/01/28 19:35:56 | 000,021,956 | ---- | M] () -- \Users\OEM\AppData\Local\Skype\Apps\login\images\normal\loader_30fps.gif
[2014/01/28 19:35:56 | 000,009,772 | ---- | M] () -- \Users\OEM\AppData\Local\Skype\Apps\login\images\retina\loader@2x.png
[2010/03/24 20:35:48 | 000,018,264 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109A20000000100000000F01FEC\14.0.4763\FL_VSTOLoaderUI_dll_amd64_ln.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25
[2010/03/24 20:12:34 | 000,018,264 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109A20000000100000000F01FEC\14.0.4763\FL_VSTOLoaderUI_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25
[2010/10/07 04:36:40 | 000,018,264 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109A20000000100000000F01FEC\14.0.4763\FL_VSTOLoaderUI_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8.923C1899_09AE_418B_B39D_A7A9EB6A7951
[2010/03/24 20:35:48 | 000,370,512 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109A20000000100000000F01FEC\14.0.4763\VSTOLoader_dll_amd64.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25
[2010/03/24 20:12:34 | 000,249,680 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109A20000000100000000F01FEC\14.0.4763\VSTOLoader_dll_x86.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25
[2010/10/07 04:36:40 | 000,265,552 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109A20000000100000000F01FEC\14.0.4763\VSTOLoader_dll_x86.3643236F_FC70_11D3_A536_0090278A1BB8.923C1899_09AE_418B_B39D_A7A9EB6A7951
[2013/03/09 09:17:04 | 000,019,080 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109A20000000100000000F01FEC\14.0.7015\FL_VSTOLoaderUI_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25
[2013/03/09 09:17:04 | 000,268,440 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109A20000000100000000F01FEC\14.0.7015\VSTOLoader_dll_x86.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25
[2014/08/02 20:59:17 | 000,019,450 | ---- | M] () -- \Windows\Prefetch\ADOBE GAMMA LOADER.EXE-B0DD67C7.pf
[2012/07/26 04:46:24 | 000,003,072 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/07/26 04:46:25 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-1.dll
[2012/07/26 04:46:36 | 000,002,560 | -H-- | M] () -- \Windows\System32\api-ms-win-core-stringloader-l1-1-0.dll
[2012/07/26 05:18:20 | 000,036,352 | ---- | M] () -- \Windows\System32\dmloader.dll
[2012/07/26 04:46:24 | 000,003,072 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/07/26 04:46:25 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-1.dll
[2012/07/26 04:46:36 | 000,002,560 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-stringloader-l1-1-0.dll
[2012/07/26 05:18:20 | 000,036,352 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[1 \Windows\WinSxS\*.tmp files -> \Windows\WinSxS\*.tmp -> ]
[2012/07/26 06:53:16 | 001,084,144 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_6.2.9200.16384_none_891afac5ef497dae\hvloader.efi
[2012/07/26 06:53:16 | 000,998,128 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_6.2.9200.16384_none_891afac5ef497dae\hvloader.exe
[2013/04/29 16:29:54 | 001,084,136 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_6.2.9200.16433_none_89500bfdef21d5c9\hvloader.efi
[2013/04/29 16:29:54 | 000,998,120 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_6.2.9200.16433_none_89500bfdef21d5c9\hvloader.exe
[2013/03/02 12:39:39 | 001,084,136 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_6.2.9200.16548_none_894a3f69ef256d94\hvloader.efi
[2013/03/02 12:39:39 | 000,998,120 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_6.2.9200.16548_none_894a3f69ef256d94\hvloader.exe
[2013/03/02 12:39:39 | 001,084,136 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_6.2.9200.16579_none_892acfefef3cdabe\hvloader.efi
[2013/04/09 07:24:49 | 000,998,152 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_6.2.9200.16579_none_892acfefef3cdabe\hvloader.exe
[2013/06/01 14:02:14 | 001,084,160 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_6.2.9200.16628_none_895fe127ef1532d9\hvloader.efi
[2013/06/01 14:02:14 | 000,998,144 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_6.2.9200.16628_none_895fe127ef1532d9\hvloader.exe
[2013/04/29 16:29:54 | 001,084,136 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_6.2.9200.20534_none_89daa913083e8eea\hvloader.efi
[2013/04/29 16:29:54 | 000,998,120 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_6.2.9200.20534_none_89daa913083e8eea\hvloader.exe
[2013/03/02 12:22:17 | 001,084,136 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_6.2.9200.20652_none_89c30a8d08509145\hvloader.efi
[2013/03/02 12:22:17 | 000,998,120 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_6.2.9200.20652_none_89c30a8d08509145\hvloader.exe
[2013/03/02 12:22:17 | 001,084,136 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_6.2.9200.20683_none_89a39b130867fe6f\hvloader.efi
[2013/04/09 02:24:11 | 000,998,152 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_6.2.9200.20683_none_89a39b130867fe6f\hvloader.exe
[2013/06/01 14:49:37 | 001,084,160 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_6.2.9200.20733_none_89d9ac95083f6fe1\hvloader.efi
[2013/06/01 14:49:37 | 000,998,144 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_6.2.9200.20733_none_89d9ac95083f6fe1\hvloader.exe
[2012/07/26 05:05:30 | 000,047,616 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.2.9200.16384_none_9ebdc35619670551\dmloader.dll
[2012/07/26 04:35:54 | 000,003,072 | -H-- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.2.9200.16384_none_637b975b05942933\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/07/26 04:35:54 | 000,003,584 | -H-- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.2.9200.16384_none_637b975b05942933\api-ms-win-core-libraryloader-l1-1-1.dll
[2012/07/26 04:35:58 | 000,002,560 | -H-- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.2.9200.16384_none_637b975b05942933\api-ms-win-core-stringloader-l1-1-0.dll
[2013/05/25 04:33:26 | 000,004,656 | ---- | M] () -- \Windows\WinSxS\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.2.9200.16384_cs-cz_8c0c160e86cdb00c.manifest
[2013/05/25 04:33:26 | 000,030,448 | ---- | M] () -- \Windows\WinSxS\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.2.9200.16384_cs-cz_8c0c160e86cdb00c_winload.efi.mui_35ee487d
[2013/05/25 04:33:26 | 000,030,448 | ---- | M] () -- \Windows\WinSxS\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.2.9200.16384_cs-cz_8c0c160e86cdb00c_winload.exe.mui_3bc5b827
[2013/05/25 04:33:26 | 000,020,208 | ---- | M] () -- \Windows\WinSxS\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.2.9200.16384_cs-cz_8c0c160e86cdb00c_winresume.efi.mui_f412814e
[2013/05/25 04:33:26 | 000,020,208 | ---- | M] () -- \Windows\WinSxS\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.2.9200.16384_cs-cz_8c0c160e86cdb00c_winresume.exe.mui_ff8b5358
[2013/10/29 21:48:07 | 000,005,808 | ---- | M] () -- \Windows\WinSxS\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.2.9200.16628_none_b43547f8f636cb6a.manifest
[2013/10/29 21:48:07 | 001,403,296 | ---- | M] () -- \Windows\WinSxS\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.2.9200.16628_none_b43547f8f636cb6a_winload.efi_75834aa0
[2013/10/29 21:48:07 | 001,271,584 | ---- | M] () -- \Windows\WinSxS\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.2.9200.16628_none_b43547f8f636cb6a_winload.exe_75835076
[2013/10/29 21:48:07 | 001,217,352 | ---- | M] () -- \Windows\WinSxS\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.2.9200.16628_none_b43547f8f636cb6a_winresume.efi_85cd069f
[2013/10/29 21:48:07 | 001,093,904 | ---- | M] () -- \Windows\WinSxS\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.2.9200.16628_none_b43547f8f636cb6a_winresume.exe_85cd1215
[2012/07/26 10:11:35 | 000,000,596 | ---- | M] () -- \Windows\WinSxS\FileMaps\programdata_microsoft_network_downloader_7fafaef6d33e4371.cdf-ms
[2013/05/25 04:30:48 | 000,004,656 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.2.9200.16384_cs-cz_8c0c160e86cdb00c.manifest
[2012/07/26 07:00:58 | 000,005,810 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.2.9200.16384_none_b3f06196f66b163f.manifest
[2013/04/29 16:16:17 | 000,005,810 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.2.9200.16418_none_b4401418f62eb52b.manifest
[2012/10/12 03:18:16 | 000,005,810 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.2.9200.16420_none_b42d41dcf63e0664.manifest
[2013/04/29 16:29:22 | 000,005,810 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.2.9200.16433_none_b42572cef6436e5a.manifest
[2013/04/09 08:04:17 | 000,005,808 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.2.9200.16579_none_b40036c0f65e734f.manifest
[2013/06/01 13:31:54 | 000,005,808 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.2.9200.16628_none_b43547f8f636cb6a.manifest
[2013/04/29 16:16:17 | 000,005,810 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.2.9200.20519_none_b4cab12e0f4b6e4c.manifest
[2012/10/12 03:18:16 | 000,005,810 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.2.9200.20521_none_b4b7def20f5abf85.manifest
[2013/04/29 16:29:22 | 000,005,810 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.2.9200.20534_none_b4b00fe40f60277b.manifest
[2013/04/09 02:53:04 | 000,005,808 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.2.9200.20683_none_b47901e40f899700.manifest
[2013/06/01 14:10:50 | 000,005,808 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.2.9200.20733_none_b4af13660f610872.manifest
[2012/07/26 05:18:20 | 000,036,352 | ---- | M] () -- \Windows\WinSxS\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.2.9200.16384_none_429f27d26109941b\dmloader.dll
[2012/07/26 04:46:24 | 000,003,072 | -H-- | M] () -- \Windows\WinSxS\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.2.9200.16384_none_075cfbd74d36b7fd\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/07/26 04:46:25 | 000,003,584 | -H-- | M] () -- \Windows\WinSxS\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.2.9200.16384_none_075cfbd74d36b7fd\api-ms-win-core-libraryloader-l1-1-1.dll
[2012/07/26 04:46:36 | 000,002,560 | -H-- | M] () -- \Windows\WinSxS\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.2.9200.16384_none_075cfbd74d36b7fd\api-ms-win-core-stringloader-l1-1-0.dll

