Proces svchost.exe nadměrně vytěžuje RAM

[shaman171]

Ahoj,
po delší době mám problém s jedním ze svých počítačů.
Proces svchost.exe mi vytěžuje hned po startu počítače RAM na cca 800 - 900 MB což mi příjde jako strašně moc a v podstatě ihned po zapnutí počítače mám RAM vytíženy na 97%.
Přikládám screen:

RAM.jpg (94.32 KiB) Zobrazeno 2505 x

Mohu Vás poprosit o kontrolu logů?

Předem moc děkuji!


Log z RSITu:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Vrba-PC at 2015-03-22 17:37:00
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 75 GB (49%) free of 153 GB
Total RAM: 1789 MB (19% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:38:02, on 22.3.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17689)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Program Files\trend micro\Vrba-PC.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.atarata.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
O4 - Global Startup: AVerQuick.lnk = C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do OneNotu - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
O9 - Extra button: Odeslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVerRemote - AVerMedia - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMS Server Service (KMSServerService) - My Digital Life Forums - C:\Windows\KMSServerService\KMS Server Service.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9097 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
winlogon.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE 0x304
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe"
"C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe"
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\KMSServerService\KMS Server Service.exe"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
"C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe"
"C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
C:\Windows\system32\svchost.exe -k imgsvc
\??\C:\Windows\system32\conhost.exe "1535355206-1321836255-1179509302980329548-1756140385640335584-17809310761330071549
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe"
"C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe"
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe" /TUStart /pid:2556
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-e0a5c796-2749-40f6-873b-5be961b07958 -SystemEventPortName:HostProcess-5e089593-2562-4fdc-ba55-d7a51e6ea89b -IoCancelEventPortName:HostProcess-52dc8985-2849-49cb-927e-38be22a43d3d -NonStateChangingEventPortName:HostProcess-800da2b0-0bfc-4827-ac47-92fdad3df7a0 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:2f8f7407-118d-4cdb-8800-8b4864102901 -DeviceGroupId:WpdFsGroup
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe"
"C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version9\TeamViewer9_Logfile.log
"C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version9\TeamViewer9_Logfile.log
"c:\program files (x86)\teamviewer\version9\TeamViewer_Desktop.exe" --IPCport 5939
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\sppsvc.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe8_ Global\UsGthrCtrlFltPipeMssGthrPipe8 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
taskeng.exe {446122B3-AAFB-45F3-9119-498436AFCF2A}
"C:\Program Files\Microsoft Office\Office15\msoia.exe" scan upload mininterval:2880
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Users\Vrba-PC\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineCore1d042552c48f80.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskMachineUA1d0425539d5f59.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10 218776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL [2014-01-23 881880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL [2015-01-21 2334928]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10 153248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-30 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL [2014-01-22 707800]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [2015-01-21 1729744]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-30 172968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2014-10-01 5595336]
"Nvtmru"=C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [2013-10-18 1028384]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2013-10-18 1063200]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-08-01 3673696]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
AVer HID Receiver.lnk - C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
AVerQuick.lnk - C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\averquick.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux"=wdmaud.drv
"wave3"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-03-22 17:37:16 ----D---- C:\Program Files\trend micro
2015-03-22 17:37:00 ----D---- C:\rsit
2015-03-21 15:29:37 ----A---- C:\Windows\system32\FNTCACHE.DAT
2015-03-11 20:29:21 ----SHD---- C:\Config.Msi
2015-03-11 13:17:07 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-03-11 13:17:07 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-03-11 13:17:07 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-03-11 13:17:07 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-03-11 13:17:07 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-03-11 13:17:07 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-03-11 13:17:06 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-03-11 13:17:06 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-03-11 13:17:06 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-03-11 13:17:06 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-03-11 13:17:06 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-03-11 13:17:06 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-03-11 13:17:06 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 13:17:06 ----A---- C:\Windows\system32\iernonce.dll
2015-03-11 13:17:06 ----A---- C:\Windows\system32\ie4uinit.exe
2015-03-11 13:17:05 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-03-11 13:17:05 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-03-11 13:17:05 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-03-11 13:17:05 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-03-11 13:17:05 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-03-11 13:17:05 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-03-11 13:17:05 ----A---- C:\Windows\system32\urlmon.dll
2015-03-11 13:17:05 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 13:17:05 ----A---- C:\Windows\system32\iedkcs32.dll
2015-03-11 13:17:04 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-03-11 13:17:04 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-03-11 13:17:04 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-03-11 13:17:04 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 13:17:04 ----A---- C:\Windows\system32\msfeeds.dll
2015-03-11 13:17:04 ----A---- C:\Windows\system32\iesetup.dll
2015-03-11 13:17:04 ----A---- C:\Windows\system32\ieapfltr.dll
2015-03-11 13:17:04 ----A---- C:\Windows\system32\dxtrans.dll
2015-03-11 13:17:03 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-03-11 13:17:03 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-03-11 13:17:03 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-03-11 13:17:03 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-03-11 13:17:03 ----A---- C:\Windows\system32\iertutil.dll
2015-03-11 13:17:02 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-03-11 13:17:02 ----A---- C:\Windows\system32\jsproxy.dll
2015-03-11 13:17:02 ----A---- C:\Windows\system32\ieUnatt.exe
2015-03-11 13:17:02 ----A---- C:\Windows\system32\ieui.dll
2015-03-11 13:17:02 ----A---- C:\Windows\system32\ieframe.dll
2015-03-11 13:17:02 ----A---- C:\Windows\system32\dxtmsft.dll
2015-03-11 13:17:01 ----A---- C:\Windows\system32\wininet.dll
2015-03-11 13:17:01 ----A---- C:\Windows\system32\vbscript.dll
2015-03-11 13:17:01 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-03-11 13:17:01 ----A---- C:\Windows\system32\mshtmled.dll
2015-03-11 13:17:01 ----A---- C:\Windows\system32\jscript9diag.dll
2015-03-11 13:17:01 ----A---- C:\Windows\system32\jscript9.dll
2015-03-11 13:17:00 ----A---- C:\Windows\system32\msrating.dll
2015-03-11 13:17:00 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-03-11 13:17:00 ----A---- C:\Windows\system32\mshtml.dll
2015-03-11 13:16:58 ----A---- C:\Windows\SYSWOW64\lpk.dll
2015-03-11 13:16:58 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2015-03-11 13:16:58 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2015-03-11 13:16:58 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2015-03-11 13:16:58 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2015-03-11 13:16:58 ----A---- C:\Windows\system32\lpk.dll
2015-03-11 13:16:58 ----A---- C:\Windows\system32\fontsub.dll
2015-03-11 13:16:58 ----A---- C:\Windows\system32\dciman32.dll
2015-03-11 13:16:58 ----A---- C:\Windows\system32\atmlib.dll
2015-03-11 13:16:58 ----A---- C:\Windows\system32\atmfd.dll
2015-03-11 13:16:50 ----A---- C:\Windows\SYSWOW64\blackbox.dll
2015-03-11 13:16:50 ----A---- C:\Windows\system32\blackbox.dll
2015-03-11 13:16:49 ----A---- C:\Windows\system32\drmv2clt.dll
2015-03-11 13:16:48 ----A---- C:\Windows\SYSWOW64\drmv2clt.dll
2015-03-11 13:16:47 ----A---- C:\Windows\system32\wmp.dll
2015-03-11 13:16:46 ----A---- C:\Windows\SYSWOW64\wmdrmsdk.dll
2015-03-11 13:16:46 ----A---- C:\Windows\system32\wmdrmsdk.dll
2015-03-11 13:16:45 ----A---- C:\Windows\SYSWOW64\wmp.dll
2015-03-11 13:16:44 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-03-11 13:16:44 ----A---- C:\Windows\system32\drmmgrtn.dll
2015-03-11 13:16:44 ----A---- C:\Windows\system32\crypt32.dll
2015-03-11 13:16:43 ----A---- C:\Windows\SYSWOW64\drmmgrtn.dll
2015-03-11 13:16:43 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2015-03-11 13:16:43 ----A---- C:\Windows\system32\quartz.dll
2015-03-11 13:16:43 ----A---- C:\Windows\system32\drivers\PEAuth.sys
2015-03-11 13:16:42 ----A---- C:\Windows\system32\evr.dll
2015-03-11 13:16:41 ----A---- C:\Windows\SYSWOW64\quartz.dll
2015-03-11 13:16:41 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-03-11 13:16:41 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-03-11 13:16:41 ----A---- C:\Windows\SYSWOW64\evr.dll
2015-03-11 13:16:41 ----A---- C:\Windows\SYSWOW64\cryptui.dll
2015-03-11 13:16:41 ----A---- C:\Windows\system32\mfplat.dll
2015-03-11 13:16:41 ----A---- C:\Windows\system32\cryptui.dll
2015-03-11 13:16:40 ----A---- C:\Windows\SYSWOW64\mfplat.dll
2015-03-11 13:16:40 ----A---- C:\Windows\SYSWOW64\cryptsp.dll
2015-03-11 13:16:40 ----A---- C:\Windows\system32\pcasvc.dll
2015-03-11 13:16:40 ----A---- C:\Windows\system32\msscp.dll
2015-03-11 13:16:40 ----A---- C:\Windows\system32\mf.dll
2015-03-11 13:16:40 ----A---- C:\Windows\system32\drivers\mountmgr.sys
2015-03-11 13:16:40 ----A---- C:\Windows\system32\cryptsp.dll
2015-03-11 13:16:40 ----A---- C:\Windows\system32\AudioSes.dll
2015-03-11 13:16:39 ----A---- C:\Windows\SYSWOW64\qdvd.dll
2015-03-11 13:16:39 ----A---- C:\Windows\SYSWOW64\mf.dll
2015-03-11 13:16:39 ----A---- C:\Windows\system32\msnetobj.dll
2015-03-11 13:16:39 ----A---- C:\Windows\system32\mfps.dll
2015-03-11 13:16:38 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2015-03-11 13:16:38 ----A---- C:\Windows\SYSWOW64\msscp.dll
2015-03-11 13:16:38 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2015-03-11 13:16:38 ----A---- C:\Windows\system32\wintrust.dll
2015-03-11 13:16:38 ----A---- C:\Windows\system32\srcore.dll
2015-03-11 13:16:38 ----A---- C:\Windows\system32\rstrui.exe
2015-03-11 13:16:38 ----A---- C:\Windows\system32\cryptnet.dll
2015-03-11 13:16:38 ----A---- C:\Windows\system32\audiosrv.dll
2015-03-11 13:16:38 ----A---- C:\Windows\system32\AUDIOKSE.dll
2015-03-11 13:16:38 ----A---- C:\Windows\system32\audiodg.exe
2015-03-11 13:16:37 ----A---- C:\Windows\SYSWOW64\msnetobj.dll
2015-03-11 13:16:37 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2015-03-11 13:16:37 ----A---- C:\Windows\system32\qdvd.dll
2015-03-11 13:16:37 ----A---- C:\Windows\system32\cryptsvc.dll
2015-03-11 13:16:36 ----A---- C:\Windows\SYSWOW64\AudioEng.dll
2015-03-11 13:16:36 ----A---- C:\Windows\system32\rrinstaller.exe
2015-03-11 13:16:36 ----A---- C:\Windows\system32\pcadm.dll
2015-03-11 13:16:36 ----A---- C:\Windows\system32\AudioEng.dll
2015-03-11 13:16:35 ----A---- C:\Windows\SYSWOW64\rrinstaller.exe
2015-03-11 13:16:35 ----A---- C:\Windows\SYSWOW64\mfps.dll
2015-03-11 13:16:35 ----A---- C:\Windows\SYSWOW64\AUDIOKSE.dll
2015-03-11 13:16:35 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2015-03-11 13:16:35 ----A---- C:\Windows\system32\srclient.dll
2015-03-11 13:16:35 ----A---- C:\Windows\system32\smss.exe
2015-03-11 13:16:35 ----A---- C:\Windows\system32\pcawrk.exe
2015-03-11 13:16:35 ----A---- C:\Windows\system32\msmmsp.dll
2015-03-11 13:16:35 ----A---- C:\Windows\system32\appidsvc.dll
2015-03-11 13:16:35 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 13:16:35 ----A---- C:\Windows\system32\appidapi.dll
2015-03-11 13:16:34 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-03-11 13:16:34 ----A---- C:\Windows\SYSWOW64\mfpmp.exe
2015-03-11 13:16:34 ----A---- C:\Windows\SYSWOW64\AudioSes.dll
2015-03-11 13:16:34 ----A---- C:\Windows\system32\spwmp.dll
2015-03-11 13:16:34 ----A---- C:\Windows\system32\setbcdlocale.dll
2015-03-11 13:16:34 ----A---- C:\Windows\system32\pcalua.exe
2015-03-11 13:16:34 ----A---- C:\Windows\system32\mfpmp.exe
2015-03-11 13:16:34 ----A---- C:\Windows\system32\EncDump.dll
2015-03-11 13:16:34 ----A---- C:\Windows\system32\drivers\appid.sys
2015-03-11 13:16:34 ----A---- C:\Windows\system32\csrsrv.dll
2015-03-11 13:16:34 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 13:16:33 ----A---- C:\Windows\SYSWOW64\wmploc.DLL
2015-03-11 13:16:33 ----A---- C:\Windows\SYSWOW64\spwmp.dll
2015-03-11 13:16:33 ----A---- C:\Windows\SYSWOW64\dxmasf.dll
2015-03-11 13:16:33 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2015-03-11 13:16:33 ----A---- C:\Windows\system32\pcaevts.dll
2015-03-11 13:16:33 ----A---- C:\Windows\system32\dxmasf.dll
2015-03-11 13:16:33 ----A---- C:\Windows\system32\apisetschema.dll
2015-03-11 13:16:32 ----A---- C:\Windows\SYSWOW64\mferror.dll
2015-03-11 13:16:32 ----A---- C:\Windows\system32\wmploc.DLL
2015-03-11 13:16:32 ----A---- C:\Windows\system32\mferror.dll
2015-03-11 13:16:07 ----A---- C:\Windows\system32\rdpudd.dll
2015-03-11 13:16:07 ----A---- C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 13:16:07 ----A---- C:\Windows\system32\rdpcorets.dll
2015-03-11 13:15:34 ----A---- C:\Windows\SYSWOW64\ubpm.dll
2015-03-11 13:15:34 ----A---- C:\Windows\system32\ubpm.dll
2015-03-11 13:15:33 ----A---- C:\Windows\system32\shell32.dll
2015-03-11 13:15:31 ----A---- C:\Windows\SYSWOW64\shell32.dll
2015-03-11 13:15:26 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-03-11 13:15:26 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-03-11 13:15:26 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-03-11 13:15:26 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-03-11 13:15:26 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-03-11 13:15:26 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-03-11 13:15:26 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-03-11 13:15:26 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-03-11 13:15:26 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-03-11 13:15:26 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-03-11 13:15:26 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-03-11 13:15:26 ----A---- C:\Windows\SYSWOW64\certcli.dll
2015-03-11 13:15:26 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-03-11 13:15:26 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-03-11 13:15:26 ----A---- C:\Windows\system32\wdigest.dll
2015-03-11 13:15:26 ----A---- C:\Windows\system32\TSpkg.dll
2015-03-11 13:15:26 ----A---- C:\Windows\system32\sspisrv.dll
2015-03-11 13:15:26 ----A---- C:\Windows\system32\sspicli.dll
2015-03-11 13:15:26 ----A---- C:\Windows\system32\schannel.dll
2015-03-11 13:15:26 ----A---- C:\Windows\system32\secur32.dll
2015-03-11 13:15:26 ----A---- C:\Windows\system32\ncrypt.dll
2015-03-11 13:15:26 ----A---- C:\Windows\system32\msv1_0.dll
2015-03-11 13:15:26 ----A---- C:\Windows\system32\msobjs.dll
2015-03-11 13:15:26 ----A---- C:\Windows\system32\msaudite.dll
2015-03-11 13:15:26 ----A---- C:\Windows\system32\lsass.exe
2015-03-11 13:15:26 ----A---- C:\Windows\system32\lsasrv.dll
2015-03-11 13:15:26 ----A---- C:\Windows\system32\kerberos.dll
2015-03-11 13:15:26 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-03-11 13:15:26 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-03-11 13:15:26 ----A---- C:\Windows\system32\drivers\cng.sys
2015-03-11 13:15:26 ----A---- C:\Windows\system32\credssp.dll
2015-03-11 13:15:26 ----A---- C:\Windows\system32\certcli.dll
2015-03-11 13:15:26 ----A---- C:\Windows\system32\auditpol.exe
2015-03-11 13:15:26 ----A---- C:\Windows\system32\adtschema.dll
2015-03-11 13:15:08 ----A---- C:\Windows\SYSWOW64\msctf.dll
2015-03-11 13:15:08 ----A---- C:\Windows\system32\msctf.dll
2015-03-11 13:15:06 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2015-03-11 13:15:06 ----A---- C:\Windows\system32\WindowsCodecs.dll
2015-03-11 13:15:04 ----A---- C:\Windows\system32\win32k.sys
2015-03-11 13:10:08 ----A---- C:\Windows\SYSWOW64\WMPhoto.dll
2015-03-11 13:10:08 ----A---- C:\Windows\system32\WMPhoto.dll
2015-02-27 16:39:43 ----D---- C:\ProgramData\Playrix Entertainment
2015-02-27 16:37:51 ----D---- C:\ProgramData\AlawarWrapper
2015-02-25 18:15:19 ----A---- C:\Program Files\ccsetup503.exe

======List of files/folders modified in the last 1 month======

2015-03-22 17:37:38 ----D---- C:\Windows\Prefetch
2015-03-22 17:37:16 ----RD---- C:\Program Files
2015-03-22 17:34:22 ----D---- C:\Windows\Temp
2015-03-22 17:08:42 ----D---- C:\Windows\system32\config
2015-03-22 17:05:19 ----D---- C:\ProgramData\NVIDIA
2015-03-22 16:43:29 ----D---- C:\Windows\SysWOW64
2015-03-22 16:43:29 ----D---- C:\Windows\System32
2015-03-22 16:43:27 ----D---- C:\Windows\system32\drivers
2015-03-22 09:14:04 ----D---- C:\Windows\Minidump
2015-03-22 09:14:04 ----D---- C:\Windows
2015-03-21 19:44:37 ----D---- C:\Users\Vrba-PC\AppData\Roaming\vlc
2015-03-21 15:44:24 ----SHD---- C:\System Volume Information
2015-03-21 15:29:35 ----D---- C:\Windows\system32\wfp
2015-03-21 15:29:32 ----D---- C:\Windows\system32\wbem
2015-03-21 15:25:53 ----D---- C:\Windows\Tasks
2015-03-21 15:25:53 ----D---- C:\Windows\system32\Tasks
2015-03-21 15:25:53 ----D---- C:\Windows\system32\DriverStore
2015-03-21 15:25:53 ----D---- C:\Windows\system32\catroot2
2015-03-21 15:25:53 ----D---- C:\Windows\inf
2015-03-21 15:25:52 ----D---- C:\Windows\registration
2015-03-21 15:24:36 ----SD---- C:\ProgramData\Microsoft
2015-03-14 20:31:10 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-03-12 21:47:49 ----D---- C:\Windows\debug
2015-03-12 14:20:39 ----D---- C:\Windows\rescache
2015-03-12 12:45:06 ----D---- C:\Windows\winsxs
2015-03-12 12:32:22 ----D---- C:\Windows\SYSWOW64\Dism
2015-03-12 12:32:22 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-03-12 12:32:22 ----D---- C:\Windows\system32\Dism
2015-03-12 12:32:22 ----D---- C:\Program Files\Windows Media Player
2015-03-12 12:32:22 ----D---- C:\Program Files (x86)\Windows Media Player
2015-03-12 12:32:21 ----D---- C:\Windows\system32\en-US
2015-03-12 12:32:21 ----D---- C:\Windows\system32\cs-CZ
2015-03-12 12:32:19 ----D---- C:\Windows\system32\Boot
2015-03-12 12:32:12 ----D---- C:\Windows\SYSWOW64\en-US
2015-03-12 12:32:12 ----D---- C:\Program Files\Internet Explorer
2015-03-12 12:32:11 ----D---- C:\Program Files (x86)\Internet Explorer
2015-03-11 20:47:14 ----SHD---- C:\Windows\Installer
2015-03-11 20:46:47 ----D---- C:\ProgramData\Microsoft Help
2015-03-11 20:28:41 ----A---- C:\Windows\win.ini
2015-03-11 20:28:05 ----RSD---- C:\Windows\assembly
2015-03-11 20:26:35 ----D---- C:\Windows\system32\MRT
2015-03-11 20:20:31 ----A---- C:\Windows\system32\MRT.exe
2015-02-28 13:26:21 ----A---- C:\Windows\system32\systemcpl.dll
2015-02-28 10:18:58 ----D---- C:\Windows\SoftwareDistribution
2015-02-27 19:08:15 ----D---- C:\Users\Vrba-PC\AppData\Roaming\uTorrent
2015-02-27 19:07:54 ----RD---- C:\Program Files (x86)
2015-02-27 17:31:57 ----D---- C:\Windows\system32\LogFiles
2015-02-27 16:39:43 ----HD---- C:\ProgramData
2015-02-25 18:16:17 ----D---- C:\Program Files\CCleaner
2015-02-24 04:17:24 ----N---- C:\Windows\system32\MpSigStub.exe
2015-02-23 21:39:11 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2014-10-10 63160]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2014-01-07 213848]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2014-03-18 516096]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2014-11-30 283064]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2014-10-10 243440]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2014-10-10 169280]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2014-10-10 44632]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [2014-12-14 27552]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2014-01-27 59392]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2014-01-27 360688]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2014-10-10 222280]
R3 AVerA706_x64;AVerMedia A706 BDA Service; C:\Windows\system32\DRIVERS\AVerA706_x64.sys [2010-04-08 1478656]
R3 cmuda3;C-Media PCI Audio Interface; C:\Windows\system32\drivers\cmudax3.sys [2009-12-01 1155072]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-06-10 6108416]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [2013-08-21 14112]
R3 vpcbus;Služba hostitelské sběrnice programu Virtual PC; C:\Windows\system32\DRIVERS\vpchbus.sys [2014-01-27 194944]
R3 vpcusb;Služba konektoru virtualizace rozhraní USB; C:\Windows\system32\DRIVERS\vpcusb.sys [2014-01-27 95232]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2014-01-07 166400]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver; C:\Windows\system32\drivers\Synth3dVsc.sys [2014-03-02 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2012-08-23 29696]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2014-03-02 200576]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
S4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2014-01-07 27136]
R2 AVerRemote;AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [2009-12-01 348160]
R2 AVerScheduleService;AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [2009-12-07 397312]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2014-01-07 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2014-10-01 1349576]
R2 KMSServerService;KMS Server Service; C:\Windows\KMSServerService\KMS Server Service.exe [2014-11-30 211968]
R2 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
R2 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-10-18 15122208]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2014-07-02 935368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-07-02 411936]
R2 TeamViewer9;TeamViewer 9; C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2015-02-09 5249808]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2013-12-18 2103096]
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2014-01-07 27136]
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2014-01-07 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-30 107912]
S2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2014-01-07 27136]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05 267440]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2014-01-07 27136]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-30 107912]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-02-20 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-02-03 114800]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-12-08 178760]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-01 5132888]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2014-01-07 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2014-01-07 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-01-07 1255736]
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-03 81088]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]

-----------------EOF-----------------
[/code]


infor z RSITu

Kód: Vybrat vše

info.txt logfile of random's system information tool 1.10 2015-03-22 17:38:54

======MBR======

0x33C08ED0BC007C8EC08ED8BE007CBF0006B90002FCF3A450681C06CBFBB90400BDBE07807E00007C0B0F850E0183C510E2F1CD1888560055C6461105C6461000B441BBAA55CD135D720F81FB55AA7509F7C101007403FE46106660807E1000742666680000000066FF760868000068007C680100681000B4428A56008BF4CD139F83C4109EEB14B80102BB007C8A56008A76018A4E028A6E03CD136661731CFE4E11750C807E00800F848A00B280EB845532E48A5600CD135DEB9E813EFE7D55AA756EFF7600E88D007517FAB0D1E664E88300B0DFE660E87C00B0FFE664E87500FBB800BBCD1A6623C0753B6681FB54435041753281F90201722C666807BB00006668000200006668080000006653665366556668000000006668007C0000666168000007CD1A5A32F6EA007C0000CD18A0B707EB08A0B607EB03A0B50732E40500078BF0AC3C007409BB0700B40ECD10EBF2F4EBFD2BC9E464EB002402E0F82402C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D000000637B9A57C257C200008020210007DF130C000800000020030000DF140C07FEFFFF0028030000689E12000000000000000000000000000000000000000000000000000000000000000055AA

