prosím o kontrolu NTB

[kubha]

Zdravím, prosím o kontrolu logu:


Logfile of random's system information tool 1.10 (written by random/random)
Run by Number1 at 2015-06-10 21:24:44
Microsoft Windows 7 Enterprise Service Pack 1
System drive C: has 531 GB (87%) free of 610 GB
Total RAM: 4030 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:25:24, on 10.6.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17801)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
C:\Users\Number1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Number1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Number1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Number1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
O4 - HKLM\..\Run: [NUSB3MON] "c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Guard.Mail.ru.gui] "C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe" /gui
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Number1\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ7M\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [HP Deskjet 3050A J611 series (NET)] "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1894D1P905PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - Startup: Sledovat výstrahy inkoustu - HP Deskjet 3050A J611 series.lnk = ?
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Přidat do součásti Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\ie_banner_deny.htm
O9 - Extra button: Virtuální klávesnice - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Kontrola adres URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Služba Kaspersky Anti-Virus 15.0.0 (AVP15.0.0) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Guard.Mail.ru - Unknown owner - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12647 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
winlogon.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\Hpservice.exe
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 28907072
\??\C:\Windows\system32\conhost.exe "-652588282-11524444361911042799-561588724-6180309241952845775-1161053863-544829932
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe" -r
"C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe"
"C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe"
"C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\servicing\TrustedInstaller.exe
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
"C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1894D1P905PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
"C:\Windows\system32\RunDll32.exe" "C:\Program Files\HP\HP Deskjet 3050A J611 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN1894D1P905PJ;CONNECTION=USB;MONITOR=1;
"C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE" /tsr
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe" /gui
"C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe"
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe" -hidden /prefetch:1
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\igfxsrvc.exe -Embedding
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\sppsvc.exe
"C:\Users\Number1\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Number1\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Inactive/Prefetch/ContentPrefetchPrerender2/PrerenderFromOmniboxHeuristic/OriginalAlgorithm/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwnd16/SpdyImpact/npn_with_spdy/WarmSocketImpact/last_accessed_socket/ --enable-print-preview --channel=3724.04A9FD80.1706569693 /prefetch:3
"C:\Users\Number1\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --disable-databases --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Inactive/Prefetch/ContentPrefetchPrerender2/PrerenderFromOmniboxHeuristic/OriginalAlgorithm/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwnd16/SpdyImpact/npn_with_spdy/WarmSocketImpact/last_accessed_socket/ --enable-print-preview --channel=3724.07A1A780.1718470120 /prefetch:3
"C:\Windows\system32\wuauclt.exe"
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
taskeng.exe {1BDE092C-6F1A-4FFC-801F-9BA437BBF16D}
C:\Windows\system32\AUDIODG.EXE 0x80c
"C:\Users\Number1\Downloads\RSITx64.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
taskeng.exe {CE08D981-82B4-478E-8D9C-F529A3741A33}
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
\??\C:\Windows\system32\conhost.exe "713668780-21217624711114984727107921547159688322512462261341270239798-619159585

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2495897990-1255970255-3979231297-1000Core.job - C:\Users\Number1\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2495897990-1255970255-3979231297-1000UA.job - C:\Users\Number1\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\HP Photo Creations Communicator.job - C:\ProgramData\HP Photo Creations\Communicator.exe --auto

=========Mozilla firefox=========

ProfilePath - C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... r=1.5.3&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 17.0.0.188 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@kaspersky.com/content_blocker]
"Description"=
"Path"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@kaspersky.com/online_banking]
"Description"=
"Path"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@kaspersky.com/virtual_keyboard]
"Description"=
"Path"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5]
"Description"=A component of your photo software powered by RocketLife
"Path"=C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 17.0.0.188 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\
{800b5000-a755-47e1-992b-48a1c1357f07}

C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\searchplugins\
bingp.xml
icqplugin-1.xml
icqplugin-10.xml
icqplugin-11.xml
icqplugin-12.xml
icqplugin-13.xml
icqplugin-14.xml
icqplugin-15.xml
icqplugin-16.xml
icqplugin-17.xml
icqplugin-18.xml
icqplugin-19.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin-7.xml
icqplugin-8.xml
icqplugin-9.xml
icqplugin.gif
icqplugin.src
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}]
Content Blocker Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20 878784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73455575-E40C-433C-9784-C78DC7761455}]
Virtual Keyboard Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-09 1428264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}]
Safe Money Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20 583360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14 6307960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
URL Advisor Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20 1109696]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}]
Content Blocker Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20 709312]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-07-27 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73455575-E40C-433C-9784-C78DC7761455}]
Virtual Keyboard Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-09 1152808]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}]
CIESpeechBHO Class - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-01-06 60576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}]
Safe Money Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20 480448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14 4531320]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar BHO - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll [2010-08-24 612616]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
URL Advisor Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20 891072]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2011-07-20 1055808]
{8dcb7100-df86-4384-8842-8fa844297b3f} - @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll [2010-08-24 612616]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-09-16 2828072]
"AtherosBtStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2011-01-06 615584]
"AthBtTray"=C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [2011-01-06 379040]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-03-25 167960]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-03-25 391704]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-03-25 418840]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]
"Google Update"=C:\Users\Number1\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-26 107912]
"ICQ"=C:\Program Files (x86)\ICQ7M\ICQ.exe [2012-05-23 127040]
"HP Deskjet 3050A J611 series (NET)"=C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2011-06-08 2676584]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-04-17 31280256]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"=c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2011-04-14 113288]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-04-27 336384]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"Microsoft Default Manager"=C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2010-05-10 439568]
"Guard.Mail.ru.gui"=C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [2012-05-23 1564368]
"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30 96056]
""= []
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]

C:\Users\Number1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Sledovat výstrahy inkoustu - HP Deskjet 3050A J611 series.lnk - C:\Windows\system32\RunDll32.exe
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-03-25 385024]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoDriveTypeAutoRun"=60

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"midi2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-06-10 21:24:47 ----D---- C:\Program Files\trend micro
2015-06-10 21:24:43 ----D---- C:\rsit
2015-06-05 06:08:29 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-05-13 20:24:59 ----A---- C:\Windows\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 20:24:59 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 19:10:01 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-05-13 19:10:01 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-05-13 19:10:01 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-05-13 19:10:01 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-05-13 19:10:01 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-05-13 19:10:00 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-05-13 19:10:00 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-05-13 19:10:00 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-05-13 19:10:00 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-05-13 19:10:00 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-05-13 19:10:00 ----A---- C:\Windows\system32\iernonce.dll
2015-05-13 19:10:00 ----A---- C:\Windows\system32\ie4uinit.exe
2015-05-13 19:09:59 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-05-13 19:09:59 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-05-13 19:09:59 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-05-13 19:09:59 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 19:09:58 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-05-13 19:09:58 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-05-13 19:09:58 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-05-13 19:09:58 ----A---- C:\Windows\system32\urlmon.dll
2015-05-13 19:09:58 ----A---- C:\Windows\system32\iedkcs32.dll
2015-05-13 19:09:57 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-05-13 19:09:57 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-05-13 19:09:57 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-05-13 19:09:57 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-05-13 19:09:57 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-05-13 19:09:57 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-05-13 19:09:57 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-05-13 19:09:57 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 19:09:57 ----A---- C:\Windows\system32\msfeeds.dll
2015-05-13 19:09:57 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 19:09:57 ----A---- C:\Windows\system32\dxtrans.dll
2015-05-13 19:09:56 ----A---- C:\Windows\system32\iesetup.dll
2015-05-13 19:09:56 ----A---- C:\Windows\system32\ieapfltr.dll
2015-05-13 19:09:55 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-05-13 19:09:55 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-05-13 19:09:55 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-05-13 19:09:55 ----A---- C:\Windows\system32\vbscript.dll
2015-05-13 19:09:55 ----A---- C:\Windows\system32\jsproxy.dll
2015-05-13 19:09:55 ----A---- C:\Windows\system32\iertutil.dll
2015-05-13 19:09:54 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-05-13 19:09:54 ----A---- C:\Windows\system32\ieUnatt.exe
2015-05-13 19:09:54 ----A---- C:\Windows\system32\ieui.dll
2015-05-13 19:09:54 ----A---- C:\Windows\system32\ieframe.dll
2015-05-13 19:09:54 ----A---- C:\Windows\system32\dxtmsft.dll
2015-05-13 19:09:53 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-05-13 19:09:53 ----A---- C:\Windows\system32\mshtmled.dll
2015-05-13 19:09:53 ----A---- C:\Windows\system32\jscript.dll
2015-05-13 19:09:52 ----A---- C:\Windows\system32\wininet.dll
2015-05-13 19:09:52 ----A---- C:\Windows\system32\jscript9diag.dll
2015-05-13 19:09:52 ----A---- C:\Windows\system32\jscript9.dll
2015-05-13 19:09:51 ----A---- C:\Windows\system32\msrating.dll
2015-05-13 19:09:51 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-05-13 19:09:51 ----A---- C:\Windows\system32\mshtml.dll
2015-05-13 17:34:26 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-05-13 17:34:26 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-05-13 17:34:26 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-05-13 17:34:26 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-05-13 17:34:26 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-05-13 17:34:26 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-05-13 17:34:26 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-05-13 17:34:26 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-05-13 17:34:26 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-05-13 17:34:26 ----A---- C:\Windows\SYSWOW64\certcli.dll
2015-05-13 17:34:26 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-05-13 17:34:26 ----A---- C:\Windows\system32\wdigest.dll
2015-05-13 17:34:26 ----A---- C:\Windows\system32\TSpkg.dll
2015-05-13 17:34:26 ----A---- C:\Windows\system32\sspisrv.dll
2015-05-13 17:34:26 ----A---- C:\Windows\system32\sspicli.dll
2015-05-13 17:34:26 ----A---- C:\Windows\system32\schannel.dll
2015-05-13 17:34:26 ----A---- C:\Windows\system32\secur32.dll
2015-05-13 17:34:26 ----A---- C:\Windows\system32\ncrypt.dll
2015-05-13 17:34:26 ----A---- C:\Windows\system32\msv1_0.dll
2015-05-13 17:34:26 ----A---- C:\Windows\system32\lsass.exe
2015-05-13 17:34:26 ----A---- C:\Windows\system32\lsasrv.dll
2015-05-13 17:34:26 ----A---- C:\Windows\system32\kerberos.dll
2015-05-13 17:34:26 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-05-13 17:34:26 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-05-13 17:34:26 ----A---- C:\Windows\system32\credssp.dll
2015-05-13 17:34:26 ----A---- C:\Windows\system32\certcli.dll
2015-05-13 17:34:26 ----A---- C:\Windows\system32\auditpol.exe
2015-05-13 17:34:26 ----A---- C:\Windows\system32\adtschema.dll
2015-05-13 17:34:25 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-05-13 17:34:25 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-05-13 17:34:25 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-05-13 17:34:25 ----A---- C:\Windows\system32\msobjs.dll
2015-05-13 17:34:25 ----A---- C:\Windows\system32\msaudite.dll
2015-05-13 17:29:19 ----A---- C:\Windows\system32\services.exe
2015-05-13 17:29:18 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2015-05-13 17:29:18 ----A---- C:\Windows\system32\FntCache.dll
2015-05-13 17:29:18 ----A---- C:\Windows\system32\DWrite.dll
2015-05-13 17:29:17 ----A---- C:\Windows\system32\win32k.sys
2015-05-13 17:29:09 ----A---- C:\Windows\SYSWOW64\InkEd.dll
2015-05-13 17:29:09 ----A---- C:\Windows\system32\jnwmon.dll
2015-05-13 17:29:09 ----A---- C:\Windows\system32\InkEd.dll
2015-05-13 17:29:05 ----A---- C:\Windows\SYSWOW64\poqexec.exe
2015-05-13 17:29:05 ----A---- C:\Windows\system32\poqexec.exe