< *minodlogin* /s >

< *tnod* /s >
[2012/11/03 21:04:50 | 000,000,064 | ---- | M] () -- \MikTeX\TeXMF\doc\latex\tikzscale\testNode.tikz

< *AutoKMS* /s >

< *activator* /s >
[2013/02/27 05:20:46 | 000,004,878 | ---- | M] () -- \Program Files (x86)\CyberLink\PowerDVD12\subsys\Activator\Activator.kc
[2013/02/27 05:20:46 | 000,003,886 | ---- | M] () -- \Program Files (x86)\CyberLink\PowerDVD12\subsys\Activator\PyActivator.kc
[2013/02/27 05:37:00 | 000,130,824 | ---- | M] () -- \Program Files (x86)\CyberLink\PowerDVD12\subsys\Activator\_PyActivator.pyd

< *serial* /s >
[2013/01/25 19:58:32 | 000,276,699 | ---- | M] () -- \Lena\teorie_cisel_serial.pdf
[2008/09/17 16:33:08 | 000,000,592 | ---- | M] () -- \Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\VBSnippets\1033\Connectivity\EnumerateSerialPorts.snippet
[2008/09/17 16:33:08 | 000,001,178 | ---- | M] () -- \Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\VBSnippets\1033\Connectivity\ReadDatafromaSerialPort.snippet
[2008/09/17 16:33:08 | 000,001,492 | ---- | M] () -- \Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\VBSnippets\1033\Connectivity\UseaSerialPorttoDialaPhoneNumber.snippet
[2012/10/10 03:35:25 | 000,970,752 | ---- | M] () -- \Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2014/02/11 01:11:50 | 000,188,993 | ---- | M] () -- \Program Files\Maple 18\eBookTools\fop-1.0\lib\serializer-2.7.0.jar
[2014/02/11 01:11:50 | 000,011,357 | ---- | M] () -- \Program Files\Maple 18\eBookTools\fop-1.0\lib\serializer.LICENSE.txt
[2014/02/11 01:11:50 | 000,000,866 | ---- | M] () -- \Program Files\Maple 18\eBookTools\fop-1.0\lib\serializer.NOTICE.txt
[2012/10/10 03:36:13 | 000,847,872 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2013/05/25 04:33:01 | 000,090,112 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[2014/07/29 21:52:34 | 000,000,574 | ---- | M] () -- \Users\OEM\AppData\Roaming\Microsoft\Windows\Recent\Serial.txt.lnk
[2013/05/25 04:33:01 | 000,011,776 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2012/07/26 12:07:00 | 000,131,072 | R--- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2013/05/25 04:33:01 | 000,090,112 | ---- | M] () -- \Windows\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
[2012/10/10 03:35:25 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2014/02/25 19:04:12 | 000,309,760 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#\c2e70a2af436f76574625562eebc0bd2\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014/02/25 19:04:12 | 000,000,580 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#\c2e70a2af436f76574625562eebc0bd2\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux
[2014/02/17 20:17:09 | 002,822,656 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\deba9405e920eefee41a8efe93e93cc6\System.Runtime.Serialization.ni.dll
[2014/02/17 20:17:09 | 000,001,308 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\deba9405e920eefee41a8efe93e93cc6\System.Runtime.Serialization.ni.dll.aux
[2014/02/17 20:10:24 | 003,637,248 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runteb92aa12#\3549a37d36038a93844b48253ac02488\System.Runtime.Serialization.ni.dll
[2014/02/17 20:10:24 | 000,001,308 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runteb92aa12#\3549a37d36038a93844b48253ac02488\System.Runtime.Serialization.ni.dll.aux
[2012/07/26 10:09:26 | 000,001,032 | ---- | M] () -- \Windows\Inf\c_multiportserial.inf
[2012/07/26 09:21:08 | 000,004,224 | ---- | M] () -- \Windows\Inf\c_multiportserial.PNF
[2012/08/31 02:51:52 | 000,027,808 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\v4.0_4.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2012/07/12 04:02:06 | 000,132,656 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2012/07/12 04:02:06 | 000,022,024 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Json\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Json.dll
[2012/07/12 04:02:06 | 000,022,048 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Primitives.dll
[2012/08/31 02:51:46 | 000,113,752 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.RunTime.Serialization.resources\v4.0_4.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.resources.dll
[2012/07/12 04:02:06 | 000,022,016 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Xml\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Xml.dll
[2013/07/11 00:08:35 | 001,050,768 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2012/07/12 04:02:08 | 000,036,320 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
[2012/07/12 04:02:08 | 000,022,496 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.XmlSerializer\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Xml.XmlSerializer.dll
[2012/07/26 12:07:00 | 000,131,072 | R--- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2009/05/23 07:30:34 | 000,008,007 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.xml
[2013/05/25 04:33:00 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2012/10/10 03:35:25 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2013/07/11 00:08:35 | 001,050,768 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2012/07/12 04:02:06 | 000,132,656 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2012/07/12 04:02:06 | 000,022,024 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Json.dll
[2012/07/12 04:02:06 | 000,022,048 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Primitives.dll
[2012/07/12 04:02:06 | 000,022,016 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Xml.dll
[2012/07/12 04:02:08 | 000,036,320 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll
[2012/07/12 04:02:08 | 000,022,496 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.XmlSerializer.dll
[2012/08/31 02:51:52 | 000,027,808 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2012/08/31 02:51:52 | 000,113,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\cs\System.RunTime.Serialization.resources.dll
[2012/07/26 12:07:00 | 000,131,072 | R--- | M] () -- \Windows\Microsoft.NET\Framework64\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2013/05/25 04:33:00 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2012/10/10 03:36:14 | 000,847,872 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2013/07/11 00:09:10 | 001,050,768 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.dll
[2012/07/12 04:01:17 | 000,132,656 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2012/07/12 04:01:17 | 000,022,024 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Json.dll
[2012/07/12 04:01:17 | 000,022,048 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Primitives.dll
[2012/07/12 04:01:17 | 000,022,016 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Xml.dll
[2012/07/12 04:01:20 | 000,036,320 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.Serialization.dll
[2012/07/12 04:01:20 | 000,022,496 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.XmlSerializer.dll
[2012/08/31 02:51:45 | 000,027,808 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2012/08/31 02:51:46 | 000,113,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\cs\System.RunTime.Serialization.resources.dll
[2012/07/26 05:19:54 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2013/05/25 04:32:50 | 000,005,120 | ---- | M] () -- \Windows\System32\cs-CZ\serialui.dll.mui
[2012/07/26 11:42:58 | 000,000,232 | ---- | M] () -- \Windows\System32\DriverStore\en-US\c_multiportserial.inf_loc
[2012/07/25 22:35:47 | 000,001,032 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\c_multiportserial.inf_amd64_45188a76c7257c7d\c_multiportserial.inf
[2012/07/26 04:30:01 | 000,076,800 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_amd64_b9497ff7bf3c4b05\serial.sys
[2012/07/26 05:19:54 | 000,015,360 | ---- | M] () -- \Windows\SysWOW64\serialui.dll
[2013/05/25 04:32:50 | 000,005,120 | ---- | M] () -- \Windows\SysWOW64\cs-CZ\serialui.dll.mui