======Uninstall list======

-->MsiExec /X{80407BA7-7763-4395-AB98-5233F1B34E65}
Adobe Flash Player 16 NPAPI-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_305_Plugin.exe -maintain plugin
Adobe Reader XI (11.0.10) - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AB0000000001}
Aktualizace NVIDIA 9.3.16-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{43D6A1EC-21B9-4D7C-B7C3-EEFBE69FED04}\NVI2.DLL",UninstallPackage Display.Update
AVerMedia A16D PCI Hybrid DVB-T 3.6.64.15-->C:\Program Files (x86)\AVerMedia\AVerMedia A16D PCI Hybrid DVB-T\uninst.exe
AVerMedia Applications-->C:\Program Files (x86)\InstallShield Installation Information\{92C41B26-EBC5-41C5-8B6F-E3EF7E57FF16}\setup.exe -runfromtemp -l0x0409
AVerMedia Media Center Plug-ins 2.0.8.0-->C:\Program Files (x86)\AVerMedia\AVerMedia Media Center Plug-ins\uninst.exe
AVerTV-->C:\Program Files (x86)\InstallShield Installation Information\{5016185F-05AF-455F-AA70-6B6E5D6D4E70}\setup.exe -runfromtemp -l0x0409
BurnInTest v5.3 Pro-->"C:\Program Files (x86)\BurnInTest\unins000.exe"
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
DAEMON Tools Lite-->C:\Program Files (x86)\DAEMON Tools Lite\uninst.exe
Definition Update for Microsoft Office 2013 (KB2956172) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-1000-0000000FF1CE}" "{A6D5F5D4-285D-4F1C-A230-38D2C1432227}" "1029" "0"
ESET Smart Security-->MsiExec.exe /I{443D1D0A-17E5-4F61-8074-8801BDB430CC}
Geeks3D FurMark 1.15.0.0-->"C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark_1.15\unins000.exe"
GOM Player-->"C:\Program Files (x86)\GomPlayer\Uninstall.exe"
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
Google Update Helper-->MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HWiNFO32 Version 4.46-->"C:\Program Files (x86)\HWiNFO32\unins000.exe"
Java 8 Update 25-->MsiExec.exe /I{26A24AE4-039D-4CA4-87B4-2F83218025F0}
Microsoft .NET Framework 4.5.2 (CSY)-->MsiExec.exe /X{C48AF3CF-C632-3C19-838E-7DAB7283D46A}
Microsoft .NET Framework 4.5.2 (čeština)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\CSY\\Setup.exe /repair /x86 /x64 /lcid 1029
Microsoft .NET Framework 4.5.2-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\\Setup.exe /repair /x86 /x64
Microsoft .NET Framework 4.5.2-->MsiExec.exe /X{26784146-6E05-3FF9-9335-786C7C0FB5BE}
Microsoft Access MUI (Czech) 2013-->MsiExec.exe /X{90150000-0015-0405-1000-0000000FF1CE}
Microsoft DCF MUI (Czech) 2013-->MsiExec.exe /X{90150000-0090-0405-1000-0000000FF1CE}
Microsoft Excel MUI (Czech) 2013-->MsiExec.exe /X{90150000-0016-0405-1000-0000000FF1CE}
Microsoft Groove MUI (Czech) 2013-->MsiExec.exe /X{90150000-00BA-0405-1000-0000000FF1CE}
Microsoft InfoPath MUI (Czech) 2013-->MsiExec.exe /X{90150000-0044-0405-1000-0000000FF1CE}
Microsoft Lync MUI (Czech) 2013-->MsiExec.exe /X{90150000-012B-0405-1000-0000000FF1CE}
Microsoft Office 32-bit Components 2013-->MsiExec.exe /X{90150000-00C1-0000-1000-0000000FF1CE}
Microsoft Office Korrekturhilfen 2013 - Deutsch-->MsiExec.exe /X{90150000-001F-0407-1000-0000000FF1CE}
Microsoft Office OSM MUI (Czech) 2013-->MsiExec.exe /X{90150000-00E1-0405-1000-0000000FF1CE}
Microsoft Office OSM UX MUI (Czech) 2013-->MsiExec.exe /X{90150000-00E2-0405-1000-0000000FF1CE}
Microsoft Office Professional Plus 2013-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2013-->MsiExec.exe /X{90150000-0011-0000-1000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2013-->MsiExec.exe /X{90150000-002C-0405-1000-0000000FF1CE}
Microsoft Office Proofing Tools 2013 - English-->MsiExec.exe /X{90150000-001F-0409-1000-0000000FF1CE}
Microsoft Office Shared 32-bit MUI (Czech) 2013-->MsiExec.exe /X{90150000-00C1-0405-1000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2013-->MsiExec.exe /X{90150000-006E-0405-1000-0000000FF1CE}
Microsoft OneNote MUI (Czech) 2013-->MsiExec.exe /X{90150000-00A1-0405-1000-0000000FF1CE}
Microsoft Outlook MUI (Czech) 2013-->MsiExec.exe /X{90150000-001A-0405-1000-0000000FF1CE}
Microsoft PowerPoint MUI (Czech) 2013-->MsiExec.exe /X{90150000-0018-0405-1000-0000000FF1CE}
Microsoft Publisher MUI (Czech) 2013-->MsiExec.exe /X{90150000-0019-0405-1000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)-->C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.exe
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)-->MsiExec.exe /X{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}
Microsoft Word MUI (Czech) 2013-->MsiExec.exe /X{90150000-001B-0405-1000-0000000FF1CE}
Mozilla Firefox 35.0.1 (x86 cs)-->"D:\Záloha - starý PC\Program Files\Mozilla Firefox\uninstall\helper.exe"
Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština-->MsiExec.exe /X{90150000-001F-0405-1000-0000000FF1CE}
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina-->MsiExec.exe /X{90150000-001F-041B-1000-0000000FF1CE}
NVIDIA GeForce Experience 1.7-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{43D6A1EC-21B9-4D7C-B7C3-EEFBE69FED04}\NVI2.DLL",UninstallPackage Display.GFExperience
NVIDIA Ovladač 3D Vision 340.52-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{C4086268-3B79-4954-A83D-ADF9A8D1E516}\NVI2.DLL",UninstallPackage Display.3DVision
NVIDIA Ovladač řídící jednotky 3D Vision 340.50-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{C4086268-3B79-4954-A83D-ADF9A8D1E516}\NVI2.DLL",UninstallPackage Display.NVIRUSB
NVIDIA Ovladače grafiky 340.52-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{C4086268-3B79-4954-A83D-ADF9A8D1E516}\NVI2.DLL",UninstallPackage Display.Driver
NVIDIA PhysX-->MsiExec.exe /I{80407BA7-7763-4395-AB98-5233F1B34E65}
NVIDIA Stereoscopic 3D Driver-->"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
NVIDIA Systémový software PhysX 9.13.1220-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{C4086268-3B79-4954-A83D-ADF9A8D1E516}\NVI2.DLL",UninstallPackage Display.PhysX
Opera Stable 28.0.1750.40-->"D:\Záloha - starý PC\Program Files\Opera\Launcher.exe" /uninstall
Security Update for Microsoft Office 2013 (KB2910941) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-1000-0000000FF1CE}" "{43ECCB82-45DF-4800-8930-0689BF91F765}" "1029" "0"
Security Update for Microsoft Word 2013 (KB2956163) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-1000-0000000FF1CE}" "{39AA9341-DAA0-45E6-8171-E49E2A0D95F7}" "1029" "0"
Security Update for Microsoft Word 2013 (KB2956163) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001A-0405-1000-0000000FF1CE}" "{39AA9341-DAA0-45E6-8171-E49E2A0D95F7}" "1029" "0"
Security Update for Microsoft Word 2013 (KB2956163) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001B-0405-1000-0000000FF1CE}" "{39AA9341-DAA0-45E6-8171-E49E2A0D95F7}" "1029" "0"
Security Update for Microsoft Word 2013 (KB2956163) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-012B-0405-1000-0000000FF1CE}" "{39AA9341-DAA0-45E6-8171-E49E2A0D95F7}" "1029" "0"
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-1000-0000000FF1CE}" "{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}" "1029" "0"
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0015-0405-1000-0000000FF1CE}" "{010BF41A-4D78-40C3-90BA-117DF64A0AE2}" "1029" "0"
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0016-0405-1000-0000000FF1CE}" "{010BF41A-4D78-40C3-90BA-117DF64A0AE2}" "1029" "0"
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0018-0405-1000-0000000FF1CE}" "{010BF41A-4D78-40C3-90BA-117DF64A0AE2}" "1029" "0"
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0019-0405-1000-0000000FF1CE}" "{010BF41A-4D78-40C3-90BA-117DF64A0AE2}" "1029" "0"
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001A-0405-1000-0000000FF1CE}" "{010BF41A-4D78-40C3-90BA-117DF64A0AE2}" "1029" "0"
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001B-0405-1000-0000000FF1CE}" "{010BF41A-4D78-40C3-90BA-117DF64A0AE2}" "1029" "0"
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001F-0405-1000-0000000FF1CE}" "{1E8252A7-D489-4BB6-9694-93799FFD33ED}" "1029" "0"
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001F-0407-1000-0000000FF1CE}" "{DABB9E2A-F054-4F97-9EB2-6992316C6EC7}" "1029" "0"
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001F-0409-1000-0000000FF1CE}" "{835E4BED-E265-4103-AE14-0B4C70CF3FE8}" "1029" "0"
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001F-041B-1000-0000000FF1CE}" "{4601BD00-BC9B-4CA2-940C-2552782C7347}" "1029" "0"
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-002C-0405-1000-0000000FF1CE}" "{EC915383-0457-4D83-BE7A-009D7841E9C5}" "1029" "0"
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0044-0405-1000-0000000FF1CE}" "{010BF41A-4D78-40C3-90BA-117DF64A0AE2}" "1029" "0"
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0090-0405-1000-0000000FF1CE}" "{010BF41A-4D78-40C3-90BA-117DF64A0AE2}" "1029" "0"
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-00A1-0405-1000-0000000FF1CE}" "{010BF41A-4D78-40C3-90BA-117DF64A0AE2}" "1029" "0"
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-00BA-0405-1000-0000000FF1CE}" "{010BF41A-4D78-40C3-90BA-117DF64A0AE2}" "1029" "0"
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-00C1-0000-1000-0000000FF1CE}" "{1931508C-C004-4983-81E3-70BE6252904B}" "1029" "0"
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-00C1-0405-1000-0000000FF1CE}" "{6E88843F-58F2-45EB-8C4A-0DDFE45366E1}" "1029" "0"
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-00E1-0405-1000-0000000FF1CE}" "{010BF41A-4D78-40C3-90BA-117DF64A0AE2}" "1029" "0"
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-00E2-0405-1000-0000000FF1CE}" "{010BF41A-4D78-40C3-90BA-117DF64A0AE2}" "1029" "0"
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-012B-0405-1000-0000000FF1CE}" "{010BF41A-4D78-40C3-90BA-117DF64A0AE2}" "1029" "0"
TeamViewer 9-->C:\Program Files (x86)\TeamViewer\Version9\uninstall.exe
TuneUp Utilities 2014-->C:\Program Files (x86)\TuneUp Utilities 2014\TUInstallHelper.exe --Trigger-Uninstall
Update for Microsoft Access 2013 (KB2956176) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-1000-0000000FF1CE}" "{39042DCD-C595-47E7-A351-F177CF0C0F5C}" "1029" "0"
Update for Microsoft Access 2013 (KB2956176) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0015-0405-1000-0000000FF1CE}" "{39042DCD-C595-47E7-A351-F177CF0C0F5C}" "1029" "0"
Update for Microsoft Excel 2013 (KB2956145) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-1000-0000000FF1CE}" "{5136F26A-1CD2-4BA4-A059-E25E58403B18}" "1029" "0"
Update for Microsoft Excel 2013 (KB2956145) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0016-0405-1000-0000000FF1CE}" "{5136F26A-1CD2-4BA4-A059-E25E58403B18}" "1029" "0"
Update for Microsoft Excel 2013 (KB2956145) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0018-0405-1000-0000000FF1CE}" "{5136F26A-1CD2-4BA4-A059-E25E58403B18}" "1029" "0"
Update for Microsoft Excel 2013 (KB2956145) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001B-0405-1000-0000000FF1CE}" "{5136F26A-1CD2-4BA4-A059-E25E58403B18}" "1029" "0"
Update for Microsoft Excel 2013 (KB2956145) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-00C1-0405-1000-0000000FF1CE}" "{5136F26A-1CD2-4BA4-A059-E25E58403B18}" "1029" "0"
Update for Microsoft Lync 2013 (KB2881083) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-012B-0405-1000-0000000FF1CE}" "{33C2026D-69D0-4582-B19F-203C5AA01794}" "1029" "0"
Update for Microsoft Lync 2013 (KB2956174) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-1000-0000000FF1CE}" "{E7396A71-6BAC-4A67-8B4F-384CA2257A41}" "1029" "0"
Update for Microsoft Lync 2013 (KB2956174) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-00C1-0000-1000-0000000FF1CE}" "{E7396A71-6BAC-4A67-8B4F-384CA2257A41}" "1029" "0"
Update for Microsoft Lync 2013 (KB2956174) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-012B-0405-1000-0000000FF1CE}" "{E7396A71-6BAC-4A67-8B4F-384CA2257A41}" "1029" "0"
Update for Microsoft Office 2013 (KB2760249) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-1000-0000000FF1CE}" "{7A4AB8E1-C091-4BD3-B308-844BA6EE752A}" "1029" "0"
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-1000-0000000FF1CE}" "{EF77B4A6-DFEC-4010-A87D-9B6BF87FABEC}" "1029" "0"
Update for Microsoft Office 2013 (KB2760371) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-1000-0000000FF1CE}" "{25DEA344-FF6F-41BD-B88F-5242BB8E80E1}" "1029" "0"
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-1000-0000000FF1CE}" "{62857CDD-2985-4939-91BA-19ED0B0031A5}" "1029" "0"
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-1000-0000000FF1CE}" "{0814662C-FD28-4DE0-ACE5-EE50D1D6C8FB}" "1029" "0"
Update for Microsoft Office 2013 (KB2837654) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-1000-0000000FF1CE}" "{2147FFF7-71C4-4306-AFE2-1AA7A6025BB1}" "1029" "0"
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-1000-0000000FF1CE}" "{290D80DE-03AB-47EC-9402-108AF4CE4F66}" "1029" "0"
Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-1000-0000000FF1CE}" "{8116ED50-F1E7-49E1-9D8D-421497D34B0F}" "1029" "0"
Update for Microsoft Office 2013 (KB2880977) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-1000-0000000FF1CE}" "{3FF26B00-AC61-487F-B03B-5D83415C5408}" "1029" "0"
Update for Microsoft Office 2013 (KB2881001) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-1000-0000000FF1CE}" "{DF1B7B95-4A86-4605-A628-556394B5580A}" "1029" "0"
Update for Microsoft Office 2013 (KB2881008) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-006E-0405-1000-0000000FF1CE}" "{FCA6FD54-B1B9-4747-9E2B-2DDE78D0D58B}" "1029" "0"
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-1000-0000000FF1CE}" "{885C981B-F1E3-430A-A099-31CA9D28C251}" "1029" "0"
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0016-0405-1000-0000000FF1CE}" "{885C981B-F1E3-430A-A099-31CA9D28C251}" "1029" "0"
Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-1000-0000000FF1CE}" "{E919ACF4-A1D7-4CAA-A103-5EB115563721}" "1029" "0"
Update for Microsoft Office 2013 (KB2883095) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-1000-0000000FF1CE}" "{EADBF225-163E-406B-B11A-26ECCCAB5A0E}" "1029" "0"
Update for Microsoft Office 2013 (KB2889927) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-1000-0000000FF1CE}" "{0A84CF05-F164-471D-8AFB-AC4C7FF7CA71}" "1029" "0"
Update for Microsoft Office 2013 (KB2889927) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-006E-0405-1000-0000000FF1CE}" "{0A84CF05-F164-471D-8AFB-AC4C7FF7CA71}" "1029" "0"
Update for Microsoft Office 2013 (KB2889927) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-00C1-0000-1000-0000000FF1CE}" "{0A84CF05-F164-471D-8AFB-AC4C7FF7CA71}" "1029" "0"
Update for Microsoft Office 2013 (KB2899498) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-1000-0000000FF1CE}" "{D7FAA622-6BCF-4EDF-8C34-A48E1838D57B}" "1029" "0"
Update for Microsoft Office 2013 (KB2899498) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0016-0405-1000-0000000FF1CE}" "{D7FAA622-6BCF-4EDF-8C34-A48E1838D57B}" "1029" "0"
Update for Microsoft Office 2013 (KB2899522) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-1000-0000000FF1CE}" "{A4E88D96-814F-4183-8DB2-BA3EC2B7E434}" "1029" "0"
Update for Microsoft Office 2013 (KB2920754) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-1000-0000000FF1CE}" "{2513C305-E7E9-46F9-BECA-C6AC02D769B3}" "1029" "0"
Update for Microsoft Office 2013 (KB2920769) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-1000-0000000FF1CE}" "{C906EC6B-8610-487F-8528-658FE2575C86}" "1029" "0"
Update for Microsoft Office 2013 (KB2956148) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-1000-0000000FF1CE}" "{F499AD64-02E9-48E0-84BE-498FBCDC7A95}" "1029" "0"
Update for Microsoft Office 2013 (KB2956154) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-1000-0000000FF1CE}" "{8AB3858C-5246-4C78-937F-86A38A494CAA}" "1029" "0"
Update for Microsoft Office 2013 (KB2956168) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001F-0405-1000-0000000FF1CE}" "{D285D043-0A8F-4358-B98F-C444872AEB51}" "1029" "0"
Update for Microsoft Office 2013 (KB2956168) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001F-0407-1000-0000000FF1CE}" "{A578E179-A2BA-42CE-ABF4-1F71EF6BEB0C}" "1029" "0"
Update for Microsoft Office 2013 (KB2956168) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001F-0409-1000-0000000FF1CE}" "{B6DACAB4-FD25-408D-AA58-F62B83A80233}" "1029" "0"
Update for Microsoft Office 2013 (KB2956168) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001F-041B-1000-0000000FF1CE}" "{EEAC4722-30BB-4C73-A7E7-4A6B731BE9A8}" "1029" "0"
Update for Microsoft Office 2013 (KB2956169) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-1000-0000000FF1CE}" "{B5A6B49E-30F3-4D1D-8F9C-E53712D30996}" "1029" "0"
Update for Microsoft Office 2013 (KB2956171) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-1000-0000000FF1CE}" "{A3DC29E8-0E97-448A-B9C0-9086CB8B3E86}" "1029" "0"
Update for Microsoft Office 2013 (KB2956177) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-1000-0000000FF1CE}" "{3F8EF29A-A7F8-48B0-BA19-01D0B88AB1B7}" "1029" "0"
Update for Microsoft Office 2013 (KB2956177) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-00C1-0000-1000-0000000FF1CE}" "{3F8EF29A-A7F8-48B0-BA19-01D0B88AB1B7}" "1029" "0"
Update for Microsoft OneDrive for Business (KB2920746) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-1000-0000000FF1CE}" "{98F3EBD3-07A0-4239-85BB-7DB8A1185CA6}" "1029" "0"
Update for Microsoft OneDrive for Business (KB2920746) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-00BA-0405-1000-0000000FF1CE}" "{98F3EBD3-07A0-4239-85BB-7DB8A1185CA6}" "1029" "0"
Update for Microsoft OneDrive for Business (KB2920746) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-00C1-0000-1000-0000000FF1CE}" "{98F3EBD3-07A0-4239-85BB-7DB8A1185CA6}" "1029" "0"
Update for Microsoft OneDrive for Business (KB2920746) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-00C1-0405-1000-0000000FF1CE}" "{98F3EBD3-07A0-4239-85BB-7DB8A1185CA6}" "1029" "0"
Update for Microsoft OneNote 2013 (KB2956165) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-1000-0000000FF1CE}" "{91760BB8-6AB7-4252-BF92-EDCE196BCD8D}" "1029" "0"
Update for Microsoft OneNote 2013 (KB2956165) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-00A1-0405-1000-0000000FF1CE}" "{91760BB8-6AB7-4252-BF92-EDCE196BCD8D}" "1029" "0"
Update for Microsoft OneNote 2013 (KB2956165) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-00C1-0000-1000-0000000FF1CE}" "{91760BB8-6AB7-4252-BF92-EDCE196BCD8D}" "1029" "0"
Update for Microsoft Outlook 2013 (KB2956170) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-1000-0000000FF1CE}" "{79EC1590-20DA-4B91-8674-7FD28CB73EBA}" "1029" "0"
Update for Microsoft Outlook 2013 (KB2956170) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001A-0405-1000-0000000FF1CE}" "{79EC1590-20DA-4B91-8674-7FD28CB73EBA}" "1029" "0"
Update for Microsoft Outlook Social Connector 2013 (KB2737996) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-1000-0000000FF1CE}" "{4DAEE65E-8D3C-409C-8836-1777D2165F22}" "1029" "0"
Update for Microsoft Outlook Social Connector 2013 (KB2737996) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-001A-0405-1000-0000000FF1CE}" "{4DAEE65E-8D3C-409C-8836-1777D2165F22}" "1029" "0"
Update for Microsoft PowerPoint 2013 (KB2965206) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-1000-0000000FF1CE}" "{2D6B72C2-F8EC-4FBC-ACBE-A83767F6F56B}" "1029" "0"
Update for Microsoft PowerPoint 2013 (KB2965206) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0018-0405-1000-0000000FF1CE}" "{2D6B72C2-F8EC-4FBC-ACBE-A83767F6F56B}" "1029" "0"
Update for Microsoft Project 2013 (KB2956187) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-00C1-0000-1000-0000000FF1CE}" "{8E862B4E-0F3B-4B17-8E80-A0A81BE871C9}" "1029" "0"
Update for Microsoft Publisher 2013 (KB2883048) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-1000-0000000FF1CE}" "{F24DFA32-C8EE-4AFB-89AB-07EE7A52E414}" "1029" "0"
Update for Microsoft Publisher 2013 (KB2883048) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0019-0405-1000-0000000FF1CE}" "{F24DFA32-C8EE-4AFB-89AB-07EE7A52E414}" "1029" "0"
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" /removereleaseinpatch "{90150000-0011-0000-1000-0000000FF1CE}" "{BC51FE30-3A56-4802-8D9E-E9BC05B56B49}" "1029" "0"
WinRAR-->C:\Program Files (x86)\WinRAR\uninstall.exe

======System event log======

Computer Name: 37L4247F27-25
Event Code: 7036
Message: Stav služby Distributed Link Tracking Client byl změněn na: stopped
Record Number: 5
Source Name: Service Control Manager
Time Written: 20101121035831.108772-000
Event Type: Informace
User: 

Computer Name: 37L4247F27-25
Event Code: 7036
Message: Stav služby Desktop Window Manager Session Manager byl změněn na: stopped
Record Number: 4
Source Name: Service Control Manager
Time Written: 20101121035831.108772-000
Event Type: Informace
User: 

Computer Name: 37L4247F27-25
Event Code: 7036
Message: Stav služby Power byl změněn na: stopped
Record Number: 3
Source Name: Service Control Manager
Time Written: 20101121035831.108772-000
Event Type: Informace
User: 

Computer Name: 37L4247F27-25
Event Code: 7036
Message: Stav služby Windows Event Log byl změněn na: stopped
Record Number: 2
Source Name: Service Control Manager
Time Written: 20101121035831.093172-000
Event Type: Informace
User: 

Computer Name: 37L4247F27-25
Event Code: 7036
Message: Stav služby Diagnostic Policy Service byl změněn na: stopped
Record Number: 1
Source Name: Service Control Manager
Time Written: 20101121035831.093172-000
Event Type: Informace
User: 

=====Application event log=====

Computer Name: 37L4247F27-25
Event Code: 5617
Message: Windows Management Instrumentation Service subsystems initialized successfully
Record Number: 5
Source Name: Microsoft-Windows-WMI
Time Written: 20141130191146.000000-000
Event Type: Informace
User: 

Computer Name: 37L4247F27-25
Event Code: 5615
Message: Windows Management Instrumentation Service started sucessfully
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20141130191141.000000-000
Event Type: Informace
User: 

Computer Name: 37L4247F27-25
Event Code: 4625
Message: Subsystém EventSystem zabraňuje vytváření duplicitních záznamů v protokolu událostí po dobu 86400 sekund.  Tuto dobu lze změnit pomocí hodnoty REG_DWORD s názvem SuppressDuplicateDuration v následujícím klíči registru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 3
Source Name: Microsoft-Windows-EventSystem
Time Written: 20141130191133.000000-000
Event Type: Informace
User: 

Computer Name: 37L4247F27-25
Event Code: 1531
Message: Služba Profil uživatele byla úspěšně spuštěna.  


Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20141130191132.984375-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: 37L4247F27-25
Event Code: 1532
Message: Služba Profil uživatele byla zastavena.  


Record Number: 1
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20101121035831.124372-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: 37L4247F27-25
Event Code: 4735
Message: Byla změněna zabezpečená místní skupina.

