Hodně pomalý PC po kliknutí na link

Zpráva

Domson · #1 Příspěvek od **Domson** » 12 pro 2014 12:02

Dobrý den, vyskytl se mi nehezký problém s mým PC. Klikl jsem na jeden odkaz (kterému jsem důvěřoval) a obávám se, že jsem chytil nějakou havěť, protože se mi z ničeho nic začal sekat počítač. Nejvíc se obávám keyloggeru. Zde je log.txt a prosím o kontrolu.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Dominik at 2014-12-12 11:46:07
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 69 GB (34%) free of 200 GB
Total RAM: 3996 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:46:20, on 12.12.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17420)
Boot mode: Normal

Running processes:
C:\Windows\vsnpstd3.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\tsnpstd3.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Genius\Gila\mousehid.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.8\Lightshot.exe
C:\Program Files (x86)\Genius\Gila\trayicon.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Dominik.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Gila] C:\Program Files (x86)\Genius\Gila\mousehid.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
O4 - HKCU\..\Run: [LightShot] C:\Users\Dominik\AppData\Local\Skillbrains\lightshot\Lightshot.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: DTSAudioService - DTS - C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 10885 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
atieclxx
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe"
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORDTSUPTBT
"C:\Windows\vsnpstd3.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe"
"C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Windows\tsnpstd3.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files (x86)\Genius\Gila\mousehid.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.8\Lightshot.exe"
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s
"C:\Program Files (x86)\Genius\Gila\trayicon.exe"
WLIDSvcM.exe 2548
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-ccd4d308-4dd3-4558-9ad7-a26ccfe39117 -SystemEventPortName:HostProcess-00d79072-66f3-4fd6-b8bc-bccd973a3847 -IoCancelEventPortName:HostProcess-3244132d-664f-4430-b925-4f3932ed5d9b -NonStateChangingEventPortName:HostProcess-a604777e-f54a-400c-afd9-71672c446e49 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:91a46566-96a2-404f-97fc-9ef121e84cd2 -DeviceGroupId:WpdFsGroup
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="5712.0.191933949\669359221" --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,17,38 --disable-accelerated-video-decode --gpu-vendor-id=0x1002 --gpu-device-id=0x6758 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=13.152.1.8000 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="DomRel-Enable/enable/EmbeddedSearch/Group1 pct:10a stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/ControlBootstrap/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/OldAvatarMenu/OmniboxBundledExperimentV1/StableBookmarksIndexURLs/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SPDY/DefaultSpdy31Enabled/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-1-Percent/group_28/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="5712.1.1558717827\77254870" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/DomRel-Enable/enable/EmbeddedSearch/Group1 pct:10a stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/ControlBootstrap/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/OldAvatarMenu/OmniboxBundledExperimentV1/StableBookmarksIndexURLs/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SPDY/DefaultSpdy31Enabled/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-1-Percent/group_28/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="5712.3.144030536\1014947329" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/DomRel-Enable/enable/EmbeddedSearch/Group1 pct:10a stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/ControlBootstrap/ExtensionInstallVerification/Enforce/GCM/Disabled/GoogleNow/Enable/NewProfileManagement/OldAvatarMenu/OmniboxBundledExperimentV1/StableBookmarksIndexURLs/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SPDY/DefaultSpdy31Enabled/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-1-Percent/group_28/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="5712.4.302365154\1705717460" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/DomRel-Enable/enable/EmbeddedSearch/Group1 pct:10a stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/ControlBootstrap/ExtensionInstallVerification/Enforce/GCM/Disabled/GoogleNow/Enable/NewProfileManagement/OldAvatarMenu/OmniboxBundledExperimentV1/StableBookmarksIndexURLs/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SPDY/DefaultSpdy31Enabled/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-1-Percent/group_28/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="5712.5.641796482\1515248346" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/DomRel-Enable/enable/EmbeddedSearch/Group1 pct:10a stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/ControlBootstrap/ExtensionInstallVerification/Enforce/GCM/Disabled/GoogleNow/Enable/NewProfileManagement/OldAvatarMenu/OmniboxBundledExperimentV1/StableBookmarksIndexURLs/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SPDY/DefaultSpdy31Enabled/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-1-Percent/group_28/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="5712.6.2076198499\2041209996" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/DomRel-Enable/enable/EmbeddedSearch/Group1 pct:10a stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/ControlBootstrap/ExtensionInstallVerification/Enforce/GCM/Disabled/GoogleNow/Enable/NewProfileManagement/OldAvatarMenu/OmniboxBundledExperimentV1/StableBookmarksIndexURLs/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SPDY/DefaultSpdy31Enabled/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-1-Percent/group_28/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="5712.7.64745197\372620218" /prefetch:673131151
taskeng.exe {339D37B3-41DD-47A0-8199-1AF6DB2B7BAE}
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/DomRel-Enable/enable/EmbeddedSearch/Group1 pct:10a stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/ControlBootstrap/ExtensionInstallVerification/Enforce/GCM/Disabled/GoogleNow/Enable/NewProfileManagement/OldAvatarMenu/OmniboxBundledExperimentV1/StableBookmarksIndexURLs/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SPDY/DefaultSpdy31Enabled/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-1-Percent/group_28/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="5712.10.1249337556\1170817879" /prefetch:673131151
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe9_ Global\UsGthrCtrlFltPipeMssGthrPipe9 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 536 540 548 65536 544
"C:\Users\Dominik\Desktop\Download\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\AutoKMS.job - C:\Windows\AutoKMS\AutoKMS.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\update-S-1-5-21-1613182640-285911688-2525403288-1000.job - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate
C:\Windows\tasks\update-sys.job - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-07-13 612248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-06-30 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-07-13 457712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení k účtu Microsoft - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}]
Advanced SystemCare Browser Protection - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL [2014-02-20 669504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-06-30 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2013-08-19 7202520]
"RtHDVBg_DTS"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2013-08-07 1321688]
"snpstd3"=C:\Windows\vsnpstd3.exe [2006-05-12 831488]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightShot"=C:\Users\Dominik\AppData\Local\Skillbrains\lightshot\Lightshot.exe []
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2014-11-18 1940160]
"SpybotSD TeaTimer"=C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2014-10-23 6501656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21 959176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04 446392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [2014-05-28 455512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2014-01-10 1861968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2014-12-01 3835728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2013-10-08 766208]
"tsnpstd3"=C:\Windows\tsnpstd3.exe [2007-03-30 262144]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-08-03 4085896]
"Gila"=C:\Program Files (x86)\Genius\Gila\mousehid.exe [2013-01-16 307712]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-05-07 256896]
"LogMeIn Hamachi Ui"=C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2014-12-01 3835728]
"Lightshot"=C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [2014-11-18 226560]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.FPS1"=frapsv64.dll
"wave3"=wdmaud.drv
"mixer3"=wdmaud.drv
"vidc.mjpg"=bdmjpeg64.dll
"vidc.mpeg"=bdmpegv64.dll
"msacm.bdmpeg"=bdmpega64.acm
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-12-12 11:46:08 ----D---- C:\Program Files\trend micro
2014-12-12 11:46:07 ----D---- C:\rsit
2014-12-12 11:20:38 ----A---- C:\TDSSKiller.3.0.0.42_12.12.2014_11.20.38_log.txt
2014-12-06 16:44:41 ----D---- C:\Program Files (x86)\MTA San Andreas 1.4
2014-12-06 15:42:12 ----D---- C:\Program Files (x86)\Grand Theft Auto San Andreas + MultiPlayer [0.3e]
2014-12-02 20:37:15 ----D---- C:\Program Files (x86)\LogMeIn Hamachi
2014-11-28 20:28:15 ----D---- C:\ProgramData\Thunder Network
2014-11-28 20:27:46 ----D---- C:\Users\Dominik\AppData\Roaming\Xiaomi
2014-11-24 17:20:22 ----A---- C:\ProgramData\ntuser.dat
2014-11-24 17:00:31 ----D---- C:\ProgramData\Kaspersky Lab Setup Files
2014-11-22 17:23:52 ----D---- C:\Program Files\CCleaner
2014-11-20 16:41:14 ----A---- C:\Windows\system32\pku2u.dll
2014-11-20 16:41:14 ----A---- C:\Windows\system32\kerberos.dll
2014-11-20 16:41:06 ----A---- C:\Windows\SYSWOW64\pku2u.dll
2014-11-20 16:41:03 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2014-11-20 16:33:36 ----A---- C:\Windows\SYSWOW64\drivers\DrvAgent64.SYS
2014-11-20 16:33:32 ----D---- C:\Program Files (x86)\eSupport.com
2014-11-20 16:21:38 ----A---- C:\Windows\SYSWOW64\XCEEDZIP.DLL
2014-11-20 16:21:38 ----A---- C:\Windows\SYSWOW64\XceedCry.dll
2014-11-20 16:21:36 ----D---- C:\Users\Dominik\AppData\Roaming\Driver Magician
2014-11-20 16:21:36 ----D---- C:\Program Files (x86)\Driver Magician