[1 \Windows\WinSxS\*.tmp files -> \Windows\WinSxS\*.tmp -> ]
[2012/07/26 11:42:58 | 000,000,232 | ---- | M] () -- \Windows\WinSxS\amd64_c_multiportserial.inf.resources_31bf3856ad364e35_6.2.9200.16384_en-us_9df633403910846e\c_multiportserial.inf_loc
[2012/07/25 22:35:47 | 000,001,032 | ---- | M] () -- \Windows\WinSxS\amd64_c_multiportserial.inf_31bf3856ad364e35_6.2.9200.16384_none_f9bc515a3410ee82\c_multiportserial.inf
[2013/11/10 20:24:24 | 000,000,181 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.2.9200.16384_cs-cz_18f61258351a4915\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2013/05/25 04:33:00 | 000,011,776 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.2.9200.16430_cs-cz_192822b234f5552b\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2013/11/10 20:24:33 | 000,000,181 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.2.9200.20531_cs-cz_19b2bfc74e120e4c\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2013/05/25 04:32:50 | 000,005,120 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.2.9200.16384_cs-cz_a73488f66d6efa73\serialui.dll.mui
[2012/07/26 05:07:10 | 000,017,920 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.2.9200.16384_none_4dcb48f2a86ef2b0\serialui.dll
[2013/11/12 22:06:30 | 000,000,184 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.2.9200.16384_cs-cz_b63db9f5dc430f52\System.RunTime.Serialization.Resources.dll
[2013/05/25 04:33:01 | 000,090,112 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.2.9200.16430_cs-cz_b66fca4fdc1e1b68\System.RunTime.Serialization.Resources.dll
[2013/11/12 22:06:32 | 000,000,184 | ---- | M] () -- \Windows\WinSxS\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.2.9200.20531_cs-cz_b6fa6764f53ad489\System.RunTime.Serialization.Resources.dll
[2013/05/25 04:32:45 | 000,009,728 | ---- | M] () -- \Windows\WinSxS\amd64_msports.inf.resources_31bf3856ad364e35_6.2.9200.16384_cs-cz_1d7fc9ead6009a1c\serial.sys.mui
[2012/07/26 04:30:01 | 000,076,800 | ---- | M] () -- \Windows\WinSxS\amd64_msports.inf_31bf3856ad364e35_6.2.9200.16384_none_5161581642227a2a\serial.sys
[2013/11/22 16:48:37 | 000,004,892 | ---- | M] () -- \Windows\WinSxS\amd64_netfx4clientcorecomp.resources_31bf3856ad364e35_6.2.9200.16384_cs-cz_6b79c54ad2b7ba05\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2013/11/22 16:48:31 | 000,004,906 | ---- | M] () -- \Windows\WinSxS\amd64_netfx4clientcorecomp.resources_31bf3856ad364e35_6.2.9200.16384_cs-cz_6b79c54ad2b7ba05\System.RunTime.Serialization.resources.dll
[2012/08/31 02:51:45 | 000,027,808 | ---- | M] () -- \Windows\WinSxS\amd64_netfx4clientcorecomp.resources_31bf3856ad364e35_6.2.9200.16430_cs-cz_6babd5a4d292c61b\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2012/08/31 02:51:46 | 000,113,752 | ---- | M] () -- \Windows\WinSxS\amd64_netfx4clientcorecomp.resources_31bf3856ad364e35_6.2.9200.16430_cs-cz_6babd5a4d292c61b\System.RunTime.Serialization.resources.dll
[2013/11/22 22:17:17 | 000,002,683 | ---- | M] () -- \Windows\WinSxS\amd64_netfx4clientcorecomp.resources_31bf3856ad364e35_6.2.9200.20531_cs-cz_6c3672b9ebaf7f3c\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2013/11/22 22:17:07 | 000,003,257 | ---- | M] () -- \Windows\WinSxS\amd64_netfx4clientcorecomp.resources_31bf3856ad364e35_6.2.9200.20531_cs-cz_6c3672b9ebaf7f3c\System.RunTime.Serialization.resources.dll
[2012/07/12 04:01:17 | 000,132,656 | ---- | M] () -- \Windows\WinSxS\amd64_netfx4-system.runti..ion.formatters.soap_b03f5f7f11d50a3a_4.0.9200.16384_none_d68148ce3ff07e02\System.Runtime.Serialization.Formatters.Soap.dll
[2012/07/12 04:01:17 | 000,022,048 | ---- | M] () -- \Windows\WinSxS\amd64_netfx4-system.runti..lization.primitives_b03f5f7f11d50a3a_4.0.9200.16384_none_43a8275875494b8e\System.Runtime.Serialization.Primitives.dll
[2012/07/12 04:01:17 | 000,022,024 | ---- | M] () -- \Windows\WinSxS\amd64_netfx4-system.runtime.serialization.json_b03f5f7f11d50a3a_4.0.9200.16384_none_e25d0cd734f43e04\System.Runtime.Serialization.Json.dll
[2012/07/12 04:01:17 | 000,022,016 | ---- | M] () -- \Windows\WinSxS\amd64_netfx4-system.runtime.serialization.xml_b03f5f7f11d50a3a_4.0.9200.16384_none_c974e4aa59db7371\System.Runtime.Serialization.Xml.dll
[2012/07/12 04:01:17 | 001,050,096 | ---- | M] () -- \Windows\WinSxS\amd64_netfx4-system.runtime.serialization_b03f5f7f11d50a3a_4.0.9200.16384_none_8f14a7bb8fcb8036\System.Runtime.Serialization.dll
[2013/02/23 01:09:26 | 001,050,728 | ---- | M] () -- \Windows\WinSxS\amd64_netfx4-system.runtime.serialization_b03f5f7f11d50a3a_4.0.9200.16543_none_8f10bd138fcf01db\System.Runtime.Serialization.dll
[2013/07/11 00:09:10 | 001,050,768 | ---- | M] () -- \Windows\WinSxS\amd64_netfx4-system.runtime.serialization_b03f5f7f11d50a3a_4.0.9200.16664_none_8f12a6bb8fcd4e7b\System.Runtime.Serialization.dll
[2013/02/23 01:13:33 | 001,051,768 | ---- | M] () -- \Windows\WinSxS\amd64_netfx4-system.runtime.serialization_b03f5f7f11d50a3a_4.0.9200.20647_none_7842bb33a976c865\System.Runtime.Serialization.dll
[2013/07/11 00:12:22 | 001,051,272 | ---- | M] () -- \Windows\WinSxS\amd64_netfx4-system.runtime.serialization_b03f5f7f11d50a3a_4.0.9200.20772_none_78462dd5a9739496\System.Runtime.Serialization.dll
[2012/07/12 04:01:20 | 000,036,320 | ---- | M] () -- \Windows\WinSxS\amd64_netfx4-system.xml.serialization_b03f5f7f11d50a3a_4.0.9200.16384_none_fed799684e8c8f15\System.Xml.Serialization.dll
[2012/07/12 04:01:20 | 000,022,496 | ---- | M] () -- \Windows\WinSxS\amd64_netfx4-system.xml.xmlserializer_b03f5f7f11d50a3a_4.0.9200.16384_none_ea6130aafff18bc8\System.Xml.XmlSerializer.dll
[2012/07/26 12:07:00 | 000,131,072 | R--- | M] () -- \Windows\WinSxS\amd64_netfx-system.runtim..ion.formatters.soap_b03f5f7f11d50a3a_6.2.9200.16384_none_e04b053008b35686\System.Runtime.Serialization.Formatters.Soap.dll
[2012/07/06 04:02:29 | 000,847,872 | ---- | M] () -- \Windows\WinSxS\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.2.9200.16384_none_8fbcf8a56818c79c\System.Runtime.Serialization.dll
[2012/10/10 03:36:14 | 000,847,872 | ---- | M] () -- \Windows\WinSxS\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.2.9200.16432_none_8fb8249f681d15f8\System.Runtime.Serialization.dll
[2012/10/10 03:36:23 | 000,847,872 | ---- | M] () -- \Windows\WinSxS\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.2.9200.20533_none_78ea671781c48f9f\System.Runtime.Serialization.dll
[2012/07/06 04:02:29 | 000,847,872 | ---- | M] () -- \Windows\WinSxS\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.2.9200.16384_none_ca94056fbc10c235\System.Runtime.Serialization.dll
[2012/10/10 03:36:13 | 000,847,872 | ---- | M] () -- \Windows\WinSxS\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.2.9200.16432_none_ca8f3169bc151091\System.Runtime.Serialization.dll
[2012/10/10 03:36:22 | 000,847,872 | ---- | M] () -- \Windows\WinSxS\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.2.9200.20533_none_b3c173e1d5bc8a38\System.Runtime.Serialization.dll
[2013/05/25 04:29:43 | 000,001,131 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_c_multiportserial.inf-languagepack_31bf3856ad364e35_6.2.9200.16384_cs-cz_2b0eb54f379ff467.manifest
[2012/07/26 11:42:02 | 000,001,852 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_c_multiportserial.inf.resources_31bf3856ad364e35_6.2.9200.16384_en-us_9df633403910846e.manifest
[2012/07/26 07:09:43 | 000,001,513 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_c_multiportserial.inf_31bf3856ad364e35_6.2.9200.16384_none_f9bc515a3410ee82.manifest
[2012/07/26 07:26:40 | 000,002,626 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.2.9200.16384_none_6a7f3483366f250c.manifest
[2012/07/26 07:07:04 | 000,009,894 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_microsoft-windows-serial-classextension_31bf3856ad364e35_6.2.9200.16384_none_8ede5994e2f7c2e3.manifest
