VIRY.CZ

Dobrý den, poté, co mi přišla do mailu "zpráva" s exekučním příkazem a po jejím vymazání se mi zablokoval antivirus od Avastu a notebook se začal zasekávat tak, že s ním nešlo vůbec pracovat. Avasta jsem nakonec odinstaloval, protože byl stejně nefunkční. Ale i teď ntb zasekává.

Prosím tedy o radu, co s tím, přikládám log z RSIT

pLogfile of random's system information tool 1.10 (written by random/random)
Run by Administrator at 2014-09-06 08:43:32
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 38 GB (18%) free of 212 GB
Total RAM: 4061 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:43:36, on 6.9.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17239)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.caminova.net/en/downloads/ge ... px?lang=en
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced Monitoring Agent - Remote Monitoring - C:\Program Files (x86)\Advanced Monitoring Agent\winagent.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: GFI LanGuard 11 Attendant Service (gfi_lanss11_attservice) - GFI Software Development Ltd. - C:\PROGRA~2\ADVANC~1\patchman\lnssatt.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit (mi-raysat_3dsmax2013_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe
O23 - Service: Autodesk Moldflow Inventor Tool Suite Integration 2013 Job Manager (mitsijm2013) - - C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Služba Windows Media Player Network Sharing (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7820 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Advanced Monitoring Agent\winagent.exe"
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
"C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
"C:\PROGRA~2\ADVANC~1\patchman\lnssatt.exe" -service
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"
"C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe"
"C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k HPZ12
"C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe"
"C:\Program Files (x86)\Skype\Updater\Updater.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-cd550aa6-f440-4e2c-b2b5-3a56ecda28ff -SystemEventPortName:HostProcess-54a13d72-0221-4a27-b6fc-a3b5665367bc -IoCancelEventPortName:HostProcess-8cc17f47-2892-446c-b5ea-bb13578b0582 -NonStateChangingEventPortName:HostProcess-25d5315a-df13-42b3-8993-7f4e93382543 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:da6ac7ee-9e60-4d7b-a135-5b6011876486 -DeviceGroupId:WpdFsGroup
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe"
"C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version9\TeamViewer9_Logfile.log
"C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version9\TeamViewer9_Logfile.log
"F:\Kontrola PC\Kontrola\RSIT\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\User_Feed_Synchronization-{CEF0DA54-F480-44F7-AC28-97AE05C000A4}.job - C:\Windows\system32\msfeedssync.exe sync

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealNetworks Download and Record Plugin for Internet Explorer - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-06-10 590408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08 343424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-30 499608]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-06-26 1812776]
"Fences"=C:\Program Files (x86)\Stardock\Fences\Fences.exe [2012-10-29 4017368]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2010-01-21 487424]
"Autodesk Sync"=C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [2012-07-25 418280]
"CDAServer"=C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [2012-02-20 456704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2014-05-08 840568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [2014-05-08 41336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files (x86)\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central]
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [2009-06-25 409744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
C:\Program Files (x86)\Nokia\Ovi Player\NokiaOviPlayer.exe /command:faststart []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 15.0]
C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSU_agent]
C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe [2012-02-28 190768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nástroj WD Drive Unlocker]
C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2009-06-25 140520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files (x86)\QuickTime\qttask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Mobile Communication Centre]
C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\Manager.exe -autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe -osboot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Drive Unlocker]
C:\Program Files (x86)\Western Digital\WD Apps\WDDriveAutoUnlock.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
C:\PROGRA~2\Nikon\PICTUR~1\NKBMON~1.EXE [2005-01-24 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^benes^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll [2012-10-29 551640]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Windows\SysWOW64\msiexec.exe"="C:\Windows\SysWOW64\msiexec.exe:*:Generic Host Process"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2014-09-06 08:43:32 ----D---- C:\rsit
2014-09-06 08:43:32 ----D---- C:\Program Files\trend micro
2014-09-06 08:13:07 ----A---- C:\Windows\system32\FNTCACHE.DAT
2014-09-06 07:48:28 ----D---- C:\Users\Administrator\AppData\Roaming\Xerox
2014-09-05 23:36:48 ----D---- C:\Windows\ERUNT
2014-09-05 23:03:18 ----D---- C:\AdwCleaner
2014-09-05 21:26:05 ----D---- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-04 22:14:47 ----A---- C:\ComboFix.txt
2014-09-04 22:05:03 ----SHD---- C:\$RECYCLE.BIN
2014-09-04 19:59:00 ----D---- C:\Windows\Patches
2014-09-04 15:11:06 ----D---- C:\Windows\SYSWOW64\System32
2014-09-04 15:11:06 ----D---- C:\ProgramData\GFI
2014-09-04 15:04:10 ----D---- C:\Program Files (x86)\TeamViewer
2014-09-04 15:02:48 ----D---- C:\Program Files (x86)\Advanced Monitoring Agent
2014-09-04 13:17:56 ----D---- C:\Windows\temp
2014-09-04 12:41:14 ----D---- C:\Users\Administrator\AppData\Roaming\Mozilla
2014-09-04 12:32:16 ----D---- C:\Users\Administrator\AppData\Roaming\Autodesk
2014-09-04 10:31:53 ----A---- C:\Windows\system32\drivers\mwac.sys
2014-09-04 10:31:53 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2014-09-04 10:31:53 ----A---- C:\Windows\system32\drivers\mbam.sys
2014-09-04 10:12:08 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2014-09-04 10:12:08 ----A---- C:\Windows\system32\win32k.sys
2014-09-04 10:12:08 ----A---- C:\Windows\system32\gdi32.dll
2014-09-04 10:11:52 ----D---- C:\Users\Administrator\AppData\Roaming\deb27c1a-00e6-4263-94b2-8b78ea4d32ae
2014-09-04 10:08:08 ----D---- C:\ProgramData\Downloaded Installations
2014-09-04 09:54:04 ----SD---- C:\Windows\SYSWOW64\Microsoft
2014-08-27 15:08:55 ----D---- C:\Users\Administrator\AppData\Roaming\Malwarebytes
2014-08-27 14:34:54 ----D---- C:\Users\Administrator\AppData\Roaming\Samsung
2014-08-19 11:01:11 ----A---- C:\Windows\SYSWOW64\msi.dll
2014-08-19 11:01:10 ----A---- C:\Windows\SYSWOW64\msihnd.dll
2014-08-19 11:01:10 ----A---- C:\Windows\SYSWOW64\authui.dll
2014-08-19 11:01:09 ----A---- C:\Windows\system32\msihnd.dll
2014-08-19 11:01:09 ----A---- C:\Windows\system32\msi.dll
2014-08-19 11:01:09 ----A---- C:\Windows\system32\consent.exe
2014-08-19 11:01:09 ----A---- C:\Windows\system32\authui.dll
2014-08-19 10:44:34 ----A---- C:\Windows\system32\wups2.dll
2014-08-19 10:44:34 ----A---- C:\Windows\system32\wucltux.dll
2014-08-19 10:44:34 ----A---- C:\Windows\system32\wuaueng.dll
2014-08-19 10:44:34 ----A---- C:\Windows\system32\wuauclt.exe
2014-08-19 10:43:57 ----A---- C:\Windows\SYSWOW64\wups.dll
2014-08-19 10:43:57 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2014-08-19 10:43:57 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2014-08-19 10:43:57 ----A---- C:\Windows\system32\wups.dll
2014-08-19 10:43:57 ----A---- C:\Windows\system32\wudriver.dll
2014-08-19 10:43:57 ----A---- C:\Windows\system32\wuapi.dll
2014-08-19 10:43:29 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2014-08-19 10:43:29 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2014-08-19 10:43:29 ----A---- C:\Windows\system32\wuwebv.dll
2014-08-19 10:43:28 ----A---- C:\Windows\system32\wuapp.exe
2014-08-15 08:07:50 ----A---- C:\Windows\SYSWOW64\tzres.dll
2014-08-15 08:07:50 ----A---- C:\Windows\system32\tzres.dll
2014-08-15 08:07:37 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2014-08-15 08:07:32 ----A---- C:\Windows\system32\shell32.dll
2014-08-15 08:07:30 ----A---- C:\Windows\SYSWOW64\shell32.dll
2014-08-15 07:59:33 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-08-15 07:59:33 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-08-15 07:59:32 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-08-15 07:59:32 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-08-15 07:59:32 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-08-15 07:59:32 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-08-15 07:59:32 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-08-15 07:59:31 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-08-15 07:59:31 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-08-15 07:59:31 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-08-15 07:59:31 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 07:59:30 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-08-15 07:59:30 ----A---- C:\Windows\system32\ie4uinit.exe
2014-08-15 07:59:29 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2014-08-15 07:59:29 ----A---- C:\Windows\system32\iernonce.dll
2014-08-15 07:59:28 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-08-15 07:59:28 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-08-15 07:59:28 ----A---- C:\Windows\system32\urlmon.dll
2014-08-15 07:59:28 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-08-15 07:59:27 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-08-15 07:59:27 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-08-15 07:59:27 ----A---- C:\Windows\system32\msfeeds.dll
2014-08-15 07:59:27 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-08-15 07:59:27 ----A---- C:\Windows\system32\dxtmsft.dll
2014-08-15 07:59:26 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-08-15 07:59:25 ----A---- C:\Windows\system32\iesetup.dll
2014-08-15 07:59:25 ----A---- C:\Windows\system32\iedkcs32.dll
2014-08-15 07:59:24 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2014-08-15 07:59:24 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-08-15 07:59:24 ----A---- C:\Windows\system32\iertutil.dll
2014-08-15 07:59:23 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-08-15 07:59:23 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-08-15 07:59:23 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-08-15 07:59:21 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-08-15 07:59:20 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-08-15 07:59:20 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2014-08-15 07:59:20 ----A---- C:\Windows\system32\jsproxy.dll
2014-08-15 07:59:18 ----A---- C:\Windows\system32\ieui.dll
2014-08-15 07:59:18 ----A---- C:\Windows\system32\ieframe.dll
2014-08-15 07:59:18 ----A---- C:\Windows\system32\dxtrans.dll
2014-08-15 07:59:17 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-08-15 07:59:17 ----A---- C:\Windows\system32\mshtmled.dll
2014-08-15 07:59:16 ----A---- C:\Windows\system32\jscript9diag.dll
2014-08-15 07:59:16 ----A---- C:\Windows\system32\jscript9.dll
2014-08-15 07:59:16 ----A---- C:\Windows\system32\ieUnatt.exe
2014-08-15 07:59:15 ----A---- C:\Windows\system32\wininet.dll
2014-08-15 07:59:15 ----A---- C:\Windows\system32\vbscript.dll
2014-08-15 07:59:15 ----A---- C:\Windows\system32\ieapfltr.dll
2014-08-15 07:59:13 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-08-15 07:59:12 ----A---- C:\Windows\system32\msrating.dll
2014-08-15 07:59:10 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-15 07:59:07 ----A---- C:\Windows\system32\mshtml.dll
2014-08-15 07:58:36 ----A---- C:\Windows\system32\rpcrt4.dll
2014-08-15 07:58:35 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2014-08-14 15:18:10 ----A---- C:\Windows\SYSWOW64\infocardapi.dll
2014-08-14 15:18:09 ----A---- C:\Windows\SYSWOW64\icardagt.exe
2014-08-14 15:18:09 ----A---- C:\Windows\system32\infocardapi.dll
2014-08-14 15:18:09 ----A---- C:\Windows\system32\icardagt.exe
2014-08-14 15:18:07 ----A---- C:\Windows\SYSWOW64\icardres.dll
2014-08-14 15:18:07 ----A---- C:\Windows\system32\icardres.dll
2014-08-14 15:17:44 ----A---- C:\Windows\SYSWOW64\TsWpfWrp.exe
2014-08-14 15:17:44 ----A---- C:\Windows\system32\TsWpfWrp.exe