======List of files/folders modified in the last 1 month======

2014-12-12 11:46:20 ----D---- C:\Windows\Prefetch
2014-12-12 11:46:08 ----D---- C:\Program Files
2014-12-12 11:31:44 ----D---- C:\Program Files (x86)\Steam
2014-12-12 11:24:36 ----D---- C:\ProgramData\Spybot - Search & Destroy
2014-12-12 11:24:31 ----D---- C:\Windows\Temp
2014-12-12 11:24:31 ----D---- C:\Windows
2014-12-12 11:20:48 ----D---- C:\Windows\system32\drivers
2014-12-10 19:14:07 ----D---- C:\Program Files (x86)\Skillbrains
2014-12-10 15:26:14 ----D---- C:\Users\Dominik\AppData\Roaming\vlc
2014-12-10 14:35:14 ----D---- C:\Windows\SysWOW64
2014-12-10 14:35:11 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-12-09 18:01:36 ----D---- C:\ProgramData\ProductData
2014-12-09 14:36:49 ----D---- C:\Users\Dominik\AppData\Roaming\uTorrent
2014-12-09 13:18:00 ----D---- C:\Windows\Logs
2014-12-09 13:18:00 ----D---- C:\Windows\inf
2014-12-06 22:51:26 ----D---- C:\Users\Dominik\AppData\Roaming\Skype
2014-12-06 21:51:58 ----D---- C:\Users\Dominik\AppData\Roaming\DivX
2014-12-06 16:46:31 ----AHD---- C:\ProgramData
2014-12-06 16:46:31 ----AD---- C:\ProgramData\MTA San Andreas All
2014-12-06 16:44:41 ----RD---- C:\Program Files (x86)
2014-12-06 16:24:51 ----D---- C:\Windows\SYSWOW64\directx
2014-12-05 11:57:08 ----D---- C:\Users\Dominik\AppData\Roaming\XBMC
2014-12-05 11:02:35 ----D---- C:\Windows\system32\catroot2
2014-12-02 22:03:54 ----D---- C:\Windows\SoftwareDistribution
2014-12-02 20:37:27 ----SHD---- C:\Windows\Installer
2014-11-28 17:38:27 ----D---- C:\Windows\system32\config
2014-11-24 17:32:32 ----D---- C:\Windows\system32\catroot
2014-11-24 17:20:32 ----SHD---- C:\System Volume Information
2014-11-24 16:48:23 ----D---- C:\Windows\winsxs
2014-11-24 16:38:49 ----D---- C:\Users\Dominik\AppData\Roaming\Bitcoin
2014-11-24 16:35:16 ----D---- C:\Users\Dominik\AppData\Roaming\Spintires
2014-11-24 16:34:30 ----D---- C:\Program Files (x86)\IObit
2014-11-24 16:34:24 ----D---- C:\Windows\system32\Tasks
2014-11-22 17:38:11 ----D---- C:\Windows\debug
2014-11-21 06:42:47 ----D---- C:\Windows\System32
2014-11-20 16:33:36 ----D---- C:\Windows\SYSWOW64\drivers
2014-11-18 20:47:19 ----D---- C:\Windows\rescache
2014-11-13 17:43:48 ----D---- C:\Windows\Microsoft.NET
2014-11-13 17:42:16 ----RSD---- C:\Windows\assembly
2014-11-13 16:05:05 ----D---- C:\Windows\Tasks
2014-11-13 06:37:47 ----SD---- C:\Windows\system32\CompatTel
2014-11-13 06:37:43 ----D---- C:\Windows\SYSWOW64\en-US
2014-11-13 06:37:43 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-11-13 06:37:43 ----D---- C:\Windows\system32\cs-CZ
2014-11-13 06:37:43 ----D---- C:\Program Files\Internet Explorer
2014-11-13 06:37:42 ----D---- C:\Windows\system32\en-US
2014-11-13 06:37:41 ----D---- C:\Program Files (x86)\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys [2012-04-11 82560]
R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys [2012-04-11 42624]
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-07-13 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-07-13 224896]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-07-13 93568]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-11-22 1041168]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-07-13 427360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R2 AODDriver4.2;AODDriver4.2; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-11-20 57512]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-07-13 29208]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-07-13 79184]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-07-13 92008]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-10-08 12534784]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2013-10-08 619008]
R3 asmthub3;ASMedia USB3 Hub Service; C:\Windows\system32\DRIVERS\asmthub3.sys [2013-06-24 140032]
R3 asmtxhci;ASMEDIA XHCI Service; C:\Windows\system32\DRIVERS\asmtxhci.sys [2013-06-24 420608]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2013-07-05 96256]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2013-08-21 3591000]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2012-12-26 805088]
R3 ScreamBAudioSvc;ScreamBee Audio; C:\Windows\system32\drivers\ScreamingBAudio64.sys [2010-07-01 38992]
R3 SNPSTD3;USB PC Camera (SNPSTD3); C:\Windows\system32\DRIVERS\snpstd3.sys [2006-06-27 10443008]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2012-08-28 58536]
S3 busenum;SteelBusSvc; C:\Windows\system32\DRIVERS\SteelBus64.sys [2014-05-29 146944]
S3 DrvAgent64;DrvAgent64; \??\C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [2014-11-20 21712]
S3 FairplayKD;FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys []
S3 LtFilter;HID Filter Driver; C:\Windows\system32\drivers\LtFilter.sys [2011-07-06 44016]
S3 LtHidLo;USB Filter Driver; C:\Windows\system32\drivers\LtHidLo.sys [2011-07-06 36976]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2014-11-09 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2014-11-09 57856]
S3 tsusbhub;tsusbhub; C:\Windows\system32\drivers\tsusbhub.sys []
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinRing0_1_2_0;WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys []
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-09-12 64704]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2013-10-08 239616]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-10-08 344064]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-07-13 50344]
R2 DTSAudioService;DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [2011-05-31 210024]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2014-12-01 2530128]
R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-11-14 417552]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2014-06-02 76888]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-06 116648]
S2 LiveUpdateSvc;LiveUpdate; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-04-08 2152768]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10 267440]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-06 116648]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-11-06 114688]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-11-18 833728]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-01-08 1255736]
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 12 pro 2014 12:30

Zdravim

Jen se zeptam pouzivate legalni operacni system, nejvyssi licence (v hodnote nejake tisic) Ultimate zrovna neni bezna domaci verze

Domson · #3 Příspěvek od **Domson** » 12 pro 2014 13:50

@vyosek
To bych pravděpodobně měl mít. Windows mi žádné problémy s nelegálností nehlásí.

#4 Příspěvek od **vyosek** » 12 pro 2014 16:02

Tak ona neni legalnost jako legalnost. Bud jej mam zakoupeny (a mam doklad, krabici nebo nalepku) a nebo to mam cinknute a "legalni" mi jej udelal aktivator...

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5 

*crack* /s
*keygen* /s
*loader* /s

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku

Domson · #5 Příspěvek od **Domson** » 12 pro 2014 17:43

OTL:

Kód: Vybrat vše

OTL logfile created on: 12.12.2014 16:36:39 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dominik\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
 
3,90 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 60,21% Memory free
7,80 Gb Paging File | 5,94 Gb Available in Paging File | 76,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,31 Gb Total Space | 67,16 Gb Free Space | 34,39% Space Free | Partition Type: NTFS
Drive D: | 97,65 Gb Total Space | 28,54 Gb Free Space | 29,23% Space Free | Partition Type: NTFS
Drive E: | 736,20 Gb Total Space | 506,95 Gb Free Space | 68,86% Space Free | Partition Type: NTFS
Drive F: | 368,10 Gb Total Space | 321,66 Gb Free Space | 87,38% Space Free | Partition Type: NTFS
 
Computer Name: DOMINIK-PC | User Name: Dominik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2014.12.12 16:35:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dominik\Downloads\OTL.exe
PRC - [2014.12.10 12:15:38 | 000,477,184 | ---- | M] (Skillbrains) -- C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.8\Lightshot.exe
PRC - [2014.12.01 15:51:42 | 003,835,728 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2014.11.18 21:23:36 | 001,519,808 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
PRC - [2014.11.18 21:23:34 | 001,940,160 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2014.11.18 21:23:34 | 000,833,728 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2014.09.12 10:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014.08.03 09:25:15 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014.07.13 13:18:44 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014.06.02 20:29:29 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013.01.16 12:38:16 | 000,307,712 | ---- | M] () -- C:\Program Files (x86)\Genius\Gila\mousehid.exe
PRC - [2012.06.10 19:01:44 | 000,222,720 | ---- | M] () -- C:\Program Files (x86)\Genius\Gila\trayicon.exe
PRC - [2009.01.26 14:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007.03.30 17:44:20 | 000,262,144 | ---- | M] (SONIX) -- C:\Windows\tsnpstd3.exe
PRC - [2006.05.12 11:27:04 | 000,831,488 | ---- | M] () -- C:\Windows\vsnpstd3.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2014.11.18 21:23:50 | 002,227,904 | ---- | M] () -- C:\Program Files (x86)\Steam\video.dll
MOD - [2014.11.18 21:23:34 | 000,690,880 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2014.11.11 19:48:12 | 001,171,456 | ---- | M] () -- C:\Program Files (x86)\Steam\libavcodec-56.dll
MOD - [2014.11.11 19:48:12 | 000,485,888 | ---- | M] () -- C:\Program Files (x86)\Steam\libswscale-3.dll
MOD - [2014.11.11 19:48:12 | 000,442,368 | ---- | M] () -- C:\Program Files (x86)\Steam\libavutil-54.dll
MOD - [2014.11.11 19:48:12 | 000,403,968 | ---- | M] () -- C:\Program Files (x86)\Steam\libavformat-56.dll
MOD - [2014.11.11 19:48:12 | 000,332,800 | ---- | M] () -- C:\Program Files (x86)\Steam\libavresample-2.dll
MOD - [2014.11.11 19:48:04 | 034,589,888 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2014.11.11 19:48:02 | 000,837,824 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
MOD - [2014.11.11 19:47:56 | 000,774,656 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2014.07.13 13:18:45 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014.07.13 13:18:45 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
MOD - [2013.01.16 12:38:16 | 000,307,712 | ---- | M] () -- C:\Program Files (x86)\Genius\Gila\mousehid.exe
MOD - [2013.01.15 17:06:32 | 000,061,952 | ---- | M] () -- C:\Program Files (x86)\Genius\Gila\HidDevice.dll
MOD - [2012.06.10 19:01:44 | 000,222,720 | ---- | M] () -- C:\Program Files (x86)\Genius\Gila\trayicon.exe
MOD - [2006.05.12 11:27:04 | 000,831,488 | ---- | M] () -- C:\Windows\vsnpstd3.exe
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2014.11.06 04:30:08 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:[/b] - [2014.07.13 13:18:44 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:[b]64bit:[/b] - [2013.10.08 13:52:58 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:[b]64bit:[/b] - [2013.10.08 09:34:38 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:[b]64bit:[/b] - [2013.05.27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2011.05.31 02:42:06 | 000,210,024 | ---- | M] (DTS) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe -- (DTSAudioService)
SRV:[b]64bit:[/b] - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014.12.10 14:35:12 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.12.01 15:51:22 | 002,530,128 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2014.11.18 21:23:34 | 000,833,728 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014.11.14 18:28:26 | 000,417,552 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2014.09.12 10:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014.06.02 20:29:29 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2014.04.08 16:24:28 | 002,152,768 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2014.03.20 23:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013.10.23 07:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.09.11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2014.11.22 15:14:18 | 001,041,168 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:[b]64bit:[/b] - [2014.11.09 16:33:49 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2014.11.09 16:33:49 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2014.07.13 13:19:24 | 000,427,360 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:[b]64bit:[/b] - [2014.07.13 13:18:57 | 000,224,896 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:[b]64bit:[/b] - [2014.07.13 13:18:57 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:[b]64bit:[/b] - [2014.07.13 13:18:57 | 000,092,008 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:[b]64bit:[/b] - [2014.07.13 13:18:57 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:[b]64bit:[/b] - [2014.07.13 13:18:57 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:[b]64bit:[/b] - [2014.07.13 13:18:57 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:[b]64bit:[/b] - [2014.05.29 18:06:16 | 000,146,944 | ---- | M] (SteelSeries Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SteelBus64.sys -- (busenum)
DRV:[b]64bit:[/b] - [2013.10.08 14:58:42 | 012,534,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:[b]64bit:[/b] - [2013.10.08 13:27:46 | 000,619,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:[b]64bit:[/b] - [2013.07.05 09:40:38 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:[b]64bit:[/b] - [2013.06.24 13:36:12 | 000,420,608 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:[b]64bit:[/b] - [2013.06.24 13:36:12 | 000,140,032 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:[b]64bit:[/b] - [2012.12.26 18:26:12 | 000,805,088 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2012.11.20 13:55:42 | 000,057,512 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:[b]64bit:[/b] - [2012.08.28 13:27:24 | 000,058,536 | R--- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:[b]64bit:[/b] - [2012.04.11 02:40:58 | 000,082,560 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:[b]64bit:[/b] - [2012.04.11 02:40:58 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:[b]64bit:[/b] - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011.07.06 10:23:58 | 000,044,016 | ---- | M] (Force Feedback Wheel) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LtFilter.sys -- (LtFilter)
DRV:[b]64bit:[/b] - [2011.07.06 10:23:58 | 000,036,976 | ---- | M] (Force Feedback Wheel) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LtHidLo.sys -- (LtHidLo)
DRV:[b]64bit:[/b] - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010.07.01 14:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:[b]64bit:[/b] - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:[b]64bit:[/b] - [2006.06.27 13:50:10 | 010,443,008 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snpstd3.sys -- (SNPSTD3)
DRV - [2014.11.20 16:33:36 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.04.03 19:25:08 | 010,246,144 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\snpstd3.sys -- (SNPSTD3)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1613182640-285911688-2525403288-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1613182640-285911688-2525403288-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKU\S-1-5-21-1613182640-285911688-2525403288-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
[color=#E56717]========== FireFox ==========[/color]
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Dominik\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014.07.13 13:18:59 | 000,000,000 | ---D | M]
 