======List of files/folders modified in the last 1 month======

2015-06-10 21:25:11 ----D---- C:\Windows\Temp
2015-06-10 21:24:47 ----RD---- C:\Program Files
2015-06-10 21:22:02 ----SHD---- C:\System Volume Information
2015-06-10 21:21:48 ----D---- C:\Windows\system32\catroot2
2015-06-10 21:15:17 ----D---- C:\Users\Number1\AppData\Roaming\Skype
2015-06-10 21:12:30 ----D---- C:\ProgramData\Kaspersky Lab
2015-06-10 21:12:06 ----D---- C:\Users\Number1\AppData\Roaming\ICQ
2015-06-10 21:11:52 ----D---- C:\Windows\system32\config
2015-06-07 05:41:16 ----D---- C:\Windows\Prefetch
2015-06-06 06:30:46 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-05 07:00:42 ----D---- C:\Windows\System32
2015-06-05 07:00:42 ----D---- C:\Windows\inf
2015-06-05 07:00:42 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-06-05 06:58:46 ----RD---- C:\Program Files (x86)
2015-05-21 05:54:09 ----SHD---- C:\Windows\Installer
2015-05-21 05:54:08 ----HD---- C:\Config.Msi
2015-05-21 05:53:54 ----D---- C:\ProgramData\Skype
2015-05-20 06:25:08 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-05-18 18:29:43 ----D---- C:\Windows\rescache
2015-05-17 19:03:34 ----D---- C:\Windows\Tasks
2015-05-16 06:50:18 ----RSD---- C:\Windows\assembly
2015-05-16 06:50:18 ----D---- C:\Windows\Microsoft.NET
2015-05-14 06:07:20 ----D---- C:\Windows\SysWOW64
2015-05-14 06:07:10 ----D---- C:\Windows\winsxs
2015-05-14 06:04:32 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-05-14 06:04:31 ----D---- C:\Windows\SYSWOW64\en-US
2015-05-14 06:04:31 ----D---- C:\Windows\system32\cs-CZ
2015-05-14 06:04:30 ----D---- C:\Windows\system32\en-US
2015-05-14 06:04:29 ----D---- C:\Windows\system32\drivers
2015-05-14 06:04:29 ----D---- C:\Program Files\Internet Explorer
2015-05-14 06:04:24 ----D---- C:\Program Files (x86)\Internet Explorer
2015-05-14 06:04:21 ----D---- C:\Program Files\Windows Journal
2015-05-13 20:30:45 ----D---- C:\Windows\system32\MRT
2015-05-13 20:26:29 ----A---- C:\Windows\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2011-05-13 30008]
R0 KL1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2014-02-20 457824]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 klhk;klhk; C:\Windows\system32\DRIVERS\klhk.sys [2014-04-10 243808]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2014-10-09 793800]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2014-02-25 30304]
R1 klpd;klpd; C:\Windows\system32\DRIVERS\klpd.sys [2013-04-12 15456]
R1 kltdi;kltdi; C:\Windows\system32\DRIVERS\kltdi.sys [2014-03-25 55904]
R1 kneps;kneps; C:\Windows\system32\DRIVERS\kneps.sys [2014-03-26 179296]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2011-05-13 43320]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-04-27 9319424]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-04-27 303616]
R3 AthBTPort;Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2011-01-06 36000]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-06-21 2753536]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2011-01-06 298144]
R3 BTATH_BUS;Atheros Bluetooth Bus; C:\Windows\system32\DRIVERS\btath_bus.sys [2011-01-06 28832]
R3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\Windows\system32\DRIVERS\btath_hcrp.sys [2011-01-06 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2011-01-06 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device; C:\Windows\system32\DRIVERS\btath_rcp.sys [2011-01-06 154272]
R3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2011-01-06 279200]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
R3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [2011-03-25 12262336]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2011-01-31 174168]
R3 klflt;Kaspersky Lab Kernel DLL; C:\Windows\system32\DRIVERS\klflt.sys [2014-10-09 141320]
R3 klkbdflt;Kaspersky Lab KLKBDFLT; C:\Windows\system32\DRIVERS\klkbdflt.sys [2014-03-28 28768]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2013-08-08 29280]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2011-06-10 91648]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2011-06-10 208896]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-14 12288]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-09-16 392752]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552960]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-03-25 12262336]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2015-01-31 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-19 81088]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-04-27 203264]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-01-06 138400]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2011-01-06 53920]
R2 AVP15.0.0;Služba Kaspersky Anti-Virus 15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [2014-04-20 233552]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Guard.Mail.ru;Guard.Mail.ru; C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [2012-05-23 1564368]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2011-05-13 30520]
R2 ICQ Service;ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2011-07-20 247872]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-07-27 249136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-02-18 315488]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-20 268464]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-04-21 114688]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-06-05 148080]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-12-19 1255736]

-----------------EOF-----------------

[Márty84]

Zdravim

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

[kubha]

OTL logfile created on: 11.6.2015 21:11:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Number1\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17801)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,94 Gb Total Physical Memory | 1,35 Gb Available Physical Memory | 34,29% Memory free
7,87 Gb Paging File | 4,72 Gb Available in Paging File | 59,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,07 Gb Total Space | 516,74 Gb Free Space | 86,69% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: Number1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015.06.11 21:09:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Number1\Desktop\OTL.exe
PRC - [2015.06.05 06:08:34 | 000,376,944 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014.12.19 09:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014.04.20 16:15:58 | 000,233,552 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
PRC - [2014.04.20 16:15:18 | 000,192,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
PRC - [2012.05.23 16:44:28 | 001,564,368 | ---- | M] () -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
PRC - [2011.07.20 08:55:02 | 000,247,872 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2011.04.14 19:17:18 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2011.01.06 21:08:38 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe


========== Modules (No Company Name) ==========

MOD - [2014.10.09 15:12:55 | 000,642,344 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll
MOD - [2014.04.20 01:42:10 | 000,347,328 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com\nponlinebanking.dll
MOD - [2014.04.20 01:42:04 | 000,468,672 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
MOD - [2012.05.23 16:44:28 | 001,564,368 | ---- | M] () -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe


========== Services (SafeList) ==========

SRV:64bit: - [2015.04.21 18:35:40 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013.05.27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011.05.13 19:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011.04.27 10:31:14 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2015.06.10 21:26:26 | 000,268,464 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015.06.05 06:08:34 | 000,148,080 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015.02.18 19:11:32 | 000,315,488 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014.12.19 09:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014.04.20 16:15:58 | 000,233,552 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe -- (AVP15.0.0)
SRV - [2014.03.21 00:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2012.05.23 16:44:28 | 001,564,368 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe -- (Guard.Mail.ru)
SRV - [2011.07.20 08:55:02 | 000,247,872 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2011.01.06 21:08:38 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011.01.06 21:06:56 | 000,053,920 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2015.01.31 05:04:08 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014.10.09 15:14:25 | 000,793,800 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2014.10.09 15:14:25 | 000,141,320 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klflt.sys -- (klflt)
DRV:64bit: - [2014.04.10 17:25:34 | 000,243,808 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klhk.sys -- (klhk)
DRV:64bit: - [2014.03.28 17:51:04 | 000,028,768 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2014.03.26 17:05:28 | 000,179,296 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2014.03.25 16:26:04 | 000,055,904 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2014.02.25 13:09:02 | 000,030,304 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2014.02.20 12:59:04 | 000,457,824 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2013.08.08 17:11:00 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2013.04.12 15:34:48 | 000,015,456 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klpd.sys -- (klpd)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.09.16 02:34:38 | 000,392,752 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.06.21 02:03:42 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.06.10 18:00:38 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.06.10 18:00:36 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.05.13 19:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011.05.13 19:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011.04.27 11:09:00 | 009,319,424 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.04.27 09:55:02 | 000,303,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.03.25 19:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011.03.25 19:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.01.31 04:04:42 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011.01.06 21:07:32 | 000,279,200 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011.01.06 21:07:30 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011.01.06 21:07:30 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011.01.06 21:07:30 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011.01.06 21:07:28 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011.01.06 21:07:26 | 000,298,144 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011.01.06 21:07:26 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 05:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.10.20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.15 02:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2495897990-1255970255-3979231297-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2495897990-1255970255-3979231297-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-2495897990-1255970255-3979231297-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-2495897990-1255970255-3979231297-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2495897990-1255970255-3979231297-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE11SR
IE - HKU\S-1-5-21-2495897990-1255970255-3979231297-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.ph ... earchTerms}
IE - HKU\S-1-5-21-2495897990-1255970255-3979231297-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "CZ"
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.region: "CZ"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledAddons: %7B800b5000-a755-47e1-992b-48a1c1357f07%7D:1.5.3
FF - prefs.js..extensions.enabledAddons: virtual_keyboard%40kaspersky.com:4.0.10.15
FF - prefs.js..extensions.enabledAddons: content_blocker%40kaspersky.com:4.0.10.15
FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:4.0.10.15
FF - prefs.js..extensions.enabledAddons: online_banking%40kaspersky.com:4.0.10.15
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:38.0.5
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... r=1.5.3&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@kaspersky.com/content_blocker: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014.10.09 15:14:34 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@kaspersky.com/online_banking: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014.10.09 15:14:34 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@kaspersky.com/virtual_keyboard: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014.10.09 15:14:35 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Number1\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Number1\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.12.31 10:36:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.12.31 10:36:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014.10.09 15:14:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014.10.09 15:14:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014.10.09 15:14:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014.10.09 15:14:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014.10.09 15:14:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 38.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 38.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 38.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 38.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011.12.20 08:25:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Number1\AppData\Roaming\Mozilla\Extensions
[2015.04.04 13:03:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions
[2012.07.25 22:47:11 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2014.11.26 09:22:08 | 000,006,057 | ---- | M] () -- C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\searchplugins\bingp.xml
[2015.06.05 06:17:23 | 000,000,980 | ---- | M] () -- C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\searchplugins\icqplugin-1.xml
[2013.01.18 22:19:34 | 000,000,950 | ---- | M] () -- C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\searchplugins\icqplugin-10.xml
[2013.01.26 07:42:28 | 000,000,950 | ---- | M] () -- C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\searchplugins\icqplugin-11.xml
[2013.02.10 08:34:08 | 000,000,950 | ---- | M] () -- C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\searchplugins\icqplugin-12.xml
[2013.02.25 20:22:32 | 000,000,950 | ---- | M] () -- C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\searchplugins\icqplugin-13.xml
[2013.03.13 21:14:31 | 000,000,950 | ---- | M] () -- C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\searchplugins\icqplugin-14.xml
[2013.04.04 15:26:35 | 000,000,950 | ---- | M] () -- C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\searchplugins\icqplugin-15.xml
[2013.04.13 19:22:18 | 000,000,950 | ---- | M] () -- C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\searchplugins\icqplugin-16.xml
[2013.07.07 06:44:07 | 000,000,950 | ---- | M] () -- C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\searchplugins\icqplugin-17.xml
[2013.07.10 06:52:01 | 000,000,950 | ---- | M] () -- C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\searchplugins\icqplugin-18.xml
[2013.08.17 19:45:45 | 000,000,950 | ---- | M] () -- C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\searchplugins\icqplugin-19.xml
[2012.04.03 19:58:39 | 000,000,950 | ---- | M] () -- C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\searchplugins\icqplugin-2.xml
[2012.05.13 21:55:27 | 000,000,950 | ---- | M] () -- C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\searchplugins\icqplugin-3.xml
[2012.05.29 07:10:18 | 000,000,950 | ---- | M] () -- C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\searchplugins\icqplugin-4.xml
[2012.07.28 22:25:03 | 000,000,950 | ---- | M] () -- C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\searchplugins\icqplugin-5.xml
[2012.09.11 18:00:37 | 000,000,950 | ---- | M] () -- C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\searchplugins\icqplugin-6.xml
[2012.09.19 07:20:05 | 000,000,950 | ---- | M] () -- C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\searchplugins\icqplugin-7.xml
[2012.11.11 07:28:36 | 000,000,950 | ---- | M] () -- C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\searchplugins\icqplugin-8.xml
[2012.12.27 07:00:52 | 000,000,950 | ---- | M] () -- C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\searchplugins\icqplugin-9.xml
[2012.07.24 14:48:30 | 000,000,168 | ---- | M] () -- C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\searchplugins\icqplugin.gif
[2012.07.24 14:48:30 | 000,000,618 | ---- | M] () -- C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\searchplugins\icqplugin.src
[2011.07.14 21:19:12 | 000,001,024 | ---- | M] () -- C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\searchplugins\icqplugin.xml
[2015.06.05 06:08:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2015.06.05 06:08:29 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2015.06.05 06:08:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015.06.05 06:08:29 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2015.06.05 06:08:35 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014.10.09 15:14:34 | 000,000,000 | ---D | M] (Chặn quảng cáo) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 15.0.0\FFEXT\ANTI_BANNER@KASPERSKY.COM
[2014.10.09 15:14:34 | 000,000,000 | ---D | M] (Ngăn chặn trang web nguy hiểm) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 15.0.0\FFEXT\CONTENT_BLOCKER@KASPERSKY.COM
[2014.10.09 15:14:34 | 000,000,000 | ---D | M] (An toàn giao dịch tài chính) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 15.0.0\FFEXT\ONLINE_BANKING@KASPERSKY.COM
[2014.10.09 15:14:34 | 000,000,000 | ---D | M] (Công cụ kiểm tra liên kết của Kaspersky) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 15.0.0\FFEXT\URL_ADVISOR@KASPERSKY.COM
[2014.10.09 15:14:35 | 000,000,000 | ---D | M] (Bàn phím ảo) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 15.0.0\FFEXT\VIRTUAL_KEYBOARD@KASPERSKY.COM

========== Chrome ==========

CHR - default_search_provider: ICQ Search (Enabled)
CHR - default_search_provider: search_url = http://search.icq.com/search/results.ph ... cid=chrome
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.cz/services/hp/?utm_source=pd
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Number1\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Number1\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Number1\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Number1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.397_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Number1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Number1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Number1\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Number1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Users\Number1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\Number1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\
CHR - Extension: Gmail = C:\Users\Number1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe ()
O4 - HKLM..\Run: [NUSB3MON] c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2495897990-1255970255-3979231297-1000..\Run: [HP Deskjet 3050A J611 series (NET)] C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-2495897990-1255970255-3979231297-1000..\Run: [ICQ] C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Přidat do součásti Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\ie_banner_deny.htm ()
O8 - Extra context menu item: Přidat do součásti Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\ie_banner_deny.htm ()
O9:64bit: - Extra Button: Virtuální klávesnice - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: Kontrola adres URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtuální klávesnice - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Kontrola adres URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{652DBB9F-D670-4915-B236-5BDEECE4D47D}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B45E8497-587B-4E2F-8D86-34D8AD71C839}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2015.06.11 21:09:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Number1\Desktop\OTL.exe
[2015.06.10 21:24:47 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2015.06.10 21:24:43 | 000,000,000 | ---D | C] -- C:\rsit
[2015.06.05 06:08:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2015.05.29 06:06:48 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Atheros
[2015.05.13 20:24:59 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2015.05.13 20:24:59 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2015.05.13 19:10:01 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2015.05.13 19:10:01 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2015.05.13 19:10:01 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2015.05.13 19:10:01 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2015.05.13 19:10:01 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2015.05.13 19:10:00 | 000,720,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2015.05.13 19:10:00 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2015.05.13 19:10:00 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2015.05.13 19:10:00 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2015.05.13 19:09:59 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2015.05.13 19:09:58 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2015.05.13 19:09:58 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2015.05.13 19:09:58 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2015.05.13 19:09:57 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2015.05.13 19:09:57 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2015.05.13 19:09:57 | 000,664,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2015.05.13 19:09:57 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2015.05.13 19:09:57 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2015.05.13 19:09:57 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2015.05.13 19:09:57 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2015.05.13 19:09:57 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2015.05.13 19:09:56 | 002,125,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2015.05.13 19:09:56 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2015.05.13 19:09:56 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2015.05.13 19:09:55 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2015.05.13 19:09:55 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2015.05.13 19:09:54 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2015.05.13 19:09:54 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2015.05.13 19:09:54 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2015.05.13 19:09:54 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2015.05.13 19:09:54 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2015.05.13 19:09:53 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2015.05.13 19:09:53 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2015.05.13 19:09:53 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2015.05.13 19:09:52 | 006,025,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2015.05.13 19:09:52 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2015.05.13 19:09:52 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2015.05.13 19:09:51 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2015.05.13 19:09:51 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2015.05.13 17:34:26 | 001,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2015.05.13 17:34:26 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2015.05.13 17:34:26 | 000,460,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certcli.dll
[2015.05.13 17:34:26 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certcli.dll
[2015.05.13 17:34:26 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2015.05.13 17:34:26 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2015.05.13 17:34:26 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe
[2015.05.13 17:34:26 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
[2015.05.13 17:34:26 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2015.05.13 17:34:26 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2015.05.13 17:34:25 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2015.05.13 17:34:25 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2015.05.13 17:34:25 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2015.05.13 17:34:25 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll
[2015.05.13 17:34:25 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll
[2015.05.13 17:29:19 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe
[2015.05.13 17:29:18 | 001,647,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2015.05.13 17:29:09 | 000,275,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\InkEd.dll
[2015.05.13 17:29:09 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\InkEd.dll
[2015.05.13 17:29:09 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jnwmon.dll
[2015.05.13 17:29:05 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2015.05.13 17:29:05 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe

========== Files - Modified Within 30 Days ==========

[2015.06.11 21:25:12 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015.06.11 21:18:30 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2015.06.11 21:09:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Number1\Desktop\OTL.exe
[2015.06.11 21:08:55 | 000,000,970 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2495897990-1255970255-3979231297-1000UA.job
[2015.06.11 21:00:02 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2015.06.11 21:00:00 | 000,002,018 | ---- | M] () -- C:\Users\Number1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sledovat výstrahy inkoustu - HP Deskjet 3050A J611 series.lnk
[2015.06.11 20:59:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015.06.11 20:59:34 | 3169,603,584 | -HS- | M] () -- C:\hiberfil.sys
[2015.06.10 21:46:22 | 000,016,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015.06.10 21:46:22 | 000,016,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015.06.10 21:44:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2015.06.10 21:26:24 | 000,778,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2015.06.10 21:26:24 | 000,142,512 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2015.06.07 19:29:06 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2495897990-1255970255-3979231297-1000Core.job
[2015.06.05 07:00:42 | 001,470,298 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015.06.05 07:00:42 | 000,631,548 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2015.06.05 07:00:42 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015.06.05 07:00:42 | 000,122,156 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2015.06.05 07:00:42 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015.05.14 06:06:40 | 000,413,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2015.06.11 21:18:30 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011.12.31 10:33:17 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011.12.21 18:16:11 | 000,017,408 | ---- | C] () -- C:\Users\Number1\AppData\Local\WebpageIcons.db

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015.02.13 07:22:33 | 014,177,280 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015.02.13 07:26:18 | 012,875,264 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2015.06.10 21:17:02 | 000,000,000 | ---D | M] -- C:\Users\Number1\AppData\Roaming\ICQ
[2012.05.23 16:45:06 | 000,000,000 | ---D | M] -- C:\Users\Number1\AppData\Roaming\ICQ Search
[2011.12.19 09:51:21 | 000,000,000 | ---D | M] -- C:\Users\Number1\AppData\Roaming\Synaptics
[2012.01.01 11:42:12 | 000,000,000 | ---D | M] -- C:\Users\Number1\AppData\Roaming\Visan

========== Purity Check ==========



========== Custom Scans ==========

< >
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,634 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.12.24 13:10:35 | 000,000,918 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2495897990-1255970255-3979231297-1000Core.job
[2011.12.24 13:10:35 | 000,000,970 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2495897990-1255970255-3979231297-1000UA.job
[2012.04.04 15:27:01 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013.07.06 06:31:42 | 000,000,342 | ---- | C] () -- C:\Windows\Tasks\HP Photo Creations Communicator.job