Předmět:
	ID zabezpečení:		S-1-5-18
	Název účtu:		37L4247F27-25$
	Doména účtu:		WORKGROUP
	ID přihlášení:		0x3e7

Skupina:
	ID zabezpečení:		S-1-5-32-551
	Název skupiny:		Backup Operators
	Doména skupiny:		Builtin

Změněné atributy:
	Název účtu SAM:	-
	Historie identifikátoru zabezpečení:		-

Další informace:
	Oprávnění:		-
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20141130191100.359375-000
Event Type: Úspěšný audit
User: 

Computer Name: 37L4247F27-25
Event Code: 4731
Message: Byla vytvořena zabezpečená místní skupina.

Předmět:
	ID zabezpečení:		S-1-5-18
	Název účtu:		37L4247F27-25$
	Doména účtu:		WORKGROUP
	ID přihlášení:		0x3e7

Nová skupina:
	ID zabezpečení:		S-1-5-32-551
	Název skupiny:		Backup Operators
	Doména skupiny:		Builtin

Atributy:
	Název účtu SAM:	Backup Operators
	Historie identifikátoru zabezpečení:		-

Další informace:
	Oprávnění:		-
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20141130191100.312500-000
Event Type: Úspěšný audit
User: 

Computer Name: 37L4247F27-25
Event Code: 4902
Message: Tabulka zásad auditu pro jednotlivé uživatele byla vytvořena.

Počet prvků:	0
ID zásady:	0x3a691
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20141130191059.500000-000
Event Type: Úspěšný audit
User: 

Computer Name: 37L4247F27-25
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
	ID zabezpečení:		S-1-0-0
	Název účtu:		-
	Doména účtu:		-
	ID přihlášení:		0x0

Typ přihlášení:			0

Nové přihlášení:
	ID zabezpečení:		S-1-5-18
	Název účtu:		SYSTEM
	Doména účtu:		NT AUTHORITY
	ID přihlášení:		0x3e7
	GUID přihlášení:		{00000000-0000-0000-0000-000000000000}

Informace o procesu:
	ID procesu:		0x4
	Název procesu:		

Informace o síti:
	Název pracovní stanice:	-
	Adresa zdrojové sítě	-
	Zdrojový port:		-

Podrobné informace o ověření:
	Proces přihlášení:		-
	Balíček ověření:	-
	Přenosové služby:	-
	Název balíčku (pouze NTLM):	-
	Délka klíče:		0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
	- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
	- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
	- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
	- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20141130191054.828125-000
Event Type: Úspěšný audit
User: 

Computer Name: 37L4247F27-25
Event Code: 4608
Message: Spouští se systém Windows.

Tato událost je zaznamenána při spuštění procesu LSASS.EXE a inicializaci kontrolního podsystému.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20141130191054.578125-000
Event Type: Úspěšný audit
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log
"windows_tracing_flags"=3
"ESET_OPTIONS"=                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               

-----------------EOF-----------------

[shaman171]

Log z Combofix:

Kód: Vybrat vše

ComboFix 15-03-14.03 - Vrba-PC 22.03.2015  17:51:15.1.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1250.420.1029.18.1789.201 [GMT 1:00]
Spuštěný z: c:\users\Vrba-PC\Desktop\ComboFix.exe
AV: ESET Smart Security 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personální firewall *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Ostatní výmazy   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Vrba-PC\AppData\Local\AlawarHelper.exe
c:\windows\SysWow64\pthreadVC.dll
.
.
(((((((((((((((((((((((((   Soubory vytvořené od 2015-02-22 do 2015-03-22  )))))))))))))))))))))))))))))))
.
.
2015-03-22 17:01 . 2015-03-22 17:01	--------	d-----w-	c:\users\DefaultAppPool\AppData\Local\temp
2015-03-22 17:01 . 2015-03-22 17:01	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-03-22 16:37 . 2015-03-22 16:38	--------	d-----w-	c:\program files\trend micro
2015-03-22 16:37 . 2015-03-22 16:38	--------	d-----w-	C:\rsit
2015-03-21 14:59 . 2015-01-29 09:07	11910896	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{5607759E-72DA-4CDD-8076-2208CDD666A4}\mpengine.dll
2015-03-11 12:16 . 2015-02-20 05:25	41984	----a-w-	c:\windows\system32\lpk.dll
2015-03-11 12:15 . 2015-02-03 03:51	215040	----a-w-	c:\windows\system32\ubpm.dll
2015-03-11 12:10 . 2015-02-04 03:46	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2015-03-11 12:10 . 2015-02-04 03:23	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2015-02-27 15:39 . 2015-02-27 15:39	--------	d-----w-	c:\programdata\Playrix Entertainment
2015-02-27 15:38 . 2015-02-27 15:38	--------	d-----w-	c:\users\Vrba-PC\AppData\Local\AlawarWrapper
2015-02-27 15:38 . 2015-02-27 15:38	--------	d-----w-	c:\users\Vrba-PC\AppData\Local\Yandex
2015-02-27 15:38 . 2015-02-27 15:38	--------	d-----w-	c:\users\Vrba-PC\AppData\Local\Amigo
2015-02-27 15:37 . 2015-02-27 15:38	--------	d-----w-	c:\programdata\AlawarWrapper
2015-02-25 17:15 . 2015-02-25 17:15	5325696	----a-w-	c:\program files\ccsetup503.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M výpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-11 19:20 . 2014-12-01 02:27	122905848	----a-w-	c:\windows\system32\MRT.exe
2015-03-06 05:32 . 2015-03-11 12:15	342016	----a-w-	c:\windows\system32\schannel.dll
2015-03-06 05:11 . 2015-03-11 12:15	248832	----a-w-	c:\windows\SysWow64\schannel.dll
2015-02-28 12:26 . 2010-11-21 03:24	419840	----a-w-	c:\windows\system32\systemcpl.dll
2015-02-24 03:17 . 2010-11-21 03:27	295552	------w-	c:\windows\system32\MpSigStub.exe
2015-02-17 14:30 . 2015-02-17 14:30	1691808	----a-w-	c:\windows\system32\FM20.DLL
2015-02-05 18:51 . 2014-12-03 16:14	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 18:51 . 2014-12-03 16:14	701616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-04 03:16 . 2015-02-11 12:11	609280	----a-w-	c:\windows\system32\generaltel.dll
2015-02-04 03:16 . 2015-02-11 12:11	762368	----a-w-	c:\windows\system32\invagent.dll
2015-02-04 03:16 . 2015-02-11 12:11	414720	----a-w-	c:\windows\system32\devinv.dll
2015-02-04 03:16 . 2015-02-11 12:11	894976	----a-w-	c:\windows\system32\appraiser.dll
2015-02-04 03:16 . 2015-02-11 12:11	227328	----a-w-	c:\windows\system32\aepdu.dll
2015-02-04 03:16 . 2015-02-11 12:11	192000	----a-w-	c:\windows\system32\aepic.dll
2015-02-04 03:13 . 2015-02-11 12:11	1098752	----a-w-	c:\windows\system32\aeinv.dll
2015-02-03 10:50 . 2015-02-03 10:50	11743631	----a-w-	c:\program files\cc-setup.exe
2015-02-01 19:14 . 2015-02-01 19:14	1685072	----a-w-	c:\program files\uTorrent.exe
2015-02-01 18:26 . 2015-02-01 18:25	8008609	----a-w-	c:\program files\uTorrent-setup.exe
2015-01-27 23:36 . 2015-02-11 12:11	1239720	----a-w-	c:\windows\system32\aitstatic.exe
2015-01-09 03:14 . 2015-02-17 21:13	91136	----a-w-	c:\windows\system32\wdi.dll
2015-01-09 03:14 . 2015-02-17 21:13	950272	----a-w-	c:\windows\system32\perftrack.dll
2015-01-09 03:14 . 2015-02-17 21:13	29696	----a-w-	c:\windows\system32\powertracker.dll
2015-01-09 02:48 . 2015-02-17 21:13	76800	----a-w-	c:\windows\SysWow64\wdi.dll
2014-12-19 20:54 . 2014-12-19 20:54	32736632	----a-w-	c:\program files\Seznam.cz.exe
2014-12-14 15:51 . 2014-12-14 15:51	2575672	----a-w-	c:\program files\hw32_440.exe
2014-12-14 15:48 . 2014-12-14 15:48	2594856	----a-w-	c:\program files\hw32_446.exe
2014-12-07 18:15 . 2014-12-07 18:15	5408350	----a-w-	c:\program files\FurMark_1.15.0_Setup.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2014-01-07 . 7FB4D54B502C6CF2E35B8188FA4CC08C . 1008128 . . [6.1.7601.21874] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.21874_none_2ba732bf9d4a4b31\user32.dll
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2014-11-30 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.21874] .. c:\windows\system32\user32.dll
.
[-] 2014-11-30 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.21874] .. c:\windows\SysWOW64\user32.dll
[7] 2014-01-07 . 9B836EE76E3A99052EF6DEA52B41D1BE . 833024 . . [6.1.7601.21874] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.21874_none_35fbdd11d1ab0d2c\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((((((((   Spouštěcí body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-01-21 14:05	1729744	----a-w-	c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-01-21 14:05	1729744	----a-w-	c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-01-21 14:05	1729744	----a-w-	c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-08-01 3673696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AVer HID Receiver.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2014-11-30 155648]
AVerQuick.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2014-11-30 651264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S2 AVerRemote;AVerRemote;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [x]
S2 AVerScheduleService;AVerScheduleService;c:\program files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe;c:\program files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 KMSServerService;KMS Server Service;c:\windows\KMSServerService\KMS Server Service.exe ;c:\windows\KMSServerService\KMS Server Service.exe  [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [x]
S3 AVerA706_x64;AVerMedia A706 BDA Service;c:\windows\system32\DRIVERS\AVerA706_x64.sys;c:\windows\SYSNATIVE\DRIVERS\AVerA706_x64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs	REG_MULTI_SZ   	w3svc was
apphost	REG_MULTI_SZ   	apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-21 15:34	1061704	----a-w-	c:\program files (x86)\Google\Chrome\Application\41.0.2272.101\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-03-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-03 18:51]
.
2015-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-30 19:31]
.
2015-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d042552c48f80.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-30 19:31]
.
2015-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-30 19:31]
.
2015-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d0425539d5f59.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-30 19:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-01-21 14:01	2334928	----a-w-	c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-01-21 14:01	2334928	----a-w-	c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-01-21 14:01	2334928	----a-w-	c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2014-10-01 5595336]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-10-18 1028384]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-10-18 1063200]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.atarata.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do Microsoft Excelu - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Od&eslat do OneNotu - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 78.156.32.2 8.8.8.8
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-03-22  18:05:06
ComboFix-quarantined-files.txt  2015-03-22 17:05
.
Před spuštěním: Volných bajtů: 78 553 313 280
Po spuštění: Volných bajtů: 78 402 330 624
.
- - End Of File - - 3453F33FF1C73116BB8B661A4CDE4745
A36C5E4F47E84449FF07ED3517B43A31

[Márty84]

Zdravim

Muzete mi rict, proc jste spoustel ComboFix? Umite s nim zachazet?

Kdybyste si precetl pravidla fora http://forum.viry.cz/viewtopic.php?f=12&t=5601 , docetl byste se mimo jine toto

2. Před položením dotazu použijte tlačítko Hledat. Možná již někdo problém podobným Vašemu řešil. Pokud ale ve vyřešeném tématu budou aplikovány různé utility\aplikace, nespouštějte je. Utility se používají až na pokyn rádce, jelikož mohou mazat stopy po havěti a v rukou ne-oborníka může mít jejich použití nedozírné následky.

3. Zvláště utilitu ComboFix nespouštějte i když Vám ji poradil kamarád\nějaký rádoby odborný web. Naše fórum je jediné z CZ-SK antivirových fór, která mají právo luštit logy z ComboFixu a mámě též plnou podporu autora této utility a přístup k nejaktuálnějším informacím a návodům.

Zkusim se na to podivat, ale pokud se to bude opakovat, bude pomoc odmitnuta.
A taky upozornuji, ze se to mozna protahne a vysledek vubec neni jisty




Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

[Márty84]

A nedavejte logy do Code, spatne se to cte

[shaman171]

Omlouvám se, že to tak trvalo, včera jsem se k PC vůbec nedostal.

ComboFix jsem spustil právě proto, že jsem nalezl podobné téma a tam byla rada ho spustit, pravidla jsem si bohužel nepřečetl, takže chápu, že je možné, že budou následky. Příště již budu chytřejší! A omlouvám se

Děkuji Vám, že i přes to se mým problémem zabýváte, mohu ovšem říct, že po spuštění ComboFixu se problém zlepšil ba možná vyřešil, RAM nyní již nejsou tolik vytěžovány a řekl bych, že je vše v normálu, pro jistotu samozřejmě přikládám logy z OTL (tentokrát již ne do code)


Extras.txt

OTL Extras logfile created on: 24.3.2015 19:34:37 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vrba-PC\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17691)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,75 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 54,28% Memory free
3,50 Gb Paging File | 2,06 Gb Available in Paging File | 58,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148,95 Gb Total Space | 72,48 Gb Free Space | 48,66% Space Free | Partition Type: NTFS
Drive D: | 298,08 Gb Total Space | 71,29 Gb Free Space | 23,92% Space Free | Partition Type: NTFS
Drive J: | 1863,01 Gb Total Space | 122,41 Gb Free Space | 6,57% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: Vrba-PC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1811662729-3697714405-3130458461-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{027B3860-4D5F-4C00-A1C2-92F4B6A82F76}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{28B86AAB-54D7-4829-8A98-D16A35E1B0C2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe |
"{3D95916F-8931-4FC8-BF65-6047750BC494}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{60D573C6-FD0C-497E-A565-1815823BC1E1}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{6406CBD0-3EFA-479B-AF5E-73867CAF1AB1}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{A2EF5AF8-D83D-44EB-BB9A-6A814A4BEADE}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BDE8EC4-E073-410C-8A97-A5B4EF6A3DAD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{0C9C7111-CA65-4DC5-9C9C-DFF4D4C16705}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{1622CFF5-5C2D-40F5-8A87-F36C8877B02B}" = protocol=17 | dir=in | app=d:\záloha - starý pc\program files\mozilla firefox\firefox.exe |
"{4AE62AB4-2045-41A5-9B65-FE79B0C70598}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{5D16EBD9-69A5-4564-8B9D-34DE71A4F29C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{618A8C19-E203-478A-8CC9-32FA6B968BC8}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{6778BB12-DF44-4C2F-96A4-556E96C1121E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{6920C6AB-A557-43D7-8114-59E7872E5F7F}" = protocol=6 | dir=in | app=d:\záloha - starý pc\program files\mozilla firefox\firefox.exe |
"{6D456CDB-74E6-4A27-95D4-202F23D005DC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{70D63FE2-B9D5-48A5-BCE9-B26CCF7F35C8}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{7911EE5B-6B3C-48AF-8764-27CCFA77E78C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{99E7ABC5-87BE-4DD7-91CC-DE94BDF555D5}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{AC0013DE-D3F8-4E58-882A-6DA53D21F24D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{CDBE09AE-CAAC-4C0A-8CE6-915D08E58707}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26784146-6E05-3FF9-9335-786C7C0FB5BE}" = Microsoft .NET Framework 4.5.2
"{443D1D0A-17E5-4F61-8074-8801BDB430CC}" = ESET Smart Security
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{90150000-0015-0405-1000-0000000FF1CE}" = Microsoft Access MUI (Czech) 2013
"{90150000-0016-0405-1000-0000000FF1CE}" = Microsoft Excel MUI (Czech) 2013
"{90150000-0018-0405-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (Czech) 2013
"{90150000-0019-0405-1000-0000000FF1CE}" = Microsoft Publisher MUI (Czech) 2013
"{90150000-001A-0405-1000-0000000FF1CE}" = Microsoft Outlook MUI (Czech) 2013
"{90150000-001B-0405-1000-0000000FF1CE}" = Microsoft Word MUI (Czech) 2013
"{90150000-001F-0405-1000-0000000FF1CE}" = Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština
"{90150000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-041B-1000-0000000FF1CE}" = Nástroje korektúry balíka Microsoft Office 2013 - slovenčina
"{90150000-002C-0405-1000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2013
"{90150000-0044-0405-1000-0000000FF1CE}" = Microsoft InfoPath MUI (Czech) 2013
"{90150000-006E-0405-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2013
"{90150000-0090-0405-1000-0000000FF1CE}" = Microsoft DCF MUI (Czech) 2013
"{90150000-00A1-0405-1000-0000000FF1CE}" = Microsoft OneNote MUI (Czech) 2013
"{90150000-00BA-0405-1000-0000000FF1CE}" = Microsoft Groove MUI (Czech) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0405-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Czech) 2013
"{90150000-00E1-0405-1000-0000000FF1CE}" = Microsoft Office OSM MUI (Czech) 2013
"{90150000-00E2-0405-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (Czech) 2013
"{90150000-012B-0405-1000-0000000FF1CE}" = Microsoft Lync MUI (Czech) 2013
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029" = Microsoft .NET Framework 4.5.2 (čeština)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2
"{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Ovladač 3D Vision 340.52
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 340.52
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Ovladače grafiky 340.52
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.7
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Ovladač řídící jednotky 3D Vision 340.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Systémový software PhysX 9.13.1220
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizace NVIDIA 9.3.16
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 9.3.16
"{C48AF3CF-C632-3C19-838E-7DAB7283D46A}" = Microsoft .NET Framework 4.5.2 (CSY)
"CCleaner" = CCleaner
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Office15.PROPLUS" = Microsoft Office Professional Plus 2013
"TNod" = TNod User & Password Finder

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{14C8CE46-C68C-461B-BCA9-E276A85851C6}" = TuneUp Utilities 2014 (en-US)
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D FurMark 1.15.0.0
"{26A24AE4-039D-4CA4-87B4-2F83218025F0}" = Java 8 Update 25
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5016185F-05AF-455F-AA70-6B6E5D6D4E70}" = AVerTV
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX
"{92C41B26-EBC5-41C5-8B6F-E3EF7E57FF16}" = AVerMedia Applications
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-AB0000000001}" = Adobe Reader XI (11.0.10) - Czech
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}" = TuneUp Utilities 2014
"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
"AVerMedia A16D PCI Hybrid DVB-T" = AVerMedia A16D PCI Hybrid DVB-T 3.6.64.15
"AVerMedia Media Center Plug-ins" = AVerMedia Media Center Plug-ins 2.0.8.0
"BurnInTest_is1" = BurnInTest v5.3 Pro
"DAEMON Tools Lite" = DAEMON Tools Lite
"GOM Player" = GOM Player
"Google Chrome" = Google Chrome
"HWiNFO32_is1" = HWiNFO32 Version 4.46
"InstallShield_{5016185F-05AF-455F-AA70-6B6E5D6D4E70}" = AVerTV
"InstallShield_{92C41B26-EBC5-41C5-8B6F-E3EF7E57FF16}" = AVerMedia Applications
"Mozilla Firefox 36.0.1 (x86 cs)" = Mozilla Firefox 36.0.1 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 28.0.1750.40" = Opera Stable 28.0.1750.40
"TeamViewer 9" = TeamViewer 9
"TuneUp Utilities" = TuneUp Utilities 2014
"WinRAR archiver" = WinRAR

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1811662729-3697714405-3130458461-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Seznam Browser" = Prohlížeč Seznam.cz

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 22.3.2015 12:06:09 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro D:\Záloha - starý PC\Program Files\Safari\Safari.exe
se nezdařilo. Závislé sestavení Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 22.3.2015 12:07:02 | Computer Name = PC | Source = WinMgmt | ID = 10
Description =

Error - 22.3.2015 12:49:54 | Computer Name = PC | Source = Software Protection Platform Service | ID = 8193
Description = Plánovač aktivace licence (sppuinotify.dll) byl ukončen s následujícím
kódem chyby: 0x80070005

Error - 22.3.2015 13:08:43 | Computer Name = PC | Source = Winlogon | ID = 4103
Description = Aktivace licence systému Windows se nezdařila. Chyba 0x80070005.

Error - 22.3.2015 13:09:20 | Computer Name = PC | Source = NvStreamSvc | ID = 131073
Description =

Error - 22.3.2015 13:09:20 | Computer Name = PC | Source = NvStreamSvc | ID = 131073
Description =

Error - 22.3.2015 13:09:59 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro D:\Záloha - starý PC\Program Files\Safari\Safari.exe
se nezdařilo. Závislé sestavení Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 22.3.2015 13:10:12 | Computer Name = PC | Source = WinMgmt | ID = 10
Description =

Error - 23.3.2015 6:56:37 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro D:\Záloha - starý PC\Program Files\Safari\Safari.exe
se nezdařilo. Závislé sestavení Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error - 24.3.2015 6:40:57 | Computer Name = PC | Source = Office Software Protection Platform Service | ID = 16385
Description = Failed to schedule Software Protection service for re-start at 2015-03-29T09:21:44Z.
Error Code: 0x80071A90.

[ Key Management Service Events ]
Error - 20.3.2015 11:44:43 | Computer Name = PC | Source = KmsRequests | ID = 902
Description = Služba Ochrana softwaru byla spuštěna. Invalid KMS Hardware ID! ?364F463A8863D35F
is not a valid argument.

Error - 20.3.2015 11:49:20 | Computer Name = PC | Source = KmsRequests | ID = 902
Description = Služba Ochrana softwaru byla spuštěna. Invalid KMS Hardware ID! ?364F463A8863D35F
is not a valid argument.

Error - 20.3.2015 15:20:54 | Computer Name = PC | Source = KmsRequests | ID = 902
Description = Služba Ochrana softwaru byla spuštěna. Invalid KMS Hardware ID! ?364F463A8863D35F
is not a valid argument.

Error - 21.3.2015 10:30:04 | Computer Name = PC | Source = KmsRequests | ID = 902
Description = Služba Ochrana softwaru byla spuštěna. Invalid KMS Hardware ID! ?364F463A8863D35F
is not a valid argument.

Error - 22.3.2015 3:58:01 | Computer Name = PC | Source = KmsRequests | ID = 902
Description = Služba Ochrana softwaru byla spuštěna. Invalid KMS Hardware ID! ?364F463A8863D35F
is not a valid argument.

Error - 22.3.2015 4:37:10 | Computer Name = PC | Source = KmsRequests | ID = 902
Description = Služba Ochrana softwaru byla spuštěna. Invalid KMS Hardware ID! ?364F463A8863D35F
is not a valid argument.

Error - 22.3.2015 5:15:21 | Computer Name = PC | Source = KmsRequests | ID = 902
Description = Služba Ochrana softwaru byla spuštěna. Invalid KMS Hardware ID! ?364F463A8863D35F
is not a valid argument.

Error - 22.3.2015 11:42:40 | Computer Name = PC | Source = KmsRequests | ID = 902
Description = Služba Ochrana softwaru byla spuštěna. Invalid KMS Hardware ID! ?364F463A8863D35F
is not a valid argument.

Error - 22.3.2015 12:05:34 | Computer Name = PC | Source = KmsRequests | ID = 902
Description = Služba Ochrana softwaru byla spuštěna. Invalid KMS Hardware ID! ?364F463A8863D35F
is not a valid argument.

Error - 22.3.2015 13:08:59 | Computer Name = PC | Source = KmsRequests | ID = 902
Description = Služba Ochrana softwaru byla spuštěna. Invalid KMS Hardware ID! ?364F463A8863D35F
is not a valid argument.

[ System Events ]
Error - 22.3.2015 12:49:54 | Computer Name = PC | Source = DCOM | ID = 10001
Description =

Error - 22.3.2015 12:56:11 | Computer Name = PC | Source = DCOM | ID = 10005
Description =

Error - 22.3.2015 12:56:11 | Computer Name = PC | Source = Service Control Manager | ID = 7009
Description = Při čekání na připojení služby Služba Google Update (gupdate) bylo
dosaženo časového limitu (30000 ms).

Error - 22.3.2015 12:56:11 | Computer Name = PC | Source = Service Control Manager | ID = 7000
Description = Služba Služba Google Update (gupdate) neuspěla při spuštění v důsledku
následující chyby: %%1053

Error - 22.3.2015 12:57:50 | Computer Name = PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.

Error - 22.3.2015 13:00:53 | Computer Name = PC | Source = Application Popup | ID = 1060
Description = Načtení \??\C:\ComboFix\catchme.sys bylo zablokováno kvůli nekompatibilitě
s tímto systémem. Požádejte dodavatele softwaru o kompatibilní verzi ovladače.

Error - 22.3.2015 13:01:26 | Computer Name = PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.

Error - 22.3.2015 13:12:32 | Computer Name = PC | Source = Service Control Manager | ID = 7009
Description = Při čekání na připojení služby Služba Google Update (gupdate) bylo
dosaženo časového limitu (30000 ms).

Error - 22.3.2015 13:12:32 | Computer Name = PC | Source = Service Control Manager | ID = 7000
Description = Služba Služba Google Update (gupdate) neuspěla při spuštění v důsledku
následující chyby: %%1053

Error - 24.3.2015 6:42:00 | Computer Name = PC | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby PlugPlay bylo dosaženo časového
limitu (30000 ms).