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll
CHR - Extension: No name found = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.8_0\
CHR - Extension: No name found = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg\1.0.38_0\
CHR - Extension: No name found = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck\10.0.2502.149_0\
CHR - Extension: No name found = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.14.4_0\
CHR - Extension: No name found = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.0.2502.149_0\
CHR - Extension: No name found = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfijmgohofmpjlcgmjplbpmkpchdhpk\1.7_0\
CHR - Extension: No name found = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Gila] C:\Program Files (x86)\Genius\Gila\mousehid.exe ()
O4 - HKLM..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe (SONIX)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1613182640-285911688-2525403288-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-1613182640-285911688-2525403288-1000..\Run: [LightShot] C:\Users\Dominik\AppData\Local\Skillbrains\lightshot\Lightshot.exe File not found
O4 - HKU\S-1-5-21-1613182640-285911688-2525403288-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-1613182640-285911688-2525403288-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB6A8A57-2F49-4477-9C27-18C37B5285DF}: DhcpNameServer = 192.168.1.254
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.12.04 18:06:24 | 000,000,095 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4ee6cd17-5e75-11e3-8f8c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4ee6cd17-5e75-11e3-8f8c-806e6f6e6963}\Shell\AutoRun\command - "" = G:\.\Bin\ASSETUP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
NetSvcs:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
Drivers32:[b]64bit:[/b] msacm.bdmpeg - bdmpega64.acm ()
Drivers32:[b]64bit:[/b] msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:[b]64bit:[/b] VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:[b]64bit:[/b] vidc.mjpg - bdmjpeg64.dll ()
Drivers32:[b]64bit:[/b] vidc.mpeg - bdmpegv64.dll ()
Drivers32: msacm.bdmpeg - C:\Windows\SysWow64\bdmpega.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.mjpg - C:\Windows\SysWow64\bdmjpeg.dll ()
Drivers32: vidc.mpeg - C:\Windows\SysWow64\bdmpegv.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
 
[color=#E56717]========== Files/Folders - Created Within 7 Days ==========[/color]
 
[2014.12.12 16:34:30 | 000,000,000 | -HSD | C] -- C:\Users\Dominik\AppData\Local\EmieBrowserModeList
[2014.12.12 11:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014.12.12 11:46:07 | 000,000,000 | ---D | C] -- C:\rsit
[2014.12.12 11:19:46 | 004,187,592 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Dominik\Desktop\TDSSKiller.exe
[2014.12.10 19:14:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
[2014.12.06 16:46:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTA San Andreas 1.4
[2014.12.06 16:44:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MTA San Andreas 1.4
[2014.12.06 16:28:30 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Documents\GTA San Andreas User Files
[2014.12.06 16:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grand Theft Auto San Andreas + MultiPlayer [0.3e]
[2014.12.06 15:42:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Grand Theft Auto San Andreas + MultiPlayer [0.3e]
[1 C:\Users\Dominik\AppData\Local\*.tmp files -> C:\Users\Dominik\AppData\Local\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 7 Days ==========[/color]
 
[2014.12.12 16:39:19 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014.12.12 16:35:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.12.12 16:32:59 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.12.12 16:32:52 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.12.12 16:15:01 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.12.12 16:14:31 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2014.12.12 16:14:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.12.12 16:14:05 | 3142,852,608 | -HS- | M] () -- C:\hiberfil.sys
[2014.12.12 15:45:28 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-1613182640-285911688-2525403288-1000.job
[2014.12.12 15:13:46 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.12.12 13:04:00 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\update-sys.job
[2014.12.12 00:46:02 | 004,187,592 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Dominik\Desktop\TDSSKiller.exe
[2014.12.11 21:50:06 | 000,088,662 | ---- | M] () -- C:\Users\Dominik\Desktop\Bez názvu-1.jpg
[2014.12.11 17:11:55 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014.12.10 19:14:09 | 000,000,424 | ---- | M] () -- C:\Users\Dominik\AppData\Local\UserProducts.xml
[2014.12.10 14:35:11 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014.12.10 14:35:11 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014.12.06 16:46:17 | 000,002,120 | ---- | M] () -- C:\Users\Public\Desktop\MTA San Andreas 1.4.lnk
[2014.12.05 18:43:21 | 000,004,178 | ---- | M] () -- C:\Users\Dominik\Documents\cc_20141205_184309.reg
[1 C:\Users\Dominik\AppData\Local\*.tmp files -> C:\Users\Dominik\AppData\Local\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2014.12.12 16:39:19 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014.12.11 21:50:04 | 000,088,662 | ---- | C] () -- C:\Users\Dominik\Desktop\Bez názvu-1.jpg
[2014.12.06 16:46:17 | 000,002,120 | ---- | C] () -- C:\Users\Public\Desktop\MTA San Andreas 1.4.lnk
[2014.12.05 18:43:14 | 000,004,178 | ---- | C] () -- C:\Users\Dominik\Documents\cc_20141205_184309.reg
[2014.11.20 16:21:38 | 000,110,602 | ---- | C] () -- C:\Windows\SysWow64\xcdsfx32.bin
[2014.11.10 16:05:41 | 000,000,000 | ---- | C] () -- C:\Users\Dominik\AppData\Local\{58A824F9-4735-4B87-80F7-FB51D4C4ED64}
[2014.11.06 15:27:51 | 000,000,000 | ---- | C] () -- C:\Users\Dominik\AppData\Local\{D48BC519-540C-4626-9F4D-5F418626B6D5}
[2014.10.27 12:42:40 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll
[2014.09.10 14:16:11 | 000,000,000 | -HS- | C] () -- C:\Users\Dominik\AppData\Local\LumaEmu
[2014.07.14 09:34:14 | 000,007,605 | ---- | C] () -- C:\Users\Dominik\AppData\Local\Resmon.ResmonCfg
[2014.06.24 15:50:49 | 000,001,480 | ---- | C] () -- C:\Users\Dominik\AppData\Local\Adobe Uložit pro web 13.0 Prefs
[2014.06.24 15:42:56 | 000,000,132 | ---- | C] () -- C:\Users\Dominik\AppData\Roaming\Adobe Formát BMP CS6 – předvolby
[2014.06.24 15:40:01 | 000,000,132 | ---- | C] () -- C:\Users\Dominik\AppData\Roaming\Adobe Formát GIF CS6 – předvolby
[2014.06.19 05:08:11 | 000,000,024 | ---- | C] () -- C:\Users\Dominik\AppData\Roaming\temp.ini
[2014.06.02 20:22:20 | 000,290,184 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014.06.02 20:22:17 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2014.03.16 17:49:32 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2014.03.16 17:49:22 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\nvPhotoshopUtil.dll
[2014.03.16 17:49:22 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll
[2014.02.20 17:14:02 | 000,179,377 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2014.02.09 13:36:53 | 000,000,054 | ---- | C] () -- C:\Users\Dominik\AppData\Roaming\updater.cfg
[2014.02.06 16:32:29 | 000,000,132 | ---- | C] () -- C:\Users\Dominik\AppData\Roaming\Adobe Formát PNG CS6 – předvolby
[2013.12.22 18:20:28 | 001,216,471 | ---- | C] () -- C:\Windows\unins000.exe
[2013.12.22 18:20:28 | 000,048,334 | ---- | C] () -- C:\Windows\unins000.dat
[2013.12.06 19:13:26 | 000,000,424 | ---- | C] () -- C:\Users\Dominik\AppData\Local\UserProducts.xml
[2013.12.06 15:41:30 | 000,831,488 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2013.12.06 15:41:30 | 000,172,032 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnpstd3.dll
[2013.12.06 15:41:30 | 000,061,440 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpstd3.dll
[2013.12.06 15:41:30 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[2013.12.06 09:24:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013.12.06 08:46:25 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013.12.06 08:35:24 | 001,558,264 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.12.06 08:26:42 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2013.12.06 08:26:31 | 000,035,976 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2013.10.08 14:39:08 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013.10.08 14:39:08 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013.10.08 13:56:12 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013.10.08 13:56:12 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013.10.08 09:45:08 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2013.08.05 07:15:08 | 000,066,104 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2013.08.05 07:15:06 | 000,023,080 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014.06.25 03:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.06.25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2014.09.13 10:46:59 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2014.09.13 10:46:59 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
[2014.06.12 19:48:58 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\.minecraft
[2013.12.08 20:11:07 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Arrowhead
[2013.12.06 16:10:41 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\AVAST Software
[2014.06.12 17:18:17 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\BANDISOFT
[2014.11.24 16:38:49 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Bitcoin
[2014.11.20 16:21:37 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Driver Magician
[2014.04.06 18:00:12 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\FlowStone
[2014.04.06 18:00:32 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Image-Line
[2014.02.22 15:00:10 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\IObit
[2013.12.22 18:20:34 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\KYE Gila
[2014.07.18 19:51:00 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\LEGO Company
[2014.01.03 13:03:38 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\MAXON
[2013.12.06 17:16:30 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Notepad++
[2014.04.22 06:13:09 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Oracle
[2014.04.30 14:34:39 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Orbit
[2014.06.03 05:10:34 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Origin
[2014.04.13 11:55:21 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\ProductData
[2014.04.30 14:28:20 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\ProgSense
[2014.01.09 14:15:30 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Publish Providers
[2014.02.09 13:35:00 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Red Giant Link
[2014.05.13 15:35:19 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Screaming Bee
[2014.02.22 15:12:05 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Sony
[2014.11.24 16:35:16 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Spintires
[2013.12.08 11:44:02 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2014.10.07 14:26:44 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\SteelSeries
[2014.07.13 18:33:27 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Stencyl
[2014.02.26 19:40:17 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\TS3Client
[2014.12.09 14:36:49 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\uTorrent
[2014.12.05 11:57:08 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\XBMC
[2014.11.28 20:27:46 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Xiaomi
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
[color=#A23BEC]<  >[/color]
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,560 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013.12.06 16:08:08 | 000,000,948 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013.12.06 16:08:08 | 000,000,952 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013.12.06 19:13:26 | 000,000,392 | ---- | C] () -- C:\Windows\Tasks\update-S-1-5-21-1613182640-285911688-2525403288-1000.job
[2013.12.06 19:13:26 | 000,000,392 | ---- | C] () -- C:\Windows\Tasks\update-sys.job
[2013.12.23 10:41:28 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2014.05.07 05:48:52 | 000,000,266 | ---- | C] () -- C:\Windows\Tasks\AutoKMS.job
 
[color=#A23BEC]<  >[/color]
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys
 
[color=#A23BEC]< MD5 for: AUTOCHK.EXE  >[/color]
[2010.11.20 14:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010.11.20 14:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2009.07.14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009.07.14 02:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
[2010.11.20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010.11.20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe
 
[color=#A23BEC]< MD5 for: CDROM.SYS  >[/color]
[2009.07.14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
[2010.11.20 10:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010.11.20 10:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010.11.20 10:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
[color=#A23BEC]< MD5 for: HAL.DLL  >[/color]
[2009.07.14 02:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
[2010.11.20 14:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\SysNative\hal.dll
[2010.11.20 14:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll
 