< >

< MD5 for: AGP440.SYS >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010.11.21 05:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010.11.21 05:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2010.11.21 05:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010.11.21 05:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2010.11.21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010.11.21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010.11.21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2015.02.03 05:50:56 | 000,190,976 | ---- | M] (Microsoft Corporation) MD5=00D0F7BA3B27126A3E25B540979A9F39 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22948_none_d492bbeccaa14239\cryptsvc.dll
[2012.06.02 06:52:32 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=063DD65889D21035311463337BD268E7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_788c7cc71232cc19\cryptsvc.dll
[2012.04.24 06:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
[2010.11.21 05:24:16 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[2015.02.03 05:30:56 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=1CD76A83B9E8E9A5A3519B39E28354D9 -- C:\Windows\SysNative\cryptsvc.dll
[2015.02.03 05:30:56 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=1CD76A83B9E8E9A5A3519B39E28354D9 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18741_none_d4021b35b189f3e7\cryptsvc.dll
[2012.04.24 06:28:22 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=21993009E0CCB9B4FA195F14D3408626 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
[2013.05.13 06:45:55 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=3897DFF247D9ED0006190349DE264E14 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_77d8a461f934afb8\cryptsvc.dll
[2013.07.09 16:47:30 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=434CCE8E7150CD1324C5FAA088D1D061 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_d45f6e88cac8f85b\cryptsvc.dll
[2015.02.03 05:12:14 | 000,143,872 | ---- | M] (Microsoft Corporation) MD5=49474B3E37969AF4B5C076F42B623AFF -- C:\Windows\SysWOW64\cryptsvc.dll
[2015.02.03 05:12:14 | 000,143,872 | ---- | M] (Microsoft Corporation) MD5=49474B3E37969AF4B5C076F42B623AFF -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18741_none_77e37fb1f92c82b1\cryptsvc.dll
[2012.04.24 07:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=4F5414602E2544A4554D95517948B705 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_d41dd577b1743795\cryptsvc.dll
[2013.10.05 04:25:30 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=509D31797A4B8A3D6ED78A330B19A919 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_d46d4138cabe2596\cryptsvc.dll
[2013.07.09 07:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=6B400F211BEE880A37A1ED0368776BF4 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_d431528fb165f7bc\cryptsvc.dll
[2013.07.09 15:57:37 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=6DB499DEFCC827317C5371164A7CDB27 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_7840d305126b8725\cryptsvc.dll
[2013.07.09 06:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=7CA1BECEA5DE2643ADDAD32670E7A4C9 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_7812b70bf9088686\cryptsvc.dll
[2012.06.04 09:52:35 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=7E7D2DACF65D750D466F36BD3D09AE20 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_d4ab184aca903d4f\cryptsvc.dll
[2013.05.11 07:18:23 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=8122252F0A4ACFA92FA0C1D50D18493B -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_d4a24ea4ca968363\cryptsvc.dll
[2012.06.02 06:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=96C0E38905CFD788313BE8E11DAE3F2F -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_77ddc9e5f93000db\cryptsvc.dll
[2012.06.02 07:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=9C01375BE382E834CC26D1B7EAF2C4FE -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_d3fc6569b18d7211\cryptsvc.dll
[2010.11.21 05:24:32 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2013.05.11 06:59:05 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=AC04D05309BB2C418D0D80B9FB014642 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_7883b3211239122d\cryptsvc.dll
[2012.04.24 07:22:32 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=B7337E9C9E5936355BB700AA33E0936E -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_d473633acab895c2\cryptsvc.dll
[2015.02.03 05:31:49 | 000,145,920 | ---- | M] (Microsoft Corporation) MD5=B97E16D36DB7B7DD22C97857506FA58A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22948_none_787420691243d103\cryptsvc.dll
[2013.05.13 07:51:01 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=D8129C49798CBBFB2E4351D4B7B8EF9C -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_d3f73fe5b19220ee\cryptsvc.dll
[2013.10.05 03:52:03 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=F2D9242C3BBD1C36467FCAE1AE01733F -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_784ea5b51260b460\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2010.11.21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010.11.21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: HAL.DLL >
[2010.11.21 05:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\SysNative\hal.dll
[2010.11.21 05:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll

< MD5 for: IASTORV.SYS >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\drivers\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\drivers\isapnp.sys
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\isapnp.sys
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\isapnp.sys

< MD5 for: LSASS.EXE >
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
[2011.11.17 08:20:34 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0A10B74FBB437FF9A23F1D5DE4446A83 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe
[2015.01.14 08:04:46 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=1E31700D9C9E0FB79999D02A8437482C -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18717_none_04737e137368226b\lsass.exe
[2014.04.12 04:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=204F3F58212B3E422C90BD9691A2DF28 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18443_none_044f07757384196d\lsass.exe
[2014.04.12 04:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=204F3F58212B3E422C90BD9691A2DF28 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18496_none_041bf8b773a9f127\lsass.exe
[2014.04.12 04:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=204F3F58212B3E422C90BD9691A2DF28 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18526_none_0467aa1173712ab7\lsass.exe
[2014.04.12 04:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=204F3F58212B3E422C90BD9691A2DF28 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18637_none_045ddc5573785d26\lsass.exe
[2014.09.19 11:42:18 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=341655B216721D89CADE9DEA2F33872F -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18606_none_047d4bcf7360effc\lsass.exe
[2015.03.06 07:32:14 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=395CAE11172BEBB0253895E8B5F82BFA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22983_none_04ad6c288cc21d97\lsass.exe
[2015.01.29 05:18:39 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=43FE6F74D2D43443CF2279613FA0A516 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18738_none_045ede85737773a4\lsass.exe
[2015.04.04 05:20:52 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=4C3FAC816925F73A34AD52F1F7C0A7EA -- C:\Windows\SysNative\lsass.exe
[2015.04.04 05:20:52 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=4C3FAC816925F73A34AD52F1F7C0A7EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18812_none_046e7e87736ca0df\lsass.exe
[2013.09.25 03:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=4D71227301DD8D09097B9E4CC6527E5A -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18270_none_042b9307739f26ed\lsass.exe
[2015.01.10 09:09:08 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=55C62F66528A7BF58EA964B70BCB3D96 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22920_none_04eb4ad28c9429ec\lsass.exe
[2015.01.27 05:56:02 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=5B63917A1BE4728D8111850CDEF252F1 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22943_none_04d8abd88ca1add3\lsass.exe
[2014.04.12 04:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22653_none_04cdd63a8ca9d24f\lsass.exe
[2014.04.12 04:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22712_none_04f817868c8a465b\lsass.exe
[2014.04.12 04:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22736_none_04e678d68c96e399\lsass.exe
[2014.04.12 04:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22807_none_0507eaca8c7da644\lsass.exe
[2014.04.12 04:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22843_none_04d8a9f28ca1b0ac\lsass.exe
[2014.04.12 04:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22923_none_04ee4bb08c9175f1\lsass.exe
[2014.04.12 04:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22925_none_04f04c448c8fa89f\lsass.exe
[2015.02.03 05:30:31 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=7554A1B82B4A222FD4CC292ABD38A558 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18741_none_044d0c937385de34\lsass.exe
[2012.06.04 09:51:10 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=79C908CAA6F43021EB05F4C733A927D1 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_04f609a88c8c279c\lsass.exe
[2015.03.06 07:41:46 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=B6C7729936AAF8E0697F0A7DCA82CED8 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18779_none_04349f1f7396fcbf\lsass.exe
[2014.09.19 11:47:37 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=B84317193B6A29F5F5DCF538C34FDCED -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22814_none_04fa1a008c887630\lsass.exe
[2015.04.04 05:25:34 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=BB9C1B746086558899935E3333CD4580 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23017_none_04fcf4e68c85f29e\lsass.exe
[2011.11.17 08:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe
[2011.11.17 08:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_044756c773895c5e\lsass.exe
[2015.01.10 08:47:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C8152B86C0F12E61B0AD5C95751547D3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18714_none_04707d35736ad666\lsass.exe
[2015.03.17 07:15:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=CA4FC33FB22D92368A0B221092B46374 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18798_none_041dfefd73a81b4a\lsass.exe
[2015.02.03 05:50:23 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=CBB80CC43E683F929F8D5E50330F7BA6 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22948_none_04ddad4a8c9d2c86\lsass.exe
[2015.03.17 07:11:03 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=DCCDD65A4E68360E5CF57AFC864C64E0 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23002_none_0502c3608c8257fa\lsass.exe
[2015.01.15 10:09:15 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=E0105F3B5B1C4B0F5B3D788A13504EC6 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18719_none_04757ea773665519\lsass.exe
[2013.09.25 03:08:17 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=F021DAFB1F87616FCEBA159C2ED7042F -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22465_none_04c503168cb026a0\lsass.exe

[kubha]

< MD5 for: NDIS.SYS >
[2010.11.21 05:23:55 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\SysNative\drivers\ndis.sys
[2010.11.21 05:23:55 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys

< MD5 for: NETLOGON.DLL >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

< MD5 for: NVRAID.SYS >
[2010.11.21 05:23:47 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=5D9FD91F3D38DC9DA01E3CB5FA89CD48 -- C:\Windows\SysNative\drivers\nvraid.sys
[2010.11.21 05:23:47 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=5D9FD91F3D38DC9DA01E3CB5FA89CD48 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvraid.sys
[2010.11.21 05:23:47 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=5D9FD91F3D38DC9DA01E3CB5FA89CD48 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\drivers\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SMSS.EXE >
[2015.03.17 07:16:11 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=0B6514A14631E41DE4D6D40D1C80BE68 -- C:\Windows\SysNative\smss.exe
[2015.03.17 07:16:11 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=0B6514A14631E41DE4D6D40D1C80BE68 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18798_none_0a0e1c38300e82ce\smss.exe
[2009.07.14 03:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe
[2015.03.17 07:11:20 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=206A6B71AC09D9F7651F0A8B015676C7 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23002_none_0af2e09b48e8bf7e\smss.exe
[2014.04.12 04:31:44 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=3442A918386D4716D74C661543151746 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22653_none_0abdf375491039d3\smss.exe
[2014.04.12 04:31:44 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=3442A918386D4716D74C661543151746 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22908_none_0af90a3548e32446\smss.exe
[2014.04.12 04:31:44 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=3442A918386D4716D74C661543151746 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22921_none_0adc685748f9aac7\smss.exe
[2014.04.12 04:31:44 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=3442A918386D4716D74C661543151746 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22923_none_0ade68eb48f7dd75\smss.exe
[2013.03.19 04:57:17 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=498E2A20E145199709CD100CDBA8603D -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22280_none_0a9a7b3b492b4d05\smss.exe
[2015.02.03 05:30:42 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=63D3C30B497347495B8EA78A38188969 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18741_none_0a3d29ce2fec45b8\smss.exe
[2015.01.29 05:18:52 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=83C0199B7C06AC3C33212E1A0DC2260E -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18738_none_0a4efbc02fdddb28\smss.exe
[2015.02.03 05:50:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=8CD5A97B8D155718D357B2D9BC6B113D -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22948_none_0acdca854903940a\smss.exe
[2013.11.12 20:36:48 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=B2B31D4C79EFD883097FA24D02E79C12 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22436_none_0ad6905f48fd53a8\smss.exe
[2015.01.27 05:56:16 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=B75198D88A34994DE1E4D9F2286DF759 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22943_none_0ac8c91349081557\smss.exe
[2013.08.02 07:06:34 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=CB5DA3E44456D1084BCD87F5B1B3152B -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22411_none_0ae72ec548f19d13\smss.exe
[2013.07.08 04:50:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=E65601CF4BC0CF3718AFBE56A9AD846F -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22379_none_0aae4fa7491b124a\smss.exe
[2013.03.19 05:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=F0371DE302FFFF8F086661611BE60848 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18113_none_0a5f8ec22fd235a9\smss.exe
[2013.08.02 02:59:09 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=F0970A4BC8395659C22BF53D0FADF16F -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18229_none_0a5ac2782fd4e6cb\smss.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2014.04.05 04:47:20 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=04ADD18EE5CC9FBEDAEC1DD1CD0CB45E -- C:\Windows\SysNative\drivers\tcpip.sys
[2014.04.05 04:47:20 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=04ADD18EE5CC9FBEDAEC1DD1CD0CB45E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18438_none_113260637d1284ef\tcpip.sys
[2011.09.29 19:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[2013.05.08 08:14:42 | 001,900,392 | ---- | M] (Microsoft Corporation) MD5=3E94650745D4DAB67E161F5F32CEA597 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22319_none_11d29984961f0be0\tcpip.sys
[2013.11.12 20:36:19 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_1118bb977d265d27\tcpip.sys
[2014.04.05 04:37:43 | 001,897,408 | ---- | M] (Microsoft Corporation) MD5=4F80944B03112F486212DC20BE166079 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22648_none_11b12f2896383dd1\tcpip.sys
[2010.11.21 05:24:08 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2013.11.12 20:36:19 | 001,896,896 | ---- | M] (Microsoft Corporation) MD5=75F9106B74585D38C8FF6BB5CAD262D7 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_11ad2a34963bde27\tcpip.sys
[2012.08.22 20:06:13 | 001,901,936 | ---- | M] (Microsoft Corporation) MD5=7880A26B7D3B96FDA8EFD9F985036B1D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_117a13de9661c145\tcpip.sys
[2012.03.30 12:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2011.04.25 07:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2013.05.08 08:39:01 | 001,910,632 | ---- | M] (Microsoft Corporation) MD5=9849EA3843A2ADBDD1497E97A85D8CAE -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18148_none_11278ac57d1aa96b\tcpip.sys
[2012.03.30 13:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2013.07.06 07:20:38 | 001,900,992 | ---- | M] (Microsoft Corporation) MD5=B27F13153343BC37A27EAE01634D94E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_1190b9b296509a2f\tcpip.sys
[2013.01.03 08:00:54 | 001,913,192 | ---- | M] (Microsoft Corporation) MD5=B62A953F2BF3922C8764A29C34A22899 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_112187237d20143a\tcpip.sys
[2011.04.25 08:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2013.01.04 07:47:43 | 001,901,416 | ---- | M] (Microsoft Corporation) MD5=B8C1AAC0523E1C33AEB0EF7572144BA2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_11dd678a9616f2c8\tcpip.sys
[2013.07.06 08:03:53 | 001,910,208 | ---- | M] (Microsoft Corporation) MD5=DB74544B75566C974815E79A62433F29 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_114dcae97cfeb81b\tcpip.sys
[2012.08.22 20:12:50 | 001,913,200 | ---- | M] (Microsoft Corporation) MD5=F782CAD3CEDBB3F9FFE3BF2775D92DDC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_113380f37d117668\tcpip.sys
[2011.09.29 18:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2014.03.04 13:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014.03.04 11:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[2014.07.17 04:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\SysNative\winlogon.exe
[2014.07.17 04:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_cdc47ed1ebad0e4e\winlogon.exe
[2014.07.16 05:23:23 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=98AA0BFEE089C7E5DADB94190D93456C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_ce434d9704d2c730\winlogon.exe

< MD5 for: WS2_32.DLL >
[2010.11.21 05:24:28 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- C:\Windows\SysNative\ws2_32.dll
[2010.11.21 05:24:28 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_50ddb631e4f59005\ws2_32.dll
[2010.11.21 05:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\SysWOW64\ws2_32.dll
[2010.11.21 05:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[5 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[12 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[3 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[44 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]
[1 C:\Windows\Temp\{A06DFC47-5344-4323-A237-030728166F56}\*.tmp files -> C:\Windows\Temp\{A06DFC47-5344-4323-A237-030728166F56}\*.tmp -> ]
[1 C:\Windows\Temp\{D6EAFB11-2675-449F-A720-79176BD92E49}\*.tmp files -> C:\Windows\Temp\{D6EAFB11-2675-449F-A720-79176BD92E49}\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2012.09.09 17:18:38 | 000,000,000 | ---D | M] -- C:\Users\Number1\AppData\Roaming\Adobe
[2011.12.19 10:54:18 | 000,000,000 | ---D | M] -- C:\Users\Number1\AppData\Roaming\ATI
[2015.03.18 20:34:02 | 000,000,000 | ---D | M] -- C:\Users\Number1\AppData\Roaming\HpUpdate
[2015.06.10 21:17:02 | 000,000,000 | ---D | M] -- C:\Users\Number1\AppData\Roaming\ICQ
[2012.05.23 16:45:06 | 000,000,000 | ---D | M] -- C:\Users\Number1\AppData\Roaming\ICQ Search
[2011.12.19 09:04:33 | 000,000,000 | ---D | M] -- C:\Users\Number1\AppData\Roaming\Identities
[2011.12.20 08:28:52 | 000,000,000 | ---D | M] -- C:\Users\Number1\AppData\Roaming\Macromedia
[2010.11.21 08:30:38 | 000,000,000 | ---D | M] -- C:\Users\Number1\AppData\Roaming\Media Center Programs
[2013.07.22 22:13:05 | 000,000,000 | --SD | M] -- C:\Users\Number1\AppData\Roaming\Microsoft
[2011.12.20 08:25:58 | 000,000,000 | ---D | M] -- C:\Users\Number1\AppData\Roaming\Mozilla
[2015.06.11 21:04:55 | 000,000,000 | ---D | M] -- C:\Users\Number1\AppData\Roaming\Skype
[2011.12.19 09:51:21 | 000,000,000 | ---D | M] -- C:\Users\Number1\AppData\Roaming\Synaptics
[2012.01.01 11:42:12 | 000,000,000 | ---D | M] -- C:\Users\Number1\AppData\Roaming\Visan

< %APPDATA%\*.exe /s >
[2013.03.22 08:26:52 | 000,010,134 | R--- | M] () -- C:\Users\Number1\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe
[2011.12.19 10:50:31 | 000,010,134 | R--- | M] () -- C:\Users\Number1\AppData\Roaming\Microsoft\Installer\{FBDD9391-0A40-EBCE-B4D6-56952CD5F8B4}\ARPPRODUCTICON.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2015.06.10 21:26:24 | 000,778,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerApp.exe
[2015.06.10 21:26:24 | 000,142,512 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerCPLApp.cpl

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2010.11.21 05:24:51 | 001,475,584 | ---- | M] (Microsoft Corporation)
"Google Update" = "C:\Users\Number1\AppData\Local\Google\Update\GoogleUpdate.exe" /c -- [2014.10.26 10:36:53 | 000,107,912 | ---- | M] (Google Inc.)
"ICQ" = "C:\Program Files (x86)\ICQ7M\ICQ.exe" silent loginmode=4 -- [2012.05.23 16:43:35 | 000,127,040 | ---- | M] (ICQ, LLC.)
"HP Deskjet 3050A J611 series (NET)" = "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1894D1P905PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1 -- [2011.06.08 19:43:24 | 002,676,584 | ---- | M] (Hewlett-Packard Co.)
"Skype" = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun -- [2015.04.17 14:48:36 | 031,280,256 | R--- | M] (Skype Technologies S.A.)

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< >

< type c:\boot.ini >> test.txt /c >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2015.06.11 21:18:30 | 000,000,512 | ---- | M] () MD5=3B04D989E266896D61540E7688CF3A38 -- C:\PhysicalMBR.bin