======List of files/folders modified in the last 1 month======

2014-09-06 08:43:32 ----D---- C:\Program Files
2014-09-06 08:43:07 ----D---- C:\Windows\Prefetch
2014-09-06 08:37:42 ----D---- C:\Windows\system32\DriverStore
2014-09-06 08:31:17 ----D---- C:\Windows\system32\config
2014-09-06 08:27:50 ----D---- C:\Windows\Downloaded Program Files
2014-09-06 08:20:36 ----D---- C:\Windows\System32
2014-09-06 08:20:36 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-09-06 08:20:13 ----D---- C:\Windows\system32\drivers
2014-09-06 08:20:10 ----D---- C:\ProgramData\Malwarebytes
2014-09-06 08:15:33 ----D---- C:\Windows\inf
2014-09-06 08:13:31 ----D---- C:\Windows
2014-09-06 08:12:56 ----D---- C:\Program Files\WinRAR
2014-09-06 08:12:56 ----D---- C:\Program Files (x86)\Philips
2014-09-06 08:08:51 ----SD---- C:\Users\Administrator\AppData\Roaming\Microsoft
2014-09-06 07:52:51 ----SHD---- C:\Windows\Installer
2014-09-06 07:52:51 ----D---- C:\Program Files (x86)\Common Files
2014-09-06 07:52:36 ----D---- C:\Program Files (x86)
2014-09-06 07:52:15 ----D---- C:\Windows\SysWOW64
2014-09-06 07:51:53 ----SHD---- C:\System Volume Information
2014-09-06 07:51:09 ----D---- C:\Windows\system32\Tasks
2014-09-06 07:49:28 ----D---- C:\Windows\system32\catroot2
2014-09-06 07:45:48 ----D---- C:\Windows\system32\appmgmt
2014-09-06 07:36:48 ----D---- C:\ProgramData
2014-09-06 07:34:30 ----D---- C:\Windows\Microsoft.NET
2014-09-06 07:30:13 ----D---- C:\Program Files (x86)\Windows Live
2014-09-06 07:30:06 ----AD---- C:\Program Files\Common Files\Microsoft Shared
2014-09-06 07:22:31 ----RSD---- C:\Windows\assembly
2014-09-06 07:21:45 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-09-06 07:11:23 ----ASD---- C:\ProgramData\Microsoft
2014-09-06 07:10:15 ----DC---- C:\Windows\system32\DRVSTORE
2014-09-06 00:26:39 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-06 00:11:01 ----D---- C:\Windows\system32\LogFiles
2014-09-06 00:11:00 ----D---- C:\Windows\Minidump
2014-09-05 23:29:28 ----D---- C:\Program Files (x86)\QuickTime
2014-09-05 23:17:20 ----D---- C:\Program Files (x86)\Roxio
2014-09-05 02:49:41 ----D---- C:\Windows\Tasks
2014-09-04 22:14:51 ----D---- C:\Qoobox
2014-09-04 22:04:57 ----A---- C:\Windows\system.ini
2014-09-04 22:04:50 ----D---- C:\Windows\system32\drivers\etc
2014-09-04 22:01:07 ----D---- C:\Windows\erdnt
2014-09-04 21:54:14 ----D---- C:\Windows\SYSWOW64\drivers
2014-09-04 21:54:14 ----D---- C:\Windows\AppPatch
2014-09-04 14:36:03 ----D---- C:\Windows\winsxs
2014-09-04 14:30:11 ----D---- C:\Program Files (x86)\Adobe
2014-09-04 14:27:43 ----D---- C:\Program Files\Autodesk
2014-09-04 14:27:39 ----D---- C:\ProgramData\Autodesk
2014-09-04 14:27:39 ----D---- C:\Program Files\Common Files\Autodesk Shared
2014-09-04 14:16:34 ----RD---- C:\Program Files (x86)\Skype
2014-09-04 12:31:30 ----D---- C:\Program Files (x86)\ArcSoft
2014-09-04 12:29:48 ----D---- C:\ProgramData\Real
2014-09-04 12:29:40 ----D---- C:\Users\Administrator\AppData\Roaming\Real
2014-09-04 12:28:48 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-09-04 11:23:42 ----D---- C:\Windows\ModemLogs
2014-09-04 11:23:41 ----D---- C:\Windows\Logs
2014-09-04 11:23:41 ----D---- C:\Windows\debug
2014-09-04 10:06:37 ----D---- C:\Windows\system32\catroot
2014-09-04 10:03:18 ----D---- C:\ProgramData\Google
2014-09-04 10:03:18 ----D---- C:\Program Files (x86)\Google
2014-09-04 09:57:26 ----D---- C:\ProgramData\AVAST Software
2014-09-04 09:57:23 ----D---- C:\Program Files\AVAST Software
2014-09-04 09:57:15 ----D---- C:\avast! sandbox
2014-08-26 09:26:34 ----D---- C:\ProgramData\Skype
2014-08-22 15:01:21 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-08-21 08:03:45 ----D---- C:\Windows\system32\MRT
2014-08-21 07:52:12 ----A---- C:\Windows\system32\MRT.exe
2014-08-19 12:44:00 ----D---- C:\Windows\rescache
2014-08-19 10:45:23 ----D---- C:\Windows\SYSWOW64\en-US
2014-08-19 10:45:23 ----D---- C:\Windows\SYSWOW64\de-DE
2014-08-19 10:45:23 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-08-19 10:45:23 ----D---- C:\Windows\system32\en-US
2014-08-19 10:45:23 ----D---- C:\Windows\system32\de-DE
2014-08-19 10:45:23 ----D---- C:\Windows\system32\cs-CZ
2014-08-15 10:20:08 ----D---- C:\ProgramData\Microsoft Help
2014-08-15 09:27:53 ----D---- C:\Windows\ehome
2014-08-15 09:27:12 ----D---- C:\Program Files\Internet Explorer
2014-08-15 09:27:07 ----D---- C:\Windows\PolicyDefinitions
2014-08-15 09:27:03 ----D---- C:\Program Files (x86)\Internet Explorer
2014-08-11 15:16:08 ----D---- C:\ProgramData\Oracle

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2010-11-20 59392]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2010-11-20 360832]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-06-27 88632]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmpx64.sys [2009-06-25 67584]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimspx64.sys [2009-06-25 55296]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdpx64.sys [2009-06-25 57856]
R2 RMCAST;@%SystemRoot%\system32\wshrm.dll,-102; C:\Windows\system32\DRIVERS\RMCAST.sys [2010-11-20 146432]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2012-02-15 11576]
R3 AtiHdmiService;ATI Service for HD Audio Codec; C:\Windows\system32\drivers\AtiHdmi.sys [2009-06-04 114192]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-06-25 6036480]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver; C:\Windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2011-07-06 34288]
R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [2009-03-09 60416]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2009-06-23 317480]
R3 NETw5s64;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 64 Bit; C:\Windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
R3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt64.sys [2010-01-21 505856]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-06-26 272432]
R3 vpcbus;Služba hostitelské sběrnice programu Virtual PC; C:\Windows\system32\DRIVERS\vpchbus.sys [2010-11-20 194944]
R3 vpcusb;Služba konektoru virtualizace rozhraní USB; C:\Windows\system32\DRIVERS\vpcusb.sys [2010-11-20 95232]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 adusbnet;Anydata USB-NDIS miniport; C:\Windows\system32\DRIVERS\adusbnet.sys [2010-12-20 154112]
S3 adusbser;Anydata USB Device for Legacy Serial Communication; C:\Windows\system32\DRIVERS\adusbser.sys [2010-12-20 123392]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2009-07-02 98344]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys [2009-07-02 132648]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-07-02 35104]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2009-07-02 21160]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 cpuz136;cpuz136; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys []
S3 FACAP;facap, FastAccess Video Capture; C:\Windows\system32\DRIVERS\facap.sys [2008-09-25 238848]
S3 GenericMount;Generic Mount Driver; C:\Windows\system32\DRIVERS\GenericMount.sys [2010-02-12 66608]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2008-09-26 115328]
S3 ivusb;Initio Driver for USB Default Controller; C:\Windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys []
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2013-01-23 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2013-01-23 27136]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2012-10-17 26112]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 tap0901;avast! SecureLine TAP Adapter; C:\Windows\system32\DRIVERS\tap0901.sys [2013-04-30 40616]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2013-01-23 9216]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 usbser;USB Modem Driver; C:\Windows\system32\DRIVERS\usbser.sys [2013-08-29 33280]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2013-01-23 9216]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys [2011-12-16 14464]
S3 WFMC_VAD;WFMCVAD (WDM); C:\Windows\system32\DRIVERS\wfmcvad.sys [2010-02-08 24064]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Advanced Monitoring Agent;Advanced Monitoring Agent; C:\Program Files (x86)\Advanced Monitoring Agent\winagent.exe [2014-08-05 8336896]
R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-03 89600]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-06-25 203264]
R2 Autodesk Content Service;Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-01-31 19232]
R2 btwdins;Bluetooth Service; c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-07-02 864032]
R2 gfi_lanss11_attservice;GFI LanGuard 11 Attendant Service; C:\PROGRA~2\ADVANC~1\patchman\lnssatt.exe [2012-07-17 118640]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit; C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe [2011-09-15 86016]
R2 mitsijm2013;Autodesk Moldflow Inventor Tool Suite Integration 2013 Job Manager; C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe [2012-01-31 339776]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2014-06-10 39568]
R2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe [2010-01-21 244736]
R2 TeamViewer9;TeamViewer 9; C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-08-06 5050176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-10 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-22 262320]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2014-05-13 1432400]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-10 136176]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2013-02-18 194032]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-07-25 111616]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 RoxMediaDB10;RoxMediaDB10; c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2013-04-18 737616]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-04-19 1255736]
S4 602XML Updater;602Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-18 65432]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 RealPlayerUpdateSvc;RealPlayer Update Service; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [2014-06-10 23552]
S4 Samsung Network Fax Server;Samsung Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [2012-04-26 237056]

-----------------EOF-----------------

Zdravím!
Jak je na tom váš oper. systém s legalitou?

Všechen software je legální - tj OS, Office, Adobe Creative Suite, Autodesk i Corel. Notebook byl pořizován dle individuální konfigurace DELL a v rámci této konfigurace byl zvolen tento OS.

OK. Uděláme následující sken:

Stáhněte a spusťte OTL: http://oldtimer.geekstogo.com/OTL.exe . Spusťte, zaškrněte "Pro všechny uživatele", Kontrola na havěť LOP" a Kontrola na hvěť PURITY" a do dolního bílého okna zkopírujte:

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*loader* /s

a klikněte na >Prohledat<. Po skončení skenu dejte oba logy.

Znovu spustte OTL jako spravce
Do spodniho okna vlozte nasledujici text:

:OTL
PRC - [2014.06.10 17:50:38 | 000,039,568 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=17.0.11: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=17.0.11: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
O2:64bit: - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.caminova.net/en/downloads/ge ... px?lang=en (DjVuCtl Class)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
@Alternate Data Stream - 999 bytes -> C:\ProgramData\Microsoft:kpXCZhwUiAJmmPLoS5PeVEH
@Alternate Data Stream - 1123 bytes -> C:\Program Files\Common Files\Microsoft Shared:D9itsdA74epFesq7M6tYd
@Alternate Data Stream - 1043 bytes -> C:\ProgramData\Microsoft:cR5NJdJihhkIbi84SuOABA7kym5OB6


:files
C:\Program Files (x86)\RealNetworks
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[Purity]
[CreateRestorePoint]

Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

Bohužel se vygeneroval pouze 1 log a musím jej rozdělit na 2

Část 1

OTL logfile created on: 7.9.2014 17:38:52 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop\OTL
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,97 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 46,04% Memory free
7,93 Gb Paging File | 6,16 Gb Available in Paging File | 77,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 206,94 Gb Total Space | 35,06 Gb Free Space | 16,94% Space Free | Partition Type: NTFS
Drive D: | 244,14 Gb Total Space | 12,93 Gb Free Space | 5,30% Space Free | Partition Type: NTFS
Drive F: | 117,81 Gb Total Space | 57,12 Gb Free Space | 48,48% Space Free | Partition Type: NTFS

Computer Name: BENES-NB | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014.09.07 15:29:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL\OTL.exe
PRC - [2014.08.06 11:49:09 | 005,050,176 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2014.08.06 11:49:08 | 011,430,720 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
PRC - [2014.08.06 11:21:00 | 000,229,696 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
PRC - [2014.08.05 16:33:30 | 008,336,896 | ---- | M] (Remote Monitoring) -- C:\Program Files (x86)\Advanced Monitoring Agent\winagent.exe
PRC - [2014.06.23 09:11:01 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
PRC - [2014.06.10 17:50:38 | 000,039,568 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012.07.17 17:24:14 | 000,118,640 | ---- | M] (GFI Software Development Ltd.) -- C:\Program Files (x86)\Advanced Monitoring Agent\patchman\lnssatt.exe
PRC - [2012.01.31 10:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2011.09.15 06:19:54 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2014.07.25 15:00:25 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014.05.13 20:36:21 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2013.05.27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012.04.26 10:10:00 | 000,237,056 | ---- | M] (Samsung Electronics Co., Ltd.) [Disabled | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\NetFaxServer64.exe -- (Samsung Network Fax Server)
SRV:64bit: - [2012.01.31 02:10:36 | 000,339,776 | ---- | M] ( ) [Auto | Running] -- C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe -- (mitsijm2013)
SRV:64bit: - [2011.09.15 06:19:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe -- (mi-raysat_3dsmax2013_64)
SRV:64bit: - [2010.01.21 04:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.07.02 02:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009.06.25 12:48:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.03.03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe -- (AESTFilters)
SRV - [2014.08.22 15:01:22 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.08.06 11:49:09 | 005,050,176 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2014.08.05 16:33:30 | 008,336,896 | ---- | M] (Remote Monitoring) [Auto | Running] -- C:\Program Files (x86)\Advanced Monitoring Agent\winagent.exe -- (Advanced Monitoring Agent)
SRV - [2014.06.10 22:03:38 | 000,023,552 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe -- (RealPlayerUpdateSvc)
SRV - [2014.06.10 17:50:38 | 000,039,568 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2014.03.21 00:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013.12.18 11:42:34 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.10.23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.09.11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013.04.18 11:06:42 | 000,737,616 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.07.17 17:24:14 | 000,118,640 | ---- | M] (GFI Software Development Ltd.) [Auto | Running] -- C:\Program Files (x86)\Advanced Monitoring Agent\patchman\lnssatt.exe -- (gfi_lanss11_attservice)
SRV - [2012.04.26 10:10:00 | 000,237,056 | ---- | M] (Samsung Electronics Co., Ltd.) [Disabled | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe -- (Samsung Network Fax Server)
SRV - [2012.01.31 10:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2011.10.10 13:55:04 | 000,085,344 | ---- | M] (Software602 a.s.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe -- (602XML Updater)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.21 04:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe -- (STacSV)
SRV - [2009.06.26 19:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009.03.03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.10.02 04:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013.08.29 03:29:52 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2013.04.30 10:51:09 | 000,040,616 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2013.01.23 10:31:52 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2013.01.23 10:31:52 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2013.01.23 10:31:52 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2013.01.23 10:31:52 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2012.10.17 14:53:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 15:16:48 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)
DRV:64bit: - [2011.12.16 13:18:56 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2011.07.06 13:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.20 15:04:18 | 000,154,112 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\adusbnet.sys -- (adusbnet)
DRV:64bit: - [2010.12.20 15:03:44 | 000,123,392 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\adusbser.sys -- (adusbser)
DRV:64bit: - [2010.11.20 15:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010.11.20 15:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 13:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 13:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010.11.20 06:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 03:49:52 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2010.11.20 02:37:44 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.07.29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010.07.12 20:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.02.12 07:10:12 | 000,066,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GenericMount.sys -- (GenericMount)
DRV:64bit: - [2010.02.08 05:45:06 | 000,024,064 | ---- | M] (WiFi Media Connect) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wfmcvad.sys -- (WFMC_VAD)
DRV:64bit: - [2010.01.21 04:10:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010.01.13 08:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.02 16:41:04 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.07.02 16:41:04 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.07.02 16:41:04 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009.07.02 16:41:02 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.06.26 06:23:30 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.06.25 13:24:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.06.25 11:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009.06.25 10:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009.06.25 10:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009.06.23 03:51:06 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009.06.15 21:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 23:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.03.09 10:58:00 | 000,060,416 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2008.09.26 19:02:36 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2008.09.25 04:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP)
DRV:64bit: - [2008.06.27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2288229790-1082732842-1785732595-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-2288229790-1082732842-1785732595-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2288229790-1082732842-1785732595-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-2288229790-1082732842-1785732595-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\system32\npdeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@caminova.com/DjVuPlugin: C:\Program Files (x86)\Caminova\Document Express DjVu Plug-in\npdjvu.dll (Caminova, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=17.0.11: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=17.0.11: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=17.0.11: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@software602.cz/602XML Filler: C:\Program Files (x86)\Software602\602XML\Filler\npfiller.dll (Software602 a.s.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014.05.16 09:21:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1DD9AC48-0855-4AE7-9934-159B4377FFA2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014.06.28 14:27:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