< End of report >

[shaman171]

OTL
OTL logfile created on: 24.3.2015 19:34:37 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vrba-PC\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17691)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,75 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 54,28% Memory free
3,50 Gb Paging File | 2,06 Gb Available in Paging File | 58,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148,95 Gb Total Space | 72,48 Gb Free Space | 48,66% Space Free | Partition Type: NTFS
Drive D: | 298,08 Gb Total Space | 71,29 Gb Free Space | 23,92% Space Free | Partition Type: NTFS
Drive J: | 1863,01 Gb Total Space | 122,41 Gb Free Space | 6,57% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: Vrba-PC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015.03.24 19:32:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vrba-PC\Desktop\OTL.exe
PRC - [2015.02.09 18:56:22 | 004,943,120 | ---- | M] (TeamViewer GmbH) -- c:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Desktop.exe
PRC - [2015.02.09 18:56:21 | 005,249,808 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2015.02.09 18:56:20 | 014,433,552 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
PRC - [2015.02.09 18:10:54 | 000,229,648 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
PRC - [2015.02.06 22:36:32 | 000,232,264 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
PRC - [2014.11.30 22:36:32 | 000,211,968 | ---- | M] (My Digital Life Forums) -- C:\Windows\KMSServerService\KMS Server Service.exe
PRC - [2014.10.01 14:40:28 | 001,349,576 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2014.07.02 18:44:41 | 000,411,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013.10.18 02:34:57 | 001,028,384 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2010.01.06 10:43:41 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
PRC - [2009.12.07 14:13:14 | 000,397,312 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
PRC - [2009.12.01 10:51:23 | 000,348,160 | ---- | M] (AVerMedia) -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe


========== Modules (No Company Name) ==========

MOD - [2010.01.06 10:43:41 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe


========== Services (SafeList) ==========

SRV:64bit: - [2015.02.20 03:35:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014.10.01 14:40:28 | 001,349,576 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2014.01.07 10:15:32 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2014.01.07 09:04:50 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2013.12.18 10:01:02 | 000,043,320 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2013.10.18 02:35:48 | 015,122,208 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV - [2015.03.22 20:38:52 | 000,148,080 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015.02.09 18:56:21 | 005,249,808 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2015.02.05 19:51:13 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.12.03 07:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014.11.30 22:36:32 | 000,211,968 | ---- | M] (My Digital Life Forums) [Auto | Running] -- C:\Windows\KMSServerService\KMS Server Service.exe -- (KMSServerService)
SRV - [2014.07.02 18:44:41 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014.04.11 23:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014.03.20 23:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013.12.18 10:01:06 | 002,103,096 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2013.12.18 10:01:02 | 000,036,152 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.11.21 04:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.11.21 04:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010.11.21 04:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009.12.07 14:13:14 | 000,397,312 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService)
SRV - [2009.12.01 10:51:23 | 000,348,160 | ---- | M] (AVerMedia) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014.11.30 21:02:15 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2014.10.10 08:59:12 | 000,243,440 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2014.10.10 08:59:12 | 000,222,280 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2014.10.10 08:59:12 | 000,169,280 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2014.10.10 08:59:12 | 000,063,160 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2014.10.10 08:59:12 | 000,044,632 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2014.03.02 13:19:55 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2014.01.27 01:54:52 | 000,360,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2014.01.27 01:46:18 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2014.01.27 01:46:12 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2014.01.27 01:46:12 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2014.01.07 09:39:37 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2014.01.07 09:39:37 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013.10.02 03:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.23 15:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.04.08 12:11:10 | 001,478,656 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVerA706_x64.sys -- (AVerA706_x64)
DRV:64bit: - [2009.12.01 10:31:10 | 001,155,072 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudax3.sys -- (cmuda3)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2014.12.14 16:54:17 | 000,027,552 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS -- (HWiNFO32)
DRV - [2013.08.21 19:53:42 | 000,014,112 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1811662729-3697714405-3130458461-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.atarata.cz/
IE - HKU\S-1-5-21-1811662729-3697714405-3130458461-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1811662729-3697714405-3130458461-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IESR02
IE - HKU\S-1-5-21-1811662729-3697714405-3130458461-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "CZ"
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.region: "CZ"
FF - prefs.js..browser.startup.homepage: "http://start.atarata.cz/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:36.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF - HKLM\Software\MozillaPlugins\@alawar.com/npapi: C:\Windows\npapi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 36.0.1\extensions\\Components: D:\Záloha - starý PC\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 36.0.1\extensions\\Plugins: D:\Záloha - starý PC\Program Files\Mozilla Firefox\plugins

[2014.12.03 16:45:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vrba-PC\AppData\Roaming\Mozilla\Extensions
[2015.03.22 19:16:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vrba-PC\AppData\Roaming\Mozilla\Firefox\Profiles\esau7d5x.default\extensions
[2014.09.25 13:33:38 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

========== Chrome ==========

CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Vrba-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
CHR - Extension: No name found = C:\Users\Vrba-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Vrba-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\
CHR - Extension: No name found = C:\Users\Vrba-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig\1.3.14_0\
CHR - Extension: No name found = C:\Users\Vrba-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd\1.2.13_0\
CHR - Extension: No name found = C:\Users\Vrba-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
CHR - Extension: No name found = C:\Users\Vrba-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Vrba-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\Vrba-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.21_0\
CHR - Extension: No name found = C:\Users\Vrba-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\
CHR - Extension: No name found = C:\Users\Vrba-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak\1.7.3_0\
CHR - Extension: No name found = C:\Users\Vrba-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8_0\

O1 HOSTS File: ([2015.03.22 18:01:23 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [TNOD UP] C:\Program Files\TNod User & Password Finder\TNODUP.exe (Tukero[X]Team)
O4 - HKU\S-1-5-21-1811662729-3697714405-3130458461-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-1811662729-3697714405-3130458461-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_305_Plugin.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1811662729-3697714405-3130458461-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1811662729-3697714405-3130458461-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1811662729-3697714405-3130458461-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 78.156.32.2 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A51BB709-9E63-492C-9EE7-A199BB6BB6D2}: DhcpNameServer = 78.156.32.2 8.8.8.8
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.12.18 15:17:55 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.01.11 02:54:52 | 000,000,170 | ---- | M] () - J:\AUTORUN.FCB -- [ NTFS ]
O32 - AutoRun File - [2013.03.12 16:52:34 | 000,000,095 | ---- | M] () - J:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2015.03.24 19:32:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Vrba-PC\Desktop\OTL.exe
[2015.03.22 18:05:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2015.03.22 18:05:08 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2015.03.22 17:47:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2015.03.22 17:47:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2015.03.22 17:47:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2015.03.22 17:46:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2015.03.22 17:44:59 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2015.03.22 17:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2015.03.22 17:37:00 | 000,000,000 | ---D | C] -- C:\rsit
[2015.03.22 17:23:27 | 005,615,380 | R--- | C] (Swearware) -- C:\Users\Vrba-PC\Desktop\ComboFix.exe
[2015.03.11 20:29:21 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2015.03.11 13:17:07 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2015.03.11 13:17:07 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2015.03.11 13:17:07 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2015.03.11 13:17:07 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2015.03.11 13:17:07 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2015.03.11 13:17:07 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2015.03.11 13:17:06 | 000,718,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2015.03.11 13:17:06 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2015.03.11 13:17:06 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2015.03.11 13:17:06 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2015.03.11 13:17:05 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2015.03.11 13:17:05 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2015.03.11 13:17:05 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2015.03.11 13:17:05 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2015.03.11 13:17:05 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2015.03.11 13:17:05 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2015.03.11 13:17:04 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2015.03.11 13:17:04 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2015.03.11 13:17:04 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2015.03.11 13:17:04 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2015.03.11 13:17:04 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2015.03.11 13:17:04 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2015.03.11 13:17:03 | 002,125,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2015.03.11 13:17:03 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2015.03.11 13:17:02 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2015.03.11 13:17:02 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2015.03.11 13:17:02 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2015.03.11 13:17:02 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2015.03.11 13:17:01 | 006,035,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2015.03.11 13:17:01 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2015.03.11 13:17:01 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2015.03.11 13:17:01 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2015.03.11 13:17:01 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2015.03.11 13:17:00 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2015.03.11 13:17:00 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2015.03.11 13:16:58 | 000,372,224 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2015.03.11 13:16:58 | 000,299,008 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2015.03.11 13:16:58 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2015.03.11 13:16:58 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2015.03.11 13:16:58 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2015.03.11 13:16:58 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2015.03.11 13:16:58 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2015.03.11 13:16:58 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2015.03.11 13:16:50 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\blackbox.dll
[2015.03.11 13:16:50 | 000,744,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\blackbox.dll
[2015.03.11 13:16:49 | 001,202,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drmv2clt.dll
[2015.03.11 13:16:48 | 000,988,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drmv2clt.dll
[2015.03.11 13:16:47 | 014,632,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2015.03.11 13:16:46 | 000,782,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmdrmsdk.dll
[2015.03.11 13:16:46 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmdrmsdk.dll
[2015.03.11 13:16:45 | 011,411,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2015.03.11 13:16:44 | 005,553,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2015.03.11 13:16:44 | 001,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2015.03.11 13:16:44 | 000,497,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drmmgrtn.dll
[2015.03.11 13:16:43 | 001,574,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2015.03.11 13:16:43 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drmmgrtn.dll
[2015.03.11 13:16:42 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\evr.dll
[2015.03.11 13:16:41 | 003,977,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2015.03.11 13:16:41 | 003,921,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2015.03.11 13:16:41 | 001,329,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2015.03.11 13:16:41 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptui.dll
[2015.03.11 13:16:41 | 001,005,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptui.dll
[2015.03.11 13:16:41 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\evr.dll
[2015.03.11 13:16:41 | 000,432,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll
[2015.03.11 13:16:40 | 004,121,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2015.03.11 13:16:40 | 000,641,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscp.dll
[2015.03.11 13:16:40 | 000,617,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2015.03.11 13:16:40 | 000,354,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll
[2015.03.11 13:16:40 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2015.03.11 13:16:40 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptsp.dll
[2015.03.11 13:16:39 | 003,209,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2015.03.11 13:16:39 | 000,693,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2015.03.11 13:16:39 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2015.03.11 13:16:39 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msnetobj.dll
[2015.03.11 13:16:39 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2015.03.11 13:16:38 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscp.dll
[2015.03.11 13:16:38 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2015.03.11 13:16:38 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2015.03.11 13:16:38 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2015.03.11 13:16:38 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2015.03.11 13:16:38 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2015.03.11 13:16:38 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\audiodg.exe
[2015.03.11 13:16:37 | 000,371,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2015.03.11 13:16:37 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msnetobj.dll
[2015.03.11 13:16:36 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2015.03.11 13:16:36 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rrinstaller.exe
[2015.03.11 13:16:36 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcadm.dll
[2015.03.11 13:16:35 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
[2015.03.11 13:16:35 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidpolicyconverter.exe
[2015.03.11 13:16:35 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2015.03.11 13:16:35 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll
[2015.03.11 13:16:35 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidapi.dll
[2015.03.11 13:16:35 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appidapi.dll
[2015.03.11 13:16:35 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2015.03.11 13:16:35 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rrinstaller.exe
[2015.03.11 13:16:35 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcawrk.exe
[2015.03.11 13:16:35 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmmsp.dll
[2015.03.11 13:16:34 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll
[2015.03.11 13:16:34 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setbcdlocale.dll
[2015.03.11 13:16:34 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2015.03.11 13:16:34 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfpmp.exe
[2015.03.11 13:16:34 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfpmp.exe
[2015.03.11 13:16:34 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidcertstorecheck.exe
[2015.03.11 13:16:34 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwmp.dll
[2015.03.11 13:16:34 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcalua.exe
[2015.03.11 13:16:33 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2015.03.11 13:16:33 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcaevts.dll
[2015.03.11 13:16:33 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll
[2015.03.11 13:16:33 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2015.03.11 13:16:33 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2015.03.11 13:16:33 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdxm.ocx
[2015.03.11 13:16:33 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxmasf.dll
[2015.03.11 13:16:33 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx
[2015.03.11 13:16:33 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll
[2015.03.11 13:16:32 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2015.03.11 13:16:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mferror.dll
[2015.03.11 13:16:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mferror.dll
[2015.03.11 13:16:07 | 003,179,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2015.03.11 13:16:07 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2015.03.11 13:16:07 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2015.03.11 13:15:34 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll
[2015.03.11 13:15:34 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ubpm.dll
[2015.03.11 13:15:26 | 001,464,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2015.03.11 13:15:26 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2015.03.11 13:15:26 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2015.03.11 13:15:26 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certcli.dll
[2015.03.11 13:15:26 | 000,342,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certcli.dll
[2015.03.11 13:15:26 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2015.03.11 13:15:26 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2015.03.11 13:15:26 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2015.03.11 13:15:26 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2015.03.11 13:15:26 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe
[2015.03.11 13:15:26 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll
[2015.03.11 13:15:26 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll
[2015.03.11 13:15:26 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
[2015.03.11 13:15:26 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2015.03.11 13:15:26 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2015.03.11 13:15:08 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll
[2015.03.11 13:15:06 | 001,424,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2015.03.11 13:10:08 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2015.03.11 13:10:08 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2015.02.27 16:39:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Playrix Entertainment
[2015.02.27 16:38:42 | 000,000,000 | ---D | C] -- C:\Users\Vrba-PC\AppData\Local\AlawarWrapper
[2015.02.27 16:38:42 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\AlawarWrapper
[2015.02.27 16:38:09 | 000,000,000 | ---D | C] -- C:\Users\Vrba-PC\AppData\Local\Yandex
[2015.02.27 16:38:09 | 000,000,000 | ---D | C] -- C:\Users\Vrba-PC\AppData\Local\Amigo
[2015.02.27 16:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\AlawarWrapper
[2015.02.25 18:15:19 | 005,325,696 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup503.exe
[2015.02.01 20:14:02 | 001,685,072 | ---- | C] (BitTorrent Inc.) -- C:\Program Files\uTorrent.exe
[2014.12.14 16:51:45 | 002,575,672 | ---- | C] (Martin Malík - REALiX ) -- C:\Program Files\hw32_440.exe
[2014.12.14 16:48:14 | 002,594,856 | ---- | C] (Martin Malík - REALiX ) -- C:\Program Files\hw32_446.exe
[2014.12.07 19:15:14 | 005,408,350 | ---- | C] (Geeks3D ) -- C:\Program Files\FurMark_1.15.0_Setup.exe

========== Files - Modified Within 30 Days ==========

[2015.03.24 19:41:26 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1d0425539d5f59.job
[2015.03.24 19:41:26 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015.03.24 19:37:45 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2015.03.24 19:32:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vrba-PC\Desktop\OTL.exe
[2015.03.24 18:51:44 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015.03.24 11:25:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015.03.23 19:45:26 | 000,000,194 | ---- | M] () -- C:\Users\Vrba-PC\Desktop\Furmark GPU test.url
[2015.03.22 18:09:09 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015.03.22 18:09:04 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1d042552c48f80.job
[2015.03.22 18:08:24 | 1406,992,384 | -HS- | M] () -- C:\hiberfil.sys
[2015.03.22 18:06:34 | 000,022,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015.03.22 18:06:33 | 000,022,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015.03.22 18:01:23 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2015.03.22 17:34:33 | 001,222,144 | ---- | M] () -- C:\Users\Vrba-PC\Desktop\RSITx64.exe
[2015.03.22 17:23:39 | 005,615,380 | R--- | M] (Swearware) -- C:\Users\Vrba-PC\Desktop\ComboFix.exe
[2015.03.21 16:35:42 | 000,002,259 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015.03.16 20:23:05 | 000,000,197 | ---- | M] () -- C:\Users\Vrba-PC\Desktop\Chrám Koothanur Saraswathi.url
[2015.03.14 20:31:10 | 001,755,338 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015.03.14 20:31:10 | 000,732,370 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2015.03.14 20:31:10 | 000,715,126 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015.03.14 20:31:10 | 000,167,584 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2015.03.14 20:31:10 | 000,142,502 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015.03.12 21:57:55 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2015.03.10 21:20:18 | 000,000,189 | ---- | M] () -- C:\Users\Vrba-PC\Desktop\Agentura ochrany přírody a krajiny.url
[2015.03.10 20:22:21 | 000,000,213 | ---- | M] () -- C:\Users\Vrba-PC\Desktop\Homecredit Správa financí.url
[2015.03.06 06:33:01 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2015.03.06 06:33:01 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2015.03.06 06:32:59 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2015.03.06 06:32:56 | 000,309,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2015.03.06 06:32:52 | 001,464,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2015.03.06 06:32:46 | 000,463,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\certcli.dll
[2015.03.06 06:32:00 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe
[2015.03.06 06:29:59 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll
[2015.03.06 06:29:44 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2015.03.06 06:27:29 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2015.03.06 06:11:42 | 000,342,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\certcli.dll
[2015.03.06 06:11:02 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
[2015.03.06 06:09:04 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll
[2015.03.06 06:08:54 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2015.03.06 06:07:26 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2015.02.28 13:26:21 | 000,419,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\systemcpl.dll
[2015.02.25 18:15:52 | 005,325,696 | ---- | M] (Piriform Ltd) -- C:\Program Files\ccsetup503.exe
[2015.02.23 21:39:11 | 001,733,784 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== Files Created - No Company Name ==========

[2015.03.24 19:37:45 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2015.03.22 17:47:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2015.03.22 17:47:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2015.03.22 17:47:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2015.03.22 17:47:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2015.03.22 17:47:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2015.03.22 17:35:35 | 001,222,144 | ---- | C] () -- C:\Users\Vrba-PC\Desktop\RSITx64.exe
[2015.03.16 20:20:08 | 000,000,197 | ---- | C] () -- C:\Users\Vrba-PC\Desktop\Chrám Koothanur Saraswathi.url
[2015.03.10 20:21:17 | 000,000,213 | ---- | C] () -- C:\Users\Vrba-PC\Desktop\Homecredit Správa financí.url
[2015.03.08 11:19:04 | 000,000,189 | ---- | C] () -- C:\Users\Vrba-PC\Desktop\Agentura ochrany přírody a krajiny.url
[2015.02.03 11:50:07 | 011,743,631 | ---- | C] () -- C:\Program Files\cc-setup.exe
[2015.02.01 19:25:54 | 008,008,609 | ---- | C] () -- C:\Program Files\uTorrent-setup.exe
[2014.12.19 21:54:43 | 032,736,632 | ---- | C] () -- C:\Program Files\Seznam.cz.exe
[2014.12.14 16:36:04 | 000,084,917 | ---- | C] () -- C:\Program Files\bluescreenview-x64.zip
[2014.12.14 14:58:51 | 000,659,231 | ---- | C] () -- C:\Program Files\vmt.zip
[2014.11.30 22:47:40 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AVerIO.dll
[2014.11.30 22:47:40 | 000,003,456 | ---- | C] () -- C:\Windows\SysWow64\AVerIO.sys
[2014.11.30 22:47:31 | 000,598,016 | ---- | C] () -- C:\Windows\SysWow64\sptlib21.dll
[2014.11.30 22:47:31 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\sptlib01.dll
[2014.11.30 22:47:31 | 000,294,912 | ---- | C] () -- C:\Windows\SysWow64\sptlib22.dll
[2014.11.30 22:47:31 | 000,294,912 | ---- | C] () -- C:\Windows\SysWow64\sptlib11.dll
[2014.11.30 22:47:31 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\sptlib03.dll
[2014.11.30 22:47:31 | 000,225,280 | ---- | C] () -- C:\Windows\SysWow64\sptlib02.dll
[2014.11.30 22:47:31 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\sptlib12.dll
[2014.11.30 21:46:01 | 001,733,784 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014.11.30 21:11:00 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2014.01.07 08:42:25 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2013.06.09 08:04:10 | 000,091,264 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015.02.13 06:13:36 | 014,182,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015.02.13 06:01:08 | 012,878,336 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014.12.25 15:49:42 | 000,000,000 | ---D | M] -- C:\Users\Vrba-PC\AppData\Roaming\.minecraft
[2015.02.15 22:10:52 | 000,000,000 | ---D | M] -- C:\Users\Vrba-PC\AppData\Roaming\DAEMON Tools Lite
[2014.11.30 20:53:42 | 000,000,000 | ---D | M] -- C:\Users\Vrba-PC\AppData\Roaming\ESET
[2014.12.07 21:58:43 | 000,000,000 | ---D | M] -- C:\Users\Vrba-PC\AppData\Roaming\Maxthon3
[2014.12.06 19:44:50 | 000,000,000 | ---D | M] -- C:\Users\Vrba-PC\AppData\Roaming\Opera Software
[2014.12.29 22:43:50 | 000,000,000 | ---D | M] -- C:\Users\Vrba-PC\AppData\Roaming\Seznam Browser
[2014.11.30 22:41:12 | 000,000,000 | ---D | M] -- C:\Users\Vrba-PC\AppData\Roaming\TuneUp Software
[2015.02.27 19:08:15 | 000,000,000 | ---D | M] -- C:\Users\Vrba-PC\AppData\Roaming\uTorrent

========== Purity Check ==========



========== Custom Scans ==========

< >
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,018,208 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2014.11.30 20:31:26 | 000,000,948 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2014.11.30 20:31:29 | 000,000,952 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2014.12.03 17:14:45 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2015.02.06 22:36:48 | 000,000,948 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d042552c48f80.job
[2015.02.06 22:36:49 | 000,000,952 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0425539d5f59.job