< >

< *crack* /s >

< *keygen* /s >

< *AntiWPA* /s >

< *loader* /s >
[2006.10.26 14:40:34 | 000,057,344 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006.10.26 14:40:34 | 000,005,120 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2009.10.06 07:08:30 | 000,145,082 | ---- | M] () -- \Program Files (x86)\HP\HP Deskjet 3050A J611 series\bin\HelpViewer\Resources\Loader.gif
[2012.05.23 16:43:33 | 000,005,795 | ---- | M] () -- \Program Files (x86)\ICQ7M\imApp\theme\IMAGES\XtraPreloader\loader.jpg
[2012.05.23 16:43:33 | 000,004,180 | ---- | M] () -- \Program Files (x86)\ICQ7M\imApp\theme\IMAGES\XtraPreloader\zlango-preloader.png
[2012.05.23 16:43:33 | 000,005,520 | ---- | M] () -- \Program Files (x86)\ICQ7M\imApp\theme\MUICoreLib\xtraLoader.swf
[2012.04.20 11:29:39 | 000,002,886 | ---- | M] () -- \Program Files (x86)\ICQ7M\Xtraz\icq\content\babylon_feed\preloader01_b.swf
[2012.05.23 16:43:50 | 000,000,402 | ---- | M] () -- \Program Files (x86)\ICQ7M\Xtraz\icq\content\profile_lightboxs\preloader.html
[2014.04.20 16:15:24 | 001,090,208 | ---- | M] () -- \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kasperskylab.kis.ui.loader.dll
[2014.03.27 15:35:20 | 000,226,496 | ---- | M] () -- \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kas_loader.dll
[2014.04.16 19:32:54 | 000,201,920 | ---- | M] () -- \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\remote_eka_prague_loader.dll
[1 \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\*.tmp files -> \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\*.tmp -> ]
[2014.04.20 15:47:48 | 000,006,957 | ---- | M] () -- \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\skin\resources\neutral\templates\images\safe_banking\preloader.gif
[2014.04.16 19:33:08 | 000,246,976 | ---- | M] () -- \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\remote_eka_prague_loader.dll
[2006.08.16 04:25:58 | 000,174,888 | ---- | M] () -- \Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\Scenery\Global\Texture\VEH_Air_BagLoaderBlue.dds
[2006.08.16 04:25:58 | 000,262,272 | ---- | M] () -- \Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\Scenery\Global\Texture\VEH_Air_BagLoaderBlue_bump.dds
[2006.08.16 04:26:00 | 000,174,888 | ---- | M] () -- \Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\Scenery\Global\Texture\VEH_Air_BagLoaderBlue_lm.dds
[2006.08.16 04:26:00 | 000,349,648 | ---- | M] () -- \Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\Scenery\Global\Texture\VEH_Air_BagLoaderBlue_specular.dds
[2006.08.16 04:26:04 | 000,174,888 | ---- | M] () -- \Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\Scenery\Global\Texture\VEH_Air_BagLoaderGrey.dds
[2006.08.16 04:26:04 | 000,174,888 | ---- | M] () -- \Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\Scenery\Global\Texture\VEH_Air_BagLoaderGrey_lm.dds
[2006.09.04 21:21:28 | 000,301,367 | ---- | M] () -- \Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\GroundVehicles\VEH_Air_BagLoaderBlue\model\VEH_Air_BagLoaderBlue.mdl
[2006.09.04 21:21:30 | 000,301,815 | ---- | M] () -- \Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\GroundVehicles\VEH_Air_BagLoaderGrey\model\VEH_Air_BagLoaderGrey.mdl
[2010.08.24 17:09:00 | 000,005,274 | ---- | M] () -- \Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\Toolbar\Applications\loader.xap
[2015.03.12 12:47:42 | 000,072,638 | ---- | M] () -- \Users\Number1\AppData\Local\Skype\Apps\login\images\loader.gif
[2015.03.12 12:47:42 | 000,003,032 | ---- | M] () -- \Users\Number1\AppData\Local\Skype\Apps\login\images\loader.png
[2015.03.12 12:47:42 | 000,006,012 | ---- | M] () -- \Users\Number1\AppData\Local\Skype\Apps\login\images\normal\loader_15fps.gif
[2015.03.12 12:47:42 | 000,021,956 | ---- | M] () -- \Users\Number1\AppData\Local\Skype\Apps\login\images\normal\loader_30fps.gif
[2015.03.12 12:47:42 | 000,009,772 | ---- | M] () -- \Users\Number1\AppData\Local\Skype\Apps\login\images\retina\loader@2x.png
[2013.11.19 17:04:22 | 000,056,092 | ---- | M] () -- \Users\Number1\AppData\Local\Temp\0C717D08-2153-431A-A004-DED4C624D46E\LOADER.GIF
[2013.11.19 17:04:22 | 000,025,017 | ---- | M] () -- \Users\Number1\AppData\Local\Temp\0C717D08-2153-431A-A004-DED4C624D46E\PRELOADER.GIF
[2013.11.18 20:11:45 | 000,000,000 | ---- | M] () -- \Users\Number1\AppData\Local\Temp\E5B844F0-7F6C-49BF-BAF8-B611F47E292A\LOADER.GIF
[2013.11.18 20:11:45 | 000,000,000 | ---- | M] () -- \Users\Number1\AppData\Local\Temp\E5B844F0-7F6C-49BF-BAF8-B611F47E292A\PRELOADER.GIF
[2012.05.13 21:54:59 | 000,010,519 | ---- | M] () -- \Users\Number1\AppData\Local\Temp\Temporary Internet Files\Content.IE5\AFZJAG92\AdLoader-aee74f28845638b42a47bb02dc06a7c6.min[1].js
[2012.08.28 19:49:42 | 000,000,753 | ---- | M] () -- \Users\Number1\AppData\Local\Temp\Temporary Internet Files\Content.IE5\AFZJAG92\AdLoader[1].htm
[2012.08.28 19:49:42 | 000,105,903 | ---- | M] () -- \Users\Number1\AppData\Local\Temp\Temporary Internet Files\Content.IE5\HVCDXIBB\AdLoader-427d9fd2a91e2f2c023aefe9f69a01d0.min[1].js
[2011.12.20 09:01:59 | 000,082,784 | ---- | M] () -- \Windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
[2015.03.17 06:50:46 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2015.03.17 06:50:46 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2009.07.14 03:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009.07.14 03:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 07:21:03 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 19:38:48 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_68a2edab92971725\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 04:12:19 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.03.17 07:11:07 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18798_none_6885643192acd650\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.05.09 05:20:07 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18847_none_68ba756992852e6b\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 07:12:44 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_691eb3faabbf8f66\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 19:35:00 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_6957a248ab947a6d\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 07:32:07 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22209_none_6971452eab80a50e\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.07.08 07:11:20 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22379_none_692597a0abb965cc\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 08:20:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_695e76beab8ff095\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.11.12 20:36:47 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22436_none_694dd858ab9ba72a\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.03.04 13:03:17 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22616_none_69637bfcab8b6996\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.04.12 04:28:21 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_69353b6eabae8d55\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.03.17 07:05:34 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23002_none_696a2894ab871300\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.05.09 07:58:34 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23049_none_6945eaeaaba13425\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.03.12 19:16:51 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18741_cs-cz_9144f07b13c42013.manifest
[2015.03.12 19:16:51 | 000,033,208 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18741_cs-cz_9144f07b13c42013_winload.efi.mui_35ee487d
[2015.03.12 19:16:51 | 000,034,752 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18741_cs-cz_9144f07b13c42013_winload.exe.mui_3bc5b827
[2015.03.12 19:16:51 | 000,029,624 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18741_cs-cz_9144f07b13c42013_winresume.efi.mui_f412814e
[2015.03.12 19:16:51 | 000,030,136 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18741_cs-cz_9144f07b13c42013_winresume.exe.mui_ff8b5358
[2015.03.12 19:16:51 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18741_en-us_d49b3bd6fabe7c71.manifest
[2015.03.12 19:16:51 | 000,033,208 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18741_en-us_d49b3bd6fabe7c71_winload.efi.mui_35ee487d
[2015.03.12 19:16:51 | 000,033,208 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18741_en-us_d49b3bd6fabe7c71_winload.exe.mui_3bc5b827
[2015.03.12 19:16:51 | 000,029,624 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18741_en-us_d49b3bd6fabe7c71_winresume.efi.mui_f412814e
[2015.03.12 19:16:51 | 000,029,632 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18741_en-us_d49b3bd6fabe7c71_winresume.exe.mui_ff8b5358
[2015.03.12 19:16:52 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18741_none_b9293c0383618646.manifest
[2015.03.12 19:16:52 | 000,693,176 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18741_none_b9293c0383618646_winload.efi_75834aa0
[2015.03.12 19:16:52 | 000,619,056 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18741_none_b9293c0383618646_winload.exe_75835076
[2015.03.12 19:16:52 | 000,616,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18741_none_b9293c0383618646_winresume.efi_85cd069f
[2015.03.12 19:16:52 | 000,532,176 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18741_none_b9293c0383618646_winresume.exe_85cd1215
[2009.07.14 04:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 04:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2009.07.13 20:18:36 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2010.11.21 08:23:35 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a.manifest
[2015.02.03 06:49:45 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18741_cs-cz_9144f07b13c42013.manifest
[2015.02.03 05:35:06 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18741_en-us_d49b3bd6fabe7c71.manifest
[2014.12.13 03:57:48 | 000,004,141 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22908_cs-cz_9200d0e22cbafea1.manifest
[2014.12.13 03:58:08 | 000,004,141 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22908_en-us_d5571c3e13b55aff.manifest
[2015.01.13 00:17:25 | 000,004,141 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22921_cs-cz_91e42f042cd18522.manifest
[2015.01.13 00:17:17 | 000,004,141 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22921_en-us_d53a7a6013cbe180.manifest
[2015.01.16 08:36:46 | 000,004,141 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22923_cs-cz_91e62f982ccfb7d0.manifest
[2015.01.16 08:36:33 | 000,004,141 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22923_en-us_d53c7af413ca142e.manifest
[2015.01.27 07:32:05 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22943_cs-cz_91d08fc02cdfefb2.manifest
[2015.01.27 06:02:12 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22943_en-us_d526db1c13da4c10.manifest
[2015.02.03 07:30:16 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22948_cs-cz_91d591322cdb6e65.manifest
[2015.02.03 05:54:55 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22948_en-us_d52bdc8e13d5cac3.manifest
[2015.03.17 08:28:02 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23002_cs-cz_91faa7482cc099d9.manifest
[2015.03.17 07:14:37 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23002_en-us_d550f2a413baf637.manifest
[2010.11.21 05:16:35 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89.manifest
[2011.02.05 19:34:23 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2015.02.03 05:51:30 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18741_none_b9293c0383618646.manifest
[2011.02.05 15:09:57 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e.manifest
[2014.12.12 08:29:00 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22908_none_b9e51c6a9c5864d4.manifest
[2015.01.12 05:50:53 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22921_none_b9c87a8c9c6eeb55.manifest
[2015.01.16 08:37:02 | 000,005,511 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22923_none_b9ca7b209c6d1e03.manifest
[2015.01.27 06:22:06 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22943_none_b9b4db489c7d55e5.manifest
[2015.02.03 06:17:47 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22948_none_b9b9dcba9c78d498.manifest
[2015.03.17 07:34:28 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23002_none_b9def2d09c5e000c.manifest
[2009.07.14 04:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:15:45 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:40:37 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_0c845227da39a5ef\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.03.17 06:50:46 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18798_none_0c66c8adda4f651a\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.05.09 05:08:08 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18847_none_0c9bd9e5da27bd35\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 06:36:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_0d001876f3621e30\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:29:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_0d3906c4f3370937\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 06:43:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22209_none_0d52a9aaf32333d8\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.07.08 06:59:24 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22379_none_0d06fc1cf35bf496\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 07:53:29 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_0d3fdb3af3327f5f\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.11.12 20:36:47 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22436_none_0d2f3cd4f33e35f4\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.03.04 12:35:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22616_none_0d44e078f32df860\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.04.12 04:03:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_0d169feaf3511c1f\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.03.17 06:42:28 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23002_none_0d4b8d10f329a1ca\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.05.09 07:34:47 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23049_none_0d274f66f343c2ef\api-ms-win-core-libraryloader-l1-1-0.dll