[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
[color=#A23BEC]< MD5 for: SERVICES.EXE  >[/color]
[2009.07.14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009.07.14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
[color=#A23BEC]< MD5 for: SVCHOST.EXE  >[/color]
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
[color=#A23BEC]< MD5 for: TCPIP.SYS  >[/color]
[2014.04.05 03:47:20 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=04ADD18EE5CC9FBEDAEC1DD1CD0CB45E -- C:\Windows\SysNative\drivers\tcpip.sys
[2014.04.05 03:47:20 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=04ADD18EE5CC9FBEDAEC1DD1CD0CB45E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18438_none_113260637d1284ef\tcpip.sys
[2012.10.03 18:56:54 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[2013.09.08 03:30:37 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_1118bb977d265d27\tcpip.sys
[2014.04.05 03:37:43 | 001,897,408 | ---- | M] (Microsoft Corporation) MD5=4F80944B03112F486212DC20BE166079 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22648_none_11b12f2896383dd1\tcpip.sys
[2010.11.20 14:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2013.01.04 06:41:01 | 001,893,224 | ---- | M] (Microsoft Corporation) MD5=5CFB7AB8F9524D1A1E14369DE63B83CC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.17206_none_0f6a6af57fd59de6\tcpip.sys
[2013.01.03 06:57:12 | 001,876,824 | ---- | M] (Microsoft Corporation) MD5=692969AB90BDA19F56E27BF89A9260E2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21415_none_0fe8397098fc3d71\tcpip.sys
[2013.09.07 03:27:48 | 001,896,896 | ---- | M] (Microsoft Corporation) MD5=75F9106B74585D38C8FF6BB5CAD262D7 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_11ad2a34963bde27\tcpip.sys
[2009.07.14 02:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2013.07.06 06:20:38 | 001,900,992 | ---- | M] (Microsoft Corporation) MD5=B27F13153343BC37A27EAE01634D94E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_1190b9b296509a2f\tcpip.sys
[2013.01.03 07:00:54 | 001,913,192 | ---- | M] (Microsoft Corporation) MD5=B62A953F2BF3922C8764A29C34A22899 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_112187237d20143a\tcpip.sys
[2013.01.04 06:47:43 | 001,901,416 | ---- | M] (Microsoft Corporation) MD5=B8C1AAC0523E1C33AEB0EF7572144BA2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_11dd678a9616f2c8\tcpip.sys
[2012.10.03 18:44:29 | 001,902,472 | ---- | M] (Microsoft Corporation) MD5=D5707FC2300AA5B04B7BFE86D40C0133 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys
[2013.07.06 07:03:53 | 001,910,208 | ---- | M] (Microsoft Corporation) MD5=DB74544B75566C974815E79A62433F29 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_114dcae97cfeb81b\tcpip.sys
[2013.11.26 12:34:34 | 001,897,408 | ---- | M] (Microsoft Corporation) MD5=F55B41AA6114568AC558ADBABDA85620 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22525_none_11c3cc3c962abcc3\tcpip.sys
 
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2014.03.04 12:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014.03.04 10:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[2014.07.17 03:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\SysNative\winlogon.exe
[2014.07.17 03:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_cdc47ed1ebad0e4e\winlogon.exe
[2014.07.16 04:23:23 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=98AA0BFEE089C7E5DADB94190D93456C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_ce434d9704d2c730\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
[color=#A23BEC]<  >[/color]
 
[color=#A23BEC]< %systemroot%*.* /U /s >[/color]
[6 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[10 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[23 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]
 
[color=#A23BEC]< %APPDATA%\*. >[/color]
[2014.06.12 19:48:58 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\.minecraft
[2014.06.24 15:33:47 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Adobe
[2014.02.22 15:00:12 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Apple Computer
[2013.12.08 20:11:07 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Arrowhead
[2013.12.06 09:25:01 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\ATI
[2013.12.06 16:10:41 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\AVAST Software
[2014.06.12 17:18:17 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\BANDISOFT
[2014.11.24 16:38:49 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Bitcoin
[2014.12.06 21:51:58 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\DivX
[2014.11.20 16:21:37 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Driver Magician
[2014.04.06 18:00:12 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\FlowStone
[2013.12.06 08:06:25 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Identities
[2014.04.06 18:00:32 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Image-Line
[2013.12.06 15:50:39 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\InstallShield
[2014.02.22 15:00:10 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\IObit
[2013.12.22 18:20:34 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\KYE Gila
[2014.07.18 19:51:00 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\LEGO Company
[2013.12.07 09:27:24 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Macromedia
[2014.01.03 13:03:38 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\MAXON
[2009.07.14 16:36:38 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Media Center Programs
[2014.09.10 14:17:28 | 000,000,000 | --SD | M] -- C:\Users\Dominik\AppData\Roaming\Microsoft
[2013.12.06 17:16:30 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Notepad++
[2014.04.22 06:13:09 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Oracle
[2014.04.30 14:34:39 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Orbit
[2014.06.03 05:10:34 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Origin
[2014.04.13 11:55:21 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\ProductData
[2014.04.30 14:28:20 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\ProgSense
[2014.01.09 14:15:30 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Publish Providers
[2014.02.09 13:35:00 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Red Giant Link
[2014.05.13 15:35:19 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Screaming Bee
[2014.12.06 22:51:26 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Skype
[2014.02.22 15:12:05 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Sony
[2014.11.24 16:35:16 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Spintires
[2013.12.08 11:44:02 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2014.10.07 14:26:44 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\SteelSeries
[2014.07.13 18:33:27 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Stencyl
[2014.02.26 19:40:17 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\TS3Client
[2014.12.09 14:36:49 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\uTorrent
[2014.12.10 15:26:14 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\vlc
[2013.12.06 15:46:21 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\WinRAR
[2014.12.05 11:57:08 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\XBMC
[2014.11.28 20:27:46 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Xiaomi
 
[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2014.02.22 15:00:05 | 000,588,608 | ---- | M] () -- C:\Users\Dominik\AppData\Roaming\IObit\IObit Uninstaller\Install_PintoStartMenutemp.exe
[2014.02.22 15:00:05 | 000,629,568 | ---- | M] () -- C:\Users\Dominik\AppData\Roaming\IObit\IObit Uninstaller\UninstallDisplaytemp.exe
[2014.01.21 11:06:26 | 002,129,728 | ---- | M] (IObit) -- C:\Users\Dominik\AppData\Roaming\IObit\IObit Uninstaller\UninstallPromotetemp.exe
[2014.02.09 13:35:00 | 000,104,960 | ---- | M] () -- C:\Users\Dominik\AppData\Roaming\Red Giant Link\tools\RGLicenseCheck.exe
[2013.10.10 09:00:00 | 000,393,728 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Dominik\AppData\Roaming\uTorrent\utorrent.exe
[2013.11.21 13:26:37 | 000,248,264 | ---- | M] (深圳市迅雷网络技术有限公司) -- C:\Users\Dominik\AppData\Roaming\Xiaomi\MiPhoneManager\Plugin\xunlei\download\MiniThunderPlatform.exe
[2013.11.21 14:10:53 | 000,248,264 | ---- | M] () -- C:\Users\Dominik\AppData\Roaming\Xiaomi\MiPhoneManager\Plugin\xunlei\download\XLBugReport.exe
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2014.11.06 03:03:36 | 012,819,456 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\system32\ieframe.dll
 
[color=#A23BEC]< %systemroot%\Tasks\*.job >[/color]
[2014.12.12 16:35:00 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2014.12.12 16:14:31 | 000,000,266 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job
[2014.12.12 16:15:01 | 000,000,948 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2014.12.12 17:10:41 | 000,000,952 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2014.12.12 15:45:28 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\update-S-1-5-21-1613182640-285911688-2525403288-1000.job
[2014.12.12 17:04:17 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\update-sys.job
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2014.11.06 03:03:36 | 012,819,456 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\system32\ieframe.dll
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /3 >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.* /3 >[/color]
[2014.12.10 14:35:11 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerApp.exe
[2014.12.10 14:35:11 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerCPLApp.cpl
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
[color=#A23BEC]<  >[/color]
 
[color=#A23BEC]< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >[/color]
"LightShot" = C:\Users\Dominik\AppData\Local\Skillbrains\lightshot\Lightshot.exe
"Steam" = "C:\Program Files (x86)\Steam\steam.exe" -silent -- [2014.11.18 21:23:34 | 001,940,160 | ---- | M] (Valve Corporation)
"SpybotSD TeaTimer" = C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe -- [2009.01.26 14:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited)
"CCleaner Monitoring" = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR -- [2014.10.23 16:21:34 | 006,501,656 | ---- | M] (Piriform Ltd)
 
[color=#A23BEC]<  >[/color]
 
[color=#A23BEC]< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >[/color]
 
[color=#A23BEC]< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >[/color]
[2014.11.07 20:23:39 | 000,815,280 | ---- | M] (Microsoft Corporation) MD5=591C6FD1541BAFAEEE82B1F5831C8532 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
 
[color=#A23BEC]< %PROGRAMFILES%\Opera\opera.exe /md5 >[/color]
 
[color=#A23BEC]< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >[/color]
[2014.12.06 02:50:53 | 000,856,904 | ---- | M] (Google Inc.) MD5=5F3587E344F2990B59C941FB405CAA0F -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
[color=#A23BEC]<  >[/color]
 
[color=#A23BEC]< %SystemDrive%\PhysicalMBR.bin /md5  >[/color]
[2014.12.12 16:39:19 | 000,000,512 | ---- | M] () MD5=3180025C074409FE8965DD18AFBF4F85 -- C:\PhysicalMBR.bin
 
[color=#A23BEC]<  >[/color]
 
[color=#A23BEC]< *crack* /s >[/color]
[2003.12.05 12:52:40 | 000,000,796 | ---- | M] () -- \Program Files (x86)\Grand Theft Auto San Andreas + MultiPlayer [0.3e]\data\Decision\Craig\crack1.ped
[2013.03.12 11:47:38 | 000,007,624 | ---- | M] () -- \Program Files (x86)\Image-Line\FL Studio 11\Data\Patches\Packs\Drums\Percussion\FPC Ice Crack.wav
[2012.10.02 09:41:48 | 000,000,400 | ---- | M] () -- \Program Files (x86)\Image-Line\FL Studio 11\Data\Patches\Plugin presets\Generators\Drumpad\Sound FX\Crack.fst
[2008.09.08 21:55:14 | 000,000,204 | ---- | M] () -- \Program Files (x86)\Image-Line\FL Studio 11\Plugins\Fruity\Effects\Hardcore\Presets\I cracked my Tube!.hdprg
[2014.12.06 17:31:19 | 000,152,721 | ---- | M] () -- \Program Files (x86)\MTA San Andreas 1.4\mods\deathmatch\resources\tomy-shaders\img\fx2\wincrack_32.png
[2014.11.09 16:00:58 | 000,003,814 | ---- | M] () -- \Users\Dominik\AppData\Roaming\uTorrent\Crack.torrent
[2009.11.30 18:34:36 | 000,565,096 | ---- | M] () -- \Users\Dominik\Desktop\CS6 věci\Textures\Glass_Cracks_01.jpg
[2009.11.30 20:36:39 | 001,160,984 | ---- | M] () -- \Users\Dominik\Desktop\CS6 věci\Textures\Glass_Cracks_02.jpg
[2009.11.30 20:36:39 | 001,469,487 | ---- | M] () -- \Users\Dominik\Desktop\CS6 věci\Textures\Glass_Cracks_03.jpg
[2009.11.30 18:03:55 | 000,111,594 | ---- | M] () -- \Users\Dominik\Desktop\CS6 věci\Textures\Ground_Crack_01.jpg
[2009.11.30 18:03:55 | 000,108,963 | ---- | M] () -- \Users\Dominik\Desktop\CS6 věci\Textures\Ground_Crack_02.jpg
[2009.11.30 18:03:55 | 000,107,869 | ---- | M] () -- \Users\Dominik\Desktop\CS6 věci\Textures\Ground_Crack_03.jpg
[2009.11.30 18:03:55 | 000,104,605 | ---- | M] () -- \Users\Dominik\Desktop\CS6 věci\Textures\Ground_Crack_04.jpg
[2009.11.30 18:03:55 | 000,093,997 | ---- | M] () -- \Users\Dominik\Desktop\CS6 věci\Textures\Ground_Crack_05.jpg
[2009.11.30 18:03:55 | 000,126,376 | ---- | M] () -- \Users\Dominik\Desktop\CS6 věci\Textures\Ground_Crack_06.jpg
[2009.11.30 18:03:55 | 000,118,902 | ---- | M] () -- \Users\Dominik\Desktop\CS6 věci\Textures\Ground_Crack_07.jpg
[2009.11.30 18:03:55 | 000,104,510 | ---- | M] () -- \Users\Dominik\Desktop\CS6 věci\Textures\Ground_Crack_08.jpg
[2009.11.30 18:03:55 | 000,085,621 | ---- | M] () -- \Users\Dominik\Desktop\CS6 věci\Textures\Ground_Crack_09.jpg
[2009.11.30 18:03:55 | 000,152,988 | ---- | M] () -- \Users\Dominik\Desktop\CS6 věci\Textures\Ground_Crack_10.jpg
[2009.11.30 18:03:55 | 000,107,645 | ---- | M] () -- \Users\Dominik\Desktop\CS6 věci\Textures\Ground_Crack_11.jpg
[2009.11.30 18:47:07 | 000,160,512 | ---- | M] () -- \Users\Dominik\Desktop\CS6 věci\Textures\Ground_Crack_12.jpg
[2009.11.30 18:03:55 | 000,093,142 | ---- | M] () -- \Users\Dominik\Desktop\CS6 věci\Textures\Ground_Crack_13.jpg
[2009.11.30 18:03:55 | 000,105,132 | ---- | M] () -- \Users\Dominik\Desktop\CS6 věci\Textures\Ground_Crack_14.jpg
[2010.01.15 21:56:40 | 000,000,272 | ---- | M] () -- \Users\Dominik\Documents\Image-Line\Data\Drumaxx\Drum Patches\Sound FX\Crack.dmpatch
 