[2014.02.14 11:07:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.09.10 14:30:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.09.10 14:30:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2014.09.04 12:28:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions

O1 HOSTS File: ([2014.09.04 22:04:50 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4:64bit: - HKLM..\Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe ()
O4:64bit: - HKLM..\Run: [Fences] C:\Program Files (x86)\Stardock\Fences\Fences.exe (Stardock Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-2288229790-1082732842-1785732595-500..\Run: [DellSystemDetect] C:\Users\Administrator\AppData\Local\Apps\2.0\47EAT7M0.3GD\RZLCCZON.PL8\dell..tion_0f612f649c4a10af_0005.000a_17ece8424e43daec\DellSystemDetect.exe (Dell)
O4 - Startup: C:\Users\benes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fences.lnk = C:\Program Files (x86)\Stardock\Fences\Fences.exe (Stardock Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2288229790-1082732842-1785732595-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2288229790-1082732842-1785732595-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2288229790-1082732842-1785732595-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKLM\..Trusted Domains: mojebanka.cz ([etrading] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mojebanka.cz ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2288229790-1082732842-1785732595-500\..Trusted Domains: dell.com ([]* in Trusted sites)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.caminova.net/en/downloads/ge ... px?lang=en (DjVuCtl Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0040-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1 10.0.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04987AD0-ADB0-4CF3-8321-F472323CCC4E}: DhcpNameServer = 192.168.10.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2CE39027-45EE-498A-88F4-BA1279863701}: DhcpNameServer = 10.0.0.1 10.0.0.2
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014.05.13 23:58:04 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2014.09.07 17:38:06 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\OTL
[2014.09.06 17:41:03 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Dell
[2014.09.06 17:40:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
[2014.09.06 17:40:39 | 000,000,000 | ---D | C] -- C:\ProgramData\PCDr
[2014.09.06 17:40:39 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
[2014.09.06 17:40:39 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2014.09.06 17:40:12 | 000,000,000 | ---D | C] -- C:\Program Files\My Dell
[2014.09.06 17:38:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\PCDr
[2014.09.06 17:37:10 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2014.09.06 17:37:06 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2014.09.06 16:53:39 | 000,000,000 | ---D | C] -- C:\DELL_Drivers
[2014.09.06 16:20:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
[2014.09.06 16:19:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Deployment
[2014.09.06 16:19:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Apps
[2014.09.06 16:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2014.09.06 11:13:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014.09.06 08:56:44 | 000,000,000 | ---D | C] -- C:\FRST
[2014.09.06 08:43:32 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014.09.06 08:43:32 | 000,000,000 | ---D | C] -- C:\rsit
[2014.09.06 07:48:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Xerox
[2014.09.06 07:30:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Windows Live
[2014.09.05 23:36:48 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014.09.05 23:19:22 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Apple
[2014.09.05 23:03:18 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.09.05 21:26:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014.09.05 21:25:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\CrashDumps
[2014.09.04 22:14:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\temp
[2014.09.04 19:59:00 | 000,000,000 | ---D | C] -- C:\Windows\Patches
[2014.09.04 15:11:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\System32
[2014.09.04 15:11:06 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI
[2014.09.04 15:04:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2014.09.04 15:02:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced Monitoring Agent
[2014.09.04 13:17:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014.09.04 12:42:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Macromedia
[2014.09.04 12:41:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Mozilla
[2014.09.04 12:32:16 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Autodesk
[2014.09.04 12:09:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Stardock_Corporation
[2014.09.04 11:33:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup (Disabled by Starter)
[2014.09.04 10:31:59 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamswissarmy.sys
[2014.09.04 10:31:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014.09.04 10:31:53 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014.09.04 10:31:53 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014.09.04 10:31:53 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014.09.04 10:12:08 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2014.09.04 10:11:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\deb27c1a-00e6-4263-94b2-8b78ea4d32ae
[2014.09.04 10:08:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2014.09.04 10:07:03 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Programs
[2014.09.04 10:06:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\VIPRE
[2014.09.04 10:02:34 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\EmieUserList
[2014.09.04 10:02:34 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\EmieSiteList
[2014.09.04 09:54:04 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2014.08.27 15:08:55 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2014.08.27 14:36:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Nokia
[2014.08.27 14:35:26 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Autodesk
[2014.08.27 14:34:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Samsung
[2014.08.26 09:26:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014.08.19 11:01:10 | 001,805,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2014.08.19 11:01:10 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msihnd.dll
[2014.08.19 11:01:09 | 003,241,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2014.08.19 11:01:09 | 001,941,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2014.08.19 11:01:09 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msihnd.dll
[2014.08.19 11:01:09 | 000,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2014.08.19 10:44:34 | 002,620,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2014.08.19 10:44:34 | 000,058,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2014.08.19 10:44:34 | 000,044,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2014.08.19 10:43:57 | 000,700,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2014.08.19 10:43:57 | 000,581,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2014.08.19 10:43:57 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2014.08.19 10:43:57 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2014.08.19 10:43:57 | 000,038,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2014.08.19 10:43:57 | 000,036,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2014.08.19 10:43:29 | 000,198,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2014.08.19 10:43:29 | 000,179,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2014.08.19 10:43:29 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2014.08.19 10:43:28 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2014.08.15 07:59:33 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014.08.15 07:59:33 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014.08.15 07:59:32 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014.08.15 07:59:32 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014.08.15 07:59:32 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014.08.15 07:59:32 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014.08.15 07:59:31 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014.08.15 07:59:30 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014.08.15 07:59:30 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014.08.15 07:59:29 | 002,001,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014.08.15 07:59:29 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014.08.15 07:59:28 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014.08.15 07:59:27 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014.08.15 07:59:27 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014.08.15 07:59:27 | 000,438,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014.08.15 07:59:27 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014.08.15 07:59:25 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014.08.15 07:59:24 | 002,087,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014.08.15 07:59:24 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014.08.15 07:59:24 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014.08.15 07:59:23 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014.08.15 07:59:20 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014.08.15 07:59:20 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014.08.15 07:59:18 | 000,598,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014.08.15 07:59:18 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014.08.15 07:59:17 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014.08.15 07:59:17 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014.08.15 07:59:16 | 005,824,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014.08.15 07:59:16 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014.08.15 07:59:16 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014.08.15 07:59:15 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014.08.15 07:59:15 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014.08.15 07:59:13 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014.08.15 07:59:12 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014.08.15 07:59:10 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014.08.15 07:58:36 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2014.08.14 15:18:10 | 000,099,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\infocardapi.dll
[2014.08.14 15:18:09 | 001,389,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardagt.exe
[2014.08.14 15:18:09 | 000,619,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardagt.exe
[2014.08.14 15:18:09 | 000,171,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\infocardapi.dll
[2014.08.14 15:18:07 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardres.dll
[2014.08.14 15:18:07 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardres.dll
[2014.08.14 15:17:44 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TsWpfWrp.exe
[2014.08.14 15:17:44 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsWpfWrp.exe
[2010.12.10 17:43:51 | 000,598,368 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer.exe

========== Files - Modified Within 30 Days ==========

[2014.09.07 17:39:47 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014.09.07 13:23:44 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.09.07 13:23:44 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.09.07 13:21:45 | 010,730,648 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2014.09.07 13:21:45 | 004,286,434 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2014.09.07 13:21:45 | 004,237,614 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.09.07 13:21:45 | 003,776,002 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2014.09.07 13:21:45 | 003,572,986 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2014.09.07 13:21:45 | 003,536,800 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.09.07 13:21:45 | 000,006,740 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.09.07 13:18:06 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamswissarmy.sys
[2014.09.07 13:16:16 | 3193,585,664 | -HS- | M] () -- C:\hiberfil.sys
[2014.09.06 17:04:40 | 000,000,505 | ---- | M] () -- C:\Users\Administrator\Desktop\Programy a funkce – zástupce.lnk
[2014.09.06 17:04:37 | 000,000,489 | ---- | M] () -- C:\Users\Administrator\Desktop\Nástroje pro správu – zástupce.lnk
[2014.09.06 14:38:44 | 000,007,607 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
[2014.09.06 09:54:03 | 779,879,120 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014.09.06 09:26:31 | 000,000,692 | ---- | M] () -- C:\Users\Administrator\Desktop\Kontrola PC – zástupce.lnk
[2014.09.06 08:14:40 | 005,179,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014.09.06 00:26:39 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014.09.05 02:49:49 | 000,000,318 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CEF0DA54-F480-44F7-AC28-97AE05C000A4}.job
[2014.09.04 22:04:50 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014.08.23 04:07:00 | 000,404,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2014.08.22 15:01:21 | 000,699,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014.08.22 15:01:21 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2014.09.07 17:07:54 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014.09.06 17:04:40 | 000,000,505 | ---- | C] () -- C:\Users\Administrator\Desktop\Programy a funkce – zástupce.lnk
[2014.09.06 17:04:37 | 000,000,489 | ---- | C] () -- C:\Users\Administrator\Desktop\Nástroje pro správu – zástupce.lnk
[2014.09.06 14:38:44 | 000,007,607 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
[2014.09.06 09:54:03 | 779,879,120 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014.09.06 09:26:31 | 000,000,692 | ---- | C] () -- C:\Users\Administrator\Desktop\Kontrola PC – zástupce.lnk
[2014.09.06 08:13:07 | 005,179,368 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014.09.05 02:49:41 | 000,000,318 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{CEF0DA54-F480-44F7-AC28-97AE05C000A4}.job
[2014.09.04 19:35:31 | 000,001,070 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9 Host.lnk
[2014.09.04 15:05:32 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Monitoring Agent.lnk
[2014.09.04 10:31:55 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014.06.25 16:07:16 | 000,150,944 | ---- | C] () -- C:\Windows\Wiainst64.exe
[2014.06.25 16:04:20 | 001,554,336 | ---- | C] () -- C:\Windows\TotalUninstaller.exe
[2014.05.13 20:37:12 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012.11.23 18:35:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.23 18:35:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.23 18:35:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.23 18:35:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.23 18:35:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014.06.25 04:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.06.25 03:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 05:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014.09.04 12:32:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Autodesk
[2014.09.04 10:11:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\deb27c1a-00e6-4263-94b2-8b78ea4d32ae
[2014.09.06 17:38:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PCDr
[2012.11.23 18:55:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Pixmantec
[2014.08.27 14:34:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Samsung
[2013.03.26 09:17:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Stardock
[2014.09.06 07:48:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Xerox
[2013.10.25 17:17:24 | 000,000,000 | ---D | M] -- C:\Users\benes\AppData\Roaming\602Installer
[2014.04.30 18:25:00 | 000,000,000 | ---D | M] -- C:\Users\benes\AppData\Roaming\602XML
[2014.05.28 12:49:36 | 000,000,000 | ---D | M] -- C:\Users\benes\AppData\Roaming\Autodesk
[2012.07.08 23:06:41 | 000,000,000 | ---D | M] -- C:\Users\benes\AppData\Roaming\Canon_Inc_IC
[2012.02.17 16:44:15 | 000,000,000 | ---D | M] -- C:\Users\benes\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2014.04.22 21:48:49 | 000,000,000 | ---D | M] -- C:\Users\benes\AppData\Roaming\com.adobe.amp
[2012.02.17 16:26:15 | 000,000,000 | ---D | M] -- C:\Users\benes\AppData\Roaming\com.adobe.dmp.contentviewer
[2014.09.04 15:35:14 | 000,000,000 | ---D | M] -- C:\Users\benes\AppData\Roaming\deb27c1a-00e6-4263-94b2-8b78ea4d32ae
[2014.08.26 14:56:44 | 000,000,000 | ---D | M] -- C:\Users\benes\AppData\Roaming\Domecek
[2014.04.03 09:39:56 | 000,000,000 | ---D | M] -- C:\Users\benes\AppData\Roaming\Dropbox
[2014.04.03 09:39:56 | 000,000,000 | ---D | M] -- C:\Users\benes\AppData\Roaming\DropboxMaster
[2011.03.21 18:34:46 | 000,000,000 | ---D | M] -- C:\Users\benes\AppData\Roaming\EPSON
[2010.03.12 13:36:10 | 000,000,000 | ---D | M] -- C:\Users\benes\AppData\Roaming\ESET
[2013.01.15 21:14:47 | 000,000,000 | ---D | M] -- C:\Users\benes\AppData\Roaming\IsolatedStorage
[2010.04.13 09:40:32 | 000,000,000 | ---D | M] -- C:\Users\benes\AppData\Roaming\Leadertech
[2013.02.28 12:36:14 | 000,000,000 | ---D | M] -- C:\Users\benes\AppData\Roaming\LEGO Company
[2010.04.11 10:32:02 | 000,000,000 | ---D | M] -- C:\Users\benes\AppData\Roaming\Nikon
[2013.10.12 09:48:56 | 000,000,000 | ---D | M] -- C:\Users\benes\AppData\Roaming\Nokia
[2010.10.21 19:34:26 | 000,000,000 | ---D | M] -- C:\Users\benes\AppData\Roaming\Nokia Ovi Suite
[2011.12.07 01:34:12 | 000,000,000 | ---D | M] -- C:\Users\benes\AppData\Roaming\Nokia Suite
[2010.03.14 21:29:56 | 000,000,000 | ---D | M] -- C:\Users\benes\AppData\Roaming\OpenOffice.org
[2013.04.10 20:23:04 | 000,000,000 | ---D | M] -- C:\Users\benes\AppData\Roaming\Oxa
[2012.02.17 16:39:55 | 000,000,000 | ---D | M] -- C:\Users\benes\AppData\Roaming\PACE Anti-Piracy
[2011.12.31 19:19:09 | 000,000,000 | ---D | M] -- C:\Users\benes\AppData\Roaming\PC Suite
[2011.05.30 16:33:33 | 000,000,000 | ---D | M] -- C:\Users\benes\AppData\Roaming\PDF reDirect
[2010.06.17 10:21:25 | 000,000,000 | ---D | M] -- C:\Users\benes\AppData\Roaming\Pixmantec
[2013.04.10 17:08:29 | 000,000,000 | ---D | M] -- C:\Users\benes\AppData\Roaming\Qosayf
[2014.06.25 16:08:48 | 000,000,000 | ---D | M] -- C:\Users\benes\AppData\Roaming\Samsung
[2013.01.15 22:10:27 | 000,000,000 | ---D | M] -- C:\Users\benes\AppData\Roaming\SmartDraw
[2013.10.25 17:17:38 | 000,000,000 | ---D | M] -- C:\Users\benes\AppData\Roaming\Software602
[2012.12.31 00:39:15 | 000,000,000 | ---D | M] -- C:\Users\benes\AppData\Roaming\Stardock
[2014.08.13 08:43:48 | 000,000,000 | ---D | M] -- C:\Users\benes\AppData\Roaming\TeamViewer
[2012.01.09 08:11:29 | 000,000,000 | ---D | M] -- C:\Users\benes\AppData\Roaming\UpdateTemp753798811
[2014.09.04 15:17:22 | 000,000,000 | ---D | M] -- C:\Users\benes\AppData\Roaming\VIPRE
[2013.01.30 15:37:55 | 000,000,000 | ---D | M] -- C:\Users\benes\AppData\Roaming\Windows Live Writer
[2010.03.15 15:48:42 | 000,000,000 | ---D | M] -- C:\Users\benes\AppData\Roaming\Xerox
[2011.02.06 09:32:41 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\ESET