< *minodlogin* /s >

< *tnod* /s >
[2014.07.21 11:52:08 | 000,000,389 | ---- | M] () -- \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\Cleaner\esetnod32av4.ini
[2014.07.21 11:52:08 | 000,000,397 | ---- | M] () -- \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\Cleaner\esetnod32av4_x64.ini
[2014.07.21 11:52:08 | 000,000,385 | ---- | M] () -- \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\Cleaner\esetnod32smarts4.ini
[2014.07.21 11:52:08 | 000,000,420 | ---- | M] () -- \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\Cleaner\esetnod32smarts4_424_x64sp.ini
[2014.07.21 11:52:08 | 000,000,395 | ---- | M] () -- \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\Cleaner\esetnod32smarts4_x64.ini
[2013.11.08 20:53:44 | 000,000,389 | ---- | M] () -- \Users\Number1\AppData\Local\Temp\{C072D800-5132-46EC-9455-2EE61EE1812F}\Cleaner\esetnod32av4.ini
[2013.11.08 20:53:44 | 000,000,397 | ---- | M] () -- \Users\Number1\AppData\Local\Temp\{C072D800-5132-46EC-9455-2EE61EE1812F}\Cleaner\esetnod32av4_x64.ini
[2013.11.08 20:53:44 | 000,000,385 | ---- | M] () -- \Users\Number1\AppData\Local\Temp\{C072D800-5132-46EC-9455-2EE61EE1812F}\Cleaner\esetnod32smarts4.ini
[2013.11.08 20:53:44 | 000,000,420 | ---- | M] () -- \Users\Number1\AppData\Local\Temp\{C072D800-5132-46EC-9455-2EE61EE1812F}\Cleaner\esetnod32smarts4_424_x64sp.ini
[2013.11.08 20:53:44 | 000,000,395 | ---- | M] () -- \Users\Number1\AppData\Local\Temp\{C072D800-5132-46EC-9455-2EE61EE1812F}\Cleaner\esetnod32smarts4_x64.ini
[2014.04.07 12:26:08 | 000,000,389 | ---- | M] () -- \Users\Number1\AppData\Local\Temp\32427CCA-C470-11E3-B0A4-74DE2B1070FA\Cleaner\esetnod32av4.ini
[2014.04.07 12:26:08 | 000,000,397 | ---- | M] () -- \Users\Number1\AppData\Local\Temp\32427CCA-C470-11E3-B0A4-74DE2B1070FA\Cleaner\esetnod32av4_x64.ini
[2014.04.07 12:26:08 | 000,000,385 | ---- | M] () -- \Users\Number1\AppData\Local\Temp\32427CCA-C470-11E3-B0A4-74DE2B1070FA\Cleaner\esetnod32smarts4.ini
[2014.04.07 12:26:08 | 000,000,420 | ---- | M] () -- \Users\Number1\AppData\Local\Temp\32427CCA-C470-11E3-B0A4-74DE2B1070FA\Cleaner\esetnod32smarts4_424_x64sp.ini
[2014.04.07 12:26:08 | 000,000,395 | ---- | M] () -- \Users\Number1\AppData\Local\Temp\32427CCA-C470-11E3-B0A4-74DE2B1070FA\Cleaner\esetnod32smarts4_x64.ini
[2014.07.21 11:52:08 | 000,000,389 | ---- | M] () -- \Users\Number1\AppData\Local\Temp\C3CB2E7B-34C5-11E4-911A-74DE2B1070FA\Cleaner\esetnod32av4.ini
[2014.07.21 11:52:08 | 000,000,397 | ---- | M] () -- \Users\Number1\AppData\Local\Temp\C3CB2E7B-34C5-11E4-911A-74DE2B1070FA\Cleaner\esetnod32av4_x64.ini
[2014.07.21 11:52:08 | 000,000,385 | ---- | M] () -- \Users\Number1\AppData\Local\Temp\C3CB2E7B-34C5-11E4-911A-74DE2B1070FA\Cleaner\esetnod32smarts4.ini
[2014.07.21 11:52:08 | 000,000,420 | ---- | M] () -- \Users\Number1\AppData\Local\Temp\C3CB2E7B-34C5-11E4-911A-74DE2B1070FA\Cleaner\esetnod32smarts4_424_x64sp.ini
[2014.07.21 11:52:08 | 000,000,395 | ---- | M] () -- \Users\Number1\AppData\Local\Temp\C3CB2E7B-34C5-11E4-911A-74DE2B1070FA\Cleaner\esetnod32smarts4_x64.ini