[color=#A23BEC]< *keygen* /s >[/color]
[2014.07.18 15:44:37 | 000,002,651 | ---- | M] () -- \Users\Dominik\AppData\Roaming\uTorrent\Bandicam v1.9.2.454 FULL+Keygen  {Cyclonoid}.1.torrent
[2014.06.12 17:15:48 | 000,002,651 | ---- | M] () -- \Users\Dominik\AppData\Roaming\uTorrent\Bandicam v1.9.2.454 FULL+Keygen  {Cyclonoid}.torrent
[2014.11.18 19:30:00 | 000,011,693 | ---- | M] () -- \Users\Dominik\AppData\Roaming\uTorrent\Bandisoft Bandicam v1.9.5 Build 510 - Final incl. Keygen.torrent
 
[color=#A23BEC]< *loader* /s >[/color]
[2012.02.22 23:11:56 | 000,078,336 | ---- | M] () -- \Program Files (x86)\Common Files\Adobe\dynamiclinkmediaserver\1.0\MXF_SDK_MetaMetadata_BinaryLoader_4.4.3.dll
[2012.02.22 23:11:56 | 000,155,136 | ---- | M] () -- \Program Files (x86)\Common Files\Adobe\dynamiclinkmediaserver\1.0\MXF_SDK_MetaMetadata_XSDLoader2_4.4.3.dll
[2012.02.22 23:11:56 | 000,117,248 | ---- | M] () -- \Program Files (x86)\Common Files\Adobe\dynamiclinkmediaserver\1.0\MXF_SDK_MetaMetadata_XSDLoader_4.4.3.dll
[2013.03.09 08:17:04 | 000,268,440 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll
[2013.03.09 08:17:04 | 000,019,080 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2014.12.06 17:30:46 | 000,001,790 | ---- | M] () -- \Program Files (x86)\MTA San Andreas 1.4\mods\deathmatch\resources\tmy-satu\satuloader.luac
[2014.12.01 07:40:30 | 000,835,072 | ---- | M] () -- \Program Files (x86)\MTA San Andreas 1.4\MTA\loader.dll
[2011.07.18 22:33:32 | 000,008,787 | ---- | M] () -- \Program Files (x86)\Notepad++\user.manual\sites\all\modules\fancy_login\images\ajax-loader.gif
[2011.10.17 14:10:26 | 000,071,528 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2012.05.03 17:39:16 | 000,063,848 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader64.dll
[2011.11.06 11:09:52 | 000,083,816 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader.dll
[2012.05.21 03:03:06 | 000,089,448 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader64.dll
[2014.12.10 12:15:38 | 000,267,264 | ---- | M] () -- \Program Files (x86)\Skillbrains\lightshot\5.2.0.8\uploader.dll
[2014.11.11 19:48:42 | 000,007,825 | ---- | M] () -- \Program Files (x86)\Steam\remoteui\static\libs\images\ajax-loader.gif
[2014.08.11 19:52:12 | 000,004,782 | ---- | M] () -- \Program Files (x86)\XBMC\addons\webinterface.default\images\ajax-loader.gif
[2011.03.08 09:43:28 | 000,013,734 | ---- | M] () -- \Program Files (x86)\XBMC\system\python\Lib\unittest\loader.py
[2011.03.08 09:43:28 | 000,050,487 | ---- | M] () -- \Program Files (x86)\XBMC\system\python\Lib\unittest\test\test_loader.py
[2012.03.13 12:10:54 | 003,297,128 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\photodownloader\Photodownloader.exe
[2012.03.13 10:42:26 | 000,011,161 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\photodownloader\apd\shared_assets\bitmaps\main_window\C_LoadError.png
[2012.03.13 10:42:28 | 000,011,161 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\photodownloader\apd\shared_assets\combined_bitmaps\main_window\C_LoadError.png
[2012.03.13 10:42:28 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\photodownloader\apd\shared_assets\locales\da_dk\Photodownloader.ini
[2012.03.13 10:42:28 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\photodownloader\apd\shared_assets\locales\de_de\Photodownloader.ini
[2012.03.13 10:42:28 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\photodownloader\apd\shared_assets\locales\en_us\Photodownloader.ini
[2012.03.13 10:42:28 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\photodownloader\apd\shared_assets\locales\es_es\Photodownloader.ini
[2012.03.13 10:42:28 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\photodownloader\apd\shared_assets\locales\fi_fi\Photodownloader.ini
[2012.03.13 10:42:28 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\photodownloader\apd\shared_assets\locales\fr_fr\Photodownloader.ini
[2012.03.13 10:42:28 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\photodownloader\apd\shared_assets\locales\it_it\Photodownloader.ini
[2012.03.13 10:42:28 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\photodownloader\apd\shared_assets\locales\ja_jp\Photodownloader.ini
[2012.03.13 10:42:28 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\photodownloader\apd\shared_assets\locales\ko_kr\Photodownloader.ini
[2012.03.13 10:42:28 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\photodownloader\apd\shared_assets\locales\nl_nl\Photodownloader.ini
[2012.03.13 10:42:28 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\photodownloader\apd\shared_assets\locales\no_no\Photodownloader.ini
[2012.03.13 10:42:28 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\photodownloader\apd\shared_assets\locales\pt_br\Photodownloader.ini
[2012.03.13 10:42:28 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\photodownloader\apd\shared_assets\locales\sv_se\Photodownloader.ini
[2012.03.13 10:42:30 | 000,000,324 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\photodownloader\apd\shared_assets\locales\zh_cn\Photodownloader.ini
[2012.03.13 10:42:30 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\photodownloader\apd\shared_assets\locales\zh_tw\Photodownloader.ini
[2014.07.13 13:18:40 | 000,071,968 | ---- | M] () -- \Program Files\AVAST Software\Avast\aswWrcIELoader32.exe
[2014.07.13 13:18:40 | 000,085,376 | ---- | M] () -- \Program Files\AVAST Software\Avast\aswWrcIELoader64.exe
[2013.03.09 08:52:18 | 000,364,168 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll
[2013.03.09 08:52:18 | 000,019,080 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2014.06.10 22:11:45 | 000,061,528 | ---- | M] () -- \Program Files\WinRAR\Ace32Loader.exe
[2013.12.01 14:09:05 | 000,061,528 | ---- | M] () -- \Program Files\WinRAR\Formats\ace32loader.exe
[2014.12.12 16:15:51 | 001,302,714 | ---- | M] () -- \ProgramData\IObit\ASCDownloader\Downloader.log
[2014.12.12 16:15:51 | 001,302,714 | ---- | M] () -- \Users\All Users\IObit\ASCDownloader\Downloader.log
[2014.12.02 18:08:20 | 000,003,208 | ---- | M] () -- \Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.8_0\skin\ajax-loader.gif
[2014.08.13 13:14:30 | 000,009,418 | ---- | M] () -- \Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.14.4_0\img\gifloader.gif
[2014.02.18 17:46:42 | 000,072,638 | ---- | M] () -- \Users\Dominik\AppData\Local\Skype\Apps\login\images\loader.gif
[2014.02.18 17:46:42 | 000,003,032 | ---- | M] () -- \Users\Dominik\AppData\Local\Skype\Apps\login\images\loader.png
[2014.02.18 17:46:42 | 000,006,012 | ---- | M] () -- \Users\Dominik\AppData\Local\Skype\Apps\login\images\normal\loader_15fps.gif
[2014.02.18 17:46:42 | 000,021,956 | ---- | M] () -- \Users\Dominik\AppData\Local\Skype\Apps\login\images\normal\loader_30fps.gif
[2014.02.18 17:46:42 | 000,009,772 | ---- | M] () -- \Users\Dominik\AppData\Local\Skype\Apps\login\images\retina\loader@2x.png
[2014.04.30 14:28:58 | 000,022,486 | ---- | M] () -- \Users\Dominik\AppData\Roaming\Orbit\icon\Orbit Downloader.ico
[2014.07.13 18:37:07 | 000,000,070 | ---- | M] () -- \Users\Dominik\AppData\Roaming\Stencyl\stencylworks\games\JumpAndRunKit\preloader.png
[2014.07.13 18:37:07 | 000,000,070 | ---- | M] () -- \Users\Dominik\AppData\Roaming\Stencyl\stencylworks\games\JumpAndRunKit\preloader@1.5x.png
[2014.07.13 18:37:07 | 000,000,073 | ---- | M] () -- \Users\Dominik\AppData\Roaming\Stencyl\stencylworks\games\JumpAndRunKit\preloader@2x.png
[2014.07.13 18:37:07 | 000,000,074 | ---- | M] () -- \Users\Dominik\AppData\Roaming\Stencyl\stencylworks\games\JumpAndRunKit\preloader@4x.png
[2014.07.13 18:39:46 | 000,000,070 | ---- | M] () -- \Users\Dominik\AppData\Roaming\Stencyl\stencylworks\games\Shadows\preloader.png
[2014.05.19 19:47:59 | 000,624,872 | ---- | M] () -- \Users\Dominik\Downloads\CR_Downloader_for_super-mario-world.exe
[2014.05.19 19:44:13 | 000,624,872 | ---- | M] () -- \Users\Dominik\Downloads\CR_Downloader_for_zsnes.exe
[2010.03.24 20:35:48 | 000,018,264 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109D30000000100000000F01FEC\14.0.4763\FL_VSTOLoaderUI_dll_amd64_ln.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25
[2010.03.24 20:12:34 | 000,018,264 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109D30000000100000000F01FEC\14.0.4763\FL_VSTOLoaderUI_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25
[2010.03.24 20:35:48 | 000,370,512 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109D30000000100000000F01FEC\14.0.4763\VSTOLoader_dll_amd64.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25
[2010.03.24 20:12:34 | 000,249,680 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109D30000000100000000F01FEC\14.0.4763\VSTOLoader_dll_x86.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25
[2009.11.21 00:16:58 | 002,341,242 | R--- | M] () -- \Windows\Setup\SCRIPTS\WINDOWS7LOADER.exe
[2013.08.02 02:48:15 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2013.08.02 02:48:15 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2009.07.14 02:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009.07.14 02:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:28:57 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17135_none_66dcd6a595588d81\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:41:11 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17179_none_66b5981d957562a1\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 06:26:58 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17206_none_66fe4899953f502c\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:26:17 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21335_none_67667556ae762a72\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:36:06 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21386_none_67316604ae9dcf7e\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 15:12:39 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21416_none_677d175eae65090e\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:38:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_68a2edab92971725\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:38:44 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 03:12:19 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:35:00 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_6957a248ab947a6d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:39:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_69239340abbb38d0\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 06:32:07 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22209_none_6971452eab80a50e\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 07:20:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_695e76beab8ff095\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.29 03:18:31 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22436_none_694dd858ab9ba72a\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.03.04 12:03:17 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22616_none_69637bfcab8b6996\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.04.12 03:28:21 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_69353b6eabae8d55\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 16:17:49 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2009.07.14 16:17:49 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.efi.mui_35ee487d
[2009.07.14 16:17:49 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.exe.mui_3bc5b827
[2009.07.14 16:17:49 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.efi.mui_f412814e
[2009.07.14 16:17:49 | 000,030,288 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.exe.mui_ff8b5358
[2014.01.13 07:11:14 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2014.01.13 07:11:14 | 000,642,944 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.efi_75834aa0
[2014.01.13 07:11:14 | 000,605,552 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.exe_75835076
[2014.01.13 07:11:15 | 000,566,208 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.efi_85cd069f
[2014.01.13 07:11:15 | 000,518,672 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.exe_85cd1215
[2009.07.14 03:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 03:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2009.07.14 16:15:51 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2009.07.14 03:13:42 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef.manifest
[2011.02.05 14:09:31 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66.manifest
[2011.02.05 14:04:44 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20897_none_b79c80e49f7bc9f4.manifest
[2010.11.20 06:12:44 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89.manifest
[2011.02.05 18:34:23 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2011.02.05 14:09:57 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e.manifest
[2009.07.14 03:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 17:45:38 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17135_none_0abe3b21dcfb1c4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 05:56:23 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17179_none_0a96fc99dd17f16b\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 05:43:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17206_none_0adfad15dce1def6\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 17:48:05 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21335_none_0b47d9d2f618b93c\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 05:44:10 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21386_none_0b12ca80f6405e48\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 05:39:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21416_none_0b5e7bdaf60797d8\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 17:40:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_0c845227da39a5ef\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 05:45:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 02:48:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 17:29:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_0d3906c4f3370937\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 05:46:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_0d04f7bcf35dc79a\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 05:43:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22209_none_0d52a9aaf32333d8\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 06:53:29 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_0d3fdb3af3327f5f\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.29 02:54:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22436_none_0d2f3cd4f33e35f4\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.03.04 11:35:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22616_none_0d44e078f32df860\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.04.12 03:03:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_0d169feaf3511c1f\api-ms-win-core-libraryloader-l1-1-0.dll
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 40 bytes -> C:\ProgramData\MTA San Andreas All:NT
@Alternate Data Stream - 40 bytes -> C:\ProgramData:NT
@Alternate Data Stream - 160 bytes -> C:\ProgramData\MTA San Andreas All:NT2
@Alternate Data Stream - 160 bytes -> C:\ProgramData:NT2