========== Purity Check ==========



========== Custom Scans ==========

< >
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,560 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2014.09.05 02:49:41 | 000,000,318 | -H-- | C] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CEF0DA54-F480-44F7-AC28-97AE05C000A4}.job

< >

< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010.11.20 06:24:28 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010.11.20 06:24:28 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009.07.14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
[2010.11.20 05:16:56 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010.11.20 05:16:56 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
[2010.11.20 02:19:22 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010.11.20 02:19:22 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010.11.20 02:19:22 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 05:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.20 06:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe

< MD5 for: HAL.DLL >
[2009.07.14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
[2010.11.20 06:33:36 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\SysNative\hal.dll
[2010.11.20 06:33:36 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll

< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 05:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache86\scecli.dll
[2010.11.20 05:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 05:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 06:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\erdnt\cache64\scecli.dll
[2010.11.20 06:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 06:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SERVICES.EXE >
[2009.07.14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009.07.14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009.07.14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2014.05.12 07:24:30 | 000,750,392 | ---- | M] (MalwareBytes) MD5=09882E8EDD1144E6EF1AF6D1F98305EE -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2014.04.05 04:47:20 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=04ADD18EE5CC9FBEDAEC1DD1CD0CB45E -- C:\Windows\erdnt\cache64\tcpip.sys
[2014.04.05 04:47:20 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=04ADD18EE5CC9FBEDAEC1DD1CD0CB45E -- C:\Windows\SysNative\drivers\tcpip.sys
[2014.04.05 04:47:20 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=04ADD18EE5CC9FBEDAEC1DD1CD0CB45E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18438_none_113260637d1284ef\tcpip.sys
[2012.10.03 19:56:54 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[2013.09.08 04:30:37 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_1118bb977d265d27\tcpip.sys
[2014.04.05 04:37:43 | 001,897,408 | ---- | M] (Microsoft Corporation) MD5=4F80944B03112F486212DC20BE166079 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22648_none_11b12f2896383dd1\tcpip.sys
[2010.11.20 06:33:58 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2013.09.07 04:27:48 | 001,896,896 | ---- | M] (Microsoft Corporation) MD5=75F9106B74585D38C8FF6BB5CAD262D7 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_11ad2a34963bde27\tcpip.sys
[2009.07.14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2012.10.03 19:44:29 | 001,902,472 | ---- | M] (Microsoft Corporation) MD5=D5707FC2300AA5B04B7BFE86D40C0133 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys
[2013.11.26 13:34:34 | 001,897,408 | ---- | M] (Microsoft Corporation) MD5=F55B41AA6114568AC558ADBABDA85620 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22525_none_11c3cc3c962abcc3\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010.11.20 05:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010.11.20 05:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 05:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 06:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010.11.20 06:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 06:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2014.05.12 07:24:30 | 000,750,392 | ---- | M] (MalwareBytes) MD5=09882E8EDD1144E6EF1AF6D1F98305EE -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2010.11.20 06:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2014.03.04 13:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014.03.04 11:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\erdnt\cache64\winlogon.exe
[2014.03.04 11:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\SysNative\winlogon.exe
[2014.03.04 11:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe

Část 2

< >

< %systemroot%*.* /U /s >
[13 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[16 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[1 C:\Windows\Globalization\*.tmp files -> C:\Windows\Globalization\*.tmp -> ]
[1 C:\Windows\inf\Ovi Player\*.tmp files -> C:\Windows\inf\Ovi Player\*.tmp -> ]
[1 C:\Windows\inf\Ovi Player\0000\*.tmp files -> C:\Windows\inf\Ovi Player\0000\*.tmp -> ]
[1 C:\Windows\inf\Ovi Player\0005\*.tmp files -> C:\Windows\inf\Ovi Player\0005\*.tmp -> ]
[1 C:\Windows\inf\Ovi Player\0007\*.tmp files -> C:\Windows\inf\Ovi Player\0007\*.tmp -> ]
[1 C:\Windows\inf\Ovi Player\0009\*.tmp files -> C:\Windows\inf\Ovi Player\0009\*.tmp -> ]
[9 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\ServiceProfiles\LocalService\AppData\Local\*.tmp files -> C:\Windows\ServiceProfiles\LocalService\AppData\Local\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\40c73a0196e79849d3367f7f585ecbf0\*.tmp files -> C:\Windows\SoftwareDistribution\Download\40c73a0196e79849d3367f7f585ecbf0\*.tmp -> ]
[1 C:\Windows\System32\spool\drivers\x64\{A88FB137-23D5-4CA9-A139-AE077C642C07}\*.tmp files -> C:\Windows\System32\spool\drivers\x64\{A88FB137-23D5-4CA9-A139-AE077C642C07}\*.tmp -> ]
[5 C:\Windows\System32\spool\PRINTERS\*.tmp files -> C:\Windows\System32\spool\PRINTERS\*.tmp -> ]
[3 C:\Windows\temp\*.tmp files -> C:\Windows\temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2013.03.26 09:17:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2013.07.12 11:02:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Apple Computer
[2012.11.23 17:58:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ATI
[2014.09.04 12:32:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Autodesk
[2014.09.04 10:11:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\deb27c1a-00e6-4263-94b2-8b78ea4d32ae
[2014.09.06 17:41:03 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Dell
[2012.11.23 17:57:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Identities
[2010.04.02 01:43:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Macromedia
[2014.09.07 15:19:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2010.02.17 00:18:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Media Center Programs
[2014.09.07 14:16:48 | 000,000,000 | --SD | M] -- C:\Users\Administrator\AppData\Roaming\Microsoft
[2014.09.04 12:42:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla
[2014.09.06 17:38:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PCDr
[2012.11.23 18:55:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Pixmantec
[2014.09.04 12:29:40 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Real
[2014.08.27 14:34:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Samsung
[2013.03.26 09:17:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Stardock
[2014.09.06 07:48:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Xerox

< %APPDATA%\*.exe /s >
[2012.04.02 12:59:30 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2014.09.06 17:37:27 | 000,010,134 | R--- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Installer\{86C527CC-4AF2-903C-7BFF-5975272CC645}\ARPPRODUCTICON.exe
[2012.07.05 12:51:46 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Administrator\AppData\Roaming\PCDr\Update\Rules\2346c16f-2c61-46aa-99b7-184f2c413c0c\appupdaterrules_dell\AddCertificate.exe
[2013.12.19 23:19:02 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Administrator\AppData\Roaming\PCDr\Update\Rules\4f614afb-0c56-44be-a916-3fe8d9877cdd\withSigneddll-PCDoctor_6422.40_windows_appupdaterrules_dell\AddCertificate.exe
[2013.12.19 23:19:02 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Administrator\AppData\Roaming\PCDr\Update\Rules\593a480a-ba70-4478-8a45-3643440ed110\withSigneddll-PCDoctor_6422.40_windows_appupdaterrules_dell\AddCertificate.exe
[2013.12.19 23:19:02 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Administrator\AppData\Roaming\PCDr\Update\Rules\a3eeee00-2f8f-484a-b847-90d3f8aab985\withSigneddll-PCDoctor_6422.40_windows_appupdaterrules_dell\AddCertificate.exe
[2013.12.19 23:19:02 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Administrator\AppData\Roaming\PCDr\Update\Rules\c1b792ac-3803-43a4-85ca-64cae5350408\withSigneddll-PCDoctor_6422.40_windows_appupdaterrules_dell\AddCertificate.exe
[2013.12.19 23:19:02 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Administrator\AppData\Roaming\PCDr\Update\Rules\d417ff72-044f-40a8-bca7-5dbdcdf9f094\withSigneddll-PCDoctor_6422.40_windows_appupdaterrules_dell\AddCertificate.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2014.09.05 02:49:49 | 000,000,318 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CEF0DA54-F480-44F7-AC28-97AE05C000A4}.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"DellSystemDetect" = C:\Users\Administrator\AppData\Local\Apps\2.0\47EAT7M0.3GD\RZLCCZON.PL8\dell..tion_0f612f649c4a10af_0005.000a_17ece8424e43daec\DellSystemDetect.exe -- [2014.09.06 16:20:13 | 000,265,280 | ---- | M] (Dell)