[2012/07/26 07:06:54 | 000,000,452 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.2.9200.16384_none_85867a4c903a2d8f.manifest
[2012/07/26 06:48:21 | 000,002,226 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_netfx4-system.runtime.serialization.json_b03f5f7f11d50a3a_4.0.9200.16384_none_e25d0cd734f43e04.manifest
[2012/07/26 06:48:33 | 000,002,222 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_netfx4-system.runtime.serialization.xml_b03f5f7f11d50a3a_4.0.9200.16384_none_c974e4aa59db7371.manifest
[2012/07/26 06:48:19 | 000,002,206 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_netfx4-system.runtime.serialization_b03f5f7f11d50a3a_4.0.9200.16384_none_8f14a7bb8fcb8036.manifest
[2013/02/25 03:50:28 | 000,002,206 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_netfx4-system.runtime.serialization_b03f5f7f11d50a3a_4.0.9200.16543_none_8f10bd138fcf01db.manifest
[2013/07/11 07:33:51 | 000,002,206 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_netfx4-system.runtime.serialization_b03f5f7f11d50a3a_4.0.9200.16664_none_8f12a6bb8fcd4e7b.manifest
[2013/02/25 03:20:05 | 000,002,206 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_netfx4-system.runtime.serialization_b03f5f7f11d50a3a_4.0.9200.20647_none_7842bb33a976c865.manifest
[2013/07/11 09:26:42 | 000,002,206 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_netfx4-system.runtime.serialization_b03f5f7f11d50a3a_4.0.9200.20772_none_78462dd5a9739496.manifest
[2012/07/26 06:48:28 | 000,002,190 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_netfx4-system.xml.serialization_b03f5f7f11d50a3a_4.0.9200.16384_none_fed799684e8c8f15.manifest
[2012/07/26 06:48:22 | 000,002,190 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_netfx4-system.xml.xmlserializer_b03f5f7f11d50a3a_4.0.9200.16384_none_ea6130aafff18bc8.manifest
[2012/07/26 06:48:30 | 000,002,276 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.2.9200.16384_none_8fbcf8a56818c79c.manifest
[2012/10/10 11:35:16 | 000,002,276 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.2.9200.16432_none_8fb8249f681d15f8.manifest
[2012/10/10 10:57:11 | 000,002,276 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.2.9200.20533_none_78ea671781c48f9f.manifest
[2012/07/26 06:48:13 | 000,002,301 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.2.9200.16384_none_ca94056fbc10c235.manifest
[2012/10/10 11:35:02 | 000,002,301 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.2.9200.16432_none_ca8f3169bc151091.manifest
[2012/10/10 10:56:39 | 000,002,301 | ---- | M] () -- \Windows\WinSxS\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.2.9200.20533_none_b3c173e1d5bc8a38.manifest
[2012/07/26 05:40:05 | 000,002,301 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.json_b03f5f7f11d50a3a_4.0.9200.16384_none_4133a81e70d69dc1.manifest
[2012/07/26 05:45:32 | 000,002,325 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.primitives_b03f5f7f11d50a3a_4.0.9200.16384_none_bd2cf9cf998cc8b9.manifest
[2012/07/26 05:43:53 | 000,002,265 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.2.9200.16384_none_dd235adf680f4fc6.manifest
[2012/10/10 09:14:13 | 000,002,265 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.2.9200.16432_none_dd1e86d968139e22.manifest
[2012/10/10 09:29:05 | 000,002,265 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.2.9200.20533_none_c650c95181bb17c9.manifest
[2013/05/25 04:31:54 | 000,001,569 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_4.0.9200.16384_cs-cz_04bd693af2668cc0.manifest
[2012/10/06 09:45:01 | 000,001,569 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_4.0.9200.16430_cs-cz_04b8c2c4f26aa7da.manifest
[2013/02/25 06:17:13 | 000,001,569 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_4.0.9200.16543_cs-cz_04b97e92f26a0e65.manifest
[2013/07/11 10:20:01 | 000,001,569 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_4.0.9200.16664_cs-cz_04bb683af2685b05.manifest
[2012/10/06 09:49:51 | 000,001,569 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_4.0.9200.20531_cs-cz_edeb053d0c122181.manifest
[2013/02/25 08:16:34 | 000,001,569 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_4.0.9200.20647_cs-cz_edeb7cb30c11d4ef.manifest
[2013/07/11 12:04:59 | 000,001,569 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_4.0.9200.20772_cs-cz_edeeef550c0ea120.manifest
[2013/05/25 04:31:48 | 000,001,643 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.2.9200.16384_cs-cz_6acea198775b6fe0.manifest
[2012/10/10 17:41:47 | 000,001,643 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.2.9200.16432_cs-cz_6ac9cd92775fbe3c.manifest
[2012/10/10 17:40:30 | 000,001,643 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.2.9200.20533_cs-cz_53fc100a910737e3.manifest
[2012/07/26 05:40:13 | 000,002,297 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.xml_b03f5f7f11d50a3a_4.0.9200.16384_none_ec5267dfb07eac70.manifest
[2012/07/26 05:40:38 | 000,002,730 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization_b77a5c561934e089_4.0.9200.16384_none_a755581c0ac16dd9.manifest
[2013/02/25 02:20:49 | 000,002,730 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization_b77a5c561934e089_4.0.9200.16543_none_a7516d740ac4ef7e.manifest
[2013/07/11 04:23:17 | 000,002,730 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization_b77a5c561934e089_4.0.9200.16664_none_a753571c0ac33c1e.manifest
[2013/02/25 01:54:09 | 000,002,730 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization_b77a5c561934e089_4.0.9200.20647_none_90836b94246cb608.manifest
[2013/07/11 06:09:43 | 000,002,730 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization_b77a5c561934e089_4.0.9200.20772_none_9086de3624698239.manifest
[2012/07/26 05:45:31 | 000,002,018 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.2.9200.16384_none_0d6690798fb650f9.manifest
[2012/10/10 09:14:19 | 000,002,018 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.2.9200.16432_none_0d61bc738fba9f55.manifest
[2012/10/10 09:29:12 | 000,002,018 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.2.9200.20533_none_f693feeba96218fc.manifest
[2012/07/26 05:46:59 | 000,002,382 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.xml.serialization_b77a5c561934e089_4.0.9200.16384_none_39f3d82244d5cd7e.manifest
[2012/07/26 05:44:37 | 000,002,265 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.xml.xmlserializer_b03f5f7f11d50a3a_4.0.9200.16384_none_1c0994e6b8e022d1.manifest
[2012/07/26 05:40:08 | 000,002,299 | ---- | M] () -- \Windows\WinSxS\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.2.9200.16384_none_12413c46d08ceb3b.manifest
[2012/10/10 09:14:00 | 000,002,299 | ---- | M] () -- \Windows\WinSxS\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.2.9200.16432_none_123c6840d0913997.manifest
[2012/10/10 09:28:50 | 000,002,299 | ---- | M] () -- \Windows\WinSxS\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.2.9200.20533_none_fb6eaab8ea38b33e.manifest
[2012/07/12 04:02:06 | 000,132,656 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_4.0.9200.16384_none_ed024caf4eb39c5b\System.Runtime.Serialization.Formatters.Soap.dll
[2012/07/26 12:07:00 | 000,131,072 | R--- | M] () -- \Windows\WinSxS\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.2.9200.16384_none_5313850cd3a87f7b\System.Runtime.Serialization.Formatters.Soap.dll
[2013/05/25 04:33:02 | 000,027,736 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_4.0.9200.16384_cs-cz_a62b631b484ba554\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2012/08/31 02:51:52 | 000,027,808 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_4.0.9200.16430_cs-cz_a626bca5484fc06e\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2012/08/31 02:52:17 | 000,027,808 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_4.0.9200.20531_cs-cz_8f58ff1d61f73a15\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2013/05/25 04:33:01 | 000,011,776 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.2.9200.16384_cs-cz_0c3c9b78cd408874\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2012/07/12 04:02:06 | 000,022,024 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.json_b03f5f7f11d50a3a_4.0.9200.16384_none_4133a81e70d69dc1\System.Runtime.Serialization.Json.dll