< End of report >

Domson · #6 Příspěvek od **Domson** » 12 pro 2014 17:54

Extras

Kód: Vybrat vše

OTL Extras logfile created on: 12.12.2014 16:36:39 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dominik\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
 
3,90 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 60,21% Memory free
7,80 Gb Paging File | 5,94 Gb Available in Paging File | 76,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,31 Gb Total Space | 67,16 Gb Free Space | 34,39% Space Free | Partition Type: NTFS
Drive D: | 97,65 Gb Total Space | 28,54 Gb Free Space | 29,23% Space Free | Partition Type: NTFS
Drive E: | 736,20 Gb Total Space | 506,95 Gb Free Space | 68,86% Space Free | Partition Type: NTFS
Drive F: | 368,10 Gb Total Space | 321,66 Gb Free Space | 87,38% Space Free | Partition Type: NTFS
 
Computer Name: DOMINIK-PC | User Name: Dominik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1613182640-285911688-2525403288-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08585F59-2CFD-455E-A0A4-161D2517C450}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{11275709-90FF-450C-B4DC-4DFE09B0D7C5}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{1AA648BB-1C05-43FC-B656-4FFD5F37B04F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{24897681-BEC5-458F-B9A6-496BBB80829A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2946C2EE-B060-4ABC-97E6-DB8269B1DB6F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{38134FF9-960E-4697-9F10-533CDB487DA2}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{3EC43DFC-8626-4630-B8E5-DADF560BEAFD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3ED484A2-4A48-4C30-9D8F-37F580BA052A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4072D2AA-B2B2-4581-BE27-496F29BA2110}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{43044647-B59E-4376-86B3-7E3170D0A551}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{4FC66643-FB59-4AA5-9787-A3CE1A74B149}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{502F286E-AD40-4570-AE91-9888F20FBAAC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{65118C19-7682-45E6-9CAA-0E75AD1FDAFF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{66921072-E52D-4E73-A12A-6EEC346D0FA9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6D7A9A18-37CB-4B64-853E-A74EF144522D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{773E9B48-FC7E-48D5-A92F-E85BAE8C392B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{78131C29-3EC9-46E4-8782-30DCD26762DC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7F14BA49-8DF9-4B77-B298-9FDF4CDAC679}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8A3D4EC1-3471-42D1-AFAB-6CD13E5F3CB7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{907ED951-0CEA-4E68-B838-D37043C93160}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{9B6D7264-F59E-4864-9B72-51AD2C559FF8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A3DB07B3-5272-4D8F-9D38-4D17D4F329D6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A6B51891-F740-4FC8-972D-D827A1EE754C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AF5D1991-406E-471D-B56C-A6B5044079C4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BA6D877F-3907-4C39-B280-F16F9C1E3779}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{CA1885BD-BAC2-46D4-9A4C-C288E541A5B8}" = lport=139 | protocol=6 | dir=in | app=system | 
"{CA491E8D-8BEC-4155-832C-819F6D2761B6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D26A57A4-C028-456D-AF54-E23609C783C1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{D6C24BC6-C8C1-4679-9CB0-52E57AD7C711}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E699DBB4-78A1-459E-B4EF-472F9C153082}" = rport=137 | protocol=17 | dir=out | app=system | 
"{EC5C1537-41E4-40F1-9470-4ABA59F8A8B2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F1848FE2-4586-41AC-BFA6-A73843F2A36D}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F1B83173-4EA6-4A78-BC3E-D3EF611CA9DB}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F6EBBCDF-FF65-400F-A8F5-182E62C8EB9D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F72B761B-6297-4B72-BA9A-29E29E7B4FBF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0049EA75-BF44-4CEF-83D2-18CC6B9A848A}" = protocol=6 | dir=in | app=e:\steam hry\steamapps\common\war thunder\aces.exe | 
"{01A3474D-CEE1-482D-97A5-42E9720FF591}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{03F4D324-BA96-47B9-9B5D-ADE06CAA2611}" = protocol=6 | dir=in | app=e:\steam hry\steamapps\common\team fortress 2\hl2.exe | 
"{085FF46D-B3B9-4A90-A2D5-97346B5D7C5A}" = protocol=6 | dir=in | app=e:\steam hry\steamapps\common\counter-strike global offensive\csgo.exe | 
"{089DE80A-A8EB-4D5D-988A-B075DB89EF21}" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"{0B0BB10F-3376-4304-95A7-8AC827C8833E}" = protocol=17 | dir=in | app=e:\steam hry\steamapps\common\just cause 2 - multiplayer mod\jcmplauncher.exe | 
"{0BD92830-FE5B-401A-9FFD-0B639FD05CEF}" = protocol=17 | dir=in | app=e:\steam hry\steamapps\common\postal2complete\system\launcher.exe | 
"{114B543A-2F1E-4D92-A972-9B499D76D67A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{152E5FAC-8759-4CFB-8674-30D5568DEA82}" = protocol=17 | dir=in | app=c:\users\dominik\appdata\roaming\utorrent\utorrent.exe | 
"{19901EBC-2EED-40EC-8DA6-7896032EEDB0}" = protocol=6 | dir=in | app=e:\steam hry\steamapps\common\insurgency2\insurgency.exe | 
"{19C1B179-D938-4B95-92A2-CE2E42FDDC0A}" = protocol=6 | dir=in | app=e:\steam hry\steamapps\common\half-life\hl.exe | 
"{1E177490-0D43-4AB1-B08F-826A2E06F8FA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{1EAE3850-F3C8-48E9-BE57-E7428E0ACFF2}" = protocol=58 | dir=in | app=system | 
"{22E4B4A2-587E-42C5-A7FA-658C5AF7E302}" = protocol=6 | dir=in | app=e:\nosteam hry\dirt 3 nosteam\dirt3_game.exe | 
"{23CBB0A1-BCCC-40DD-B3FA-AE5AFE7B59A2}" = protocol=17 | dir=in | app=e:\steam hry\steamapps\common\war thunder\aces.exe | 
"{29C903A9-2EBC-42D3-AF21-651BD67C6EA1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2BFD59EB-3445-462C-9864-A53265CA489B}" = protocol=17 | dir=in | app=c:\users\dominik\desktop\facerig\bin\facerig.exe | 
"{2C0960BE-0071-44FE-8CDF-BB6466949B1B}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{2ED03490-9FBC-48E3-B41B-436948B19E52}" = protocol=17 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe | 
"{2F1DCFDA-7076-4350-8D6A-B8E02CFA9015}" = protocol=6 | dir=in | app=e:\steam hry\steamapps\common\counter-strike global offensive\csgo.exe | 
"{2FA4AD36-A68C-443F-B3FB-F46B4103783A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{34219BAC-6A31-4B72-A8FC-DCC748EAE65C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{38E10EEE-13D6-4E68-B5B5-C576FAEA4C32}" = protocol=6 | dir=in | app=e:\steam hry\steamapps\common\postal2complete\system\launcher.exe | 
"{39B33323-E35D-4CEB-B376-07438736D98B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{40067316-D0A7-46FF-BBEA-E293D48FF450}" = protocol=6 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe | 
"{401E9EC2-2C2E-41EC-B3CF-1316DC689C11}" = protocol=6 | dir=in | app=e:\steam hry\steamapps\common\just cause 2 - multiplayer mod\jcmplauncher.exe | 
"{40989F3E-2134-4FA9-95F4-586766917D11}" = protocol=6 | dir=in | app=e:\steam hry\steamapps\common\counter-strike source\hl2.exe | 
"{4155509C-2958-4BF7-9835-B22AD0CA3C9F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4191BE2D-1E1F-4BCC-9BB0-0E78AE246768}" = protocol=6 | dir=in | app=c:\users\dominik\desktop\facerig\bin\facerig.exe | 
"{49EECD9E-8689-4629-B9AC-42D1D928E57D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe | 
"{4D3D604E-4D95-401B-B3BC-E5F65AFAD5BD}" = protocol=17 | dir=in | app=e:\steam hry\steamapps\common\garrysmod\hl2.exe | 
"{516306D2-F939-4411-8410-94C42357C0D1}" = protocol=17 | dir=in | app=e:\steam hry\steamapps\common\counter-strike global offensive\csgo.exe | 
"{5DAC4ADC-AEBB-413D-9194-8B2A3EA0DCBD}" = protocol=6 | dir=in | app=e:\steam hry\steamapps\common\counter-strike global offensive\csgo.exe | 
"{5E938A01-1DDE-4D9D-A923-4BECA1933322}" = protocol=17 | dir=in | app=e:\steam hry\steamapps\common\euro truck simulator 2\bin\win_x86\eurotrucks2.exe | 
"{5F57F960-0883-4673-A62B-84E9C5024C2F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{62ADBBBD-4095-4F3E-B041-1B5A06A1AB93}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6BAC63E0-2447-442C-AB14-0D970F6F1A48}" = protocol=17 | dir=in | app=e:\steam hry\steamapps\common\team fortress 2\hl2.exe | 
"{6D2F8774-22E3-4E87-86E9-3BFB4814B513}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{6D58A7A4-D4EC-4B19-918D-0DFFC32EE184}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6DCE33D8-C633-4BBA-AF4A-567A5FA37C18}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6E3C39B1-9458-44B9-9E56-62CF9B6942C3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{7AF05C8C-5BFC-476D-9109-A940ADA3EF8C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{7CC7601F-FFA4-4F89-9065-CD5D41C9E1FA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{803A19A2-B185-4E5D-A516-9CC245FF9282}" = protocol=6 | dir=in | app=e:\steam hry\steamapps\common\garrysmod\hl2.exe | 
"{81695910-B840-45B7-9A93-18D7E1BECCA7}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{8527ACF5-D846-4457-AB95-C3B7AA1372B1}" = protocol=17 | dir=in | app=e:\steam hry\steamapps\common\counter-strike global offensive\csgo.exe | 
"{86984CA5-5E7A-498E-9457-C45E42B0E462}" = protocol=17 | dir=in | app=e:\steam hry\steamapps\common\insurgency2\insurgency.exe | 
"{8F94A70C-228E-4181-8EB0-F1E4D077C2D2}" = protocol=6 | dir=out | app=system | 
"{93F47747-8C7D-4881-8D3D-C5E43756F007}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{9506FFC3-28BC-48E5-B1C6-D94F5967F13E}" = protocol=6 | dir=in | app=e:\steam hry\steamapps\common\euro truck simulator 2\bin\win_x86\eurotrucks2.exe | 
"{9F2EC4A9-194A-42ED-BDF0-298AD65B61AE}" = protocol=17 | dir=in | app=e:\steam hry\steamapps\common\just cause 2\justcause2.exe | 
"{A00E9A12-E7FB-4781-B35A-FD7B98253420}" = protocol=17 | dir=in | app=e:\steam hry\steamapps\common\euro truck simulator 2\bin\win_x86\eurotrucks2.exe | 
"{A1948FCF-2443-4ADA-A142-25ED562B5980}" = protocol=17 | dir=in | app=c:\program files\sony\vegas pro 12.0\vegas120.exe | 
"{A51526DD-8A49-4859-8D11-38C7CAE7B9BE}" = protocol=17 | dir=in | app=e:\steam hry\steamapps\common\counter-strike global offensive\csgo.exe | 
"{A54C69E2-1410-4125-AEE8-A46B71FC65E4}" = protocol=6 | dir=in | app=c:\users\dominik\appdata\roaming\utorrent\utorrent.exe | 
"{AA397DF9-A844-492C-A401-5B00336381FF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe | 
"{ADC54040-D4A6-47D3-A659-D8B25ABACCE0}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{B4668A5E-BE12-49C3-9E20-09BFD2BDA911}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{BB86BA27-A8F7-4E44-97B3-6EEA83CA1339}" = protocol=17 | dir=in | app=e:\steam hry\steamapps\common\counter-strike global offensive\csgo.exe | 
"{BC0669B2-46BD-476E-863E-09741982ADAE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C112C691-F72C-4C89-8345-48860A9A07AA}" = protocol=6 | dir=in | app=c:\program files\sony\vegas pro 12.0\vegas120.exe | 
"{C15A4F0D-0B91-4B0F-8583-2B3FC8A956C5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{C470F55A-8071-47FB-9F7F-B52224AC6B43}" = protocol=6 | dir=in | app=e:\steam hry\steamapps\common\euro truck simulator 2\bin\win_x86\eurotrucks2.exe | 
"{CCAAF798-6C4B-4AC5-A0BC-7717BFBBEF20}" = protocol=17 | dir=in | app=e:\steam hry\steamapps\common\postal2complete\sharethepain\system\postal2mp.exe | 
"{CEB194B5-2185-487D-B4F6-5CDC4F17296E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D162D997-46D3-46B6-86B6-67227C6CE41F}" = protocol=6 | dir=in | app=e:\steam hry\steamapps\common\postal2complete\sharethepain\system\postal2mp.exe | 
"{D34803E0-77A1-41ED-90F6-8139B1070134}" = protocol=6 | dir=in | app=e:\steam hry\steamapps\common\just cause 2\justcause2.exe | 
"{D6579101-20E8-4861-A3EF-E1C423DE34BF}" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"{D799A6E0-5825-475A-B50B-24F7BA501E5F}" = protocol=17 | dir=in | app=e:\steam hry\steamapps\common\half-life\hl.exe | 
"{DDE715C9-C253-4EA4-85CD-A0100F67D869}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{EB21D981-8915-4054-B480-28BBEC584DB2}" = protocol=6 | dir=in | app=e:\steam hry\steamapps\common\counter-strike global offensive\csgo.exe | 
"{EEA7101F-B490-4CC4-B3F1-E9124E23CC2E}" = protocol=17 | dir=in | app=e:\steam hry\steamapps\common\counter-strike source\hl2.exe | 
"{EF4D72EA-BEAE-4F6F-A683-252961A696AA}" = protocol=17 | dir=in | app=e:\steam hry\steamapps\common\counter-strike global offensive\csgo.exe | 