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2014.08.01 01:16:35 | 000,812,224 | ---- | M] (Microsoft Corporation) MD5=CDF01A5C7927786A708EAEE91F14797B -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014.09.07 17:39:47 | 000,000,512 | ---- | M] () MD5=3F0F8E6B6C92047D710DDEEA024498B8 -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2005.03.08 12:30:56 | 000,092,827 | ---- | M] () -- \Program Files (x86)\Corel\CorelDRAW Graphics Suite 13\Custom Data\Bumpmap\Cracks.cpt
[2005.03.08 12:30:58 | 000,016,068 | ---- | M] () -- \Program Files (x86)\Corel\CorelDRAW Graphics Suite 13\Custom Data\Canvas\cracks2c.pcx
[2005.03.08 12:31:08 | 000,010,560 | ---- | M] () -- \Program Files (x86)\Corel\CorelDRAW Graphics Suite 13\Custom Data\Tiles\CRACKS2M.CPT
[2001.08.14 19:31:08 | 000,030,054 | ---- | M] () -- \Program Files\Autodesk\3ds Max Design 2013\Inventor Server\Textures\surfaces\Cracks.bmp
[2011.09.15 05:27:36 | 000,008,428 | ---- | M] () -- \Program Files\Autodesk\3ds Max Design 2013\maps\Substance\textures\Cracked_Plaster.sbsar
[2001.08.14 19:31:08 | 000,030,054 | ---- | M] () -- \Program Files\Autodesk\AutoCAD 2013\Inventor Server\Textures\surfaces\Cracks.bmp
[2001.08.14 15:31:08 | 000,030,054 | ---- | M] () -- \Program Files\Common Files\Autodesk Shared\DirectConnect2013 (64-bit)\bin\Aruba\Inventor Server\Textures\surfaces\Cracks.bmp
[2012.01.24 14:18:28 | 000,814,784 | ---- | M] () -- \ProgramData\Autodesk\Civil View\2013\Country Kit AU\Matlibs\Treemaps\Salix Fragilis Crack Willow.png
[2012.01.24 14:18:16 | 000,000,170 | ---- | M] () -- \ProgramData\Autodesk\Civil View\2013\Country Kit AU\Objlibs\Trees\Crack Willow (Salix Fragilis).ini
[2012.01.24 14:18:28 | 000,814,784 | ---- | M] () -- \ProgramData\Autodesk\Civil View\2013\Country Kit NL\Matlibs\Treemaps\Salix Fragilis Crack Willow.png
[2012.01.24 14:18:40 | 000,000,170 | ---- | M] () -- \ProgramData\Autodesk\Civil View\2013\Country Kit NL\Objlibs\Trees\Crack Willow (Salix Fragilis).ini
[2012.01.24 14:18:28 | 000,814,784 | ---- | M] () -- \ProgramData\Autodesk\Civil View\2013\Country Kit UK\Matlibs\Treemaps\Salix Fragilis Crack Willow.png
[2012.01.24 14:19:06 | 000,000,170 | ---- | M] () -- \ProgramData\Autodesk\Civil View\2013\Country Kit UK\Objlibs\Trees\Crack Willow (Salix Fragilis).ini
[2012.01.24 14:18:28 | 000,814,784 | ---- | M] () -- \ProgramData\Autodesk\Civil View\2013\Country Kit US Imperial\Matlibs\Treemaps\Salix Fragilis Crack Willow.png
[2012.01.24 14:19:20 | 000,000,170 | ---- | M] () -- \ProgramData\Autodesk\Civil View\2013\Country Kit US Imperial\Objlibs\Trees\Crack Willow (Salix Fragilis).ini
[2012.01.24 14:18:28 | 000,814,784 | ---- | M] () -- \ProgramData\Autodesk\Civil View\2013\Country Kit US Metric\Matlibs\Treemaps\Salix Fragilis Crack Willow.png
[2012.01.24 14:19:40 | 000,000,170 | ---- | M] () -- \ProgramData\Autodesk\Civil View\2013\Country Kit US Metric\Objlibs\Trees\Crack Willow (Salix Fragilis).ini
[2001.08.14 19:31:08 | 000,030,054 | ---- | M] () -- \ProgramData\Autodesk\Inventor Fusion 2013\Design Data\surfaces\Cracks.bmp
[2012.01.24 14:18:28 | 000,814,784 | ---- | M] () -- \Users\All Users\Autodesk\Civil View\2013\Country Kit AU\Matlibs\Treemaps\Salix Fragilis Crack Willow.png
[2012.01.24 14:18:16 | 000,000,170 | ---- | M] () -- \Users\All Users\Autodesk\Civil View\2013\Country Kit AU\Objlibs\Trees\Crack Willow (Salix Fragilis).ini
[2012.01.24 14:18:28 | 000,814,784 | ---- | M] () -- \Users\All Users\Autodesk\Civil View\2013\Country Kit NL\Matlibs\Treemaps\Salix Fragilis Crack Willow.png
[2012.01.24 14:18:40 | 000,000,170 | ---- | M] () -- \Users\All Users\Autodesk\Civil View\2013\Country Kit NL\Objlibs\Trees\Crack Willow (Salix Fragilis).ini
[2012.01.24 14:18:28 | 000,814,784 | ---- | M] () -- \Users\All Users\Autodesk\Civil View\2013\Country Kit UK\Matlibs\Treemaps\Salix Fragilis Crack Willow.png
[2012.01.24 14:19:06 | 000,000,170 | ---- | M] () -- \Users\All Users\Autodesk\Civil View\2013\Country Kit UK\Objlibs\Trees\Crack Willow (Salix Fragilis).ini
[2012.01.24 14:18:28 | 000,814,784 | ---- | M] () -- \Users\All Users\Autodesk\Civil View\2013\Country Kit US Imperial\Matlibs\Treemaps\Salix Fragilis Crack Willow.png
[2012.01.24 14:19:20 | 000,000,170 | ---- | M] () -- \Users\All Users\Autodesk\Civil View\2013\Country Kit US Imperial\Objlibs\Trees\Crack Willow (Salix Fragilis).ini
[2012.01.24 14:18:28 | 000,814,784 | ---- | M] () -- \Users\All Users\Autodesk\Civil View\2013\Country Kit US Metric\Matlibs\Treemaps\Salix Fragilis Crack Willow.png
[2012.01.24 14:19:40 | 000,000,170 | ---- | M] () -- \Users\All Users\Autodesk\Civil View\2013\Country Kit US Metric\Objlibs\Trees\Crack Willow (Salix Fragilis).ini
[2001.08.14 19:31:08 | 000,030,054 | ---- | M] () -- \Users\All Users\Autodesk\Inventor Fusion 2013\Design Data\surfaces\Cracks.bmp
[2001.08.14 19:31:08 | 000,030,054 | ---- | M] () -- \Users\Public\Documents\Autodesk\Inventor 2013\Textures\surfaces\Cracks.bmp