[2012/07/12 04:02:06 | 000,022,048 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.primitives_b03f5f7f11d50a3a_4.0.9200.16384_none_bd2cf9cf998cc8b9\System.Runtime.Serialization.Primitives.dll
[2012/07/06 04:02:29 | 000,970,752 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.ref_b77a5c561934e089_6.2.9200.16384_none_dd235adf680f4fc6\System.Runtime.Serialization.dll
[2012/10/10 03:35:25 | 000,970,752 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.ref_b77a5c561934e089_6.2.9200.16432_none_dd1e86d968139e22\System.Runtime.Serialization.dll
[2012/10/10 03:36:08 | 000,970,752 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.ref_b77a5c561934e089_6.2.9200.20533_none_c650c95181bb17c9\System.Runtime.Serialization.dll
[2013/05/25 04:33:04 | 000,113,704 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.resources_b77a5c561934e089_4.0.9200.16384_cs-cz_04bd693af2668cc0\System.RunTime.Serialization.resources.dll
[2012/08/31 02:51:52 | 000,113,752 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.resources_b77a5c561934e089_4.0.9200.16430_cs-cz_04b8c2c4f26aa7da\System.RunTime.Serialization.resources.dll
[2012/08/31 02:51:46 | 000,113,752 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.resources_b77a5c561934e089_4.0.9200.16543_cs-cz_04b97e92f26a0e65\System.RunTime.Serialization.resources.dll
[2012/08/31 02:51:46 | 000,113,752 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.resources_b77a5c561934e089_4.0.9200.16664_cs-cz_04bb683af2685b05\System.RunTime.Serialization.resources.dll
[2012/08/31 02:52:18 | 000,113,752 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.resources_b77a5c561934e089_4.0.9200.20531_cs-cz_edeb053d0c122181\System.RunTime.Serialization.resources.dll
[2012/08/31 02:52:07 | 000,113,752 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.resources_b77a5c561934e089_4.0.9200.20647_cs-cz_edeb7cb30c11d4ef\System.RunTime.Serialization.resources.dll
[2012/08/31 02:52:07 | 000,113,752 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.resources_b77a5c561934e089_4.0.9200.20772_cs-cz_edeeef550c0ea120\System.RunTime.Serialization.resources.dll
[2013/05/25 04:33:01 | 000,090,112 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.resources_b77a5c561934e089_6.2.9200.16384_cs-cz_6acea198775b6fe0\System.RunTime.Serialization.Resources.dll
[2013/05/25 04:33:01 | 000,090,112 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.resources_b77a5c561934e089_6.2.9200.16432_cs-cz_6ac9cd92775fbe3c\System.RunTime.Serialization.Resources.dll
[2013/05/25 04:33:01 | 000,090,112 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.resources_b77a5c561934e089_6.2.9200.20533_cs-cz_53fc100a910737e3\System.RunTime.Serialization.Resources.dll
[2012/07/12 04:02:06 | 000,022,016 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.xml_b03f5f7f11d50a3a_4.0.9200.16384_none_ec5267dfb07eac70\System.Runtime.Serialization.Xml.dll
[2012/07/12 04:02:06 | 001,050,096 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization_b77a5c561934e089_4.0.9200.16384_none_a755581c0ac16dd9\System.Runtime.Serialization.dll
[2013/02/23 01:11:46 | 001,050,728 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization_b77a5c561934e089_4.0.9200.16543_none_a7516d740ac4ef7e\System.Runtime.Serialization.dll
[2013/07/11 00:08:35 | 001,050,768 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization_b77a5c561934e089_4.0.9200.16664_none_a753571c0ac33c1e\System.Runtime.Serialization.dll
[2013/02/23 01:13:32 | 001,051,768 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization_b77a5c561934e089_4.0.9200.20647_none_90836b94246cb608\System.Runtime.Serialization.dll
[2013/07/11 00:12:02 | 001,051,272 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization_b77a5c561934e089_4.0.9200.20772_none_9086de3624698239\System.Runtime.Serialization.dll
[2012/07/06 04:02:28 | 000,970,752 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization_b77a5c561934e089_6.2.9200.16384_none_0d6690798fb650f9\System.Runtime.Serialization.dll
[2012/10/10 03:35:25 | 000,970,752 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization_b77a5c561934e089_6.2.9200.16432_none_0d61bc738fba9f55\System.Runtime.Serialization.dll
[2012/10/10 03:36:07 | 000,970,752 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization_b77a5c561934e089_6.2.9200.20533_none_f693feeba96218fc\System.Runtime.Serialization.dll
[2012/07/12 04:02:08 | 000,036,320 | ---- | M] () -- \Windows\WinSxS\msil_system.xml.serialization_b77a5c561934e089_4.0.9200.16384_none_39f3d82244d5cd7e\System.Xml.Serialization.dll
[2012/07/12 04:02:08 | 000,022,496 | ---- | M] () -- \Windows\WinSxS\msil_system.xml.xmlserializer_b03f5f7f11d50a3a_4.0.9200.16384_none_1c0994e6b8e022d1\System.Xml.XmlSerializer.dll
[2013/11/23 12:58:01 | 000,004,893 | ---- | M] () -- \Windows\WinSxS\wow64_netfx4clientcorecomp.resources_31bf3856ad364e35_6.2.9200.16384_cs-cz_75ce6f9d07187c00\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2013/11/23 12:57:54 | 000,004,266 | ---- | M] () -- \Windows\WinSxS\wow64_netfx4clientcorecomp.resources_31bf3856ad364e35_6.2.9200.16384_cs-cz_75ce6f9d07187c00\System.RunTime.Serialization.resources.dll
[2012/08/31 02:51:52 | 000,027,808 | ---- | M] () -- \Windows\WinSxS\wow64_netfx4clientcorecomp.resources_31bf3856ad364e35_6.2.9200.16430_cs-cz_76007ff706f38816\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2012/08/31 02:51:52 | 000,113,752 | ---- | M] () -- \Windows\WinSxS\wow64_netfx4clientcorecomp.resources_31bf3856ad364e35_6.2.9200.16430_cs-cz_76007ff706f38816\System.RunTime.Serialization.resources.dll
[2013/11/23 12:58:29 | 000,002,754 | ---- | M] () -- \Windows\WinSxS\wow64_netfx4clientcorecomp.resources_31bf3856ad364e35_6.2.9200.20531_cs-cz_768b1d0c20104137\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2013/11/23 12:58:23 | 000,002,384 | ---- | M] () -- \Windows\WinSxS\wow64_netfx4clientcorecomp.resources_31bf3856ad364e35_6.2.9200.20531_cs-cz_768b1d0c20104137\System.RunTime.Serialization.resources.dll
[2013/11/23 16:18:53 | 000,000,181 | ---- | M] () -- \Windows\WinSxS\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.2.9200.16384_cs-cz_bcd776d47cbcd7df\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2013/05/25 04:33:00 | 000,011,776 | ---- | M] () -- \Windows\WinSxS\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.2.9200.16430_cs-cz_bd09872e7c97e3f5\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2013/11/23 16:19:00 | 000,000,181 | ---- | M] () -- \Windows\WinSxS\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.2.9200.20531_cs-cz_bd94244395b49d16\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2013/05/25 04:32:50 | 000,005,120 | ---- | M] () -- \Windows\WinSxS\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.2.9200.16384_cs-cz_4b15ed72b511893d\serialui.dll.mui
[2012/07/26 05:19:54 | 000,015,360 | ---- | M] () -- \Windows\WinSxS\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.2.9200.16384_none_f1acad6ef011817a\serialui.dll
[2012/07/26 12:07:00 | 000,970,752 | ---- | M] () -- \Windows\WinSxS\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.2.9200.16384_none_12413c46d08ceb3b\System.Runtime.Serialization.dll
[2012/10/10 03:35:25 | 000,970,752 | ---- | M] () -- \Windows\WinSxS\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.2.9200.16432_none_123c6840d0913997\System.Runtime.Serialization.dll
[2012/10/10 03:36:07 | 000,970,752 | ---- | M] () -- \Windows\WinSxS\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.2.9200.20533_none_fb6eaab8ea38b33e\System.Runtime.Serialization.dll