"{F0B8C863-21A7-41C5-8F72-87396FDE3055}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{F1910065-FD5B-42AD-A193-EE952A32FA57}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F2D0D4A6-D215-4295-A1BC-FADE2F744F39}" = protocol=17 | dir=in | app=e:\nosteam hry\dirt 3 nosteam\dirt3_game.exe | 
"{F8EB9D20-B846-425A-84F2-15B9D7D37BA0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F997B947-88F5-4AB8-81FF-CDB6EA9D5C7A}" = protocol=6 | dir=in | app=e:\steam hry\steamapps\common\counter-strike global offensive\csgo.exe | 
"{FB353FAC-915F-462B-B2B3-4662BD168266}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FC75CB1B-6D65-4554-9CD2-0C375C58E950}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"TCP Query User{12A5E4F9-8B4F-47E1-AC79-7B48979520D7}C:\users\dominik\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe" = protocol=6 | dir=in | app=c:\users\dominik\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe | 
"TCP Query User{3EAC7971-772F-41A6-AA33-648C81868C48}E:\steam hry\steamapps\common\postal2complete\sharethepain\system\postal2mp.exe" = protocol=6 | dir=in | app=e:\steam hry\steamapps\common\postal2complete\sharethepain\system\postal2mp.exe | 
"TCP Query User{423296DC-D851-4C8F-BF34-08C69E64F7A9}E:\steam hry\steamapps\common\war thunder\aces.exe" = protocol=6 | dir=in | app=e:\steam hry\steamapps\common\war thunder\aces.exe | 
"TCP Query User{4D5B54EC-D436-4D5B-B53D-514B1878DCD3}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"TCP Query User{8654EDF7-98EF-492F-A668-6B8C989C55A1}C:\program files (x86)\xbmc\xbmc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe | 
"TCP Query User{9119F238-56D0-479F-8473-A853550F20A9}C:\users\dominik\desktop\facerig\bin\facerig.exe" = protocol=6 | dir=in | app=c:\users\dominik\desktop\facerig\bin\facerig.exe | 
"TCP Query User{9CCDDA52-5677-4AC3-B28E-9B512478658F}C:\users\dominik\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\dominik\appdata\roaming\utorrent\utorrent.exe | 
"TCP Query User{A71F747B-040E-489D-A170-15992AB687ED}C:\program files\bitcoin\bitcoin-qt.exe" = protocol=6 | dir=in | app=c:\program files\bitcoin\bitcoin-qt.exe | 
"TCP Query User{B74C1EAE-1A82-4340-BF55-BFFA7A66E840}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"TCP Query User{D52670EA-10AC-43B9-8933-2AF3D347F2EB}E:\nosteam hry\dirt 3 nosteam\dirt3_game.exe" = protocol=6 | dir=in | app=e:\nosteam hry\dirt 3 nosteam\dirt3_game.exe | 
"TCP Query User{E8FF0441-33BB-4E99-8057-92EF8EE206A1}C:\program files\sony\vegas pro 12.0\vegas120.exe" = protocol=6 | dir=in | app=c:\program files\sony\vegas pro 12.0\vegas120.exe | 
"UDP Query User{0054F395-7A81-409D-9397-CF57E6C04F7C}C:\program files (x86)\xbmc\xbmc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe | 
"UDP Query User{01E5EFA2-3AC6-415E-8693-5A17FEC04801}E:\nosteam hry\dirt 3 nosteam\dirt3_game.exe" = protocol=17 | dir=in | app=e:\nosteam hry\dirt 3 nosteam\dirt3_game.exe | 
"UDP Query User{0F0C06A2-3DAA-44FB-BB72-FC257ABE2486}C:\users\dominik\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\dominik\appdata\roaming\utorrent\utorrent.exe | 
"UDP Query User{41413651-3501-4292-97A9-AD1CB4A0285C}C:\users\dominik\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe" = protocol=17 | dir=in | app=c:\users\dominik\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe | 
"UDP Query User{8AF62D26-76F5-4D21-8088-18FE2C26C6A1}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"UDP Query User{A2893156-0829-4EA9-A1D5-2865EA5C9011}C:\users\dominik\desktop\facerig\bin\facerig.exe" = protocol=17 | dir=in | app=c:\users\dominik\desktop\facerig\bin\facerig.exe | 
"UDP Query User{A9C6C30D-72A0-498E-8902-5BB8F7BDB014}C:\program files\sony\vegas pro 12.0\vegas120.exe" = protocol=17 | dir=in | app=c:\program files\sony\vegas pro 12.0\vegas120.exe | 
"UDP Query User{D21A1CF6-9758-46D4-9C16-134C09C46F02}E:\steam hry\steamapps\common\postal2complete\sharethepain\system\postal2mp.exe" = protocol=17 | dir=in | app=e:\steam hry\steamapps\common\postal2complete\sharethepain\system\postal2mp.exe | 
"UDP Query User{DF8ADF4C-2CA1-496F-A07B-509DA059FB82}C:\program files\bitcoin\bitcoin-qt.exe" = protocol=17 | dir=in | app=c:\program files\bitcoin\bitcoin-qt.exe | 
"UDP Query User{E68F2D8B-E75D-4F18-83FB-85CA468404BF}E:\steam hry\steamapps\common\war thunder\aces.exe" = protocol=17 | dir=in | app=e:\steam hry\steamapps\common\war thunder\aces.exe | 
"UDP Query User{FD4AAC9A-F5EB-4F6E-AE7E-1822B55857E6}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series" = Canon MG5100 series MP Drivers
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{50813B8C-FCBB-3C61-8039-EAAA93029066}" = Microsoft .NET Framework 4.5.1 (CSY)
"{5AE0838D-19B1-5D12-5FE8-E6503B2C8716}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{7D2019DF-713F-B6ED-8C87-14363B081FB2}" = AMD Drag and Drop Transcoding
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8AB933A1-603C-5B22-3D56-19593698C41A}" = AMD Fuel
"{90140000-0015-0405-1000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2010
"{90140000-0016-0405-1000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2010
"{90140000-0018-0405-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2010
"{90140000-0019-0405-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2010
"{90140000-001A-0405-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2010
"{90140000-001B-0405-1000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2010
"{90140000-001F-0405-1000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2010
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-041B-1000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2010
"{90140000-002C-0405-1000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2010
"{90140000-003D-0000-1000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0405-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Czech) 2010
"{90140000-006E-0405-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2010
"{90140000-00A1-0405-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2010
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029" = Microsoft .NET Framework 4.5.1 (čeština)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{ADCB5F9E-EF88-6D61-EE2F-99F51DF1B6EF}" = AMD Media Foundation Decoders
"{BD422D00-5232-11E3-A6F3-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit)
"{C2B8CBDE-5232-11E3-B494-F04DA23A5C58}" = MSVCRT Redists
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E57289A3-B314-F00A-F0D0-7CB63E588CFF}" = AMD Accelerated Video Transcoding
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{FEB22B7A-7B05-4A49-3BA3-D24815D37FAE}" = ccc-utility64
"92A6E160D295A14569F57189DA2588F0A1D1CD5E" = Balíček ovladače systému Windows - MSI MSI Star Cam 370i (04/22/2008 1.0.0.0)
"CCleaner" = CCleaner
"F40ADA55EF126B25F5A986F751189DB117C50AF1" = Windows Driver Package - Force Feedback Wheel (LtHidLo) HIDClass  (04/03/2011 1.0.1.1)
"Office14.SingleImage" = Microsoft Office Professional 2010
"WinRAR archiver" = WinRAR 5.10 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{13304708-E115-4044-82DA-88A6F5424359}" = Workplace Backgrounds
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{170236F2-1F88-A116-DA64-3FEED17B9387}" = CCC Help Italian
"{19344041-26B8-403B-BC3B-6E7185AA7E76}" = MSI Star Cam 370i
"{1DDBB040-3BEB-4057-90BB-B38B5E081D1B}" = MorphVOX Pro
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2032DA39-C844-43AE-B638-6A4F7496686E}" = Furry Voices for Second Life
"{2178EDD8-A3A6-50E3-407B-6629EA8E6ECE}" = AMD Catalyst Control Center
"{23AAEBF8-12B1-43EA-B75D-CDC613CA6CB4}" = Photo Common
"{26A24AE4-039D-4CA4-87B4-2F03217060FF}" = Java 7 Update 60
"{2CC32E0E-9A10-4BCC-94F0-614F85375F59}" = Male Voice Pack
"{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1" = Lightshot-5.2.0.8
"{32957F2B-A371-151F-9DA1-7BCA54BA2C71}" = CCC Help Danish
"{379A0618-EF50-423C-9637-EEB2D25A4BB4}" = Movie Maker
"{398004A7-6198-B8AB-443A-D250FFA57446}" = CCC Help Greek
"{3A29665B-2304-A9F7-601D-86340BD29D57}" = CCC Help Korean
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}" = Microsoft Games for Windows - LIVE Redistributable
"{4310E447-8AF3-020C-06D0-CB317D1BC92B}" = CCC Help Spanish
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B886E97-AF5B-46F0-9F48-6BE03149D972}" = Personality Voices
"{4DF0CAAC-F479-1673-EE92-03FFB9A05C1A}" = CCC Help English
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5E386C5B-CDE7-435A-B5C9-EC73A1B0553A}" = NVIDIA Photoshop Plug-ins 64 bit
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{6670AE0A-83FD-C514-C4EC-51618BEDCF04}" = Catalyst Control Center InstallProxy
"{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}" = Microsoft Games for Windows Marketplace
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{6DD76706-759A-1D77-9D1B-39FFFEC203BE}" = CCC Help Hungarian
"{6DF3C5B5-AEA5-198E-289C-CAADC4A17C04}" = CCC Help Dutch
"{6F9B3984-08EB-19EE-5E93-E79FD0854596}" = CCC Help Czech
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.16
"{7f51bdb9-ee21-49ee-94d6-90afc321780e}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
"{82DA3D5E-0041-D8F7-6ACD-53A06C863FD4}" = CCC Help Swedish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{88B2ABCF-9C00-47C1-8FC4-369B98845DD7}" = Catalyst Control Center - Branding
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E63AD00-6BEB-9E98-739E-C8EE42CF0419}" = CCC Help Norwegian
"{913C4C4F-9E3E-41A6-A614-1BDC1352A225}" = Special Effects Voices
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{9584BE1B-2FBE-4F45-13EA-6567F3E2D9A2}" = CCC Help Chinese Traditional
"{993609E5-B0A7-0270-BA78-385016D5A4FA}" = CCC Help Chinese Standard
"{9976E0BD-56A6-4A32-8597-B80FCE62063A}" = Windows Live Essentials
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C50B767-48BA-A567-0CFE-31620AE8FC97}" = CCC Help German
"{9E94C6F8-2B4E-D900-E73C-E7BCC7653188}" = CCC Help Japanese
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-AB0000000001}" = Adobe Reader XI (11.0.09) - Czech
"{AEA7CE08-09DC-4186-99FD-66A26F3B8B21}" = Fotogalerie
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD2C175F-89BE-45E9-938E-0CF622EFF52A}" = LogMeIn Hamachi
"{BEFD4139-C684-DBF8-33F2-7963161E2F10}" = CCC Help Russian
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C39768C1-82E7-4466-8526-2D8AC44B768F}" = Translator Fun Voice Pack
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{CFBC3C9F-C781-4A0A-4AC9-BEBDE9850C16}" = CCC Help Turkish
"{D17BE572-CBFB-2AA4-759B-E21F04093001}" = CCC Help Thai
"{D310DD60-9EF2-4C9C-AD66-A58185A1C7CB}" = Windows Live UX Platform Language Pack
"{D3C44AE6-7A77-6CB3-0708-C970C53E8136}" = Catalyst Control Center Localization All
"{D947A225-8C23-4E52-866E-CF3967476BFC}" = Female Voice Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1D22FE1-AB5F-42CA-9480-6F70B96DDD88}_is1" = Grand Theft Auto San Andreas + MultiPlayer [0.3e]
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{E9E87CFE-894C-8FFB-31C2-61C6B640F2B2}" = CCC Help Finnish
"{E9F63F5F-00EF-516C-C7F6-ABD3DC174B5E}" = CCC Help Polish
"{EA3960CB-883C-5B18-FA85-7C36C320E4BC}" = Catalyst Control Center Graphics Previews Common
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = MSI Star Cam 370i
"{ED62231A-B71D-C39A-7CE0-B2C8388A67C2}" = CCC Help French
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FB3A54A3-F867-456E-971F-712CC13DC830}}_is1" = Gila Gaming Mouse
"{FBC9A8BD-C74D-86B3-7818-D584C9174F48}" = CCC Help Portuguese
"{FCFE3F81-C977-4D31-877B-2778BB2A02DE}" = Preset Manager 2.0
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
"AIDA64 Extreme_is1" = AIDA64 Extreme v4.00
"ASIO4ALL" = ASIO4ALL
"Avast" = avast! Free Antivirus
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"DivX Setup" = DivX Setup
"Driver Magician_is1" = Driver Magician 4.3
"Google Chrome" = Google Chrome
"IL Shared Libraries" = IL Shared Libraries
"IObit Surfing Protection_is1" = Surfing Protection
"LogMeIn Hamachi" = LogMeIn Hamachi
"MTA:SA 1.4" = MTA:SA v1.4.0
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"Steam" = Steam
"Steam App 10" = Counter-Strike
"Steam App 100" = Counter-Strike: Condition Zero Deleted Scenes
"Steam App 222880" = Insurgency
"Steam App 223470" = POSTAL 2
"Steam App 227300" = Euro Truck Simulator 2
"Steam App 240" = Counter-Strike: Source
"Steam App 259080" = Just Cause 2: Multiplayer Mod
"Steam App 4000" = Garry's Mod
"Steam App 440" = Team Fortress 2
"Steam App 730" = Counter-Strike: Global Offensive
"Steam App 80" = Counter-Strike: Condition Zero
"Steam App 8190" = Just Cause 2
"VLC media player" = VLC media player 2.1.3
"WinLiveSuite" = Windows Live Essentials
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-1613182640-285911688-2525403288-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Bitcoin Core (64-bit)" = Bitcoin Core (64-bit)
"UnityWebPlayer" = Unity Web Player
"XBMC" = XBMC
 