< >

< MD5 for: AGP440.SYS >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_989957eefbca9319\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.21988_none_187ae6dbeea323ed\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_67de2791634db433\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a07da45f315f49ea\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22620_none_3bd8e2785152c8dd\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010.11.21 04:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010.11.21 04:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2010.11.21 04:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010.11.21 04:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2014.01.07 10:02:13 | 000,148,992 | ---- | M] (Microsoft Corporation) MD5=829F20D41E7915CB2B2477989241DAAF -- C:\Windows\SysNative\drivers\cdrom.sys
[2014.01.07 10:02:13 | 000,148,992 | ---- | M] (Microsoft Corporation) MD5=829F20D41E7915CB2B2477989241DAAF -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_9b1212f4aac2a207\cdrom.sys
[2014.01.07 10:02:13 | 000,148,992 | ---- | M] (Microsoft Corporation) MD5=829F20D41E7915CB2B2477989241DAAF -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.22077_none_be1afd46d3b2b2b7\cdrom.sys
[2010.11.21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010.11.21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache86\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\erdnt\cache64\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2015.02.03 04:50:56 | 000,190,976 | ---- | M] (Microsoft Corporation) MD5=00D0F7BA3B27126A3E25B540979A9F39 -- C:\Windows\erdnt\cache64\cryptsvc.dll
[2015.02.03 04:50:56 | 000,190,976 | ---- | M] (Microsoft Corporation) MD5=00D0F7BA3B27126A3E25B540979A9F39 -- C:\Windows\SysNative\cryptsvc.dll
[2015.02.03 04:50:56 | 000,190,976 | ---- | M] (Microsoft Corporation) MD5=00D0F7BA3B27126A3E25B540979A9F39 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22948_none_d492bbeccaa14239\cryptsvc.dll
[2010.11.21 04:24:16 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[2014.07.07 03:06:31 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=19D511CC455C19DE1ADF60E6C39C85B6 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18526_none_d41cb8b3b175406a\cryptsvc.dll
[2015.02.03 04:30:56 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=1CD76A83B9E8E9A5A3519B39E28354D9 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18741_none_d4021b35b189f3e7\cryptsvc.dll
[2014.10.30 03:14:18 | 000,145,920 | ---- | M] (Microsoft Corporation) MD5=3031B5DC2A58A7BCE6651EA9B7DD6390 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22908_none_789f60191223613f\cryptsvc.dll
[2014.01.07 09:09:43 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=33ADF6E0853AB39EA1723BE82842C1D3 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_77d7a417f9359661\cryptsvc.dll
[2014.01.07 09:11:10 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=3897DFF247D9ED0006190349DE264E14 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_77d8a461f934afb8\cryptsvc.dll
[2014.01.07 09:19:51 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=434CCE8E7150CD1324C5FAA088D1D061 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_d45f6e88cac8f85b\cryptsvc.dll
[2015.02.03 04:12:14 | 000,143,872 | ---- | M] (Microsoft Corporation) MD5=49474B3E37969AF4B5C076F42B623AFF -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18741_none_77e37fb1f92c82b1\cryptsvc.dll
[2014.01.07 09:21:13 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=509D31797A4B8A3D6ED78A330B19A919 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_d46d4138cabe2596\cryptsvc.dll
[2014.07.07 02:40:07 | 000,143,872 | ---- | M] (Microsoft Corporation) MD5=623E143F2DF17C0106A9988F5D7DC878 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18526_none_77fe1d2ff917cf34\cryptsvc.dll
[2014.07.07 03:06:07 | 000,190,976 | ---- | M] (Microsoft Corporation) MD5=63A15BA9875364C4147B226CB70468B3 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22908_none_d4bdfb9cca80d275\cryptsvc.dll
[2014.01.07 09:19:51 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=6B400F211BEE880A37A1ED0368776BF4 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_d431528fb165f7bc\cryptsvc.dll
[2014.01.07 09:19:51 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=6DB499DEFCC827317C5371164A7CDB27 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_7840d305126b8725\cryptsvc.dll
[2014.01.07 09:19:51 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=7CA1BECEA5DE2643ADDAD32670E7A4C9 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_7812b70bf9088686\cryptsvc.dll
[2014.01.07 09:09:43 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=7FDC4626B01106A8EF328C88C7C0DEE3 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_d3f63f9bb1930797\cryptsvc.dll
[2014.01.07 09:11:10 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=8122252F0A4ACFA92FA0C1D50D18493B -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_d4a24ea4ca968363\cryptsvc.dll
[2010.11.21 04:24:32 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2014.01.07 09:11:10 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=AC04D05309BB2C418D0D80B9FB014642 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_7883b3211239122d\cryptsvc.dll
[2014.01.07 08:49:36 | 000,139,264 | ---- | M] (Microsoft Corporation) MD5=AF845984B344FE45B104412B3EBF47CA -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21945_none_7871365312466b5d\cryptsvc.dll
[2014.01.07 08:49:36 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=B2C3EA1E8CF7C9FE00FCF10700B04B46 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21945_none_d48fd1d6caa3dc93\cryptsvc.dll
[2015.02.03 04:31:49 | 000,145,920 | ---- | M] (Microsoft Corporation) MD5=B97E16D36DB7B7DD22C97857506FA58A -- C:\Windows\erdnt\cache86\cryptsvc.dll
[2015.02.03 04:31:49 | 000,145,920 | ---- | M] (Microsoft Corporation) MD5=B97E16D36DB7B7DD22C97857506FA58A -- C:\Windows\SysWOW64\cryptsvc.dll
[2015.02.03 04:31:49 | 000,145,920 | ---- | M] (Microsoft Corporation) MD5=B97E16D36DB7B7DD22C97857506FA58A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22948_none_787420691243d103\cryptsvc.dll
[2014.01.07 09:09:43 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=CA13C4F92BEE66DB48E58AB3223DDF6E -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_d4a14e5aca976a0c\cryptsvc.dll
[2014.01.07 09:11:10 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=D8129C49798CBBFB2E4351D4B7B8EF9C -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_d3f73fe5b19220ee\cryptsvc.dll
[2014.01.07 09:09:43 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=E122AA1C9A3CC46FF9DDDE46E5EB0C58 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_7882b2d71239f8d6\cryptsvc.dll
[2014.01.07 09:21:13 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=F2D9242C3BBD1C36467FCAE1AE01733F -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_784ea5b51260b460\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2014.01.07 09:22:07 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=0FBA43F392832735B2E1902A33B83554 -- C:\Windows\erdnt\cache86\explorer.exe
[2014.01.07 09:22:07 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=0FBA43F392832735B2E1902A33B83554 -- C:\Windows\explorer.exe
[2014.01.07 09:22:07 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=0FBA43F392832735B2E1902A33B83554 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.22467_none_b0311ffaa99f8fd7\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2014.01.07 09:22:07 | 002,615,808 | ---- | M] (Microsoft Corporation) MD5=87E5C9AA378B20DF65A2041D4383D005 -- C:\Windows\SysWOW64\explorer.exe
[2014.01.07 09:22:07 | 002,615,808 | ---- | M] (Microsoft Corporation) MD5=87E5C9AA378B20DF65A2041D4383D005 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.22467_none_ba85ca4cde0051d2\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: HAL.DLL >
[2014.01.07 08:46:30 | 000,263,024 | ---- | M] (Microsoft Corporation) MD5=9E6A4D0A36BAEE7199229660049D693D -- C:\Windows\SysNative\hal.dll
[2014.01.07 08:46:30 | 000,263,024 | ---- | M] (Microsoft Corporation) MD5=9E6A4D0A36BAEE7199229660049D693D -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.21855_none_09ae59448986e4c9\hal.dll
[2010.11.21 04:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll

< MD5 for: IASTORV.SYS >
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2014.01.07 09:39:37 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\SysNative\drivers\iaStorV.sys
[2014.01.07 09:39:37 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_42e75624e65ee308\iaStorV.sys
[2014.01.07 09:39:37 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009.07.14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\drivers\isapnp.sys
[2009.07.14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_989957eefbca9319\isapnp.sys
[2009.07.14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\isapnp.sys
[2009.07.14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\isapnp.sys
[2009.07.14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.21988_none_187ae6dbeea323ed\isapnp.sys

[shaman171]

< MD5 for: LSASS.EXE >
[2009.07.14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
[2015.01.14 07:04:46 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=1E31700D9C9E0FB79999D02A8437482C -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18717_none_04737e137368226b\lsass.exe
[2014.04.12 03:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=204F3F58212B3E422C90BD9691A2DF28 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18443_none_044f07757384196d\lsass.exe
[2014.04.12 03:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=204F3F58212B3E422C90BD9691A2DF28 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18496_none_041bf8b773a9f127\lsass.exe
[2014.04.12 03:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=204F3F58212B3E422C90BD9691A2DF28 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18526_none_0467aa1173712ab7\lsass.exe
[2014.04.12 03:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=204F3F58212B3E422C90BD9691A2DF28 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18637_none_045ddc5573785d26\lsass.exe
[2014.09.19 10:42:18 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=341655B216721D89CADE9DEA2F33872F -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18606_none_047d4bcf7360effc\lsass.exe
[2015.03.06 06:32:14 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=395CAE11172BEBB0253895E8B5F82BFA -- C:\Windows\erdnt\cache64\lsass.exe
[2015.03.06 06:32:14 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=395CAE11172BEBB0253895E8B5F82BFA -- C:\Windows\SysNative\lsass.exe
[2015.03.06 06:32:14 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=395CAE11172BEBB0253895E8B5F82BFA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22983_none_04ad6c288cc21d97\lsass.exe
[2015.01.29 04:18:39 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=43FE6F74D2D43443CF2279613FA0A516 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18738_none_045ede85737773a4\lsass.exe
[2014.01.07 09:21:32 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=4D71227301DD8D09097B9E4CC6527E5A -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18270_none_042b9307739f26ed\lsass.exe
[2015.01.10 08:09:08 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=55C62F66528A7BF58EA964B70BCB3D96 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22920_none_04eb4ad28c9429ec\lsass.exe
[2015.01.27 04:56:02 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=5B63917A1BE4728D8111850CDEF252F1 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22943_none_04d8abd88ca1add3\lsass.exe
[2014.04.12 03:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22653_none_04cdd63a8ca9d24f\lsass.exe
[2014.04.12 03:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22712_none_04f817868c8a465b\lsass.exe
[2014.04.12 03:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22807_none_0507eaca8c7da644\lsass.exe
[2014.04.12 03:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22843_none_04d8a9f28ca1b0ac\lsass.exe
[2014.04.12 03:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22923_none_04ee4bb08c9175f1\lsass.exe
[2014.04.12 03:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22925_none_04f04c448c8fa89f\lsass.exe
[2015.02.03 04:30:31 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=7554A1B82B4A222FD4CC292ABD38A558 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18741_none_044d0c937385de34\lsass.exe
[2014.01.07 09:47:15 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=77119F1F9B492B260030C34F9BE327FA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22099_none_04a88ce28cc4eb33\lsass.exe
[2014.01.07 09:26:30 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=8CA8AA5CDE37E14B004E45574053ED54 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22481_none_04ab62168cc3f926\lsass.exe
[2014.01.07 09:01:17 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=9E3E3E092B01D89A742FF65549929BF4 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22119_none_04ff0e288c8408d2\lsass.exe
[2015.03.06 06:41:46 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=B6C7729936AAF8E0697F0A7DCA82CED8 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18779_none_04349f1f7396fcbf\lsass.exe
[2014.09.19 10:47:37 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=B84317193B6A29F5F5DCF538C34FDCED -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22814_none_04fa1a008c887630\lsass.exe
[2011.11.17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17940_none_044c26dd7386a58a\lsass.exe
[2015.01.10 07:47:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C8152B86C0F12E61B0AD5C95751547D3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18714_none_04707d35736ad666\lsass.exe
[2015.02.03 04:50:23 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=CBB80CC43E683F929F8D5E50330F7BA6 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22948_none_04ddad4a8c9d2c86\lsass.exe
[2015.01.15 09:09:15 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=E0105F3B5B1C4B0F5B3D788A13504EC6 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18719_none_04757ea773665519\lsass.exe
[2014.01.07 09:21:32 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=F021DAFB1F87616FCEBA159C2ED7042F -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22465_none_04c503168cb026a0\lsass.exe

< MD5 for: NDIS.SYS >
[2014.01.07 10:00:12 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=5E74508FCB5820B29EEAFE24E6035BCF -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.22097_none_06232d534c0a8d67\ndis.sys
[2010.11.21 04:23:55 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys
[2014.01.07 10:28:41 | 000,950,208 | ---- | M] (Microsoft Corporation) MD5=E0E1E35A9C0A9CD0CE39C1D95FFE50B6 -- C:\Windows\erdnt\cache64\ndis.sys
[2014.01.07 10:28:41 | 000,950,208 | ---- | M] (Microsoft Corporation) MD5=E0E1E35A9C0A9CD0CE39C1D95FFE50B6 -- C:\Windows\SysNative\drivers\ndis.sys
[2014.01.07 10:28:41 | 000,950,208 | ---- | M] (Microsoft Corporation) MD5=E0E1E35A9C0A9CD0CE39C1D95FFE50B6 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.22476_none_0637d4794bfb30ca\ndis.sys

< MD5 for: NETLOGON.DLL >
[2014.01.07 08:50:18 | 000,695,296 | ---- | M] (Microsoft Corporation) MD5=3B636D8B071977F5625435DA5E1302C8 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.21934_none_5c51bf5767c741b9\netlogon.dll
[2014.01.07 08:50:18 | 000,564,224 | ---- | M] (Microsoft Corporation) MD5=5080BF3DF882FFF96ABE5AEC684C6ABA -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.21934_none_66a669a99c2803b4\netlogon.dll
[2014.03.02 13:17:31 | 000,699,904 | ---- | M] (Microsoft Corporation) MD5=52F2D7BC933A99E4FFA3AEEF84891789 -- C:\Windows\erdnt\cache64\netlogon.dll
[2014.03.02 13:17:31 | 000,699,904 | ---- | M] (Microsoft Corporation) MD5=52F2D7BC933A99E4FFA3AEEF84891789 -- C:\Windows\SysNative\netlogon.dll
[2014.03.02 13:17:31 | 000,699,904 | ---- | M] (Microsoft Corporation) MD5=52F2D7BC933A99E4FFA3AEEF84891789 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.22553_none_5c3b00d567d88549\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2014.03.02 13:17:31 | 000,567,296 | ---- | M] (Microsoft Corporation) MD5=C08FFF85678E718B24C12A6069722136 -- C:\Windows\erdnt\cache86\netlogon.dll
[2014.03.02 13:17:31 | 000,567,296 | ---- | M] (Microsoft Corporation) MD5=C08FFF85678E718B24C12A6069722136 -- C:\Windows\SysWOW64\netlogon.dll
[2014.03.02 13:17:31 | 000,567,296 | ---- | M] (Microsoft Corporation) MD5=C08FFF85678E718B24C12A6069722136 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.22553_none_668fab279c394744\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2014.01.07 09:04:50 | 000,566,784 | ---- | M] (Microsoft Corporation) MD5=C8791A2AF7FDF9AD05F446443F1AF447 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.22137_none_66a9448f9c258022\netlogon.dll
[2014.01.07 09:04:51 | 000,698,880 | ---- | M] (Microsoft Corporation) MD5=F866FF235A40575981DF01F3E98AEA04 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.22137_none_5c549a3d67c4be27\netlogon.dll

< MD5 for: NVRAID.SYS >
[2010.11.21 04:23:47 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=5D9FD91F3D38DC9DA01E3CB5FA89CD48 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvraid.sys
[2010.11.21 04:23:47 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=5D9FD91F3D38DC9DA01E3CB5FA89CD48 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvraid.sys
[2014.01.07 09:39:37 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=666CA16F17914C1CD3616CF16DE0A6EA -- C:\Windows\SysNative\drivers\nvraid.sys
[2014.01.07 09:39:37 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=666CA16F17914C1CD3616CF16DE0A6EA -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_69930c0b737084a9\nvraid.sys
[2014.01.07 09:39:37 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=666CA16F17914C1CD3616CF16DE0A6EA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2014.01.07 09:39:37 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\SysNative\drivers\nvstor.sys
[2014.01.07 09:39:37 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_69930c0b737084a9\nvstor.sys
[2014.01.07 09:39:37 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2014.01.07 08:43:14 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=19E15945ED042BA1DF794AEEA1976B0B -- C:\Windows\erdnt\cache86\scecli.dll
[2014.01.07 08:43:14 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=19E15945ED042BA1DF794AEEA1976B0B -- C:\Windows\SysWOW64\scecli.dll
[2014.01.07 08:43:14 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=19E15945ED042BA1DF794AEEA1976B0B -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.21864_none_a0dc23183d61e11b\scecli.dll
[2014.01.07 08:43:14 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=36505BDC60046806B60F1032A28E9A10 -- C:\Windows\erdnt\cache64\scecli.dll
[2014.01.07 08:43:14 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=36505BDC60046806B60F1032A28E9A10 -- C:\Windows\SysNative\scecli.dll
[2014.01.07 08:43:14 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=36505BDC60046806B60F1032A28E9A10 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.21864_none_968778c609011f20\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SMSS.EXE >
[2009.07.14 02:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe
[2014.03.02 13:24:18 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=219E8FA7E894E4D1EF05BB4812B5B98C -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22556_none_0ac0f26d490d88b1\smss.exe
[2014.04.12 03:31:44 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=3442A918386D4716D74C661543151746 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22653_none_0abdf375491039d3\smss.exe
[2014.04.12 03:31:44 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=3442A918386D4716D74C661543151746 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22908_none_0af90a3548e32446\smss.exe
[2014.04.12 03:31:44 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=3442A918386D4716D74C661543151746 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22921_none_0adc685748f9aac7\smss.exe
[2014.04.12 03:31:44 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=3442A918386D4716D74C661543151746 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22923_none_0ade68eb48f7dd75\smss.exe
[2014.01.07 09:23:34 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=43B972C0208F5A4F0BAC861395233E94 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22470_none_0aa54ef349232b62\smss.exe
[2015.02.03 04:30:42 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=63D3C30B497347495B8EA78A38188969 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18741_none_0a3d29ce2fec45b8\smss.exe
[2015.01.29 04:18:52 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=83C0199B7C06AC3C33212E1A0DC2260E -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18738_none_0a4efbc02fdddb28\smss.exe
[2015.02.03 04:50:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=8CD5A97B8D155718D357B2D9BC6B113D -- C:\Windows\SysNative\smss.exe
[2015.02.03 04:50:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=8CD5A97B8D155718D357B2D9BC6B113D -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22948_none_0acdca854903940a\smss.exe
[2014.01.07 09:24:24 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=B2B31D4C79EFD883097FA24D02E79C12 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22436_none_0ad6905f48fd53a8\smss.exe
[2015.01.27 04:56:16 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=B75198D88A34994DE1E4D9F2286DF759 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22943_none_0ac8c91349081557\smss.exe
[2014.01.07 09:24:24 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=F0371DE302FFFF8F086661611BE60848 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18113_none_0a5f8ec22fd235a9\smss.exe
[2013.08.02 01:59:09 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=F0970A4BC8395659C22BF53D0FADF16F -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18229_none_0a5ac2782fd4e6cb\smss.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2014.01.07 09:04:50 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=DFDE777FAF31DC25E3624E8071073146 -- C:\Windows\erdnt\cache64\svchost.exe
[2014.01.07 09:04:50 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=DFDE777FAF31DC25E3624E8071073146 -- C:\Windows\SysNative\svchost.exe
[2014.01.07 09:04:50 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=DFDE777FAF31DC25E3624E8071073146 -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.22137_none_14583c9b351893b5\svchost.exe
[2014.01.07 09:04:50 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=FFB38D8AFD6F4FCA1D46D64F1EDE0B9F -- C:\Windows\erdnt\cache86\svchost.exe
[2014.01.07 09:04:50 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=FFB38D8AFD6F4FCA1D46D64F1EDE0B9F -- C:\Windows\SysWOW64\svchost.exe
[2014.01.07 09:04:50 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=FFB38D8AFD6F4FCA1D46D64F1EDE0B9F -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.22137_none_b839a1177cbb227f\svchost.exe

< MD5 for: TCPIP.SYS >
[2014.04.05 03:47:20 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=04ADD18EE5CC9FBEDAEC1DD1CD0CB45E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18438_none_113260637d1284ef\tcpip.sys
[2014.01.07 09:28:53 | 001,896,896 | ---- | M] (Microsoft Corporation) MD5=06C18B9BC95BFBE7D4844F9C5BAE2356 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22477_none_118fbb4e96517dff\tcpip.sys
[2014.01.07 08:59:36 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[2014.04.13 06:47:34 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_1118bb977d265d27\tcpip.sys
[2014.01.07 08:39:27 | 001,928,064 | ---- | M] (Microsoft Corporation) MD5=4A68EA6B21FB6316E01457DE1A678AA9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21645_none_11ae4512963ad82b\tcpip.sys
[2014.04.05 03:37:43 | 001,897,408 | ---- | M] (Microsoft Corporation) MD5=4F80944B03112F486212DC20BE166079 -- C:\Windows\erdnt\cache64\tcpip.sys
[2014.04.05 03:37:43 | 001,897,408 | ---- | M] (Microsoft Corporation) MD5=4F80944B03112F486212DC20BE166079 -- C:\Windows\SysNative\drivers\tcpip.sys
[2014.04.05 03:37:43 | 001,897,408 | ---- | M] (Microsoft Corporation) MD5=4F80944B03112F486212DC20BE166079 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22648_none_11b12f2896383dd1\tcpip.sys
[2010.11.21 04:24:08 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2014.01.07 09:04:50 | 001,901,928 | ---- | M] (Microsoft Corporation) MD5=5AE58766730BBE03157A27A60B94E156 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22176_none_118eb55296526d33\tcpip.sys
[2014.01.07 10:26:56 | 001,896,896 | ---- | M] (Microsoft Corporation) MD5=75F9106B74585D38C8FF6BB5CAD262D7 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_11ad2a34963bde27\tcpip.sys
[2014.03.18 03:13:12 | 001,897,408 | ---- | M] (Microsoft Corporation) MD5=A78A2EAA9B9B968E08BA29CAEE3195D9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22590_none_11731b56966801a7\tcpip.sys
[2014.01.07 08:59:36 | 001,902,472 | ---- | M] (Microsoft Corporation) MD5=D5707FC2300AA5B04B7BFE86D40C0133 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2014.01.07 08:50:28 | 000,391,680 | ---- | M] (Microsoft Corporation) MD5=13CD6BA1F798A61AEE985E78D3644A1E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.21980_none_ce22f86704eafbb0\winlogon.exe
[2014.03.04 12:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014.03.04 10:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[2014.07.17 03:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_cdc47ed1ebad0e4e\winlogon.exe
[2014.07.16 04:23:23 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=98AA0BFEE089C7E5DADB94190D93456C -- C:\Windows\erdnt\cache64\winlogon.exe
[2014.07.16 04:23:23 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=98AA0BFEE089C7E5DADB94190D93456C -- C:\Windows\SysNative\winlogon.exe
[2014.07.16 04:23:23 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=98AA0BFEE089C7E5DADB94190D93456C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_ce434d9704d2c730\winlogon.exe

< MD5 for: WS2_32.DLL >
[2010.11.21 04:24:28 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- C:\Windows\erdnt\cache64\ws2_32.dll
[2010.11.21 04:24:28 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- C:\Windows\SysNative\ws2_32.dll
[2010.11.21 04:24:28 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_50ddb631e4f59005\ws2_32.dll
[2010.11.21 04:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\erdnt\cache86\ws2_32.dll
[2010.11.21 04:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\SysWOW64\ws2_32.dll
[2010.11.21 04:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[2 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[9 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\11bbf576fa0506e2fb58f4f4bafa0f59\*.tmp files -> C:\Windows\SoftwareDistribution\Download\11bbf576fa0506e2fb58f4f4bafa0f59\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\16be77b682de5f7723de0e2361280b1c\*.tmp files -> C:\Windows\SoftwareDistribution\Download\16be77b682de5f7723de0e2361280b1c\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\1b883414a897d80a08478618c4d8723f\*.tmp files -> C:\Windows\SoftwareDistribution\Download\1b883414a897d80a08478618c4d8723f\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\21ab9becaa2566e9f0a0ea3d82672d50\*.tmp files -> C:\Windows\SoftwareDistribution\Download\21ab9becaa2566e9f0a0ea3d82672d50\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\248c79ee4edd1012af3b9678786a1064\*.tmp files -> C:\Windows\SoftwareDistribution\Download\248c79ee4edd1012af3b9678786a1064\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\24c893ec620f93cab05a529e65a5a4b1\*.tmp files -> C:\Windows\SoftwareDistribution\Download\24c893ec620f93cab05a529e65a5a4b1\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\2622b71010a449ec56674cf73bcd3bd6\*.tmp files -> C:\Windows\SoftwareDistribution\Download\2622b71010a449ec56674cf73bcd3bd6\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\319d4d91727b725c7b2164ca94f47db9\*.tmp files -> C:\Windows\SoftwareDistribution\Download\319d4d91727b725c7b2164ca94f47db9\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\38d3b07802a3203b4a61cecefe245255\*.tmp files -> C:\Windows\SoftwareDistribution\Download\38d3b07802a3203b4a61cecefe245255\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\3e561c20b6aee80cec283f7ed584e9dd\*.tmp files -> C:\Windows\SoftwareDistribution\Download\3e561c20b6aee80cec283f7ed584e9dd\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\5f5669621f8c3698d11867c47e73423b\*.tmp files -> C:\Windows\SoftwareDistribution\Download\5f5669621f8c3698d11867c47e73423b\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\6a9cd27a193c74985c368402813bac4d\*.tmp files -> C:\Windows\SoftwareDistribution\Download\6a9cd27a193c74985c368402813bac4d\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\74f326dda14c60c449dcbffc6addc5d5\*.tmp files -> C:\Windows\SoftwareDistribution\Download\74f326dda14c60c449dcbffc6addc5d5\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\91cc7d36a966079d96bd77d8df753a6b\*.tmp files -> C:\Windows\SoftwareDistribution\Download\91cc7d36a966079d96bd77d8df753a6b\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\a97a7de8ca050c7f04492ba3de663402\*.tmp files -> C:\Windows\SoftwareDistribution\Download\a97a7de8ca050c7f04492ba3de663402\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\af015e544375e0dad037d8742a7cabdc\*.tmp files -> C:\Windows\SoftwareDistribution\Download\af015e544375e0dad037d8742a7cabdc\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\b1ef4dbfb5e587165252a74cde52662f\*.tmp files -> C:\Windows\SoftwareDistribution\Download\b1ef4dbfb5e587165252a74cde52662f\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\b3e90cc32ce375d335fa7a97e0748800\*.tmp files -> C:\Windows\SoftwareDistribution\Download\b3e90cc32ce375d335fa7a97e0748800\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\bcfeb54498e98250815a43b8daec737a\*.tmp files -> C:\Windows\SoftwareDistribution\Download\bcfeb54498e98250815a43b8daec737a\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\d7d9f374c3d3174b1d00ac64526faf60\*.tmp files -> C:\Windows\SoftwareDistribution\Download\d7d9f374c3d3174b1d00ac64526faf60\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\d95aac6c0764ad0d389a9c27c2c1d703\*.tmp files -> C:\Windows\SoftwareDistribution\Download\d95aac6c0764ad0d389a9c27c2c1d703\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\daea78480b830896a95235cbce0a75bc\*.tmp files -> C:\Windows\SoftwareDistribution\Download\daea78480b830896a95235cbce0a75bc\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\dfc534ba2d747285f0ae13f7ce1cdcf7\*.tmp files -> C:\Windows\SoftwareDistribution\Download\dfc534ba2d747285f0ae13f7ce1cdcf7\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\fba93083fca1a33440412fdcc9685b66\*.tmp files -> C:\Windows\SoftwareDistribution\Download\fba93083fca1a33440412fdcc9685b66\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2014.12.25 15:49:42 | 000,000,000 | ---D | M] -- C:\Users\Vrba-PC\AppData\Roaming\.minecraft
[2014.12.21 19:47:51 | 000,000,000 | ---D | M] -- C:\Users\Vrba-PC\AppData\Roaming\Adobe
[2015.02.15 22:10:52 | 000,000,000 | ---D | M] -- C:\Users\Vrba-PC\AppData\Roaming\DAEMON Tools Lite
[2014.11.30 20:53:42 | 000,000,000 | ---D | M] -- C:\Users\Vrba-PC\AppData\Roaming\ESET
[2014.11.30 20:58:26 | 000,000,000 | ---D | M] -- C:\Users\Vrba-PC\AppData\Roaming\GRETECH
[2014.11.30 20:27:57 | 000,000,000 | ---D | M] -- C:\Users\Vrba-PC\AppData\Roaming\Identities
[2014.12.03 17:19:32 | 000,000,000 | ---D | M] -- C:\Users\Vrba-PC\AppData\Roaming\Macromedia
[2014.12.07 21:58:43 | 000,000,000 | ---D | M] -- C:\Users\Vrba-PC\AppData\Roaming\Maxthon3
[2011.04.12 09:45:27 | 000,000,000 | ---D | M] -- C:\Users\Vrba-PC\AppData\Roaming\Media Center Programs
[2014.12.14 16:40:29 | 000,000,000 | --SD | M] -- C:\Users\Vrba-PC\AppData\Roaming\Microsoft
[2014.12.03 16:45:59 | 000,000,000 | ---D | M] -- C:\Users\Vrba-PC\AppData\Roaming\Mozilla
[2014.12.25 14:20:26 | 000,000,000 | ---D | M] -- C:\Users\Vrba-PC\AppData\Roaming\NVIDIA
[2014.12.06 19:44:50 | 000,000,000 | ---D | M] -- C:\Users\Vrba-PC\AppData\Roaming\Opera Software
[2014.12.29 22:43:50 | 000,000,000 | ---D | M] -- C:\Users\Vrba-PC\AppData\Roaming\Seznam Browser
[2014.11.30 22:41:12 | 000,000,000 | ---D | M] -- C:\Users\Vrba-PC\AppData\Roaming\TuneUp Software
[2015.02.27 19:08:15 | 000,000,000 | ---D | M] -- C:\Users\Vrba-PC\AppData\Roaming\uTorrent
[2015.03.24 19:04:59 | 000,000,000 | ---D | M] -- C:\Users\Vrba-PC\AppData\Roaming\vlc