< *w7lxe* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >

cinci
Návštěvník
Návštěvník
Příspěvky: 48
Registrován: 17 říj 2006 16:50

Re: Preventivní kontrola

#13 Příspěvek od cinci »

OTL Extras logfile created on: 6. 8. 2014 18:50:47 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\OEM\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17028)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d. M. yyyy

7,85 Gb Total Physical Memory | 5,29 Gb Available Physical Memory | 67,32% Memory free
9,04 Gb Paging File | 6,18 Gb Available in Paging File | 68,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683,39 Gb Total Space | 475,02 Gb Free Space | 69,51% Space Free | Partition Type: NTFS
Drive D: | 13,76 Gb Total Space | 1,36 Gb Free Space | 9,90% Space Free | Partition Type: NTFS

Computer Name: NB_KMI | User Name: OEM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-728494050-748853550-4280414578-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{FC8BB0D9-2F45-4237-9454-5CD5E96A13F5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AF75E3B-602B-44F6-855B-0FFB642B4465}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{11CF7844-77B4-4D43-9F0E-FD2587EDCAB5}" = protocol=6 | dir=in | app=c:\users\oem\appdata\roaming\dropbox\bin\dropbox.exe |
"{19611634-A8C9-4063-A5A1-44CC09BD35CA}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{1C0C97AF-2F81-46AD-8468-FE5E0413BE76}" = dir=out | name=hp registration |
"{1CD4AAA5-9E9D-45C2-A4AA-4ECA6CDBA424}" = dir=out | name=skitch touch |
"{22973357-F29B-4B3D-A483-C5F7CE68CD7D}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{22F85022-D417-43E8-91DF-BB348152D6A6}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{252F19DB-860A-44D3-9336-2AC35098FD3A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{37CB42E7-012B-42C1-8FBE-B054A494FAF5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3944514A-08DD-4D35-8F55-ACAEEA202FD1}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12.exe |
"{3B4AB77D-7EA6-47E4-BD3B-55DE29307B91}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{46C06320-A4CB-41AC-AD06-B9674D5BB28C}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{4B7DB4E0-86DE-4ACD-8E2B-919B7AF19458}" = dir=out | name=windows_ie_ac_001 |
"{4C66CE97-8EFE-49A8-B0EC-1E315FEA4B11}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{504553A1-B3F6-4ADC-9CAF-7C74EA7F5781}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{523F8514-83A5-4A17-97D8-FD70A0431E34}" = protocol=17 | dir=in | app=c:\program files (x86)\ralink corporation\ralink bluetooth stack\bluesoleilcs.exe |
"{568952AA-0C62-4B69-B0D6-4A336945A7C1}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{57CCA5F0-A2C6-4B4A-838C-D5C554720FC8}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{5B5C5A02-6020-45F8-BF40-B4A390E64B4E}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{5C200B8C-A49A-461A-BB06-F927F9664939}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{5E133A58-0373-4A40-9CD7-72655C4963FF}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12ml.exe |
"{5F512469-1B0A-4955-BD6E-87C28F45AD57}" = dir=out | name=evernote |
"{64315C5E-EC07-4BF2-9A33-33A871874A8C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{64C37C33-6537-480B-8D15-C9DE093B8D02}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{6931AD70-3CA3-4456-8252-9C5E3B846260}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7162377D-70B5-4469-BFEC-CDEBD2690063}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{726A956A-2C66-4DBE-BB7D-14E2996ABB99}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{76E17E62-F272-4C7C-81E5-3D214472B990}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{7CA39149-80BD-4DFD-9684-DFA6A299D6F7}" = dir=out | name=getting started with windows 8 |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{8BC1FECF-8F64-48B0-994D-72A46B0AC051}" = protocol=17 | dir=in | app=c:\users\oem\appdata\roaming\dropbox\bin\dropbox.exe |
"{9313FE53-A1D7-475F-AB97-9B6ED66023A9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd.exe |
"{9AF067EF-93FF-488B-8672-2680533CE7A7}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{9B18A492-F3CA-4523-9A72-C44A44F93DB9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9BA70130-77CB-4C9F-AD2D-4444306EF03C}" = protocol=6 | dir=in | app=c:\program files (x86)\ralink corporation\ralink bluetooth stack\bluesoleilcs.exe |
"{A12D0E4F-A675-48F2-BA70-5458BFAC149E}" = dir=out | name=youcam for hp |
"{A2FF72C5-DD1E-49E8-90FA-17854995F07F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe |
"{A330B99A-E1EF-4B5F-A530-A303FADB2A06}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{A6F589DD-E1BC-4B97-8B5B-4492605A1F8E}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{A7F7CA81-9B61-48D9-8F9A-70606372AE14}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{B39541ED-B828-4E14-B71F-E82F7CCFDCFE}" = dir=out | name=@{microsoft.skypeapp_1.2.0.129_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{B64586CB-042D-438F-8571-B71844827C00}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{B999CE6E-81BA-4769-8515-70D9B865D036}" = dir=in | name=evernote |
"{BA4726D8-81E6-4391-AACB-2606CB0F12D1}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{BB336135-D3F6-47B7-9276-001E28C3B841}" = dir=in | name=@{microsoft.skypeapp_1.2.0.129_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{BD2C3177-4E8F-4C13-B59C-34616F00C623}" = dir=out | name=media suite for hp |
"{C64DF2C0-F84E-4BD2-AF37-1DED2B9207E8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{E2B64D63-5B3A-4C46-A73D-09D318F3CFEB}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08F2F75D-7E7D-10C2-3ED9-E711554514E0}" = AMD Accelerated Video Transcoding
"{19484EF1-E27A-43D1-9EEB-685D41888AC8}" = HP Drive Encryption
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{274A948D-DD41-4B8F-B66F-0F4AD233200F}" = HP Device Access Manager
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3B46DFDA-6155-423B-BCBB-F1C267E4ADD9}" = HP Client Security Manager
"{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
"{5B136AD7-384E-C2CC-6D1A-70B0C6216C25}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7AB8C73F-03FE-48AE-990C-CCB8D6C4FAB8}" = Intel® Trusted Connect Service Client
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2010
"{9041BE08-21DA-4916-EC0B-9375C5B624D9}" = Ralink Bluetooth Stack64
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BF8CC8E1-3D54-4A54-B985-5190F18AFDBB}" = Classic Shell
"{D1E8F2D7-7794-4245-B286-87ED86C1893C}" = HP Registration Service
"{E9F0BCD8-6BD5-1ED7-EDA3-9FCF2A478AA1}" = Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64)
"{F7659F11-DA7B-BC99-AFD1-352E6E8B570E}" = ccc-utility64
"CCleaner" = CCleaner
"GPL Ghostscript 9.06" = GPL Ghostscript
"GSview 5.0" = GSview 5.0
"HPDriveEncryption" = HP Drive Encryption
"HPProtectTools" = HP Client Security Manager
"Maple 18" = Maple 18
"MiKTeX 2.9" = MiKTeX 2.9
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)
"WinEdt 7" = WinEdt 7
"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{053DD6FD-EA66-40D9-9470-19B365B80F81}" = CCC Help Dutch
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{10F5A72A-1E07-4FAE-A7E7-14B10CC66B17}" = HP Theft Recovery
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727:\Program Files\AVAST Software\Avast\libcef.dll
"{1CC9FBAC-C4A4-38D6-024C-18E9B0D13188}" = CCC Help Hungarian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 55
"{296F7F3B-C75A-45e9-AD22-CC19DF86E9D3}" = CyberLink Webcam Sharing Manager 4
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2B76D469-7656-3A00-8A18-9B5255702C91}" = CCC Help Swedish
"{2C4AA26F-3487-0610-A99B-B2CD7F8E4619}" = CCC Help Norwegian
"{337EDB0F-8505-4D14-9948-3A8A3D52CFCB}" = ZoneAlarm Security
"{357FE1E9-5890-4697-95DD-B15E01B4AA2A}" = HP System Default Settings
"{39337565-330E-4ab6-A9AE-AC81E0720B10}" = Cyberlink PhotoDirector
"{3D305D7A-CD45-4876-94E6-F24FEB1690A3}" = ZoneAlarm Firewall
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F728815-C7E8-40EA-8D1A-F7B8E2382325}" = HP SoftPaq Download Manager
"{414B7A38-3B6D-5481-360D-2A4F971C705B}" = PX Profile Update
"{4188F1BB-3F7A-B400-D263-86DB60D68B47}" = CCC Help Chinese Traditional
"{45E9C62D-DE69-7DD8-6D07-359817FA6B5B}" = CCC Help Czech
"{482FF7A0-EA03-487A-9112-862D3341B76C}" = HP ESU for Microsoft Windows 8
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B64F06D-A0AA-BFA8-14AF-2C029BB4353A}" = Catalyst Control Center Profiles Mobile
"{539D6BC4-F6E0-FFD0-A9DF-C6A62302E6B2}" = CCC Help Greek
"{574F0207-8E98-46CD-8F79-318348C98C46}" = HP Quick Start
"{5947CEB1-C659-39F7-A294-13B4D4803471}" = Catalyst Control Center Localization All
"{5D8EA0A5-6B2C-9E4E-3E5E-FD1490E36393}" = CCC Help Polish
"{6368E2F9-262A-C2B5-A512-EF82A72610B1}" = CCC Help English
"{63B61532-63AC-6B28-CAC0-CEB226F7A12A}" = CCC Help Italian
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65A02940-C539-C5BD-4664-2BDD8D912666}" = CCC Help Finnish
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}" = HP File Sanitizer
"{6e8f74e0-43bd-4dce-8477-6ff6828acc07}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{70A9824F-6BD9-E358-397D-64E96CA0CB02}" = CCC Help German
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71F6A4A7-BDE0-76F1-EE0E-29BAD34072AD}" = Catalyst Control Center Graphics Previews Common
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{7A03B65B-E38F-E447-43DD-98F2A8469358}" = Catalyst Control Center InstallProxy
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
"{7E2ACD09-E810-F9AE-151F-7EAB5C6584FC}" = CCC Help Korean
"{82507BAC-535A-90BF-3EFD-268B4EA38F4A}" = CCC Help Danish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT3290 802.11bgn Wi-Fi Adapter
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2010
"{90140000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2010
"{90140000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2010
"{90140000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2010
"{90140000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2010
"{90140000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2010
"{90140000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2010
"{90140000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2010
"{90140000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2010
"{90140000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2010
"{90140000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2010
"{90140000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2010
"{941DE69D-6CEE-4171-8F1F-3D7E352AA498}" = HP Wireless Button Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A15C2201-F69C-4DB0-AEBF-454B13B468BD}" = HP Wireless Hotspot
"{A23AADDA-3DBF-11E2-A6F2-984BE15F174E}" = Evernote v. 4.6
"{A524C9AA-5C12-C1F1-8BE2-51F771A0EA7A}" = CCC Help French
"{AC76BA86-7AD7-1029-7B44-AB0000000001}" = Adobe Reader XI (11.0.07) - Czech
"{AE2F1669-5B1F-47C5-B639-78D74DD0BCE4}" = HP 3D DriveGuard
"{AF2FBFD5-9565-4B2E-BB48-7477BFE4F7E4}" = Catalyst Control Center - Branding
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{B2B7B1C8-7C8B-476C-BE2C-049731C55992}" = HP Support Information
"{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"{B4920684-DA39-E24E-5A61-29B54DCB24E0}" = CCC Help Thai
"{B60870A0-EBF7-52AF-7B4B-481800DB77C8}" = CCC Help Portuguese
"{BAC30318-2995-A606-22E8-F4DA3BAEF214}" = CCC Help Russian
"{BCDA54F6-C4B6-4519-A09E-FA064A6B4098}" = Realtek PCIE Card Reader
"{C646D477-DEE5-0F99-D17F-8BE84E085705}" = CCC Help Spanish
"{C97CC14E-4789-4FC5-BC75-79191F7CE009}" = HP Hotkey Support
"{CF0142BC-BFEC-C100-6DC0-ABFEA3839185}" = CCC Help Turkish
"{D1E7D876-6B86-4B35-A93D-15B0D6C43EAF}" = HP Software Setup
"{D5BDE197-71DF-6E0C-D4B4-D7BF123A9583}" = Catalyst Control Center
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{E89F5A66-4F2F-FE9E-764A-E64AECF0AFFA}" = CCC Help Chinese Standard
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F3F74675-3700-4C55-A9AC-924D4E36DC40}" = HP Documentation
"{F8858B58-B0EA-822D-12F1-AB6B94C6BCD0}" = CCC Help Japanese
"{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}" = Energy Star
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Adobe Photoshop 7.0 CE" = Adobe Photoshop 7.0 CE
"avast" = avast! Pro Antivirus
"GeoGebra 4.2" = GeoGebra 4.2
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{10F5A72A-1E07-4FAE-A7E7-14B10CC66B17}" = HP Theft Recovery
"InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"InstallShield_{296F7F3B-C75A-45e9-AD22-CC19DF86E9D3}" = CyberLink Webcam Sharing Manager 4
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}" = Cyberlink PhotoDirector
"InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"IrfanView" = IrfanView (remove only)
"Mozilla Firefox 31.0 (x86 cs)" = Mozilla Firefox 31.0 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PDF Complete" = PDF Complete Corporate Edition
"SpywareBlaster_is1" = SpywareBlaster 5.0
"Sunplus SPUVCb" = HP HD Webcam Driver
"VLC media player" = VLC media player 2.0.8
"WebMon_is1" = WebMon
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall
"ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-728494050-748853550-4280414578-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 21. 7. 2014 14:05:09 | Computer Name = NB_KMI | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 21. 7. 2014 14:05:09 | Computer Name = NB_KMI | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 222297