< *keygen* /s >

< *loader* /s >
[2014.02.23 09:31:44 | 000,008,192 | ---- | M] () -- \_MEI24882\_win32sysloader.pyd
[2012.01.05 14:15:54 | 000,398,328 | ---- | M] () -- \_Norton-Instal\N360Downloader.exe
[2012.03.13 08:47:55 | 000,012,912 | ---- | M] () -- \Autodesk\AutoCAD_2013_Czech_Language_Pack_Win_64bit\Acad\Program Files\Root\AcAutoLoaderRes.dll
[2012.01.03 06:10:52 | 000,012,278 | ---- | M] () -- \Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\WebPublish\BootStrapLoader.swf
[2011.03.02 22:35:42 | 005,299,048 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS5.1\Photodownloader.exe
[2011.03.02 19:57:10 | 000,011,161 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS5.1\apd\shared_assets\bitmaps\main_window\C_LoadError.png
[2011.03.02 19:57:10 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS5.1\apd\shared_assets\locales\da_dk\Photodownloader.ini
[2011.03.02 19:57:10 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS5.1\apd\shared_assets\locales\de_de\Photodownloader.ini
[2011.03.02 19:57:10 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS5.1\apd\shared_assets\locales\en_us\Photodownloader.ini
[2011.03.02 19:57:10 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS5.1\apd\shared_assets\locales\es_es\Photodownloader.ini
[2011.03.02 19:57:10 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS5.1\apd\shared_assets\locales\fi_fi\Photodownloader.ini
[2011.03.02 19:57:12 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS5.1\apd\shared_assets\locales\fr_fr\Photodownloader.ini
[2011.03.02 19:57:12 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS5.1\apd\shared_assets\locales\it_it\Photodownloader.ini
[2011.03.02 19:57:12 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS5.1\apd\shared_assets\locales\ja_jp\Photodownloader.ini
[2011.03.02 19:57:12 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS5.1\apd\shared_assets\locales\ko_kr\Photodownloader.ini
[2011.03.02 19:57:12 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS5.1\apd\shared_assets\locales\nl_nl\Photodownloader.ini
[2011.03.02 19:57:12 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS5.1\apd\shared_assets\locales\no_no\Photodownloader.ini
[2011.03.02 19:57:12 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS5.1\apd\shared_assets\locales\pt_br\Photodownloader.ini
[2011.03.02 19:57:12 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS5.1\apd\shared_assets\locales\sv_se\Photodownloader.ini
[2011.03.02 19:57:14 | 000,000,308 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS5.1\apd\shared_assets\locales\zh_cn\Photodownloader.ini
[2011.03.02 19:57:14 | 000,000,011 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe Bridge CS5.1\apd\shared_assets\locales\zh_tw\Photodownloader.ini
[2011.03.10 23:49:30 | 000,003,754 | ---- | M] () -- \Program Files (x86)\Adobe\Adobe InDesign CS5.5\Scripts\converturltohyperlink\startup scripts\ConvertURLToHyperlinkMenuItemLoader.jsx
[2005.06.06 23:54:14 | 000,348,160 | ---- | M] () -- \Program Files (x86)\Adobe\Photoshop Album Starter Edition\3.0\Apps\PhotoDownloader.dll
[2005.06.06 23:47:26 | 000,163,840 | ---- | M] () -- \Program Files (x86)\Adobe\Photoshop Album Starter Edition\3.0\Apps\uploader.dll
[2005.06.06 23:02:16 | 000,011,161 | ---- | M] () -- \Program Files (x86)\Adobe\Photoshop Album Starter Edition\3.0\Shared_Assets\combined_bitmaps\main_window\C_LoadError.png
[2011.08.01 13:42:06 | 000,005,632 | ---- | M] () -- \Program Files (x86)\Advanced Monitoring Agent\patchman\_win32sysloader.pyd
[2012.01.11 20:14:00 | 000,910,848 | ---- | M] () -- \Program Files (x86)\Canon\ImageBrowser EX\UploaderForFacebook.exe
[2012.01.12 16:49:36 | 000,010,240 | ---- | M] () -- \Program Files (x86)\Canon\ImageBrowser EX\en\UploaderForFacebook.resources.dll
[2011.11.10 20:20:08 | 000,015,435 | ---- | M] () -- \Program Files (x86)\Canon\Movie Uploader for YouTube\MovieUploaderForYouTube.chm
[2012.01.11 20:14:00 | 000,926,208 | ---- | M] () -- \Program Files (x86)\Canon\Movie Uploader for YouTube\MovieUploaderForYouTube.exe
[2011.11.10 21:39:54 | 000,037,965 | ---- | M] () -- \Program Files (x86)\Canon\Movie Uploader for YouTube\ReadMe(MovieUploaderForYouTube).rtf
[2012.01.12 17:05:42 | 000,010,752 | ---- | M] () -- \Program Files (x86)\Canon\Movie Uploader for YouTube\en\MovieUploaderForYouTube.resources.dll
[2012.07.08 23:12:08 | 000,002,217 | ---- | M] () -- \Program Files (x86)\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\Image Handling Library Core Common\uninstall_for_Movie Uploader for YouTube.xml
[2012.07.08 23:12:09 | 000,000,815 | ---- | M] () -- \Program Files (x86)\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\Image Handling Library DC\uninstall_for_Movie Uploader for YouTube.xml
[2012.07.08 23:12:10 | 000,000,816 | ---- | M] () -- \Program Files (x86)\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\Image Handling Library DS\uninstall_for_Movie Uploader for YouTube.xml
[2012.07.08 23:12:11 | 000,000,815 | ---- | M] () -- \Program Files (x86)\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\Image Handling Library DV\uninstall_for_Movie Uploader for YouTube.xml
[2006.10.26 13:40:34 | 000,057,344 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006.10.26 13:40:34 | 000,005,120 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2012.09.25 04:39:16 | 000,112,128 | ---- | M] () -- \Program Files (x86)\Common Files\Nokia\Tss\ProductApiLoader\ta_productapiloader.dll
[2009.06.26 17:29:48 | 000,053,511 | R--- | M] () -- \Program Files (x86)\Common Files\Roxio Shared\10.0\Common Resources\Shared\Generic\Images\themeloader_default_chapter.jpg
[2009.06.26 17:29:48 | 000,053,511 | R--- | M] () -- \Program Files (x86)\Common Files\Roxio Shared\10.0\Common Resources\Shared\Generic\Images\themeloader_default_menu.jpg
[2009.06.24 18:41:04 | 000,007,307 | R--- | M] () -- \Program Files (x86)\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1033\Strings\RCMFormatLoaderStrings.xml
[2009.06.26 19:11:48 | 000,215,536 | ---- | M] () -- \Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\CPSFileLoader.dll
[2009.06.26 19:12:18 | 000,084,464 | ---- | M] () -- \Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\CPSFormatLoaderBMP.dll
[2009.06.26 19:12:32 | 000,072,176 | ---- | M] () -- \Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\CPSFormatLoaderECDC.dll
[2009.06.26 19:12:44 | 000,092,656 | ---- | M] () -- \Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\CPSFormatLoaderGIF.dll
[2009.06.26 19:12:56 | 000,207,344 | ---- | M] () -- \Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\CPSFormatLoaderJPG2.dll
[2009.06.26 19:22:20 | 000,072,176 | ---- | M] () -- \Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\CPSFormatLoaderMDC.dll
[2009.06.26 19:13:08 | 000,133,616 | ---- | M] () -- \Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\CPSFormatLoaderPNG.dll
[2009.06.26 19:13:20 | 000,104,944 | ---- | M] () -- \Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\CPSFormatLoaderTIFF.dll
[2009.06.26 19:17:54 | 000,154,096 | ---- | M] () -- \Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\LeResourceLoader.dll
[2006.10.10 12:31:42 | 000,132,648 | ---- | M] () -- \Program Files (x86)\Corel\CorelDRAW Graphics Suite 13\Programs\PCULoader.exe
[2009.06.25 04:20:06 | 000,011,181 | ---- | M] () -- \Program Files (x86)\CyberLink\PowerDVD DX\mm\MediaCtrl\ImageLoader.kc
[2008.12.02 19:02:08 | 000,081,920 | ---- | M] () -- \Program Files (x86)\Dell Webcam\Dell Webcam Central\uploader.crl
[2008.12.02 19:10:04 | 000,405,504 | ---- | M] () -- \Program Files (x86)\Dell Webcam\Dell Webcam Central\UtubeUploader.dll
[2010.04.26 18:36:12 | 000,003,095 | ---- | M] () -- \Program Files (x86)\LEGO Software\LEGO MINDSTORMS Edu NXT\components\uriloader.xpt
[2010.04.26 18:53:42 | 000,025,775 | ---- | M] () -- \Program Files (x86)\LEGO Software\LEGO MINDSTORMS Edu NXT\engine\EditorVIs\SubVIs\Loader\LogIfLoadErrors.vi
[2012.06.26 12:36:20 | 000,002,560 | ---- | M] () -- \Program Files (x86)\Nokia\Nokia PC Suite 7\Lang\MapLoader_cze.NLR
[2014.06.10 22:03:30 | 000,020,992 | ---- | M] () -- \Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
[2014.06.10 17:50:12 | 000,214,799 | ---- | M] () -- \Program Files (x86)\RealNetworks\RealDownloader\downloader.vs
[2009.06.10 20:18:18 | 000,059,888 | ---- | M] () -- \Program Files (x86)\Roxio\PhotoSuite 10\FormatLoaderMPS.dll
[2009.06.10 20:20:02 | 000,055,792 | ---- | M] () -- \Program Files (x86)\Roxio\PhotoSuite 10\PPSFormatLoaderPZP.dll
[2009.06.10 15:45:46 | 000,141,808 | ---- | M] () -- \Program Files (x86)\Roxio\VideoCore 10\VOBLoader.ax
[2009.06.11 17:54:16 | 000,170,480 | ---- | M] () -- \Program Files (x86)\Roxio\VideoUI 10\DSThemeLoader.dll
[2009.06.11 17:56:04 | 000,113,136 | ---- | M] () -- \Program Files (x86)\Roxio\VideoUI 10\DVDFormatLoaderPlugIn.dll
[2009.06.11 17:24:48 | 000,053,511 | R--- | M] () -- \Program Files (x86)\Roxio\VideoUI 10\Skins\Default\Generic\Images\themeloader_default_chapter.jpg
[2009.06.11 17:24:48 | 000,053,511 | R--- | M] () -- \Program Files (x86)\Roxio\VideoUI 10\Skins\Default\Generic\Images\themeloader_default_menu.jpg
[2009.06.11 17:24:48 | 000,040,000 | R--- | M] () -- \Program Files (x86)\Roxio\VideoUI 10\Skins\Default\Generic\Images\themeloader_hourglass.jpg
[2011.03.15 12:23:50 | 000,105,984 | ---- | M] () -- \Program Files\Adobe\Adobe Media Encoder CS5.5\MXF_SDK_MetaMetadata_BinaryLoader_4.3.4.dll
[2011.03.15 12:23:50 | 000,196,608 | ---- | M] () -- \Program Files\Adobe\Adobe Media Encoder CS5.5\MXF_SDK_MetaMetadata_XSDLoader2_4.3.4.dll
[2011.03.15 12:23:50 | 000,144,896 | ---- | M] () -- \Program Files\Adobe\Adobe Media Encoder CS5.5\MXF_SDK_MetaMetadata_XSDLoader_4.3.4.dll
[2012.02.20 17:09:18 | 000,026,024 | ---- | M] () -- \Program Files\Autodesk\3ds Max Design 2013\AecLoader.arx
[2012.03.07 17:14:18 | 000,018,784 | ---- | M] () -- \Program Files\Autodesk\3ds Max Design 2013\AssemblyLoader.dll
[2011.12.13 09:32:24 | 000,009,791 | ---- | M] () -- \Program Files\Autodesk\3ds Max Design 2013\AssemblyLoader.xml
[2012.03.07 17:14:54 | 000,019,808 | ---- | M] () -- \Program Files\Autodesk\3ds Max Design 2013\gmiloader.dll
[2011.12.13 14:27:16 | 000,012,288 | ---- | M] () -- \Program Files\Autodesk\3ds Max Design 2013\de-DE\gmiloader.dll.mui
[2011.09.15 06:55:40 | 000,001,024 | ---- | M] () -- \Program Files\Autodesk\3ds Max Design 2013\en-US\gmiloader.dll.mui
[2012.01.21 05:54:02 | 000,036,864 | ---- | M] () -- \Program Files\Autodesk\3ds Max Design 2013\ExternalPlugins\CS4\Windows\Autodesk.Plugins.Adobe.AfterFX.SceneIO.Loader.aex
[2012.01.21 05:54:02 | 000,039,936 | ---- | M] () -- \Program Files\Autodesk\3ds Max Design 2013\ExternalPlugins\CS5\Windows\Autodesk.Plugins.Adobe.AfterFX.SceneIO.Loader.aex
[2012.03.07 17:13:34 | 000,012,288 | ---- | M] () -- \Program Files\Autodesk\3ds Max Design 2013\fr-FR\gmiloader.dll.mui
[2012.01.10 23:58:52 | 000,063,648 | ---- | M] () -- \Program Files\Autodesk\3ds Max Design 2013\Inventor Server\Bin\ClrAddinLoader.dll
[2011.12.13 14:32:18 | 000,012,288 | ---- | M] () -- \Program Files\Autodesk\3ds Max Design 2013\ja-JP\gmiloader.dll.mui
[2011.12.13 14:34:56 | 000,012,288 | ---- | M] () -- \Program Files\Autodesk\3ds Max Design 2013\ko-KR\gmiloader.dll.mui
[2012.03.07 17:18:40 | 000,033,120 | ---- | M] () -- \Program Files\Autodesk\3ds Max Design 2013\stdplugs\parserloader.gup
[2012.03.07 17:19:24 | 000,064,864 | ---- | M] () -- \Program Files\Autodesk\3ds Max Design 2013\stdplugs\sceneeffectloader.dlu
[2012.01.31 05:38:58 | 000,061,440 | ---- | M] () -- \Program Files\Autodesk\3ds Max Design 2013\stdplugs\(MassFX)\PhysX_2.8.5\PHYSX4DCC_PhysXLoader64.dll
[2012.01.31 05:38:58 | 000,071,680 | ---- | M] () -- \Program Files\Autodesk\3ds Max Design 2013\stdplugs\(MassFX)\PhysX_2.8.5\PHYSX4DCC_PhysXUpdateLoader64.dll
[2012.02.22 20:55:32 | 000,012,288 | ---- | M] () -- \Program Files\Autodesk\3ds Max Design 2013\stdplugs\de-DE\ParserLoader.gup.mui
[2012.02.07 11:36:50 | 000,012,288 | ---- | M] () -- \Program Files\Autodesk\3ds Max Design 2013\stdplugs\de-DE\SceneEffectLoader.dlu.mui
[2011.09.15 07:05:06 | 000,002,048 | ---- | M] () -- \Program Files\Autodesk\3ds Max Design 2013\stdplugs\en-US\parserloader.gup.mui
[2011.09.15 07:15:04 | 000,002,560 | ---- | M] () -- \Program Files\Autodesk\3ds Max Design 2013\stdplugs\en-US\sceneeffectloader.dlu.mui
[2012.02.22 21:20:52 | 000,012,288 | ---- | M] () -- \Program Files\Autodesk\3ds Max Design 2013\stdplugs\fr-FR\ParserLoader.gup.mui
[2012.02.07 12:05:42 | 000,012,288 | ---- | M] () -- \Program Files\Autodesk\3ds Max Design 2013\stdplugs\fr-FR\SceneEffectLoader.dlu.mui
[2012.02.26 11:06:08 | 000,012,288 | ---- | M] () -- \Program Files\Autodesk\3ds Max Design 2013\stdplugs\ja-JP\ParserLoader.gup.mui
[2012.02.07 11:37:20 | 000,012,288 | ---- | M] () -- \Program Files\Autodesk\3ds Max Design 2013\stdplugs\ja-JP\SceneEffectLoader.dlu.mui
[2012.02.22 20:55:46 | 000,012,288 | ---- | M] () -- \Program Files\Autodesk\3ds Max Design 2013\stdplugs\ko-KR\ParserLoader.gup.mui
[2012.02.07 11:37:34 | 000,012,288 | ---- | M] () -- \Program Files\Autodesk\3ds Max Design 2013\stdplugs\ko-KR\SceneEffectLoader.dlu.mui
[2011.11.29 05:58:34 | 000,002,027 | ---- | M] () -- \Program Files\Autodesk\3ds Max Design 2013\stdplugs\stdscripts\(MassFX)\px_loader.ms
[2012.02.22 20:55:50 | 000,012,288 | ---- | M] () -- \Program Files\Autodesk\3ds Max Design 2013\stdplugs\zh-CN\ParserLoader.gup.mui
[2012.02.07 11:37:40 | 000,012,288 | ---- | M] () -- \Program Files\Autodesk\3ds Max Design 2013\stdplugs\zh-CN\SceneEffectLoader.dlu.mui
[2011.12.18 11:33:16 | 000,012,288 | ---- | M] () -- \Program Files\Autodesk\3ds Max Design 2013\zh-CN\gmiloader.dll.mui
[2013.04.16 07:35:53 | 000,194,888 | ---- | M] () -- \Program Files\Autodesk\AutoCAD 2013\AcAutoLoader.arx
[2012.02.07 04:38:06 | 002,342,312 | ---- | M] () -- \Program Files\Autodesk\AutoCAD 2013\AdDownloaderCore.dll
[2012.02.20 17:09:18 | 000,026,024 | ---- | M] () -- \Program Files\Autodesk\AutoCAD 2013\AecLoader.arx
[2012.02.20 17:09:16 | 000,070,568 | ---- | M] () -- \Program Files\Autodesk\AutoCAD 2013\ACA\AecXArchBaseLoader.dll
[2012.02.20 17:09:18 | 000,070,056 | ---- | M] () -- \Program Files\Autodesk\AutoCAD 2013\ACA\AecXBaseLoader.dll
[2012.02.20 17:09:14 | 000,070,056 | ---- | M] () -- \Program Files\Autodesk\AutoCAD 2013\ACA\AecXDcContentLoader.dll
[2012.02.20 17:09:18 | 000,070,056 | ---- | M] () -- \Program Files\Autodesk\AutoCAD 2013\ACA\AecXDisplayPropsDataLoader.dll
[2012.02.20 17:09:18 | 000,070,056 | ---- | M] () -- \Program Files\Autodesk\AutoCAD 2013\ACA\AecXDtlLoader.dll
[2012.02.20 17:09:18 | 000,068,520 | ---- | M] () -- \Program Files\Autodesk\AutoCAD 2013\ACA\AecXDynPropsLoader.dll
[2012.02.20 17:09:14 | 000,070,056 | ---- | M] () -- \Program Files\Autodesk\AutoCAD 2013\ACA\AecXExtendedDataLoader.dll
[2012.02.20 17:09:18 | 000,070,056 | ---- | M] () -- \Program Files\Autodesk\AutoCAD 2013\ACA\AecXGuiArchLoader.dll
[2012.02.20 17:09:14 | 000,070,056 | ---- | M] () -- \Program Files\Autodesk\AutoCAD 2013\ACA\AecXGuiBaseLoader.dll
[2012.02.20 17:09:36 | 000,070,056 | ---- | M] () -- \Program Files\Autodesk\AutoCAD 2013\ACA\AecXGuiUtilitiesLoader.dll
[2012.02.20 17:09:16 | 000,070,056 | ---- | M] () -- \Program Files\Autodesk\AutoCAD 2013\ACA\AecXProjectLoader.dll
[2012.02.20 17:09:12 | 000,070,056 | ---- | M] () -- \Program Files\Autodesk\AutoCAD 2013\ACA\AecXScheduleLoader.dll
[2012.02.20 17:09:14 | 000,070,056 | ---- | M] () -- \Program Files\Autodesk\AutoCAD 2013\ACA\AecXToolClassLoader.dll
[2012.02.20 17:09:16 | 000,070,056 | ---- | M] () -- \Program Files\Autodesk\AutoCAD 2013\ACA\AecXUIArchBaseLoader.dll
[2012.02.20 17:09:18 | 000,070,056 | ---- | M] () -- \Program Files\Autodesk\AutoCAD 2013\ACA\AecXUIBaseLoader.dll
[2012.03.13 08:47:55 | 000,012,912 | ---- | M] () -- \Program Files\Autodesk\AutoCAD 2013\cs-CZ\AcAutoLoaderRes.dll
[2012.02.07 04:41:07 | 000,010,664 | ---- | M] () -- \Program Files\Autodesk\AutoCAD 2013\en-US\AcAutoLoaderRes.dll
[2012.01.14 00:22:20 | 000,063,648 | ---- | M] () -- \Program Files\Autodesk\AutoCAD 2013\Inventor Server\Bin\ClrAddinLoader.dll
[2012.02.07 04:39:48 | 000,193,960 | ---- | M] () -- \Program Files\Autodesk\AutoCAD Civil 3D 2013\AcAutoLoader.arx
[2012.02.22 11:05:48 | 000,077,824 | ---- | M] () -- \Program Files\Autodesk\AutoCAD Civil 3D 2013\AcMapLoader.arx
[2012.02.22 10:58:54 | 000,002,560 | ---- | M] () -- \Program Files\Autodesk\AutoCAD Civil 3D 2013\AcMapLoaderRes.dll
[2012.02.07 04:38:06 | 002,342,312 | ---- | M] () -- \Program Files\Autodesk\AutoCAD Civil 3D 2013\AdDownloaderCore.dll
[2012.02.20 17:09:18 | 000,026,024 | ---- | M] () -- \Program Files\Autodesk\AutoCAD Civil 3D 2013\AecLoader.arx
[2012.02.20 17:09:18 | 000,070,056 | ---- | M] () -- \Program Files\Autodesk\AutoCAD Civil 3D 2013\AecXBaseLoader.dll
[2012.02.20 17:09:18 | 000,070,056 | ---- | M] () -- \Program Files\Autodesk\AutoCAD Civil 3D 2013\AecXDisplayPropsDataLoader.dll
[2012.02.20 17:09:18 | 000,070,056 | ---- | M] () -- \Program Files\Autodesk\AutoCAD Civil 3D 2013\AecXDtlLoader.dll
[2012.02.20 17:09:18 | 000,068,520 | ---- | M] () -- \Program Files\Autodesk\AutoCAD Civil 3D 2013\AecXDynPropsLoader.dll
[2012.02.20 17:09:14 | 000,070,056 | ---- | M] () -- \Program Files\Autodesk\AutoCAD Civil 3D 2013\AecXExtendedDataLoader.dll
[2012.02.20 17:09:14 | 000,070,056 | ---- | M] () -- \Program Files\Autodesk\AutoCAD Civil 3D 2013\AecXGuiBaseLoader.dll
[2012.02.20 17:09:14 | 000,070,056 | ---- | M] () -- \Program Files\Autodesk\AutoCAD Civil 3D 2013\AecXToolClassLoader.dll
[2012.02.20 17:09:18 | 000,070,056 | ---- | M] () -- \Program Files\Autodesk\AutoCAD Civil 3D 2013\AecXUIBaseLoader.dll
[2012.02.22 11:16:50 | 000,318,976 | ---- | M] () -- \Program Files\Autodesk\AutoCAD Civil 3D 2013\EmbeddedSQLiteLoader.dll
[2012.02.07 04:41:07 | 000,010,664 | ---- | M] () -- \Program Files\Autodesk\AutoCAD Civil 3D 2013\en-US\AcAutoLoaderRes.dll
[2014.05.13 22:40:55 | 000,000,452 | ---- | M] () -- \Program Files\Autodesk\AutoCAD Civil 3D 2013\Help\contexthelp\APPAUTOLOADER.htm
[2014.05.13 22:43:36 | 000,008,349 | ---- | M] () -- \Program Files\Autodesk\AutoCAD Civil 3D 2013\Help\scripts\beehive\core\FileLoader.js
[2014.05.13 22:43:39 | 000,007,404 | ---- | M] () -- \Program Files\Autodesk\AutoCAD Civil 3D 2013\Help\scripts\beehive\ui\StylesheetLoader.js
[2014.05.13 22:43:39 | 000,003,208 | ---- | M] () -- \Program Files\Autodesk\AutoCAD Civil 3D 2013\Help\scripts\beehiveSearch\styles\images\loader.gif
[2014.05.13 22:40:33 | 000,008,349 | ---- | M] () -- \Program Files\Autodesk\AutoCAD Civil 3D 2013\Setup\en-us\Setup\en-us\Docs\scripts\beehive\core\FileLoader.js
[2014.05.13 22:40:36 | 000,007,404 | ---- | M] () -- \Program Files\Autodesk\AutoCAD Civil 3D 2013\Setup\en-us\Setup\en-us\Docs\scripts\beehive\ui\StylesheetLoader.js