< %APPDATA%\*.exe /s >
[2007.03.22 11:46:42 | 000,126,976 | ---- | M] () -- C:\Users\Vrba-PC\AppData\Roaming\GRETECH\GomPlayer\GrLauncher.exe
[2014.12.10 23:28:54 | 001,794,840 | ---- | M] (Maxthon International ltd.) -- C:\Users\Vrba-PC\AppData\Roaming\Maxthon3\Public\MxUp\MxUp.exe
[2014.12.19 13:03:56 | 047,151,400 | ---- | M] () -- C:\Users\Vrba-PC\AppData\Roaming\Seznam Browser\old-Seznam.cz.exe
[2014.12.26 19:37:16 | 047,150,408 | ---- | M] () -- C:\Users\Vrba-PC\AppData\Roaming\Seznam Browser\Seznam.cz.exe
[2014.12.19 21:55:46 | 000,099,308 | ---- | M] () -- C:\Users\Vrba-PC\AppData\Roaming\Seznam Browser\uninstall.exe
[2015.02.01 19:28:19 | 003,054,592 | ---- | M] (BitTorrent Inc.) -- C:\Users\Vrba-PC\AppData\Roaming\uTorrent\updates\3.4.2_31536.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2010.11.21 04:24:51 | 001,475,584 | ---- | M] (Microsoft Corporation)
"DAEMON Tools Lite" = "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun -- [2013.08.01 14:13:14 | 003,673,696 | ---- | M] (Disc Soft Ltd)

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< >

< type c:\boot.ini >> test.txt /c >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2015.03.24 19:37:45 | 000,000,512 | ---- | M] () MD5=0A2AE48BC1947E562FBAC374861836A3 -- C:\PhysicalMBR.bin

< >

< *crack* /s >

< *keygen* /s >

< *AntiWPA* /s >

< *loader* /s >
[2014.09.03 00:27:24 | 000,268,432 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll
[2014.09.03 00:27:24 | 000,019,096 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2013.10.18 02:34:40 | 001,168,672 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\ExtensionLoader.dll
[2013.12.20 01:37:56 | 000,065,344 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2013.12.20 01:37:56 | 000,067,904 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader64.dll
[2013.12.20 01:37:44 | 000,073,536 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader.dll
[2013.12.20 01:37:44 | 000,080,704 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader64.dll
[2005.06.07 12:25:46 | 000,044,032 | ---- | M] () -- \Program Files (x86)\WinRAR\RarExtLoader.exe
[2014.09.03 00:27:24 | 000,364,176 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll
[2014.09.03 00:27:24 | 000,019,096 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2008.10.15 01:35:04 | 000,000,030 | ---- | M] () -- \Program Files\vmt\vmt.loader.bat
[2014.08.13 13:14:30 | 000,009,418 | ---- | M] () -- \Users\Vrba-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.21_0\img\gifloader.gif
[2014.11.30 21:04:12 | 000,057,728 | ---- | M] () -- \Users\Vrba-PC\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\dt_dadget_loader.png
[2014.11.30 21:04:12 | 000,057,728 | ---- | M] () -- \Users\Vrba-PC\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\dt_dadget_loader.png
[2014.11.30 21:04:13 | 000,057,728 | ---- | M] () -- \Users\Vrba-PC\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\dt_dadget_loader.png
[2014.11.30 21:04:13 | 000,057,728 | ---- | M] () -- \Users\Vrba-PC\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin3\dt_dadget_loader.png
[2014.11.30 21:04:14 | 000,057,728 | ---- | M] () -- \Users\Vrba-PC\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin4\dt_dadget_loader.png
[2014.11.30 21:04:14 | 000,061,770 | ---- | M] () -- \Users\Vrba-PC\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin5\dt_dadget_loader.png
[2014.11.30 21:04:15 | 000,061,770 | ---- | M] () -- \Users\Vrba-PC\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin6\dt_dadget_loader.png
[2013.05.09 01:43:22 | 000,019,080 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00005109110000000100000000F01FEC\15.0.4420\FL_VSTOLoaderUI_dll_amd64_ln.3643236F_FC70_11D3_A536_0090278A1BB8
[2012.10.01 20:34:40 | 000,019,048 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00005109110000000100000000F01FEC\15.0.4420\FL_VSTOLoaderUI_dll_amd64_ln.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25
[2013.05.09 01:43:22 | 000,019,080 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00005109110000000100000000F01FEC\15.0.4420\FL_VSTOLoaderUI_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8
[2012.10.01 20:34:40 | 000,019,048 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00005109110000000100000000F01FEC\15.0.4420\FL_VSTOLoaderUI_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25
[2014.01.23 16:05:00 | 000,364,184 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00005109110000000100000000F01FEC\15.0.4420\VSTOLoader_dll_amd64.3643236F_FC70_11D3_A536_0090278A1BB8
[2012.10.01 20:34:40 | 000,364,128 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00005109110000000100000000F01FEC\15.0.4420\VSTOLoader_dll_amd64.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25
[2014.01.23 16:05:00 | 000,268,440 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00005109110000000100000000F01FEC\15.0.4420\VSTOLoader_dll_x86.3643236F_FC70_11D3_A536_0090278A1BB8
[2012.10.01 20:34:40 | 000,268,384 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00005109110000000100000000F01FEC\15.0.4420\VSTOLoader_dll_x86.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25
[2013.05.09 01:43:22 | 000,019,080 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00005109110000000100000000F01FEC\15.0.4569\FL_VSTOLoaderUI_dll_amd64_ln.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25
[2013.05.09 01:43:22 | 000,019,080 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00005109110000000100000000F01FEC\15.0.4569\FL_VSTOLoaderUI_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25
[2015.03.24 19:33:16 | 000,110,500 | ---- | M] () -- \Windows\Prefetch\RAREXTLOADER.EXE-8405D981.pf
[2014.04.12 03:03:37 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2014.04.12 03:03:37 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2009.07.14 02:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009.07.14 02:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.01.07 09:24:24 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.01.07 09:31:23 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.01.07 09:49:30 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21855_none_69375696abaca0b0\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.01.07 09:02:41 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22178_none_6924938aabba5227\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.01.07 09:24:24 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22436_none_694dd858ab9ba72a\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.01.07 09:23:34 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22470_none_691c96ecabc17ee4\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.01.07 09:21:52 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22476_none_692298a8abbc16ee\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.04.13 06:48:13 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22616_none_69637bfcab8b6996\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.04.12 03:28:21 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_69353b6eabae8d55\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.03.11 20:43:01 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22948_cs-cz_91d591322cdb6e65.manifest
[2015.03.11 20:43:01 | 000,033,208 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22948_cs-cz_91d591322cdb6e65_winload.efi.mui_35ee487d
[2015.03.11 20:43:01 | 000,034,744 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22948_cs-cz_91d591322cdb6e65_winload.exe.mui_3bc5b827
[2015.03.11 20:43:01 | 000,030,144 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22948_cs-cz_91d591322cdb6e65_winresume.efi.mui_f412814e
[2015.03.11 20:43:01 | 000,030,656 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22948_cs-cz_91d591322cdb6e65_winresume.exe.mui_ff8b5358
[2015.03.11 20:43:05 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22948_none_b9b9dcba9c78d498.manifest
[2015.03.11 20:43:05 | 000,693,176 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22948_none_b9b9dcba9c78d498_winload.efi_75834aa0
[2015.03.11 20:43:06 | 000,619,056 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22948_none_b9b9dcba9c78d498_winload.exe_75835076
[2015.03.11 20:43:06 | 000,617,376 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22948_none_b9b9dcba9c78d498_winresume.efi_85cd069f
[2015.03.11 20:43:06 | 000,533,200 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22948_none_b9b9dcba9c78d498_winresume.exe_85cd1215
[2009.07.14 03:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 03:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2011.04.12 09:33:23 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2015.02.03 05:49:45 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18741_cs-cz_9144f07b13c42013.manifest
[2014.01.07 08:41:17 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_cs-cz_91bd03782cee4653.manifest
[2014.12.13 02:57:48 | 000,004,141 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22908_cs-cz_9200d0e22cbafea1.manifest
[2015.01.12 23:17:25 | 000,004,141 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22921_cs-cz_91e42f042cd18522.manifest
[2015.01.16 07:36:46 | 000,004,141 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22923_cs-cz_91e62f982ccfb7d0.manifest
[2015.01.27 06:32:05 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22943_cs-cz_91d08fc02cdfefb2.manifest
[2015.02.03 06:30:16 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22948_cs-cz_91d591322cdb6e65.manifest
[2010.11.21 04:16:35 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89.manifest
[2015.02.03 04:51:30 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18741_none_b9293c0383618646.manifest
[2014.01.07 09:42:51 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e.manifest
[2014.01.07 08:41:17 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21675_none_b9967d2e9c93cb50.manifest
[2014.01.07 09:48:58 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21985_none_b98bb2f49c9bdeb6.manifest
[2014.12.12 07:29:00 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22908_none_b9e51c6a9c5864d4.manifest
[2015.01.12 04:50:53 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22921_none_b9c87a8c9c6eeb55.manifest
[2015.01.16 07:37:02 | 000,005,511 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22923_none_b9ca7b209c6d1e03.manifest
[2015.01.27 05:22:06 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22943_none_b9b4db489c7d55e5.manifest
[2015.02.03 05:17:47 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22948_none_b9b9dcba9c78d498.manifest
[2014.01.07 08:41:17 | 000,004,434 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_cs-cz_9fafda64680afbaf.manifest
[2014.01.07 08:41:17 | 000,004,434 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_da-dk_3ce9ba8b5e50f7ae.manifest
[2014.01.07 08:41:17 | 000,004,434 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_el-gr_e2ab7d5a4f3cb4d6.manifest
[2014.01.07 08:41:17 | 000,004,434 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_fi-fi_81ec875144463bdc.manifest
[2014.01.07 08:41:17 | 000,004,434 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_hu-hu_ccf978eb265e2f30.manifest
[2014.01.07 08:41:17 | 000,004,434 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_ko-kr_b5404aabfebc1e83.manifest
[2014.01.07 08:41:17 | 000,004,434 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_nb-no_9dd2cbe0d6e14a3f.manifest
[2014.01.07 08:41:17 | 000,004,434 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_pl-pl_e24e71a0bd2fc1c8.manifest
[2014.01.07 08:41:17 | 000,004,434 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_pt-br_e4a25c44bbb955ac.manifest
[2014.01.07 08:41:17 | 000,004,434 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_pt-pt_e5842bb0bb28c588.manifest
[2014.01.07 08:41:17 | 000,004,434 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_ru-ru_2c273d74a00a53b4.manifest
[2014.01.07 08:41:17 | 000,004,434 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_sv-se_c82227e997335e0f.manifest
[2014.01.07 08:41:17 | 000,004,434 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_tr-tr_712f723085ef6000.manifest
[2014.01.07 08:41:17 | 000,004,434 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_zh-cn_428c902e3627321f.manifest
[2014.01.07 08:41:17 | 000,004,434 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_zh-hk_413788bc3702a4af.manifest
[2014.01.07 08:41:17 | 000,004,434 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-e..os-loader.resources_31bf3856ad364e35_6.1.7601.21765_zh-tw_4688cd8433980e8f.manifest
[2009.07.14 03:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.01.07 09:24:24 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.01.07 09:31:23 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.01.07 09:49:30 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21855_none_0d18bb12f34f2f7a\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.01.07 09:02:41 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22178_none_0d05f806f35ce0f1\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.01.07 09:24:24 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22436_none_0d2f3cd4f33e35f4\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.01.07 09:23:34 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22470_none_0cfdfb68f3640dae\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.01.07 09:21:52 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22476_none_0d03fd24f35ea5b8\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.04.13 06:48:13 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22616_none_0d44e078f32df860\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.04.12 03:03:37 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_0d169feaf3511c1f\api-ms-win-core-libraryloader-l1-1-0.dll

< *minodlogin* /s >

< *tnod* /s >

< *AutoKMS* /s >

< *activator* /s >
[2013.12.18 09:59:34 | 000,350,520 | ---- | M] () -- \Program Files (x86)\TuneUp Utilities 2014\ProgramDeactivator.exe
[2013.12.18 10:01:06 | 000,150,840 | ---- | M] () -- \Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe
[2009.09.25 14:00:00 | 000,003,006 | ---- | M] () -- \Program Files (x86)\TuneUp Utilities 2014\data\deinstallation_programDeactivator_40x40.png
[2009.09.25 14:00:00 | 000,001,534 | ---- | M] () -- \Program Files (x86)\TuneUp Utilities 2014\data\icon_ProgramDeactivator_16.png
[2009.09.25 14:00:00 | 000,004,191 | ---- | M] () -- \Program Files (x86)\TuneUp Utilities 2014\data\icon_ProgramDeactivator_24x24.png
[2009.09.25 14:00:00 | 000,003,100 | ---- | M] () -- \Program Files (x86)\TuneUp Utilities 2014\data\icon_ProgramDeactivator_32.png
[2009.09.25 14:00:00 | 000,006,373 | ---- | M] () -- \Program Files (x86)\TuneUp Utilities 2014\data\icon_ProgramDeactivator_64.png
[2014.11.30 22:41:32 | 000,002,465 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014\All functions\TuneUp Program Deactivator.lnk
[2014.11.30 22:41:32 | 000,002,465 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014\All functions\TuneUp Program Deactivator.lnk
[2013.08.29 12:05:48 | 000,346,424 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\A374D8EF60F699F45B4FEB7DB2A230C8\14.0.1000\ProgramDeactivator.exe