Error - 21. 7. 2014 14:05:09 | Computer Name = NB_KMI | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 222297

Error - 21. 7. 2014 14:11:08 | Computer Name = NB_KMI | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 21. 7. 2014 14:11:08 | Computer Name = NB_KMI | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1078

Error - 21. 7. 2014 14:11:08 | Computer Name = NB_KMI | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1078

Error - 21. 7. 2014 14:14:43 | Computer Name = NB_KMI | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 21. 7. 2014 14:14:43 | Computer Name = NB_KMI | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 216093

Error - 21. 7. 2014 14:14:43 | Computer Name = NB_KMI | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 216093

Error - 21. 7. 2014 15:41:05 | Computer Name = NB_KMI | Source = Application Error | ID = 1000
Description = Název chybující aplikace: atieclxx.exe, verze: 6.14.11.1143, časové
razítko: 0x512bf39a Název chybujícího modulu: atieclxx.exe, verze: 6.14.11.1143,
časové razítko: 0x512bf39a Kód výjimky: 0xc0000005 Posun chyby: 0x000000000002e629
ID
chybujícího procesu: 0x358 Čas spuštění chybující aplikace: 0x01cfa51bb596cdbb Cesta
k chybující aplikaci: C:\windows\system32\atieclxx.exe Cesta k chybujícímu modulu:
C:\windows\system32\atieclxx.exe ID zprávy: f38fa6a7-110e-11e4-bea3-1c3e84a772c0
Úplný
název chybujícího balíčku: ID aplikace související s chybujícím balíčkem:

[ Hewlett-Packard Events ]
Error - 22. 1. 2014 14:16:49 | Computer Name = NB_KMI | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 v HP.ActiveCheckLocalMode.ServiceFacade.HPAsset.HPAssetRelease()

v HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.GetTelemetry(String
ini, String xmlout) v HP.SupportFramework.Service.ACLM.AssetAgent.ExecuteAssetAgent(Boolean
isFirst) Message: HPAsset fails to release. StackTrace: v HP.ActiveCheckLocalMode.ServiceFacade.HPAsset.HPAssetRelease()

v HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.GetTelemetry(String
ini, String xmlout) v HP.SupportFramework.Service.ACLM.AssetAgent.ExecuteAssetAgent(Boolean
isFirst) Source: HP.ActiveCheckLocalMode.ServiceFacade InnerException.Message: Odkaz
na objekt není nastaven na instanci objektu. Name: hpsa_service.exe Version: 07.00.00.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format:
cs-CZ RAM: 8042 Ram Utilization: 20 TargetSite: Void HPAssetRelease()

Error - 7. 3. 2014 16:54:30 | Computer Name = NB_KMI | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 v HP.ActiveCheckLocalMode.ServiceFacade.HPAsset.HPAssetRelease()

v HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.GetTelemetry(String
ini, String xmlout) v HP.SupportFramework.Service.ACLM.AssetAgent.ExecuteAssetAgent(Boolean
isFirst) Message: HPAsset fails to release. StackTrace: v HP.ActiveCheckLocalMode.ServiceFacade.HPAsset.HPAssetRelease()

v HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.GetTelemetry(String
ini, String xmlout) v HP.SupportFramework.Service.ACLM.AssetAgent.ExecuteAssetAgent(Boolean
isFirst) Source: HP.ActiveCheckLocalMode.ServiceFacade InnerException.Message: Odkaz
na objekt není nastaven na instanci objektu. Name: hpsa_service.exe Version: 07.00.00.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format:
cs-CZ RAM: 8042 Ram Utilization: 20 TargetSite: Void HPAssetRelease()

[ HP Software Framework Events ]
Error - 5. 4. 2014 14:55:05 | Computer Name = NB_KMI | Source = CaslSmBios | ID = 5
Description = 2014. 04. 05 20:55:05.219|00004AD8|Error |[CaslWmi]CommandSmartAdapter::GetSmartAdapterStatusFromBIOS{hpCasl.enReturnCode(bool&,int&)}|Error
597 from BIOS WMI call Read/0Fh while getting SmartAdapter state

Error - 6. 4. 2014 9:33:38 | Computer Name = NB_KMI | Source = CaslSmBios | ID = 5
Description = 2014. 04. 06 15:33:38.145|00005F7C|Error |[CaslWmi]CommandSmartAdapter::GetSmartAdapterStatusFromBIOS{hpCasl.enReturnCode(bool&,int&)}|Error
597 from BIOS WMI call Read/0Fh while getting SmartAdapter state

Error - 6. 4. 2014 9:34:27 | Computer Name = NB_KMI | Source = CaslSmBios | ID = 5
Description = 2014. 04. 06 15:34:27.811|00005F7C|Error |[CaslWmi]CommandSmartAdapter::GetSmartAdapterStatusFromBIOS{hpCasl.enReturnCode(bool&,int&)}|Error
597 from BIOS WMI call Read/0Fh while getting SmartAdapter state

Error - 6. 4. 2014 12:33:37 | Computer Name = NB_KMI | Source = CaslSmBios | ID = 5
Description = 2014. 04. 06 18:33:37.124|00005F7C|Error |[CaslWmi]CommandSmartAdapter::GetSmartAdapterStatusFromBIOS{hpCasl.enReturnCode(bool&,int&)}|Error
597 from BIOS WMI call Read/0Fh while getting SmartAdapter state

Error - 6. 4. 2014 14:42:58 | Computer Name = NB_KMI | Source = CaslSmBios | ID = 5
Description = 2014. 04. 06 20:42:58.242|00004C3C|Error |[CaslWmi]CommandSmartAdapter::GetSmartAdapterStatusFromBIOS{hpCasl.enReturnCode(bool&,int&)}|Error
597 from BIOS WMI call Read/0Fh while getting SmartAdapter state