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 10.10.2014 8:06:47 | Computer Name = Dominik-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 10.10.2014 9:17:05 | Computer Name = Dominik-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 13.10.2014 1:20:22 | Computer Name = Dominik-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 29.10.2014 8:08:23 | Computer Name = Dominik-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: hl.exe, verze: 1.1.1.1, časové razítko: 
0x521fab2e  Název chybujícího modulu: mss32.dll, verze: 9.3.0.0, časové razítko: 0x50b4006e
Kód
 výjimky: 0xc0000005  Posun chyby: 0x00025fc9  ID chybujícího procesu: 0xd3c  Čas spuštění
 chybující aplikace: 0x01cff3513c612487  Cesta k chybující aplikaci: E:\steam hry\steamapps\common\Half-Life\hl.exe
Cesta
 k chybujícímu modulu: E:\steam hry\steamapps\common\Half-Life\mss32.dll  ID zprávy:
 475c385e-5f64-11e4-8b66-d850e6e3cbd5
 
Error - 1.11.2014 11:36:01 | Computer Name = Dominik-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files (x86)\spybot - search
 & destroy\DelZip179.dll se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program
 files (x86)\spybot - search & destroy\DelZip179.dll na řádku 8.  Hodnota * atributu
 language v prvku assemblyIdentity je neplatná.
 
Error - 2.11.2014 4:07:15 | Computer Name = Dominik-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files (x86)\spybot - search
 & destroy\DelZip179.dll se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program
 files (x86)\spybot - search & destroy\DelZip179.dll na řádku 8.  Hodnota * atributu
 language v prvku assemblyIdentity je neplatná.
 
Error - 3.11.2014 14:57:16 | Computer Name = Dominik-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files (x86)\spybot - search
 & destroy\DelZip179.dll se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program
 files (x86)\spybot - search & destroy\DelZip179.dll na řádku 8.  Hodnota * atributu
 language v prvku assemblyIdentity je neplatná.
 
Error - 5.11.2014 11:47:03 | Computer Name = Dominik-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files (x86)\spybot - search
 & destroy\DelZip179.dll se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program
 files (x86)\spybot - search & destroy\DelZip179.dll na řádku 8.  Hodnota * atributu
 language v prvku assemblyIdentity je neplatná.
 
Error - 8.11.2014 12:39:00 | Computer Name = Dominik-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: XBMC.exe, verze: 13.2.0.0, časové razítko:
 0x53f0bce5  Název chybujícího modulu: python27.dll, verze: 2.7.5150.1013, časové 
razítko: 0x5193f378  Kód výjimky: 0x40000015  Posun chyby: 0x0011570b  ID chybujícího 
procesu: 0x1664  Čas spuštění chybující aplikace: 0x01cffb71ba75363f  Cesta k chybující
 aplikaci: C:\Program Files (x86)\XBMC\XBMC.exe  Cesta k chybujícímu modulu: C:\Program
 Files (x86)\XBMC\python27.dll  ID zprávy: bd4eedea-6765-11e4-ae9a-d850e6e3cbd5
 
Error - 9.11.2014 3:04:24 | Computer Name = Dominik-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files (x86)\spybot - search
 & destroy\DelZip179.dll se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program
 files (x86)\spybot - search & destroy\DelZip179.dll na řádku 8.  Hodnota * atributu
 language v prvku assemblyIdentity je neplatná.
 
[ System Events ]
Error - 12.12.2014 11:55:11 | Computer Name = Dominik-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 12.12.2014 11:55:12 | Computer Name = Dominik-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 12.12.2014 11:55:18 | Computer Name = Dominik-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 12.12.2014 11:55:24 | Computer Name = Dominik-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 12.12.2014 11:55:50 | Computer Name = Dominik-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 12.12.2014 11:56:13 | Computer Name = Dominik-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 12.12.2014 11:56:13 | Computer Name = Dominik-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 12.12.2014 11:56:29 | Computer Name = Dominik-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 12.12.2014 11:57:14 | Computer Name = Dominik-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 12.12.2014 11:57:29 | Computer Name = Dominik-PC | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >

#7 Příspěvek od **vyosek** » 12 pro 2014 19:06

Tak u Vas se potvrdila druha varianta, "legalnost" tam zajistuje aktivator - chtelo by se to poptat toho, kdo Vam tam system dal, asi Vas ma hodne rad, kdyz Vas vedomne vystavuje riziku trestniho stihani...

VIRY.CZ

Hodně pomalý PC po kliknutí na link

Hodně pomalý PC po kliknutí na link

Re: Hodně pomalý PC po kliknutí na link

Re: Hodně pomalý PC po kliknutí na link

Re: Hodně pomalý PC po kliknutí na link

Re: Hodně pomalý PC po kliknutí na link

Re: Hodně pomalý PC po kliknutí na link

Re: Hodně pomalý PC po kliknutí na link