< *serial* /s >
[2007.02.14 12:23:16 | 000,005,494 | ---- | M] () -- \Program Files (x86)\BurnInTest\HTML\preferences_serial.htm
[2007.01.04 14:08:14 | 000,007,370 | ---- | M] () -- \Program Files (x86)\BurnInTest\HTML\tests_serialport.htm
[2014.05.13 23:17:02 | 000,434,368 | ---- | M] () -- \Program Files (x86)\Microsoft Silverlight\5.1.30514.0\System.Runtime.Serialization.dll
[2014.12.01 19:40:42 | 001,164,288 | ---- | M] () -- \Program Files (x86)\Microsoft Silverlight\5.1.30514.0\System.Runtime.Serialization.ni.dll
[2014.07.08 00:27:52 | 000,970,752 | ---- | M] () -- \Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2011.04.12 09:34:17 | 000,090,112 | ---- | M] () -- \Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[2015.02.10 14:12:36 | 000,167,584 | ---- | M] () -- \Program Files\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.BackEnd.XmlSerializers.dll
[2015.02.10 14:12:36 | 000,210,584 | ---- | M] () -- \Program Files\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.Common.FrontEnd.XmlSerializers.dll
[2014.05.13 23:48:16 | 000,434,368 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.1.30514.0\System.Runtime.Serialization.dll
[2014.12.01 19:41:11 | 001,546,240 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.1.30514.0\System.Runtime.Serialization.ni.dll
[2014.07.08 00:36:29 | 000,847,872 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2011.04.12 09:34:17 | 000,090,112 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[2013.07.08 13:43:52 | 000,011,776 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2014.06.24 00:43:20 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2014.01.07 08:47:42 | 000,090,112 | ---- | M] () -- \Windows\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
[2014.07.08 00:27:52 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2014.12.01 19:26:44 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\023f48f21256a77784b4838d26c86648\System.Runtime.Serialization.ni.dll
[2014.12.01 19:07:08 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\18360e84e16f8684c0e5bd5cf81d4756\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.12.01 19:19:43 | 000,396,288 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\2e66437eaa00892f9501f2a9162ffac0\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.12.01 19:29:05 | 003,073,536 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\b78c8ac4de765b47bae705a2c83938a8\System.Runtime.Serialization.ni.dll
[2015.02.18 06:20:57 | 000,306,176 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#\a94049de665f1854ea5df1a857b2c68f\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2015.02.18 06:20:57 | 000,000,440 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#\a94049de665f1854ea5df1a857b2c68f\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux
[2015.02.18 06:20:28 | 002,855,424 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\187177229c00aec6dec613ea4b9ff209\System.Runtime.Serialization.ni.dll
[2015.02.18 06:20:28 | 000,000,996 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\187177229c00aec6dec613ea4b9ff209\System.Runtime.Serialization.ni.dll.aux
[2015.02.18 06:29:36 | 000,025,600 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.84e525b7#\ad0261438ff8f46e093faa717226ebef\System.Xml.Serialization.ni.dll
[2015.02.18 06:29:36 | 000,000,284 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.84e525b7#\ad0261438ff8f46e093faa717226ebef\System.Xml.Serialization.ni.dll.aux
[2015.02.18 13:00:57 | 000,366,080 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\769e80c5193dedd5ef90a962c002d15a\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2015.02.18 13:00:57 | 000,000,440 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\769e80c5193dedd5ef90a962c002d15a\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux
[2015.02.18 13:00:56 | 003,597,312 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runteb92aa12#\cdca00d5c58d31de2503310a31ca096f\System.Runtime.Serialization.ni.dll
[2015.02.18 13:00:56 | 000,000,996 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runteb92aa12#\cdca00d5c58d31de2503310a31ca096f\System.Runtime.Serialization.ni.dll.aux
[2015.02.18 13:07:01 | 000,027,648 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Xml.84e525b7#\85b2d15d965e64489744325c53d91db0\System.Xml.Serialization.ni.dll
[2015.02.18 13:07:01 | 000,000,284 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Xml.84e525b7#\85b2d15d965e64489744325c53d91db0\System.Xml.Serialization.ni.dll.aux
[2012.10.01 20:36:32 | 000,166,864 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00005109110000000100000000F01FEC\15.0.4420\AS_Client_BackEnd_XmlSerializers_dll_64.47B66533_5246_4BD8_8040_12B3E5660DA4
[2012.10.01 20:36:32 | 000,209,360 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00005109110000000100000000F01FEC\15.0.4420\AS_Client_Common_FrontEnd_XmlSerializers_dll_64.47B66533_5246_4BD8_8040_12B3E5660DA4
[2014.01.23 16:05:10 | 000,167,616 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00005109110000000100000000F01FEC\15.0.4569\AS_Client_BackEnd_XmlSerializers_dll_64.47B66533_5246_4BD8_8040_12B3E5660DA4
[2014.01.23 16:05:12 | 000,210,112 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00005109110000000100000000F01FEC\15.0.4569\AS_Client_Common_FrontEnd_XmlSerializers_dll_64.47B66533_5246_4BD8_8040_12B3E5660DA4
[2014.04.12 00:48:40 | 001,051,888 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Runtime.Serialization.dll.amd64
[2014.04.12 00:48:40 | 001,051,888 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Runtime.Serialization.dll.x86
[2014.04.12 00:48:40 | 001,051,888 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Runtime.Serialization.dll_gac_x86
[2014.04.12 00:48:40 | 000,028,000 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\v4.0_4.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2014.04.12 00:48:40 | 000,133,432 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2014.04.11 23:08:06 | 000,029,472 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Json\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Json.dll
[2014.04.11 23:08:06 | 000,029,512 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Primitives.dll
[2014.04.12 00:48:40 | 000,113,952 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.RunTime.Serialization.resources\v4.0_4.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.resources.dll
[2014.04.11 23:08:06 | 000,029,976 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Xml\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Xml.dll
[2014.07.23 01:17:44 | 001,050,840 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2014.04.11 23:08:06 | 000,045,800 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
[2014.04.11 23:08:06 | 000,029,928 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.XmlSerializer\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Xml.XmlSerializer.dll
[2014.06.24 00:43:20 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2011.04.12 09:34:11 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2014.07.08 00:27:52 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2014.07.23 01:17:44 | 001,050,840 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2014.04.12 00:48:40 | 000,133,432 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2014.04.11 23:08:06 | 000,029,472 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Json.dll
[2014.04.11 23:08:06 | 000,029,512 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Primitives.dll
[2014.04.11 23:08:06 | 000,029,976 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Xml.dll
[2014.04.11 23:08:06 | 000,045,800 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll
[2014.04.11 23:08:06 | 000,029,928 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.XmlSerializer.dll
[2014.04.12 00:48:40 | 000,028,000 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2014.04.12 00:48:40 | 000,113,952 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\cs\System.RunTime.Serialization.resources.dll
[2014.06.24 00:43:09 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2011.04.12 09:34:10 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2014.07.08 00:36:29 | 000,847,872 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2014.07.23 01:17:44 | 001,050,840 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.dll
[2014.04.12 00:48:40 | 000,133,432 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2014.04.11 23:08:06 | 000,029,472 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Json.dll
[2014.04.11 23:08:06 | 000,029,512 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Primitives.dll
[2014.04.11 23:08:06 | 000,029,976 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Xml.dll
[2014.04.11 23:08:06 | 000,045,800 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.Serialization.dll
[2014.04.11 23:08:06 | 000,029,928 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.XmlSerializer.dll
[2014.04.11 23:40:46 | 000,028,000 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2014.04.11 23:40:46 | 000,113,952 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\cs\System.RunTime.Serialization.resources.dll
[2009.07.14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2011.04.12 09:34:07 | 000,005,120 | ---- | M] () -- \Windows\System32\cs-CZ\serialui.dll.mui
[2014.01.07 09:09:54 | 000,094,208 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_amd64_neutral_a50973feff546283\serial.sys
[2009.07.14 01:00:40 | 000,094,208 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_amd64_neutral_fdcfb86ce78678d1\serial.sys
[2009.06.10 21:37:50 | 000,038,400 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_amd64_neutral_6fb75ea318f84fe5\grserial.sys
[2009.07.14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\SysWOW64\serialui.dll
[2011.04.12 09:34:07 | 000,005,120 | ---- | M] () -- \Windows\SysWOW64\cs-CZ\serialui.dll.mui
[2011.04.12 09:34:10 | 000,011,776 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_1e527062c1f59d5f\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2011.04.12 09:34:10 | 000,011,776 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_cs-cz_1e468964c1feb99a\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2011.04.12 09:34:10 | 000,011,776 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.22731_cs-cz_1ec35795db263fce\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2011.04.12 09:34:12 | 000,005,120 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_aa5fd338fd5bcb23\serialui.dll.mui
[2009.07.14 02:41:54 | 000,017,920 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360\serialui.dll
[2011.04.12 09:34:17 | 000,090,112 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_bb9a1800691e639c\System.RunTime.Serialization.Resources.dll
[2011.04.12 09:34:17 | 000,090,112 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_cs-cz_bb8e310269277fd7\System.RunTime.Serialization.Resources.dll
[2011.04.12 09:34:17 | 000,090,112 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.22733_cs-cz_bc0cffc7824d38b9\System.RunTime.Serialization.Resources.dll
[2011.04.12 09:34:13 | 000,009,728 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_20ab142d65ed6acc\serial.sys.mui
[2009.07.14 01:00:40 | 000,094,208 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_548ca258d20f4ada\serial.sys
[2014.01.07 09:09:54 | 000,094,208 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7601.22307_none_5755073be810c07e\serial.sys
[2009.06.10 21:40:06 | 000,131,072 | ---- | M] () -- \Windows\winsxs\amd64_netfx-system.runtim..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_a9d1bee515273f56\System.Runtime.Serialization.Formatters.Soap.dll
[2014.06.24 00:43:09 | 000,131,072 | ---- | M] () -- \Windows\winsxs\amd64_netfx-system.runtim..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7601.18523_none_a9a7e561157d82e9\System.Runtime.Serialization.Formatters.Soap.dll
[2014.06.24 00:43:05 | 000,131,072 | ---- | M] () -- \Windows\winsxs\amd64_netfx-system.runtim..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7601.22733_none_92db3ec72f23fc97\System.Runtime.Serialization.Formatters.Soap.dll
[2009.06.10 21:37:50 | 000,038,400 | ---- | M] () -- \Windows\winsxs\amd64_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_ce9ed3064deed3aa\grserial.sys
[2010.11.21 04:24:53 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17514_none_5918bfde74e3f722\System.Runtime.Serialization.dll
[2014.01.07 09:00:55 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17966_none_591d933074dfaa5b\System.Runtime.Serialization.dll
[2014.03.09 22:48:51 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.18523_none_5919d8d674e2f3ff\System.Runtime.Serialization.dll
[2014.07.10 23:24:02 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.18532_none_591aefe874e1f3b5\System.Runtime.Serialization.dll
[2014.01.07 08:47:42 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.21956_none_424eec4a8e87f0b9\System.Runtime.Serialization.dll
[2014.01.07 09:00:55 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.22126_none_424bee728e8a9f53\System.Runtime.Serialization.dll
[2014.03.17 15:38:51 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.22733_none_424d323c8e896dad\System.Runtime.Serialization.dll
[2014.07.08 00:36:29 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.22743_none_424e32868e888704\System.Runtime.Serialization.dll
[2010.11.21 04:24:53 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_93efcca8c8dbf1bb\System.Runtime.Serialization.dll
[2014.01.07 09:00:55 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_93f49ffac8d7a4f4\System.Runtime.Serialization.dll
[2014.03.09 22:48:50 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.18523_none_93f0e5a0c8daee98\System.Runtime.Serialization.dll
[2014.07.10 23:24:01 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.18532_none_93f1fcb2c8d9ee4e\System.Runtime.Serialization.dll
[2014.01.07 08:47:42 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.21956_none_7d25f914e27feb52\System.Runtime.Serialization.dll
[2014.01.07 09:00:55 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_7d22fb3ce28299ec\System.Runtime.Serialization.dll
[2014.03.17 15:38:51 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22733_none_7d243f06e2816846\System.Runtime.Serialization.dll
[2014.07.08 00:36:29 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22743_none_7d253f50e280819d\System.Runtime.Serialization.dll
[2014.01.07 09:42:55 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.21655_none_703aeff2dc87a23b.manifest
[2014.01.07 09:42:55 | 000,017,792 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.21655_none_703aeff2dc87a23b_kdcom.dll_db5e7744
[2011.04.12 09:34:36 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_aa5fd338fd5bcb23_serialui.dll.mui_7d29d2a3
[2009.07.14 03:57:29 | 000,017,920 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360_serialui.dll_bea29328
[2011.04.12 09:34:35 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed_serialui.dll.mui_7d29d2a3
[2009.07.14 03:58:37 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a_serialui.dll_bea29328
[2009.07.14 03:15:17 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_6daa7ec5c65bf5bc.manifest
[2014.01.07 09:42:51 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.21655_none_703aeff2dc87a23b.manifest
[2009.07.14 03:11:30 | 000,000,868 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.1.7600.16385_none_88b1c48f2026fe3f.manifest
[2010.11.21 04:17:50 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17514_none_5918bfde74e3f722.manifest
[2014.01.07 09:00:52 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17966_none_591d933074dfaa5b.manifest
[2014.07.02 07:30:52 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.18523_none_5919d8d674e2f3ff.manifest
[2014.07.14 03:24:48 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.18532_none_591aefe874e1f3b5.manifest
[2014.01.07 08:47:39 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.21956_none_424eec4a8e87f0b9.manifest
[2014.01.07 09:00:52 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.22126_none_424bee728e8a9f53.manifest
[2014.07.02 07:30:44 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.22733_none_424d323c8e896dad.manifest
[2014.07.14 03:13:57 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.22743_none_424e32868e888704.manifest
[2010.11.21 04:17:50 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_93efcca8c8dbf1bb.manifest
[2014.01.07 09:00:52 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_93f49ffac8d7a4f4.manifest
[2014.07.02 07:31:00 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.18523_none_93f0e5a0c8daee98.manifest
[2014.07.14 03:24:58 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.18532_none_93f1fcb2c8d9ee4e.manifest
[2014.01.07 08:47:39 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.21956_none_7d25f914e27feb52.manifest
[2014.01.07 09:00:52 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_7d22fb3ce28299ec.manifest
[2014.07.02 07:30:53 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22733_none_7d243f06e2816846.manifest
[2014.07.14 03:14:06 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22743_none_7d253f50e280819d.manifest
[2010.11.21 04:17:50 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c.manifest
[2014.01.07 09:00:52 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17966_none_a683f56a74d63285.manifest
[2014.07.02 06:57:49 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.18523_none_a6803b1074d97c29.manifest
[2014.07.14 03:04:09 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.18532_none_a681522274d87bdf.manifest
[2014.01.07 08:47:39 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.21956_none_8fb54e848e7e78e3.manifest
[2014.01.07 09:00:52 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22126_none_8fb250ac8e81277d.manifest
[2014.07.02 07:07:46 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22733_none_8fb394768e7ff5d7.manifest
[2014.07.14 03:04:27 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22743_none_8fb494c08e7f0f2e.manifest
[2011.04.12 09:33:41 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0.manifest
[2014.01.07 09:00:52 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17966_cs-cz_342f3c238422529f.manifest
[2014.07.02 08:46:46 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.18523_cs-cz_342b81c984259c43.manifest
[2014.07.14 05:02:27 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.18532_cs-cz_342c98db84249bf9.manifest
[2014.01.07 08:47:39 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.21956_cs-cz_1d60953d9dca98fd.manifest
[2014.01.07 09:00:52 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22126_cs-cz_1d5d97659dcd4797.manifest
[2014.07.02 09:08:13 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22733_cs-cz_1d5edb2f9dcc15f1.manifest
[2014.07.14 05:06:58 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22743_cs-cz_1d5fdb799dcb2f48.manifest
[2010.11.21 04:17:50 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f.manifest
[2014.01.07 09:00:52 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17966_none_d6c72b049c7d33b8.manifest
[2014.07.02 07:00:03 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.18523_none_d6c370aa9c807d5c.manifest
[2014.07.14 03:06:40 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.18532_none_d6c487bc9c7f7d12.manifest
[2014.01.07 08:47:39 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.21956_none_bff8841eb6257a16.manifest
[2014.01.07 09:00:52 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22126_none_bff58646b62828b0.manifest
[2014.07.02 07:10:04 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22733_none_bff6ca10b626f70a.manifest
[2014.07.14 03:06:53 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22743_none_bff7ca5ab6261061.manifest
[2010.11.21 04:18:20 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1.manifest
[2014.01.07 09:00:52 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_dba1d6d1dd53cdfa.manifest
[2014.07.02 06:58:58 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.18523_none_db9e1c77dd57179e.manifest
[2014.07.14 03:05:25 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.18532_none_db9f3389dd561754.manifest
[2014.01.07 08:47:39 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.21956_none_c4d32febf6fc1458.manifest
[2014.01.07 09:00:52 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_c4d03213f6fec2f2.manifest
[2014.07.02 07:08:55 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22733_none_c4d175ddf6fd914c.manifest
[2014.07.14 03:05:41 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22743_none_c4d27627f6fcaaa3.manifest
[2009.06.10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll
[2014.06.24 00:43:20 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7601.18523_none_1c70653de072abde\System.Runtime.Serialization.Formatters.Soap.dll
[2014.06.24 00:43:36 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7601.22733_none_05a3bea3fa19258c\System.Runtime.Serialization.Formatters.Soap.dll
[2011.04.12 09:34:11 | 000,011,776 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.1.7600.16385_cs-cz_d5c3552dd9b47144\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2013.07.08 13:43:52 | 000,011,776 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.1.7601.18523_cs-cz_d5997ba9da0ab4d7\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010.11.21 04:24:53 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c\System.Runtime.Serialization.dll
[2014.01.07 09:00:55 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17966_none_a683f56a74d63285\System.Runtime.Serialization.dll
[2014.03.09 22:47:42 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.18523_none_a6803b1074d97c29\System.Runtime.Serialization.dll
[2014.07.10 23:24:11 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.18532_none_a681522274d87bdf\System.Runtime.Serialization.dll
[2014.01.07 08:47:42 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.21956_none_8fb54e848e7e78e3\System.Runtime.Serialization.dll
[2014.01.07 09:00:55 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22126_none_8fb250ac8e81277d\System.Runtime.Serialization.dll
[2014.03.17 15:38:28 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22733_none_8fb394768e7ff5d7\System.Runtime.Serialization.dll
[2014.07.08 00:27:52 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22743_none_8fb494c08e7f0f2e\System.Runtime.Serialization.dll
[2011.04.12 09:34:17 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0\System.RunTime.Serialization.Resources.dll
[2014.01.07 08:47:42 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17966_cs-cz_342f3c238422529f\System.RunTime.Serialization.Resources.dll
[2014.01.07 08:47:42 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.18523_cs-cz_342b81c984259c43\System.RunTime.Serialization.Resources.dll
[2014.01.07 08:47:42 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.18532_cs-cz_342c98db84249bf9\System.RunTime.Serialization.Resources.dll
[2014.01.07 08:47:42 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.21956_cs-cz_1d60953d9dca98fd\System.RunTime.Serialization.Resources.dll
[2014.01.07 08:47:42 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22126_cs-cz_1d5d97659dcd4797\System.RunTime.Serialization.Resources.dll
[2014.01.07 08:47:42 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22733_cs-cz_1d5edb2f9dcc15f1\System.RunTime.Serialization.Resources.dll
[2014.01.07 08:47:42 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22743_cs-cz_1d5fdb799dcb2f48\System.RunTime.Serialization.Resources.dll
[2010.11.21 04:24:53 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f\System.Runtime.Serialization.dll
[2014.01.07 09:00:55 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17966_none_d6c72b049c7d33b8\System.Runtime.Serialization.dll
[2014.03.09 22:47:42 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.18523_none_d6c370aa9c807d5c\System.Runtime.Serialization.dll
[2014.07.10 23:24:10 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.18532_none_d6c487bc9c7f7d12\System.Runtime.Serialization.dll
[2014.01.07 08:47:42 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.21956_none_bff8841eb6257a16\System.Runtime.Serialization.dll
[2014.01.07 09:00:55 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22126_none_bff58646b62828b0\System.Runtime.Serialization.dll
[2014.03.17 15:38:27 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22733_none_bff6ca10b626f70a\System.Runtime.Serialization.dll
[2014.07.08 00:27:52 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22743_none_bff7ca5ab6261061\System.Runtime.Serialization.dll
[2011.04.12 09:34:11 | 000,011,776 | ---- | M] () -- \Windows\winsxs\wow64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_28a71ab4f6565f5a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2011.04.12 09:34:11 | 000,011,776 | ---- | M] () -- \Windows\winsxs\wow64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_cs-cz_289b33b6f65f7b95\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2011.04.12 09:34:11 | 000,011,776 | ---- | M] () -- \Windows\winsxs\wow64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.22731_cs-cz_291801e80f8701c9\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2011.04.12 09:34:07 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed\serialui.dll.mui
[2009.07.14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a\serialui.dll
[2011.04.12 09:34:17 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_5f7b7c7cb0c0f266\System.RunTime.Serialization.Resources.dll
[2011.04.12 09:34:17 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_cs-cz_5f6f957eb0ca0ea1\System.RunTime.Serialization.Resources.dll
[2011.04.12 09:34:17 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.22733_cs-cz_5fee6443c9efc783\System.RunTime.Serialization.Resources.dll
[2010.11.21 04:25:11 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1\System.Runtime.Serialization.dll
[2014.01.07 09:00:56 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_dba1d6d1dd53cdfa\System.Runtime.Serialization.dll
[2014.03.09 22:47:42 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.18523_none_db9e1c77dd57179e\System.Runtime.Serialization.dll
[2014.07.10 23:24:10 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.18532_none_db9f3389dd561754\System.Runtime.Serialization.dll
[2014.01.07 08:47:42 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.21956_none_c4d32febf6fc1458\System.Runtime.Serialization.dll
[2014.01.07 09:00:56 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_c4d03213f6fec2f2\System.Runtime.Serialization.dll
[2014.03.17 15:38:27 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22733_none_c4d175ddf6fd914c\System.Runtime.Serialization.dll
[2014.07.08 00:27:52 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22743_none_c4d27627f6fcaaa3\System.Runtime.Serialization.dll

< *w7lxe* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 166 bytes -> C:\ProgramData\TEMP:8C35AEA7

< End of report >

[Márty84]

Jeste to neni ciste.


Jen se jeste zeptam, jak je to s legalitou systemu? Ultimate neni zrovna bezna domaci verze

Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.

[shaman171]

Počítač mám sice jako domácí, ale je na něm firemní licence Windows co nám zbyla před přechodem na 8.1 a já se na počítač připojuji téměř denně z práce pomocí TW a nebo naopak poté z domova do práce, proto tato verze systému. Jako obyčejný smrtelník bych si jí samozřejmě nekupoval.

Přikládám LOG, snad je to již OK, počítač běží řekl bych adekvátně ke svému výkonu


# AdwCleaner v4.113 - Logfile created 25/03/2015 at 20:41:10
# Updated 22/03/2015 by Xplode
# Database : 2015-03-23.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Vrba-PC - PC
# Running from : C:\Users\Vrba-PC\Desktop\adwcleaner_4.113 (1).exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Users\Vrba-PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bgjpfhpjcgdppjbgnpnjllokbmcdllig_0.localstorage
File Deleted : C:\Users\Vrba-PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bgjpfhpjcgdppjbgnpnjllokbmcdllig_0.localstorage-journal
File Deleted : C:\Users\Vrba-PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_blmojkbhnkkphngknkmgccmlenfaelkd_0.localstorage
File Deleted : C:\Users\Vrba-PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_blmojkbhnkkphngknkmgccmlenfaelkd_0.localstorage-journal
File Deleted : C:\Users\Vrba-PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_olfeabkoenfaoljndfecamgilllcpiak_0.localstorage
File Deleted : C:\Users\Vrba-PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_olfeabkoenfaoljndfecamgilllcpiak_0.localstorage-journal

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v36.0.1 (x86 cs)


-\\ Google Chrome v41.0.2272.101


-\\ Opera v0.0.0.0


*************************

AdwCleaner[R0].txt - [1776 bytes] - [25/03/2015 20:38:47]
AdwCleaner[S0].txt - [1715 bytes] - [25/03/2015 20:41:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1774 bytes] ##########

[Márty84]

Napiste mi velikost adresare plochy (C:\Users\Vrba-PC\Plocha)


Dejte novy log z RSIT a budem mazat.

[shaman171]

Dobrý den,
velikost plochy:

plocha.jpg (41.3 KiB) Zobrazeno 2430 x

RSIT:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Vrba-PC at 2015-03-26 21:21:48
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 73 GB (48%) free of 153 GB
Total RAM: 1789 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:21:52, on 26.3.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17689)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Program Files\trend micro\Vrba-PC.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.atarata.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
O4 - Global Startup: AVerQuick.lnk = C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do OneNotu - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
O9 - Extra button: Odeslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVerRemote - AVerMedia - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMS Server Service (KMSServerService) - My Digital Life Forums - C:\Windows\KMSServerService\KMS Server Service.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8513 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
"C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe"
"C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe"
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\KMSServerService\KMS Server Service.exe"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe"
"C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe"
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe"
"C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe" /TUStart /pid:108
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-0e9168e7-fde0-42c5-b2fa-d408814fad15 -SystemEventPortName:HostProcess-a6d338dd-5278-44af-9601-c8cc40529b09 -IoCancelEventPortName:HostProcess-801e9b25-696b-4ebf-9df9-b64775684475 -NonStateChangingEventPortName:HostProcess-dc27f2d4-d311-4323-9a14-31abd772ac89 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:d28b0263-3b41-4e95-91a0-1e57c349cb75 -DeviceGroupId:WpdFsGroup
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe"
"taskhost.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "1519762198-177673366554075035-1147281096634889091-5959369217594904031623189107
"C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe"
"C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version9\TeamViewer9_Logfile.log
"C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version9\TeamViewer9_Logfile.log
C:\Windows\system32\sppsvc.exe
"c:\program files (x86)\teamviewer\version9\TeamViewer_Desktop.exe" --IPCport 5939
C:\Windows\system32\AUDIODG.EXE 0x7bc
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe12_ Global\UsGthrCtrlFltPipeMssGthrPipe12 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Users\Vrba-PC\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineCore1d042552c48f80.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskMachineUA1d0425539d5f59.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10 218776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL [2014-01-23 881880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL [2015-01-21 2334928]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10 153248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-30 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL [2014-01-22 707800]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [2015-01-21 1729744]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-30 172968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2014-10-01 5595336]
"Nvtmru"=C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [2013-10-18 1028384]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2013-10-18 1063200]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-08-01 3673696]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
AVer HID Receiver.lnk - C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
AVerQuick.lnk - C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux"=wdmaud.drv
"wave3"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2015-03-26 12:06:03 ----A---- C:\Windows\system32\FNTCACHE.DAT
2015-03-25 20:38:43 ----D---- C:\AdwCleaner
2015-03-25 12:26:30 ----A---- C:\Windows\system32\invagent.dll
2015-03-25 12:26:30 ----A---- C:\Windows\system32\generaltel.dll
2015-03-25 12:26:30 ----A---- C:\Windows\system32\devinv.dll
2015-03-25 12:26:30 ----A---- C:\Windows\system32\appraiser.dll
2015-03-25 12:26:30 ----A---- C:\Windows\system32\aeinv.dll
2015-03-25 12:26:30 ----A---- C:\Windows\system32\acmigration.dll
2015-03-25 12:26:29 ----A---- C:\Windows\system32\aepic.dll
2015-03-25 12:26:29 ----A---- C:\Windows\system32\aepdu.dll
2015-03-22 18:05:16 ----SHD---- C:\$RECYCLE.BIN
2015-03-22 18:05:08 ----D---- C:\Windows\temp
2015-03-22 18:05:07 ----A---- C:\ComboFix.txt
2015-03-22 17:47:21 ----A---- C:\Windows\zip.exe
2015-03-22 17:47:21 ----A---- C:\Windows\SWSC.exe
2015-03-22 17:47:21 ----A---- C:\Windows\SWREG.exe
2015-03-22 17:47:21 ----A---- C:\Windows\sed.exe
2015-03-22 17:47:21 ----A---- C:\Windows\PEV.exe
2015-03-22 17:47:21 ----A---- C:\Windows\NIRCMD.exe
2015-03-22 17:47:21 ----A---- C:\Windows\MBR.exe
2015-03-22 17:47:21 ----A---- C:\Windows\grep.exe
2015-03-22 17:46:50 ----D---- C:\Qoobox
2015-03-22 17:44:59 ----D---- C:\Windows\erdnt
2015-03-22 17:37:16 ----D---- C:\Program Files\trend micro
2015-03-22 17:37:00 ----D---- C:\rsit
2015-03-11 20:29:21 ----D---- C:\Config.Msi
2015-03-11 13:17:07 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-03-11 13:17:07 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-03-11 13:17:07 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-03-11 13:17:07 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-03-11 13:17:07 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-03-11 13:17:07 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-03-11 13:17:06 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-03-11 13:17:06 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-03-11 13:17:06 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-03-11 13:17:06 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-03-11 13:17:06 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-03-11 13:17:06 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-03-11 13:17:06 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 13:17:06 ----A---- C:\Windows\system32\iernonce.dll
2015-03-11 13:17:06 ----A---- C:\Windows\system32\ie4uinit.exe
2015-03-11 13:17:05 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-03-11 13:17:05 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-03-11 13:17:05 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-03-11 13:17:05 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-03-11 13:17:05 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-03-11 13:17:05 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-03-11 13:17:05 ----A---- C:\Windows\system32\urlmon.dll
2015-03-11 13:17:05 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 13:17:05 ----A---- C:\Windows\system32\iedkcs32.dll
2015-03-11 13:17:04 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-03-11 13:17:04 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-03-11 13:17:04 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-03-11 13:17:04 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 13:17:04 ----A---- C:\Windows\system32\msfeeds.dll
2015-03-11 13:17:04 ----A---- C:\Windows\system32\iesetup.dll
2015-03-11 13:17:04 ----A---- C:\Windows\system32\ieapfltr.dll
2015-03-11 13:17:04 ----A---- C:\Windows\system32\dxtrans.dll
2015-03-11 13:17:03 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-03-11 13:17:03 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-03-11 13:17:03 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-03-11 13:17:03 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-03-11 13:17:03 ----A---- C:\Windows\system32\iertutil.dll
2015-03-11 13:17:02 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-03-11 13:17:02 ----A---- C:\Windows\system32\jsproxy.dll
2015-03-11 13:17:02 ----A---- C:\Windows\system32\ieUnatt.exe
2015-03-11 13:17:02 ----A---- C:\Windows\system32\ieui.dll
2015-03-11 13:17:02 ----A---- C:\Windows\system32\ieframe.dll
2015-03-11 13:17:02 ----A---- C:\Windows\system32\dxtmsft.dll
2015-03-11 13:17:01 ----A---- C:\Windows\system32\wininet.dll
2015-03-11 13:17:01 ----A---- C:\Windows\system32\vbscript.dll
2015-03-11 13:17:01 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-03-11 13:17:01 ----A---- C:\Windows\system32\mshtmled.dll
2015-03-11 13:17:01 ----A---- C:\Windows\system32\jscript9diag.dll
2015-03-11 13:17:01 ----A---- C:\Windows\system32\jscript9.dll
2015-03-11 13:17:00 ----A---- C:\Windows\system32\msrating.dll
2015-03-11 13:17:00 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-03-11 13:17:00 ----A---- C:\Windows\system32\mshtml.dll
2015-03-11 13:16:58 ----A---- C:\Windows\SYSWOW64\lpk.dll
2015-03-11 13:16:58 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2015-03-11 13:16:58 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2015-03-11 13:16:58 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2015-03-11 13:16:58 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2015-03-11 13:16:58 ----A---- C:\Windows\system32\lpk.dll
2015-03-11 13:16:58 ----A---- C:\Windows\system32\fontsub.dll
2015-03-11 13:16:58 ----A---- C:\Windows\system32\dciman32.dll
2015-03-11 13:16:58 ----A---- C:\Windows\system32\atmlib.dll
2015-03-11 13:16:58 ----A---- C:\Windows\system32\atmfd.dll
2015-03-11 13:16:50 ----A---- C:\Windows\SYSWOW64\blackbox.dll
2015-03-11 13:16:50 ----A---- C:\Windows\system32\blackbox.dll
2015-03-11 13:16:49 ----A---- C:\Windows\system32\drmv2clt.dll
2015-03-11 13:16:48 ----A---- C:\Windows\SYSWOW64\drmv2clt.dll
2015-03-11 13:16:47 ----A---- C:\Windows\system32\wmp.dll
2015-03-11 13:16:46 ----A---- C:\Windows\SYSWOW64\wmdrmsdk.dll
2015-03-11 13:16:46 ----A---- C:\Windows\system32\wmdrmsdk.dll
2015-03-11 13:16:45 ----A---- C:\Windows\SYSWOW64\wmp.dll
2015-03-11 13:16:44 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-03-11 13:16:44 ----A---- C:\Windows\system32\drmmgrtn.dll
2015-03-11 13:16:44 ----A---- C:\Windows\system32\crypt32.dll
2015-03-11 13:16:43 ----A---- C:\Windows\SYSWOW64\drmmgrtn.dll
2015-03-11 13:16:43 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2015-03-11 13:16:43 ----A---- C:\Windows\system32\quartz.dll
2015-03-11 13:16:43 ----A---- C:\Windows\system32\drivers\PEAuth.sys
2015-03-11 13:16:42 ----A---- C:\Windows\system32\evr.dll
2015-03-11 13:16:41 ----A---- C:\Windows\SYSWOW64\quartz.dll
2015-03-11 13:16:41 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-03-11 13:16:41 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-03-11 13:16:41 ----A---- C:\Windows\SYSWOW64\evr.dll
2015-03-11 13:16:41 ----A---- C:\Windows\SYSWOW64\cryptui.dll
2015-03-11 13:16:41 ----A---- C:\Windows\system32\mfplat.dll
2015-03-11 13:16:41 ----A---- C:\Windows\system32\cryptui.dll
2015-03-11 13:16:40 ----A---- C:\Windows\SYSWOW64\mfplat.dll
2015-03-11 13:16:40 ----A---- C:\Windows\SYSWOW64\cryptsp.dll
2015-03-11 13:16:40 ----A---- C:\Windows\system32\pcasvc.dll
2015-03-11 13:16:40 ----A---- C:\Windows\system32\msscp.dll
2015-03-11 13:16:40 ----A---- C:\Windows\system32\mf.dll
2015-03-11 13:16:40 ----A---- C:\Windows\system32\drivers\mountmgr.sys
2015-03-11 13:16:40 ----A---- C:\Windows\system32\cryptsp.dll
2015-03-11 13:16:40 ----A---- C:\Windows\system32\AudioSes.dll
2015-03-11 13:16:39 ----A---- C:\Windows\SYSWOW64\qdvd.dll
2015-03-11 13:16:39 ----A---- C:\Windows\SYSWOW64\mf.dll
2015-03-11 13:16:39 ----A---- C:\Windows\system32\msnetobj.dll
2015-03-11 13:16:39 ----A---- C:\Windows\system32\mfps.dll
2015-03-11 13:16:38 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2015-03-11 13:16:38 ----A---- C:\Windows\SYSWOW64\msscp.dll
2015-03-11 13:16:38 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2015-03-11 13:16:38 ----A---- C:\Windows\system32\wintrust.dll
2015-03-11 13:16:38 ----A---- C:\Windows\system32\srcore.dll
2015-03-11 13:16:38 ----A---- C:\Windows\system32\rstrui.exe
2015-03-11 13:16:38 ----A---- C:\Windows\system32\cryptnet.dll
2015-03-11 13:16:38 ----A---- C:\Windows\system32\audiosrv.dll
2015-03-11 13:16:38 ----A---- C:\Windows\system32\AUDIOKSE.dll
2015-03-11 13:16:38 ----A---- C:\Windows\system32\audiodg.exe
2015-03-11 13:16:37 ----A---- C:\Windows\SYSWOW64\msnetobj.dll
2015-03-11 13:16:37 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2015-03-11 13:16:37 ----A---- C:\Windows\system32\qdvd.dll
2015-03-11 13:16:37 ----A---- C:\Windows\system32\cryptsvc.dll
2015-03-11 13:16:36 ----A---- C:\Windows\SYSWOW64\AudioEng.dll
2015-03-11 13:16:36 ----A---- C:\Windows\system32\rrinstaller.exe
2015-03-11 13:16:36 ----A---- C:\Windows\system32\pcadm.dll
2015-03-11 13:16:36 ----A---- C:\Windows\system32\AudioEng.dll
2015-03-11 13:16:35 ----A---- C:\Windows\SYSWOW64\rrinstaller.exe
2015-03-11 13:16:35 ----A---- C:\Windows\SYSWOW64\mfps.dll
2015-03-11 13:16:35 ----A---- C:\Windows\SYSWOW64\AUDIOKSE.dll
2015-03-11 13:16:35 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2015-03-11 13:16:35 ----A---- C:\Windows\system32\srclient.dll
2015-03-11 13:16:35 ----A---- C:\Windows\system32\smss.exe
2015-03-11 13:16:35 ----A---- C:\Windows\system32\pcawrk.exe
2015-03-11 13:16:35 ----A---- C:\Windows\system32\msmmsp.dll
2015-03-11 13:16:35 ----A---- C:\Windows\system32\appidsvc.dll
2015-03-11 13:16:35 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 13:16:35 ----A---- C:\Windows\system32\appidapi.dll
2015-03-11 13:16:34 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-03-11 13:16:34 ----A---- C:\Windows\SYSWOW64\mfpmp.exe
2015-03-11 13:16:34 ----A---- C:\Windows\SYSWOW64\AudioSes.dll
2015-03-11 13:16:34 ----A---- C:\Windows\system32\spwmp.dll
2015-03-11 13:16:34 ----A---- C:\Windows\system32\setbcdlocale.dll
2015-03-11 13:16:34 ----A---- C:\Windows\system32\pcalua.exe
2015-03-11 13:16:34 ----A---- C:\Windows\system32\mfpmp.exe
2015-03-11 13:16:34 ----A---- C:\Windows\system32\EncDump.dll
2015-03-11 13:16:34 ----A---- C:\Windows\system32\drivers\appid.sys
2015-03-11 13:16:34 ----A---- C:\Windows\system32\csrsrv.dll
2015-03-11 13:16:34 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 13:16:33 ----A---- C:\Windows\SYSWOW64\wmploc.DLL
2015-03-11 13:16:33 ----A---- C:\Windows\SYSWOW64\spwmp.dll
2015-03-11 13:16:33 ----A---- C:\Windows\SYSWOW64\dxmasf.dll
2015-03-11 13:16:33 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2015-03-11 13:16:33 ----A---- C:\Windows\system32\pcaevts.dll
2015-03-11 13:16:33 ----A---- C:\Windows\system32\dxmasf.dll
2015-03-11 13:16:33 ----A---- C:\Windows\system32\apisetschema.dll
2015-03-11 13:16:32 ----A---- C:\Windows\SYSWOW64\mferror.dll
2015-03-11 13:16:32 ----A---- C:\Windows\system32\wmploc.DLL
2015-03-11 13:16:32 ----A---- C:\Windows\system32\mferror.dll
2015-03-11 13:16:07 ----A---- C:\Windows\system32\rdpudd.dll
2015-03-11 13:16:07 ----A---- C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 13:16:07 ----A---- C:\Windows\system32\rdpcorets.dll
2015-03-11 13:15:34 ----A---- C:\Windows\SYSWOW64\ubpm.dll
2015-03-11 13:15:34 ----A---- C:\Windows\system32\ubpm.dll
2015-03-11 13:15:33 ----A---- C:\Windows\system32\shell32.dll
2015-03-11 13:15:31 ----A---- C:\Windows\SYSWOW64\shell32.dll
2015-03-11 13:15:26 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-03-11 13:15:26 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-03-11 13:15:26 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-03-11 13:15:26 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-03-11 13:15:26 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-03-11 13:15:26 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-03-11 13:15:26 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-03-11 13:15:26 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-03-11 13:15:26 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-03-11 13:15:26 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-03-11 13:15:26 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-03-11 13:15:26 ----A---- C:\Windows\SYSWOW64\certcli.dll
2015-03-11 13:15:26 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-03-11 13:15:26 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-03-11 13:15:26 ----A---- C:\Windows\system32\wdigest.dll
2015-03-11 13:15:26 ----A---- C:\Windows\system32\TSpkg.dll
2015-03-11 13:15:26 ----A---- C:\Windows\system32\sspisrv.dll
2015-03-11 13:15:26 ----A---- C:\Windows\system32\sspicli.dll
2015-03-11 13:15:26 ----A---- C:\Windows\system32\schannel.dll
2015-03-11 13:15:26 ----A---- C:\Windows\system32\secur32.dll
2015-03-11 13:15:26 ----A---- C:\Windows\system32\ncrypt.dll
2015-03-11 13:15:26 ----A---- C:\Windows\system32\msv1_0.dll
2015-03-11 13:15:26 ----A---- C:\Windows\system32\msobjs.dll
2015-03-11 13:15:26 ----A---- C:\Windows\system32\msaudite.dll
2015-03-11 13:15:26 ----A---- C:\Windows\system32\lsass.exe
2015-03-11 13:15:26 ----A---- C:\Windows\system32\lsasrv.dll
2015-03-11 13:15:26 ----A---- C:\Windows\system32\kerberos.dll
2015-03-11 13:15:26 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-03-11 13:15:26 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-03-11 13:15:26 ----A---- C:\Windows\system32\drivers\cng.sys
2015-03-11 13:15:26 ----A---- C:\Windows\system32\credssp.dll
2015-03-11 13:15:26 ----A---- C:\Windows\system32\certcli.dll
2015-03-11 13:15:26 ----A---- C:\Windows\system32\auditpol.exe
2015-03-11 13:15:26 ----A---- C:\Windows\system32\adtschema.dll
2015-03-11 13:15:08 ----A---- C:\Windows\SYSWOW64\msctf.dll
2015-03-11 13:15:08 ----A---- C:\Windows\system32\msctf.dll
2015-03-11 13:15:06 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2015-03-11 13:15:06 ----A---- C:\Windows\system32\WindowsCodecs.dll
2015-03-11 13:15:04 ----A---- C:\Windows\system32\win32k.sys
2015-03-11 13:10:08 ----A---- C:\Windows\SYSWOW64\WMPhoto.dll
2015-03-11 13:10:08 ----A---- C:\Windows\system32\WMPhoto.dll
2015-02-27 16:39:43 ----D---- C:\ProgramData\Playrix Entertainment
2015-02-27 16:37:51 ----D---- C:\ProgramData\AlawarWrapper