Error - 7. 4. 2014 10:55:16 | Computer Name = NB_KMI | Source = CaslSmBios | ID = 5
Description = 2014. 04. 07 16:55:16.220|00006DDC|Error |[CaslWmi]CommandSmartAdapter::GetSmartAdapterStatusFromBIOS{hpCasl.enReturnCode(bool&,int&)}|Error
597 from BIOS WMI call Read/0Fh while getting SmartAdapter state

Error - 7. 4. 2014 14:31:35 | Computer Name = NB_KMI | Source = CaslSmBios | ID = 5
Description = 2014. 04. 07 20:31:35.334|00007A0C|Error |[CaslWmi]CommandSmartAdapter::GetSmartAdapterStatusFromBIOS{hpCasl.enReturnCode(bool&,int&)}|Error
597 from BIOS WMI call Read/0Fh while getting SmartAdapter state

Error - 8. 4. 2014 2:57:30 | Computer Name = NB_KMI | Source = CaslSmBios | ID = 5
Description = 2014. 04. 08 08:57:30.225|00007C8C|Error |[CaslWmi]CommandSmartAdapter::GetSmartAdapterStatusFromBIOS{hpCasl.enReturnCode(bool&,int&)}|Error
597 from BIOS WMI call Read/0Fh while getting SmartAdapter state

Error - 8. 4. 2014 10:30:16 | Computer Name = NB_KMI | Source = CaslSmBios | ID = 5
Description = 2014. 04. 08 16:30:16.877|00007FAC|Error |[CaslWmi]CommandSmartAdapter::GetSmartAdapterStatusFromBIOS{hpCasl.enReturnCode(bool&,int&)}|Error
597 from BIOS WMI call Read/0Fh while getting SmartAdapter state

Error - 8. 4. 2014 14:44:54 | Computer Name = NB_KMI | Source = CaslSmBios | ID = 5
Description = 2014. 04. 08 20:44:54.316|00008C2C|Error |[CaslWmi]CommandSmartAdapter::GetSmartAdapterStatusFromBIOS{hpCasl.enReturnCode(bool&,int&)}|Error
597 from BIOS WMI call Read/0Fh while getting SmartAdapter state

[ System Events ]
Error - 7. 7. 2014 6:46:34 | Computer Name = NB_KMI | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =

Error - 7. 7. 2014 7:05:15 | Computer Name = NB_KMI | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =

Error - 8. 7. 2014 3:44:54 | Computer Name = NB_KMI | Source = Service Control Manager | ID = 7000
Description = Služba avast! HardwareID neuspěla při spuštění v důsledku následující
chyby: %%127

Error - 8. 7. 2014 4:45:34 | Computer Name = NB_KMI | Source = Service Control Manager | ID = 7000
Description = Služba avast! HardwareID neuspěla při spuštění v důsledku následující
chyby: %%127

Error - 8. 7. 2014 5:07:00 | Computer Name = NB_KMI | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =

Error - 8. 7. 2014 7:33:26 | Computer Name = NB_KMI | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =

Error - 8. 7. 2014 11:09:10 | Computer Name = NB_KMI | Source = Service Control Manager | ID = 7000
Description = Služba avast! HardwareID neuspěla při spuštění v důsledku následující
chyby: %%127

Error - 14. 7. 2014 10:43:51 | Computer Name = NB_KMI | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =

Error - 17. 7. 2014 10:30:04 | Computer Name = NB_KMI | Source = Service Control Manager | ID = 7000
Description = Služba avast! HardwareID neuspěla při spuštění v důsledku následující
chyby: %%127

Error - 17. 7. 2014 10:37:44 | Computer Name = NB_KMI | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =


< End of report >

Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Preventivní kontrola

#14 Příspěvek od Márty84 »

:arrow: Napiste mi velikost adresare plochy (C:\Users\OEM\Desktop)




:!: Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne
:arrow: Znovu spustte OTL jako spravce
Do spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[Purity]
[CreateRestorePoint]

:services
MBAMSwissArmy
AdobeARMservice
SkypeUpdate
AdobeFlashPlayerUpdateSvc

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\windows\tasks\Adobe Flash Player Updater.job

:otl
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-728494050-748853550-4280414578-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
IE - HKU\S-1-5-21-728494050-748853550-4280414578-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CMNTDFJS
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2014/08/03 11:32:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[5 C:\Users\OEM\*.tmp files -> C:\Users\OEM\*.tmp -> ]
[2 C:\windows\Inf\Intel Storage Counters\*.tmp files -> C:\windows\Inf\Intel Storage Counters\*.tmp -> ]
[1 C:\windows\Inf\Intel Storage Counters\0000\*.tmp files -> C:\windows\Inf\Intel Storage Counters\0000\*.tmp -> ]
[1 C:\windows\Inf\Intel Storage Counters\0005\*.tmp files -> C:\windows\Inf\Intel Storage Counters\0005\*.tmp -> ]
[1 C:\windows\Inf\Intel Storage Counters\0009\*.tmp files -> C:\windows\Inf\Intel Storage Counters\0009\*.tmp -> ]
[2 C:\windows\Panther\*.tmp files -> C:\windows\Panther\*.tmp -> ]
[29 C:\windows\Temp\*.tmp files -> C:\windows\Temp\*.tmp -> ]
[1 C:\windows\Temp\_avast_\*.tmp files -> C:\windows\Temp\_avast_\*.tmp -> ]
[1 C:\windows\WinSxS\*.tmp files -> C:\windows\WinSxS\*.tmp -> ]
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}"=-
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"=-
""=-
"BCSSync"=-
"Adobe ARM"=-
"SunJavaUpdateSched"=-
Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).

cinci
Návštěvník
Návštěvník
Příspěvky: 48
Registrován: 17 říj 2006 16:50

Re: Preventivní kontrola

#15 Příspěvek od cinci »

C:\Users\OEM\Plocha - 49,6 GB

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: OEM
->Temp folder emptied: 515180428 bytes
->Temporary Internet Files folder emptied: 241014326 bytes
->Java cache emptied: 323665 bytes
->FireFox cache emptied: 369217450 bytes
->Flash cache emptied: 54723 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 174687423 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 28571022325 bytes

Total Files Cleaned = 28 488,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: OEM
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point
========== SERVICES/DRIVERS ==========
Service MBAMSwissArmy stopped successfully!
Service MBAMSwissArmy deleted successfully!
Service AdobeARMservice stopped successfully!
Service AdobeARMservice deleted successfully!
Service SkypeUpdate stopped successfully!
Service SkypeUpdate deleted successfully!
Service AdobeFlashPlayerUpdateSvc stopped successfully!
Service AdobeFlashPlayerUpdateSvc deleted successfully!
========== FILES ==========
File/Folder C:\windows\system32\*.tmp.dll not found.
File/Folder C:\windows\system32\SET*.tmp not found.
File/Folder C:\windows\*.tmp not found.
C:\windows\tasks\Adobe Flash Player Updater.job moved successfully.
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-728494050-748853550-4280414578-1002\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-728494050-748853550-4280414578-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine folder moved successfully.
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs folder moved successfully.
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration folder moved successfully.
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware folder moved successfully.
C:\ProgramData\Malwarebytes folder moved successfully.
C:\Users\OEM\ia_remove.sh6794.tmp deleted successfully.
C:\Users\OEM\ia_remove.sh7855.tmp deleted successfully.
C:\Users\OEM\ia_remove.sh8405.tmp deleted successfully.
C:\Users\OEM\ia_remove.sh8727.tmp deleted successfully.
C:\Users\OEM\ia_remove.sh9654.tmp deleted successfully.
C:\windows\Inf\Intel Storage Counters\tmpB9DB.tmp deleted successfully.
C:\windows\Inf\Intel Storage Counters\tmpB9DC.tmp deleted successfully.
C:\windows\Inf\Intel Storage Counters\0000\tmpB9DB.tmp deleted successfully.
C:\windows\Inf\Intel Storage Counters\0005\tmpB9DB.tmp deleted successfully.
C:\windows\Inf\Intel Storage Counters\0009\tmpB9DB.tmp deleted successfully.
C:\windows\Panther\_s_B98C.tmp deleted successfully.
C:\windows\Panther\_s_BC0F.tmp deleted successfully.
File delete failed. C:\windows\Temp\ZLT0147a.TMP scheduled to be deleted on reboot.
C:\windows\WinSxS\Reserve.tmp deleted successfully.
ADS C:\ProgramData\Temp:5C321E34 deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\PDF Complete deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\BCSSync deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 08072014_120044

Files\Folders moved on Reboot...
C:\Users\OEM\AppData\Local\Temp\~DF363046476150B144.TMP moved successfully.
C:\Users\OEM\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File\Folder C:\windows\temp\ZLT0147a.TMP not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Zamčeno