[2014.05.13 22:40:36 | 000,003,208 | ---- | M] () -- \Program Files\Autodesk\AutoCAD Civil 3D 2013\Setup\en-us\Setup\en-us\Docs\scripts\beehiveSearch\styles\images\loader.gif
[2012.03.03 00:08:54 | 000,063,648 | ---- | M] () -- \Program Files\Autodesk\Inventor 2013\Bin\ClrAddinLoader.dll
[2010.06.23 18:08:48 | 000,034,500 | ---- | M] () -- \Program Files\Autodesk\Inventor Fusion 2013\BusyLoader.ani
[2012.02.13 23:01:26 | 004,888,416 | ---- | M] () -- \Program Files\Autodesk\Vault Basic 2013\Autoloader\Explorer\Autoloader.exe
[2011.06.12 11:25:30 | 000,010,163 | ---- | M] () -- \Program Files\Autodesk\Vault Basic 2013\Autoloader\Explorer\Autoloader.exe.config
[2010.04.19 09:40:24 | 000,005,644 | ---- | M] () -- \Program Files\Autodesk\Vault Basic 2013\Autoloader\Explorer\Autoloader Templates\Autoloader_ArchiveReport.xsl
[2010.04.19 09:40:24 | 000,011,500 | ---- | M] () -- \Program Files\Autodesk\Vault Basic 2013\Autoloader\Explorer\Autoloader Templates\Autoloader_ScanReport.xsl
[2010.04.19 09:40:24 | 000,019,316 | ---- | M] () -- \Program Files\Autodesk\Vault Basic 2013\Autoloader\Explorer\Autoloader Templates\Autoloader_UploadReport.xsl
[2009.06.12 14:03:00 | 000,000,000 | ---- | M] () -- \Program Files\Autodesk\Vault Basic 2013\Autoloader\Explorer\Loc\Autoloader.resources.dll
[2012.01.10 17:58:52 | 000,063,648 | ---- | M] () -- \Program Files\Common Files\Autodesk Shared\DirectConnect2013 (64-bit)\bin\Aruba\Inventor Server\Bin\ClrAddinLoader.dll
[2012.01.30 20:24:26 | 000,041,472 | ---- | M] () -- \Program Files\Common Files\Autodesk Shared\Extensions 2013\Loader\Autodesk.REX.Loader.dll
[2011.07.27 06:31:38 | 000,012,604 | ---- | M] () -- \Program Files\Common Files\Autodesk Shared\Extensions 2013\Loader\Autodesk.REX.Loader.tlb
[2012.01.24 14:18:16 | 000,021,862 | ---- | M] () -- \ProgramData\Autodesk\Civil View\2013\Country Kit AU\Objlibs\Previews\CAT_FRONT_LOADER.png
[2012.01.24 14:18:18 | 002,461,696 | ---- | M] () -- \ProgramData\Autodesk\Civil View\2013\Country Kit AU\Objlibs\Vehicles\CAT_FRONT_LOADER.max
[2012.01.24 14:18:18 | 000,000,168 | ---- | M] () -- \ProgramData\Autodesk\Civil View\2013\Country Kit AU\Objlibs\Vehicles\Front Loader.ini
[2012.01.24 14:18:38 | 000,021,862 | ---- | M] () -- \ProgramData\Autodesk\Civil View\2013\Country Kit NL\Objlibs\Previews\CAT_FRONT_LOADER.png
[2012.01.24 14:18:44 | 002,461,696 | ---- | M] () -- \ProgramData\Autodesk\Civil View\2013\Country Kit NL\Objlibs\Vehicles\CAT_FRONT_LOADER.max
[2012.01.24 14:18:44 | 000,000,168 | ---- | M] () -- \ProgramData\Autodesk\Civil View\2013\Country Kit NL\Objlibs\Vehicles\Front Loader.ini
[2012.01.24 14:19:04 | 000,021,862 | ---- | M] () -- \ProgramData\Autodesk\Civil View\2013\Country Kit UK\Objlibs\Previews\CAT_FRONT_LOADER.png
[2012.01.24 14:19:08 | 002,461,696 | ---- | M] () -- \ProgramData\Autodesk\Civil View\2013\Country Kit UK\Objlibs\Vehicles\CAT_FRONT_LOADER.max
[2012.01.24 14:19:08 | 000,000,168 | ---- | M] () -- \ProgramData\Autodesk\Civil View\2013\Country Kit UK\Objlibs\Vehicles\Front Loader.ini
[2012.01.24 14:19:18 | 000,021,862 | ---- | M] () -- \ProgramData\Autodesk\Civil View\2013\Country Kit US Imperial\Objlibs\Previews\CAT_FRONT_LOADER.png
[2012.01.24 14:19:22 | 002,449,408 | ---- | M] () -- \ProgramData\Autodesk\Civil View\2013\Country Kit US Imperial\Objlibs\Vehicles\CAT_FRONT_LOADER.max
[2012.01.24 14:19:22 | 000,000,168 | ---- | M] () -- \ProgramData\Autodesk\Civil View\2013\Country Kit US Imperial\Objlibs\Vehicles\Front Loader.ini
[2012.01.24 14:19:34 | 000,021,862 | ---- | M] () -- \ProgramData\Autodesk\Civil View\2013\Country Kit US Metric\Objlibs\Previews\CAT_FRONT_LOADER.png
[2012.01.24 14:19:40 | 002,461,696 | ---- | M] () -- \ProgramData\Autodesk\Civil View\2013\Country Kit US Metric\Objlibs\Vehicles\CAT_FRONT_LOADER.max
[2012.01.24 14:19:42 | 000,000,168 | ---- | M] () -- \ProgramData\Autodesk\Civil View\2013\Country Kit US Metric\Objlibs\Vehicles\Front Loader.ini
[2010.06.23 18:08:48 | 000,034,500 | ---- | M] () -- \ProgramData\Autodesk\Inventor Fusion 2013\Design Data\Loader2.ani
[2014.05.13 23:03:12 | 000,001,388 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Autodesk Data Management\Tools\Autodesk Autoloader 2013 for Vault.lnk
[2012.07.08 23:12:05 | 000,001,350 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\Movie Uploader for YouTube\Movie Uploader for YouTube Readme.lnk
[2014.06.28 14:27:40 | 000,002,563 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealPlayer Downloader.lnk
[2012.05.29 09:19:10 | 000,012,512 | ---- | M] () -- \ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\DisabledExt\Chrome\Content\browserrecordloader.js
[2012.05.29 09:19:10 | 000,000,319 | ---- | M] () -- \ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\DisabledExt\Chrome\Content\browserrecordloader.xul
[2014.06.10 17:48:40 | 000,014,763 | ---- | M] () -- \ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\Chrome\Content\browserrecordloader.js
[2014.06.10 16:51:42 | 000,000,319 | ---- | M] () -- \ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\Chrome\Content\browserrecordloader.xul
[2014.06.10 17:54:28 | 000,010,965 | ---- | M] () -- \ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
[2012.01.05 16:37:34 | 000,009,828 | ---- | M] () -- \ProgramData\Skype\Plugins\Plugins\F57B48ADF2224F088EDD1A2B9BAD84E8\Games\8009C35017684284B0BE39D6E4E53955\Loader_50.gif
[2012.01.24 14:18:16 | 000,021,862 | ---- | M] () -- \Users\All Users\Autodesk\Civil View\2013\Country Kit AU\Objlibs\Previews\CAT_FRONT_LOADER.png
[2012.01.24 14:18:18 | 002,461,696 | ---- | M] () -- \Users\All Users\Autodesk\Civil View\2013\Country Kit AU\Objlibs\Vehicles\CAT_FRONT_LOADER.max
[2012.01.24 14:18:18 | 000,000,168 | ---- | M] () -- \Users\All Users\Autodesk\Civil View\2013\Country Kit AU\Objlibs\Vehicles\Front Loader.ini
[2012.01.24 14:18:38 | 000,021,862 | ---- | M] () -- \Users\All Users\Autodesk\Civil View\2013\Country Kit NL\Objlibs\Previews\CAT_FRONT_LOADER.png
[2012.01.24 14:18:44 | 002,461,696 | ---- | M] () -- \Users\All Users\Autodesk\Civil View\2013\Country Kit NL\Objlibs\Vehicles\CAT_FRONT_LOADER.max
[2012.01.24 14:18:44 | 000,000,168 | ---- | M] () -- \Users\All Users\Autodesk\Civil View\2013\Country Kit NL\Objlibs\Vehicles\Front Loader.ini
[2012.01.24 14:19:04 | 000,021,862 | ---- | M] () -- \Users\All Users\Autodesk\Civil View\2013\Country Kit UK\Objlibs\Previews\CAT_FRONT_LOADER.png
[2012.01.24 14:19:08 | 002,461,696 | ---- | M] () -- \Users\All Users\Autodesk\Civil View\2013\Country Kit UK\Objlibs\Vehicles\CAT_FRONT_LOADER.max
[2012.01.24 14:19:08 | 000,000,168 | ---- | M] () -- \Users\All Users\Autodesk\Civil View\2013\Country Kit UK\Objlibs\Vehicles\Front Loader.ini
[2012.01.24 14:19:18 | 000,021,862 | ---- | M] () -- \Users\All Users\Autodesk\Civil View\2013\Country Kit US Imperial\Objlibs\Previews\CAT_FRONT_LOADER.png
[2012.01.24 14:19:22 | 002,449,408 | ---- | M] () -- \Users\All Users\Autodesk\Civil View\2013\Country Kit US Imperial\Objlibs\Vehicles\CAT_FRONT_LOADER.max
[2012.01.24 14:19:22 | 000,000,168 | ---- | M] () -- \Users\All Users\Autodesk\Civil View\2013\Country Kit US Imperial\Objlibs\Vehicles\Front Loader.ini
[2012.01.24 14:19:34 | 000,021,862 | ---- | M] () -- \Users\All Users\Autodesk\Civil View\2013\Country Kit US Metric\Objlibs\Previews\CAT_FRONT_LOADER.png
[2012.01.24 14:19:40 | 002,461,696 | ---- | M] () -- \Users\All Users\Autodesk\Civil View\2013\Country Kit US Metric\Objlibs\Vehicles\CAT_FRONT_LOADER.max
[2012.01.24 14:19:42 | 000,000,168 | ---- | M] () -- \Users\All Users\Autodesk\Civil View\2013\Country Kit US Metric\Objlibs\Vehicles\Front Loader.ini
[2010.06.23 18:08:48 | 000,034,500 | ---- | M] () -- \Users\All Users\Autodesk\Inventor Fusion 2013\Design Data\Loader2.ani
[2014.05.13 23:03:12 | 000,001,388 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\Autodesk\Autodesk Data Management\Tools\Autodesk Autoloader 2013 for Vault.lnk
[2012.07.08 23:12:05 | 000,001,350 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\Canon Utilities\Movie Uploader for YouTube\Movie Uploader for YouTube Readme.lnk
[2014.06.28 14:27:40 | 000,002,563 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealPlayer Downloader.lnk
[2012.05.29 09:19:10 | 000,012,512 | ---- | M] () -- \Users\All Users\Real\RealPlayer\BrowserRecordPlugin\Firefox\DisabledExt\Chrome\Content\browserrecordloader.js
[2012.05.29 09:19:10 | 000,000,319 | ---- | M] () -- \Users\All Users\Real\RealPlayer\BrowserRecordPlugin\Firefox\DisabledExt\Chrome\Content\browserrecordloader.xul
[2014.06.10 17:48:40 | 000,014,763 | ---- | M] () -- \Users\All Users\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\Chrome\Content\browserrecordloader.js
[2014.06.10 16:51:42 | 000,000,319 | ---- | M] () -- \Users\All Users\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\Chrome\Content\browserrecordloader.xul
[2014.06.10 17:54:28 | 000,010,965 | ---- | M] () -- \Users\All Users\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
[2012.01.05 16:37:34 | 000,009,828 | ---- | M] () -- \Users\All Users\Skype\Plugins\Plugins\F57B48ADF2224F088EDD1A2B9BAD84E8\Games\8009C35017684284B0BE39D6E4E53955\Loader_50.gif
[2014.06.30 10:06:46 | 000,174,098 | ---- | M] () -- \Users\benes\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_idhngdhcfkoamngbedgpaokgjbnpdiji\RealPlayer Downloader.ico
[2014.06.30 10:06:46 | 000,000,016 | ---- | M] () -- \Users\benes\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_idhngdhcfkoamngbedgpaokgjbnpdiji\RealPlayer Downloader.ico.md5
[2014.07.01 11:46:16 | 000,072,638 | ---- | M] () -- \Users\benes\AppData\Local\Skype\Apps\login\images\loader.gif
[2014.07.01 11:46:16 | 000,003,032 | ---- | M] () -- \Users\benes\AppData\Local\Skype\Apps\login\images\loader.png
[2014.07.01 11:46:16 | 000,006,012 | ---- | M] () -- \Users\benes\AppData\Local\Skype\Apps\login\images\normal\loader_15fps.gif
[2014.07.01 11:46:16 | 000,021,956 | ---- | M] () -- \Users\benes\AppData\Local\Skype\Apps\login\images\normal\loader_30fps.gif
[2014.07.01 11:46:16 | 000,009,772 | ---- | M] () -- \Users\benes\AppData\Local\Skype\Apps\login\images\retina\loader@2x.png
[2014.05.13 23:03:12 | 000,001,766 | ---- | M] () -- \Users\benes\Documents\Inventor\Autoloader.ipj.lnk
[2012.02.06 20:21:32 | 000,005,202 | ---- | M] () -- \Users\Public\Documents\Autodesk\Vault Basic 2013\Samples\Autoloader\Inventor 2013\Padlock\Autoloader.ipj
[2010.11.15 22:02:32 | 000,013,785 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\68AB67CA920107747706000000000050\10.0.0\bootstraploader.swf
[2012.02.07 04:39:48 | 000,193,960 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\7D2F3875000B9040102000060BECB6AB\10.0.1111\RDF_COMP_AcAutoLoader.arx
[2012.02.07 04:39:48 | 000,193,960 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\7D2F3875100B0000102000060BECB6AB\19.0.55\RDF_COMP_AcAutoLoader.arx
[2012.01.25 13:10:54 | 000,026,024 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\7D2F3875100B0000102000060BECB6AB\19.0.55\RDF_COMP_AecLoader.arx.8909A8D4_60AC_4F11_A304_FE07
[2012.02.07 04:39:48 | 000,193,960 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\7D2F3875400B0000102000060BECB6AB\7.0.50\RDF_COMP_AcAutoLoader.arx
[2012.02.07 04:39:48 | 000,193,960 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\7D2F3875500B0000102000060BECB6AB\17.0.48\RDF_COMP_AcAutoLoader.arx
[2012.01.25 13:10:54 | 000,026,024 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\7D2F3875500B0000102000060BECB6AB\17.0.48\RDF_COMP_AecLoader.arx.8909A8D4_60AC_4F11_A304_FE07
[2012.02.03 05:32:08 | 000,112,128 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\A8640317F35F8964C8903A93AEB3506E\3.0.655\ta_productapiloader..D321D6CC_DBBE_4AC3_8DBD_DFF82BB39BDC
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2010.04.01 13:54:02 | 000,012,532 | ---- | M] () -- \Windows\System32\Adobe\Shockwave 11\shockwave_Projector_Loader.dcr
[2009.09.08 15:50:38 | 000,000,729 | ---- | M] () -- \Windows\System32\spool\drivers\x64\3\Xerox\Product Data\Public\DCPs\x2UNIVI6\V5.0\MTAI\de\e_close_inkloader_door.htm
[2009.07.07 15:03:02 | 000,000,615 | ---- | M] () -- \Windows\System32\spool\drivers\x64\3\Xerox\Product Data\Public\DCPs\x2UNIVI6\V5.0\MTAI\en-us\e_close_inkloader_door.htm
[2009.09.08 15:50:28 | 000,000,714 | ---- | M] () -- \Windows\System32\spool\drivers\x64\3\Xerox\Product Data\Public\DCPs\x2UNIVI6\V5.0\MTAI\es\e_close_inkloader_door.htm
[2009.09.08 15:50:20 | 000,000,761 | ---- | M] () -- \Windows\System32\spool\drivers\x64\3\Xerox\Product Data\Public\DCPs\x2UNIVI6\V5.0\MTAI\fr\e_close_inkloader_door.htm
[2009.09.08 15:50:10 | 000,000,762 | ---- | M] () -- \Windows\System32\spool\drivers\x64\3\Xerox\Product Data\Public\DCPs\x2UNIVI6\V5.0\MTAI\it\e_close_inkloader_door.htm
[2009.09.08 16:07:30 | 000,000,690 | ---- | M] () -- \Windows\System32\spool\drivers\x64\3\Xerox\Product Data\Public\DCPs\x2UNIVI6\V5.0\MTAI\pt-br\e_close_inkloader_door.htm
[2009.09.08 15:50:00 | 000,000,850 | ---- | M] () -- \Windows\System32\spool\drivers\x64\3\Xerox\Product Data\Public\DCPs\x2UNIVI6\V5.0\MTAI\ru\e_close_inkloader_door.htm
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2010.04.01 13:54:02 | 000,012,532 | ---- | M] () -- \Windows\SysWOW64\Adobe\Shockwave 11\shockwave_Projector_Loader.dcr
[2009.07.14 03:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009.07.14 03:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 07:41:11 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17179_none_66b5981d957562a1\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 07:36:06 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21386_none_67316604ae9dcf7e\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 04:12:19 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 07:39:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_69239340abbb38d0\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 08:20:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_695e76beab8ff095\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.29 04:18:31 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22436_none_694dd858ab9ba72a\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.03.04 13:03:17 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22616_none_69637bfcab8b6996\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.04.12 04:28:21 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_69353b6eabae8d55\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 17:17:49 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2009.07.14 17:17:49 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.efi.mui_35ee487d
[2009.07.14 17:17:49 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.exe.mui_3bc5b827
[2009.07.14 17:17:49 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.efi.mui_f412814e
[2009.07.14 17:17:49 | 000,030,288 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.exe.mui_ff8b5358
[2010.08.09 08:39:54 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_de-de_299cd5b40ed6d155.manifest
[2010.08.09 08:39:54 | 000,035,920 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_de-de_299cd5b40ed6d155_winload.efi.mui_35ee487d
[2010.08.09 08:39:54 | 000,035,904 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_de-de_299cd5b40ed6d155_winload.exe.mui_3bc5b827
[2010.08.09 08:39:54 | 000,030,800 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_de-de_299cd5b40ed6d155_winresume.efi.mui_f412814e
[2010.08.09 08:39:54 | 000,030,800 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_de-de_299cd5b40ed6d155_winresume.exe.mui_ff8b5358
[2010.08.09 08:32:22 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a.manifest
[2010.08.09 08:32:22 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winload.efi.mui_35ee487d
[2010.08.09 08:32:22 | 000,033,344 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winload.exe.mui_3bc5b827
[2010.08.09 08:32:22 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winresume.efi.mui_f412814e
[2010.08.09 08:32:22 | 000,029,760 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winresume.exe.mui_ff8b5358
[2011.04.13 09:16:56 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2011.04.13 09:16:56 | 000,642,944 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.efi_75834aa0
[2011.04.13 09:16:56 | 000,605,552 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.exe_75835076
[2011.04.13 09:16:56 | 000,566,208 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.efi_85cd069f
[2011.04.13 09:16:56 | 000,518,672 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.exe_85cd1215
[2009.07.14 04:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 04:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2009.07.14 17:15:51 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2009.07.13 19:20:16 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_de-de_299cd5b40ed6d155.manifest
[2009.07.13 18:44:20 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a.manifest
[2009.07.14 04:13:42 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef.manifest
[2011.02.05 15:09:31 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66.manifest
[2011.02.05 15:04:44 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20897_none_b79c80e49f7bc9f4.manifest
[2010.11.20 07:12:44 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89.manifest
[2011.02.05 19:34:23 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2011.02.05 15:09:57 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e.manifest
[2009.07.14 04:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:56:23 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17179_none_0a96fc99dd17f16b\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:44:10 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21386_none_0b12ca80f6405e48\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:46:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_0d04f7bcf35dc79a\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 07:53:29 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_0d3fdb3af3327f5f\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.29 03:54:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22436_none_0d2f3cd4f33e35f4\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.03.04 12:35:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22616_none_0d44e078f32df860\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.04.12 04:03:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_0d169feaf3511c1f\api-ms-win-core-libraryloader-l1-1-0.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 999 bytes -> C:\ProgramData\Microsoft:kpXCZhwUiAJmmPLoS5PeVEH
@Alternate Data Stream - 1123 bytes -> C:\Program Files\Common Files\Microsoft Shared:D9itsdA74epFesq7M6tYd
@Alternate Data Stream - 1043 bytes -> C:\ProgramData\Microsoft:cR5NJdJihhkIbi84SuOABA7kym5OB6