======List of files/folders modified in the last 1 month======

2015-03-26 21:21:52 ----D---- C:\Windows\Prefetch
2015-03-26 19:00:44 ----D---- C:\Users\Vrba-PC\AppData\Roaming\vlc
2015-03-26 13:15:39 ----D---- C:\Windows\system32\drivers
2015-03-26 13:15:34 ----D---- C:\Windows\inf
2015-03-26 12:48:32 ----D---- C:\Windows\system32\config
2015-03-26 12:07:19 ----D---- C:\Windows\winsxs
2015-03-26 12:06:18 ----D---- C:\Windows
2015-03-26 12:06:18 ----D---- C:\ProgramData\NVIDIA
2015-03-26 12:06:03 ----D---- C:\Windows\System32
2015-03-26 11:59:05 ----SD---- C:\Windows\system32\CompatTel
2015-03-26 11:59:01 ----D---- C:\Windows\system32\wbem
2015-03-26 11:59:01 ----D---- C:\Windows\system32\appraiser
2015-03-26 11:59:00 ----D---- C:\Windows\AppPatch
2015-03-25 20:55:55 ----SHD---- C:\System Volume Information
2015-03-25 20:44:50 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-25 12:24:53 ----D---- C:\Windows\system32\catroot2
2015-03-23 19:37:31 ----D---- C:\Windows\Minidump
2015-03-22 18:01:29 ----A---- C:\Windows\system.ini
2015-03-22 18:01:23 ----D---- C:\Windows\system32\drivers\etc
2015-03-22 18:00:54 ----D---- C:\Windows\SysWOW64
2015-03-22 17:57:56 ----D---- C:\Windows\SYSWOW64\drivers
2015-03-22 17:57:56 ----D---- C:\Program Files (x86)\Common Files
2015-03-22 17:37:16 ----RD---- C:\Program Files
2015-03-21 15:29:35 ----D---- C:\Windows\system32\wfp
2015-03-21 15:25:53 ----D---- C:\Windows\Tasks
2015-03-21 15:25:53 ----D---- C:\Windows\system32\Tasks
2015-03-21 15:25:53 ----D---- C:\Windows\system32\DriverStore
2015-03-21 15:25:52 ----D---- C:\Windows\registration
2015-03-21 15:24:36 ----SD---- C:\ProgramData\Microsoft
2015-03-14 20:31:10 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-03-12 21:47:49 ----D---- C:\Windows\debug
2015-03-12 14:20:39 ----D---- C:\Windows\rescache
2015-03-12 12:32:22 ----D---- C:\Windows\SYSWOW64\Dism
2015-03-12 12:32:22 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-03-12 12:32:22 ----D---- C:\Windows\system32\Dism
2015-03-12 12:32:22 ----D---- C:\Program Files\Windows Media Player
2015-03-12 12:32:22 ----D---- C:\Program Files (x86)\Windows Media Player
2015-03-12 12:32:21 ----D---- C:\Windows\system32\en-US
2015-03-12 12:32:21 ----D---- C:\Windows\system32\cs-CZ
2015-03-12 12:32:19 ----D---- C:\Windows\system32\Boot
2015-03-12 12:32:12 ----D---- C:\Windows\SYSWOW64\en-US
2015-03-12 12:32:12 ----D---- C:\Program Files\Internet Explorer
2015-03-12 12:32:11 ----D---- C:\Program Files (x86)\Internet Explorer
2015-03-11 20:47:14 ----SHD---- C:\Windows\Installer
2015-03-11 20:46:47 ----D---- C:\ProgramData\Microsoft Help
2015-03-11 20:28:41 ----A---- C:\Windows\win.ini
2015-03-11 20:28:05 ----RSD---- C:\Windows\assembly
2015-03-11 20:26:35 ----D---- C:\Windows\system32\MRT
2015-03-11 20:20:31 ----A---- C:\Windows\system32\MRT.exe
2015-02-28 13:26:21 ----A---- C:\Windows\system32\systemcpl.dll
2015-02-28 10:18:58 ----D---- C:\Windows\SoftwareDistribution
2015-02-27 19:08:15 ----D---- C:\Users\Vrba-PC\AppData\Roaming\uTorrent
2015-02-27 19:07:54 ----RD---- C:\Program Files (x86)
2015-02-27 17:31:57 ----D---- C:\Windows\system32\LogFiles
2015-02-27 16:39:43 ----D---- C:\ProgramData

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2014-10-10 63160]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2014-01-07 213848]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2014-03-18 516096]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2014-11-30 283064]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2014-10-10 243440]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2014-10-10 169280]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2014-10-10 44632]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [2014-12-14 27552]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2014-01-27 59392]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2014-01-27 360688]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2014-10-10 222280]
R3 AVerA706_x64;AVerMedia A706 BDA Service; C:\Windows\system32\DRIVERS\AVerA706_x64.sys [2010-04-08 1478656]
R3 cmuda3;C-Media PCI Audio Interface; C:\Windows\system32\drivers\cmudax3.sys [2009-12-01 1155072]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-06-10 6108416]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [2013-08-21 14112]
R3 vpcbus;Služba hostitelské sběrnice programu Virtual PC; C:\Windows\system32\DRIVERS\vpchbus.sys [2014-01-27 194944]
R3 vpcusb;Služba konektoru virtualizace rozhraní USB; C:\Windows\system32\DRIVERS\vpcusb.sys [2014-01-27 95232]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2014-01-07 95232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2014-01-07 166400]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver; C:\Windows\system32\drivers\Synth3dVsc.sys [2014-03-02 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2012-08-23 29696]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2014-03-02 200576]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
S4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2014-01-07 27136]
R2 AVerRemote;AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [2009-12-01 348160]
R2 AVerScheduleService;AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [2009-12-07 397312]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2014-01-07 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2014-10-01 1349576]
R2 KMSServerService;KMS Server Service; C:\Windows\KMSServerService\KMS Server Service.exe [2014-11-30 211968]
R2 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
R2 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-10-18 15122208]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2014-07-02 935368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-07-02 411936]
R2 TeamViewer9;TeamViewer 9; C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2015-02-09 5249808]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2013-12-18 2103096]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2014-01-07 27136]
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2014-01-07 27136]
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2014-01-07 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-30 107912]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05 267440]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2014-01-07 27136]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-30 107912]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-02-20 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-03-22 148080]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-12-08 178760]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-01 5132888]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2014-01-07 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2014-01-07 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-01-07 1255736]
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-03 81088]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]

-----------------EOF-----------------

[Márty84]

Vypnete antivir, at nebrani programu v praci.
Znovu spustte OTL jako spravce
Do spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[Purity]
[CreateRestorePoint]

:services
gupdate
AdobeFlashPlayerUpdateSvc
gupdatem

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore1d042552c48f80.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA1d0425539d5f59.job

:otl
@Alternate Data Stream - 166 bytes -> C:\ProgramData\TEMP:8C35AEA7
[2 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[9 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\11bbf576fa0506e2fb58f4f4bafa0f59\*.tmp files -> C:\Windows\SoftwareDistribution\Download\11bbf576fa0506e2fb58f4f4bafa0f59\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\16be77b682de5f7723de0e2361280b1c\*.tmp files -> C:\Windows\SoftwareDistribution\Download\16be77b682de5f7723de0e2361280b1c\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\1b883414a897d80a08478618c4d8723f\*.tmp files -> C:\Windows\SoftwareDistribution\Download\1b883414a897d80a08478618c4d8723f\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\21ab9becaa2566e9f0a0ea3d82672d50\*.tmp files -> C:\Windows\SoftwareDistribution\Download\21ab9becaa2566e9f0a0ea3d82672d50\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\248c79ee4edd1012af3b9678786a1064\*.tmp files -> C:\Windows\SoftwareDistribution\Download\248c79ee4edd1012af3b9678786a1064\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\24c893ec620f93cab05a529e65a5a4b1\*.tmp files -> C:\Windows\SoftwareDistribution\Download\24c893ec620f93cab05a529e65a5a4b1\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\2622b71010a449ec56674cf73bcd3bd6\*.tmp files -> C:\Windows\SoftwareDistribution\Download\2622b71010a449ec56674cf73bcd3bd6\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\319d4d91727b725c7b2164ca94f47db9\*.tmp files -> C:\Windows\SoftwareDistribution\Download\319d4d91727b725c7b2164ca94f47db9\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\38d3b07802a3203b4a61cecefe245255\*.tmp files -> C:\Windows\SoftwareDistribution\Download\38d3b07802a3203b4a61cecefe245255\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\3e561c20b6aee80cec283f7ed584e9dd\*.tmp files -> C:\Windows\SoftwareDistribution\Download\3e561c20b6aee80cec283f7ed584e9dd\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\5f5669621f8c3698d11867c47e73423b\*.tmp files -> C:\Windows\SoftwareDistribution\Download\5f5669621f8c3698d11867c47e73423b\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\6a9cd27a193c74985c368402813bac4d\*.tmp files -> C:\Windows\SoftwareDistribution\Download\6a9cd27a193c74985c368402813bac4d\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\74f326dda14c60c449dcbffc6addc5d5\*.tmp files -> C:\Windows\SoftwareDistribution\Download\74f326dda14c60c449dcbffc6addc5d5\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\91cc7d36a966079d96bd77d8df753a6b\*.tmp files -> C:\Windows\SoftwareDistribution\Download\91cc7d36a966079d96bd77d8df753a6b\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\a97a7de8ca050c7f04492ba3de663402\*.tmp files -> C:\Windows\SoftwareDistribution\Download\a97a7de8ca050c7f04492ba3de663402\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\af015e544375e0dad037d8742a7cabdc\*.tmp files -> C:\Windows\SoftwareDistribution\Download\af015e544375e0dad037d8742a7cabdc\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\b1ef4dbfb5e587165252a74cde52662f\*.tmp files -> C:\Windows\SoftwareDistribution\Download\b1ef4dbfb5e587165252a74cde52662f\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\b3e90cc32ce375d335fa7a97e0748800\*.tmp files -> C:\Windows\SoftwareDistribution\Download\b3e90cc32ce375d335fa7a97e0748800\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\bcfeb54498e98250815a43b8daec737a\*.tmp files -> C:\Windows\SoftwareDistribution\Download\bcfeb54498e98250815a43b8daec737a\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\d7d9f374c3d3174b1d00ac64526faf60\*.tmp files -> C:\Windows\SoftwareDistribution\Download\d7d9f374c3d3174b1d00ac64526faf60\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\d95aac6c0764ad0d389a9c27c2c1d703\*.tmp files -> C:\Windows\SoftwareDistribution\Download\d95aac6c0764ad0d389a9c27c2c1d703\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\daea78480b830896a95235cbce0a75bc\*.tmp files -> C:\Windows\SoftwareDistribution\Download\daea78480b830896a95235cbce0a75bc\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\dfc534ba2d747285f0ae13f7ce1cdcf7\*.tmp files -> C:\Windows\SoftwareDistribution\Download\dfc534ba2d747285f0ae13f7ce1cdcf7\*.tmp -> ]
[2 C:\Windows\SoftwareDistribution\Download\fba93083fca1a33440412fdcc9685b66\*.tmp files -> C:\Windows\SoftwareDistribution\Download\fba93083fca1a33440412fdcc9685b66\*.tmp -> ]
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1811662729-3697714405-3130458461-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.atarata.cz/
IE - HKU\S-1-5-21-1811662729-3697714405-3130458461-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.startup.homepage: "http://start.atarata.cz/"

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-

Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

[shaman171]

Přikládám LOG, snad už to bude v pořádku

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: user
->Temp folder emptied: 0 bytes

User: Vrba-PC
->Temp folder emptied: 43518837 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5445350 bytes
->Google Chrome cache emptied: 73288007 bytes
->Flash cache emptied: 506 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9240 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 117,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: DefaultAppPool

User: Public

User: user

User: Vrba-PC
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point
========== SERVICES/DRIVERS ==========
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service AdobeFlashPlayerUpdateSvc stopped successfully!
Service AdobeFlashPlayerUpdateSvc deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
C:\Windows\tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineCore1d042552c48f80.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA1d0425539d5f59.job moved successfully.
========== OTL ==========
ADS C:\ProgramData\TEMP:8C35AEA7 deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5121.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP408.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP4E5D.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP5BD9.tmp\System.Configuration.dll deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP5BD9.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP73EB.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPA5F7.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPACD6.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\11bbf576fa0506e2fb58f4f4bafa0f59\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\11bbf576fa0506e2fb58f4f4bafa0f59\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\11bbf576fa0506e2fb58f4f4bafa0f59\BITC38.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\16be77b682de5f7723de0e2361280b1c\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\16be77b682de5f7723de0e2361280b1c\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\16be77b682de5f7723de0e2361280b1c\BIT3ED3.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\1b883414a897d80a08478618c4d8723f\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\1b883414a897d80a08478618c4d8723f\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\1b883414a897d80a08478618c4d8723f\BIT51C.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\21ab9becaa2566e9f0a0ea3d82672d50\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\21ab9becaa2566e9f0a0ea3d82672d50\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\21ab9becaa2566e9f0a0ea3d82672d50\BITE239.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\248c79ee4edd1012af3b9678786a1064\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\248c79ee4edd1012af3b9678786a1064\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\248c79ee4edd1012af3b9678786a1064\BITD470.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\24c893ec620f93cab05a529e65a5a4b1\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\24c893ec620f93cab05a529e65a5a4b1\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\24c893ec620f93cab05a529e65a5a4b1\BITCDDC.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\2622b71010a449ec56674cf73bcd3bd6\BIT91F2.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\319d4d91727b725c7b2164ca94f47db9\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\319d4d91727b725c7b2164ca94f47db9\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\319d4d91727b725c7b2164ca94f47db9\BITF15D.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\38d3b07802a3203b4a61cecefe245255\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\38d3b07802a3203b4a61cecefe245255\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\38d3b07802a3203b4a61cecefe245255\BIT96A1.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\3e561c20b6aee80cec283f7ed584e9dd\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\3e561c20b6aee80cec283f7ed584e9dd\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\3e561c20b6aee80cec283f7ed584e9dd\BIT44B6.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\5f5669621f8c3698d11867c47e73423b\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\5f5669621f8c3698d11867c47e73423b\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\5f5669621f8c3698d11867c47e73423b\BITFA4E.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\6a9cd27a193c74985c368402813bac4d\BITC788.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\74f326dda14c60c449dcbffc6addc5d5\BIT51E8.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\91cc7d36a966079d96bd77d8df753a6b\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\91cc7d36a966079d96bd77d8df753a6b\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\91cc7d36a966079d96bd77d8df753a6b\BITE35B.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\a97a7de8ca050c7f04492ba3de663402\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\a97a7de8ca050c7f04492ba3de663402\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\af015e544375e0dad037d8742a7cabdc\BIT719E.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\b1ef4dbfb5e587165252a74cde52662f\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\b1ef4dbfb5e587165252a74cde52662f\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\b1ef4dbfb5e587165252a74cde52662f\BIT86C9.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\b3e90cc32ce375d335fa7a97e0748800\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\b3e90cc32ce375d335fa7a97e0748800\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\b3e90cc32ce375d335fa7a97e0748800\BIT83ED.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\bcfeb54498e98250815a43b8daec737a\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\bcfeb54498e98250815a43b8daec737a\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\bcfeb54498e98250815a43b8daec737a\BIT5930.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\d7d9f374c3d3174b1d00ac64526faf60\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\d7d9f374c3d3174b1d00ac64526faf60\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\d7d9f374c3d3174b1d00ac64526faf60\BITC40B.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\d95aac6c0764ad0d389a9c27c2c1d703\BIT5709.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\daea78480b830896a95235cbce0a75bc\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\daea78480b830896a95235cbce0a75bc\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\daea78480b830896a95235cbce0a75bc\BIT5AC.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\dfc534ba2d747285f0ae13f7ce1cdcf7\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\dfc534ba2d747285f0ae13f7ce1cdcf7\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\dfc534ba2d747285f0ae13f7ce1cdcf7\BIT47D3.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\fba93083fca1a33440412fdcc9685b66\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\fba93083fca1a33440412fdcc9685b66\$dpx$.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\fba93083fca1a33440412fdcc9685b66\BIT2896.tmp deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-1811662729-3697714405-3130458461-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1811662729-3697714405-3130458461-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Prefs.js: false removed from browser.search.isUS
Prefs.js: "http://start.atarata.cz/" removed from browser.startup.homepage
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 03282015_101332

Files\Folders moved on Reboot...
C:\Users\Vrba-PC\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Vrba-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[Márty84]

Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

Prejmenujte ComboFix na Uninstall a spustte ho. CF by se mel odinstalovat.

DelFix https://toolslib.net/downloads/finish/2/

• Stahnete a spustte
• Ponechte zatrzitkou pouze u volby Remove disinfection tools
• Kliknete na Run

Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




Pak napiste, jak je na tom pc.

[shaman171]

Perfektní, myslím, že je vše již ok.
Děkuji Vám moc za Vaše rady a trpělivost!