< End of report >

Tohle ale není log po mazání. Musíte zkopírovat ten skript do dolníhookna OTL a kliknout na opravit. Potřebuji vidět log, ktarý OTL vygeneruje po mazání.

OK, zde je log po mazání

All processes killed
========== OTL ==========
Process rndlresolversvc.exe killed successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=17.0.11\ deleted successfully.
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=17.0.11\ deleted successfully.
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53\ deleted successfully.
C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA}\ deleted successfully.
C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Starting removal of ActiveX control {0E8D0700-75DF-11D3-8B4A-0008C7450C4A}
C:\Windows\Downloaded Program Files\djvu_lite_win32.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0E8D0700-75DF-11D3-8B4A-0008C7450C4A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E8D0700-75DF-11D3-8B4A-0008C7450C4A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0E8D0700-75DF-11D3-8B4A-0008C7450C4A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E8D0700-75DF-11D3-8B4A-0008C7450C4A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
ADS C:\ProgramData\Microsoft:kpXCZhwUiAJmmPLoS5PeVEH deleted successfully.
ADS C:\Program Files\Common Files\Microsoft Shared:D9itsdA74epFesq7M6tYd deleted successfully.
ADS C:\ProgramData\Microsoft:cR5NJdJihhkIbi84SuOABA7kym5OB6 deleted successfully.
========== FILES ==========
C:\Program Files (x86)\RealNetworks\RealDownloader\RPPlugins folder moved successfully.
C:\Program Files (x86)\RealNetworks\RealDownloader\RCAPlugins folder moved successfully.
C:\Program Files (x86)\RealNetworks\RealDownloader\Plugins folder moved successfully.
C:\Program Files (x86)\RealNetworks\RealDownloader\Common folder moved successfully.
C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE folder moved successfully.
C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins folder moved successfully.
C:\Program Files (x86)\RealNetworks\RealDownloader folder moved successfully.
C:\Program Files (x86)\RealNetworks\ProductDetector folder moved successfully.
C:\Program Files (x86)\RealNetworks folder moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
C:\Windows\system32\spool\drivers\x64\{A88FB137-23D5-4CA9-A139-AE077C642C07}\SETACE0.tmp moved successfully.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 3961364 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 57064 bytes

User: All Users

User: benes
->Temp folder emptied: 879368 bytes
->Temporary Internet Files folder emptied: 5423175 bytes
->Java cache emptied: 6720256 bytes
->Google Chrome cache emptied: 7666088 bytes
->Flash cache emptied: 66011 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57311 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 76168 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 751 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 24,00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: benes
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 09072014_195118

Files\Folders moved on Reboot...
C:\Users\Administrator\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NXTU14RP\viewtopic[1].htm moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MFG1JO9E\context[1].htm moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\17828M4G\afr[1].htm moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\17828M4G\afr[2].htm moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\17828M4G\context[1].htm moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\temp\JET3025.tmp moved successfully.
C:\Windows\temp\JET34F5.tmp moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Smazáno. Nastala nějaká změna?

Zatím to vypadá dobře, neseká se mi internet explorer, ani outlook. Což je pro mě nejdůležitější.

Tak to jsem rád!

Tak to já taky, jestli je to vše, mockrát děkuji za pomoc.

Je to vše a vy nemáte zač!