< *AutoKMS* /s >

< *activator* /s >

< *serial* /s >
[2010.04.01 02:20:06 | 000,413,696 | ---- | M] () -- \Program Files (x86)\Microsoft Silverlight\4.0.50401.0\System.Runtime.Serialization.dll
[2011.12.31 10:36:18 | 001,186,304 | ---- | M] () -- \Program Files (x86)\Microsoft Silverlight\4.0.50401.0\System.Runtime.Serialization.ni.dll
[2014.07.11 00:24:10 | 000,970,752 | ---- | M] () -- \Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2010.11.04 18:53:40 | 000,090,112 | ---- | M] () -- \Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[2014.07.11 00:24:01 | 000,847,872 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2010.11.04 18:54:44 | 000,090,112 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[2013.07.08 14:43:52 | 000,011,776 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2014.06.24 01:43:20 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2010.11.13 04:37:37 | 000,090,112 | ---- | M] () -- \Windows\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
[2014.07.11 00:24:10 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2014.10.18 19:59:15 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\91eb4f41130c65ef17f0fee1d3ab48fb\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.10.19 17:21:06 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\b1e0939384cc320d6ac7b8921ccc2877\System.Runtime.Serialization.ni.dll
[2014.10.18 20:02:18 | 000,396,288 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\2a07bf9a29a64827bf06e7853214fc0f\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.10.19 17:25:31 | 003,073,536 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\5015b90fbd31c9ba4fff989b2c79711b\System.Runtime.Serialization.ni.dll
[2014.10.17 19:37:14 | 000,311,296 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\2584d04a18257cb2f729900930bd999e\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2015.05.16 06:40:03 | 002,656,768 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\b2ddde109d23d4cc6831567b7ca49ede\System.Runtime.Serialization.ni.dll
[2014.10.17 20:02:59 | 000,376,832 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\1f06ca2b506418656888651575666d67\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2015.05.16 06:47:17 | 003,423,232 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\da789ed44cf56dd88def26b95cb22631\System.Runtime.Serialization.ni.dll
[2010.03.18 13:16:28 | 001,026,936 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.Runtime.Serialization.dll.amd64
[2010.03.18 13:16:28 | 001,026,936 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.Runtime.Serialization.dll.x86
[2015.05.13 20:39:25 | 000,122,264 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2015.05.13 20:39:24 | 001,038,016 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2014.06.24 01:43:20 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2010.11.04 18:53:34 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2014.07.11 00:24:11 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2014.07.03 07:17:44 | 001,038,016 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2010.03.18 13:16:28 | 000,122,264 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2014.06.24 01:43:09 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2010.11.04 18:54:40 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2014.07.11 00:24:02 | 000,847,872 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2014.07.03 07:17:44 | 001,038,016 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.dll
[2010.03.18 13:16:28 | 000,122,264 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2009.07.14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2009.07.13 19:38:14 | 000,005,120 | ---- | M] () -- \Windows\System32\cs-CZ\serialui.dll.mui
[2009.07.14 02:00:40 | 000,094,208 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_amd64_neutral_fdcfb86ce78678d1\serial.sys
[2009.06.10 22:37:50 | 000,038,400 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_amd64_neutral_6fb75ea318f84fe5\grserial.sys
[2010.11.21 08:24:08 | 000,005,120 | ---- | M] () -- \Windows\System32\en-US\serialui.dll.mui
[2009.07.14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\SysWOW64\serialui.dll
[2009.07.13 19:38:14 | 000,005,120 | ---- | M] () -- \Windows\SysWOW64\cs-CZ\serialui.dll.mui
[2010.11.21 08:24:08 | 000,005,120 | ---- | M] () -- \Windows\SysWOW64\en-US\serialui.dll.mui
[2010.11.04 18:54:40 | 000,011,776 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_1e527062c1f59d5f\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2010.11.04 18:54:40 | 000,011,776 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_cs-cz_1e468964c1feb99a\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2010.11.04 18:54:40 | 000,011,776 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.22731_cs-cz_1ec35795db263fce\System.Runtime.Serialization.Formatters.Soap.Resources.dll
[2009.07.13 19:58:44 | 000,005,120 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_aa5fd338fd5bcb23\serialui.dll.mui
[2010.11.21 08:24:12 | 000,005,120 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_en-us_edb61e94e4562781\serialui.dll.mui
[2009.07.14 03:41:54 | 000,017,920 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360\serialui.dll
[2010.11.04 18:54:44 | 000,090,112 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_bb9a1800691e639c\System.RunTime.Serialization.Resources.dll
[2010.11.04 18:54:44 | 000,090,112 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_cs-cz_bb8e310269277fd7\System.RunTime.Serialization.Resources.dll
[2010.11.04 18:54:44 | 000,090,112 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.22733_cs-cz_bc0cffc7824d38b9\System.RunTime.Serialization.Resources.dll
[2009.07.13 20:07:20 | 000,009,728 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_20ab142d65ed6acc\serial.sys.mui
[2010.11.21 08:24:14 | 000,010,240 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_64015f894ce7c72a\serial.sys.mui
[2009.07.14 02:00:40 | 000,094,208 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_548ca258d20f4ada\serial.sys
[2009.06.10 22:40:06 | 000,131,072 | ---- | M] () -- \Windows\winsxs\amd64_netfx-system.runtim..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_a9d1bee515273f56\System.Runtime.Serialization.Formatters.Soap.dll
[2014.06.24 01:43:09 | 000,131,072 | ---- | M] () -- \Windows\winsxs\amd64_netfx-system.runtim..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7601.18523_none_a9a7e561157d82e9\System.Runtime.Serialization.Formatters.Soap.dll
[2014.06.24 01:43:05 | 000,131,072 | ---- | M] () -- \Windows\winsxs\amd64_netfx-system.runtim..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7601.22733_none_92db3ec72f23fc97\System.Runtime.Serialization.Formatters.Soap.dll
[2009.06.10 22:37:50 | 000,038,400 | ---- | M] () -- \Windows\winsxs\amd64_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_ce9ed3064deed3aa\grserial.sys
[2010.11.21 05:24:53 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17514_none_5918bfde74e3f722\System.Runtime.Serialization.dll
[2012.10.05 12:52:38 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17966_none_591d933074dfaa5b\System.Runtime.Serialization.dll
[2014.03.09 23:48:51 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.18523_none_5919d8d674e2f3ff\System.Runtime.Serialization.dll
[2014.07.11 00:24:02 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.18532_none_591aefe874e1f3b5\System.Runtime.Serialization.dll
[2012.10.05 12:56:11 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.22126_none_424bee728e8a9f53\System.Runtime.Serialization.dll
[2014.03.17 16:38:51 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.22733_none_424d323c8e896dad\System.Runtime.Serialization.dll
[2014.07.08 01:36:29 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.22743_none_424e32868e888704\System.Runtime.Serialization.dll
[2010.11.21 05:24:53 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_93efcca8c8dbf1bb\System.Runtime.Serialization.dll
[2012.10.05 12:52:37 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_93f49ffac8d7a4f4\System.Runtime.Serialization.dll
[2014.03.09 23:48:50 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.18523_none_93f0e5a0c8daee98\System.Runtime.Serialization.dll
[2014.07.11 00:24:01 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.18532_none_93f1fcb2c8d9ee4e\System.Runtime.Serialization.dll
[2012.10.05 12:56:11 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_7d22fb3ce28299ec\System.Runtime.Serialization.dll
[2014.03.17 16:38:51 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22733_none_7d243f06e2816846\System.Runtime.Serialization.dll
[2014.07.08 01:36:29 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22743_none_7d253f50e280819d\System.Runtime.Serialization.dll
[2011.12.19 09:18:29 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8.manifest
[2011.12.19 09:18:29 | 000,017,792 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8_kdcom.dll_db5e7744
[2011.12.19 09:22:22 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_aa5fd338fd5bcb23_serialui.dll.mui_7d29d2a3
[2010.11.21 08:24:37 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_en-us_edb61e94e4562781_serialui.dll.mui_7d29d2a3
[2009.07.14 04:57:29 | 000,017,920 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360_serialui.dll_bea29328
[2011.12.19 09:22:22 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed_serialui.dll.mui_7d29d2a3
[2010.11.21 08:24:37 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_en-us_919783112bf8b64b_serialui.dll.mui_7d29d2a3
[2009.07.14 04:58:37 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a_serialui.dll_bea29328
[2009.07.14 04:15:17 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_6daa7ec5c65bf5bc.manifest
[2011.02.05 19:35:45 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8.manifest
[2011.02.05 15:11:05 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.21655_none_703aeff2dc87a23b.manifest
[2009.07.14 04:11:30 | 000,000,868 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.1.7600.16385_none_88b1c48f2026fe3f.manifest
[2010.11.21 05:17:50 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17514_none_5918bfde74e3f722.manifest
[2012.10.05 20:18:30 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17966_none_591d933074dfaa5b.manifest
[2014.07.02 08:30:52 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.18523_none_5919d8d674e2f3ff.manifest
[2014.07.14 04:24:48 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.18532_none_591aefe874e1f3b5.manifest
[2012.10.05 20:10:31 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.22126_none_424bee728e8a9f53.manifest
[2014.07.02 08:30:44 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.22733_none_424d323c8e896dad.manifest
[2014.07.14 04:13:57 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.22743_none_424e32868e888704.manifest
[2010.11.21 05:17:50 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_93efcca8c8dbf1bb.manifest
[2012.10.05 20:19:07 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_93f49ffac8d7a4f4.manifest
[2014.07.02 08:31:00 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.18523_none_93f0e5a0c8daee98.manifest
[2014.07.14 04:24:58 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.18532_none_93f1fcb2c8d9ee4e.manifest
[2012.10.05 20:11:10 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_7d22fb3ce28299ec.manifest
[2014.07.02 08:30:53 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22733_none_7d243f06e2816846.manifest
[2014.07.14 04:14:06 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22743_none_7d253f50e280819d.manifest
[2010.11.21 05:17:50 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c.manifest
[2012.10.05 19:15:39 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17966_none_a683f56a74d63285.manifest
[2014.07.02 07:57:49 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.18523_none_a6803b1074d97c29.manifest
[2014.07.14 04:04:09 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.18532_none_a681522274d87bdf.manifest
[2012.10.05 19:17:50 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22126_none_8fb250ac8e81277d.manifest
[2014.07.02 08:07:46 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22733_none_8fb394768e7ff5d7.manifest
[2014.07.14 04:04:27 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22743_none_8fb494c08e7f0f2e.manifest
[2009.07.13 20:17:48 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0.manifest
[2010.11.21 08:23:44 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_en-us_8f71d563bf7aa3c2.manifest
[2012.10.05 22:12:17 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17966_cs-cz_342f3c238422529f.manifest
[2012.10.05 20:09:41 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17966_en-us_8f4bb639bfcd9db1.manifest
[2014.07.02 09:46:46 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.18523_cs-cz_342b81c984259c43.manifest
[2014.07.02 08:12:55 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.18523_en-us_8f47fbdfbfd0e755.manifest
[2014.07.14 06:02:27 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.18532_cs-cz_342c98db84249bf9.manifest
[2014.07.14 04:07:18 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.18532_en-us_8f4912f1bfcfe70b.manifest
[2012.10.05 21:59:28 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22126_cs-cz_1d5d97659dcd4797.manifest
[2012.10.05 19:57:17 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22126_en-us_787a117bd97892a9.manifest
[2014.07.02 10:08:13 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22733_cs-cz_1d5edb2f9dcc15f1.manifest
[2014.07.02 08:12:12 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22733_en-us_787b5545d9776103.manifest
[2014.07.14 06:06:58 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22743_cs-cz_1d5fdb799dcb2f48.manifest
[2014.07.14 03:56:59 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22743_en-us_787c558fd9767a5a.manifest
[2010.11.21 05:17:50 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f.manifest
[2012.10.05 19:15:03 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17966_none_d6c72b049c7d33b8.manifest
[2014.07.02 08:00:03 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.18523_none_d6c370aa9c807d5c.manifest
[2014.07.14 04:06:40 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.18532_none_d6c487bc9c7f7d12.manifest
[2012.10.05 19:17:15 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22126_none_bff58646b62828b0.manifest
[2014.07.02 08:10:04 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22733_none_bff6ca10b626f70a.manifest
[2014.07.14 04:06:53 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22743_none_bff7ca5ab6261061.manifest
[2010.11.21 05:18:20 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1.manifest
[2012.10.05 19:19:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_dba1d6d1dd53cdfa.manifest
[2014.07.02 07:58:58 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.18523_none_db9e1c77dd57179e.manifest
[2014.07.14 04:05:25 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.18532_none_db9f3389dd561754.manifest
[2012.10.05 19:22:10 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_c4d03213f6fec2f2.manifest
[2014.07.02 08:08:55 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22733_none_c4d175ddf6fd914c.manifest
[2014.07.14 04:05:41 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22743_none_c4d27627f6fcaaa3.manifest
[2009.06.10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll
[2014.06.24 01:43:20 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7601.18523_none_1c70653de072abde\System.Runtime.Serialization.Formatters.Soap.dll
[2014.06.24 01:43:36 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7601.22733_none_05a3bea3fa19258c\System.Runtime.Serialization.Formatters.Soap.dll
[2009.06.10 15:10:20 | 000,011,776 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.1.7600.16385_cs-cz_d5c3552dd9b47144\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2013.07.08 14:43:52 | 000,011,776 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.1.7601.18523_cs-cz_d5997ba9da0ab4d7\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010.11.21 05:24:53 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c\System.Runtime.Serialization.dll
[2012.10.05 12:53:24 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17966_none_a683f56a74d63285\System.Runtime.Serialization.dll
[2014.03.09 23:47:42 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.18523_none_a6803b1074d97c29\System.Runtime.Serialization.dll
[2014.07.11 00:24:11 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.18532_none_a681522274d87bdf\System.Runtime.Serialization.dll
[2012.10.05 12:56:07 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22126_none_8fb250ac8e81277d\System.Runtime.Serialization.dll
[2014.03.17 16:38:28 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22733_none_8fb394768e7ff5d7\System.Runtime.Serialization.dll
[2014.07.08 01:27:52 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22743_none_8fb494c08e7f0f2e\System.Runtime.Serialization.dll
[2009.06.08 11:39:36 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0\System.RunTime.Serialization.Resources.dll
[2010.11.13 04:02:06 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17966_cs-cz_342f3c238422529f\System.RunTime.Serialization.Resources.dll
[2010.11.13 04:37:37 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.18523_cs-cz_342b81c984259c43\System.RunTime.Serialization.Resources.dll
[2010.11.13 04:37:37 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.18532_cs-cz_342c98db84249bf9\System.RunTime.Serialization.Resources.dll
[2010.11.13 04:37:37 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22126_cs-cz_1d5d97659dcd4797\System.RunTime.Serialization.Resources.dll
[2010.11.13 04:37:37 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22733_cs-cz_1d5edb2f9dcc15f1\System.RunTime.Serialization.Resources.dll
[2010.11.13 04:37:37 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22743_cs-cz_1d5fdb799dcb2f48\System.RunTime.Serialization.Resources.dll
[2010.11.21 05:24:53 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f\System.Runtime.Serialization.dll
[2012.10.05 12:53:23 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17966_none_d6c72b049c7d33b8\System.Runtime.Serialization.dll
[2014.03.09 23:47:42 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.18523_none_d6c370aa9c807d5c\System.Runtime.Serialization.dll
[2014.07.11 00:24:10 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.18532_none_d6c487bc9c7f7d12\System.Runtime.Serialization.dll
[2012.10.05 12:56:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22126_none_bff58646b62828b0\System.Runtime.Serialization.dll
[2014.03.17 16:38:27 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22733_none_bff6ca10b626f70a\System.Runtime.Serialization.dll
[2014.07.08 01:27:52 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22743_none_bff7ca5ab6261061\System.Runtime.Serialization.dll
[2010.11.04 18:53:34 | 000,011,776 | ---- | M] () -- \Windows\winsxs\wow64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_28a71ab4f6565f5a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010.11.04 18:53:34 | 000,011,776 | ---- | M] () -- \Windows\winsxs\wow64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_cs-cz_289b33b6f65f7b95\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010.11.04 18:53:34 | 000,011,776 | ---- | M] () -- \Windows\winsxs\wow64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.22731_cs-cz_291801e80f8701c9\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.07.13 19:38:14 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed\serialui.dll.mui
[2010.11.21 08:24:08 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_en-us_919783112bf8b64b\serialui.dll.mui
[2009.07.14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a\serialui.dll
[2010.11.04 18:53:40 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_5f7b7c7cb0c0f266\System.RunTime.Serialization.Resources.dll
[2010.11.04 18:53:40 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_cs-cz_5f6f957eb0ca0ea1\System.RunTime.Serialization.Resources.dll
[2010.11.04 18:53:40 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.22733_cs-cz_5fee6443c9efc783\System.RunTime.Serialization.Resources.dll
[2010.11.21 05:25:11 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1\System.Runtime.Serialization.dll
[2012.10.05 12:53:23 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_dba1d6d1dd53cdfa\System.Runtime.Serialization.dll
[2014.03.09 23:47:42 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.18523_none_db9e1c77dd57179e\System.Runtime.Serialization.dll
[2014.07.11 00:24:10 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.18532_none_db9f3389dd561754\System.Runtime.Serialization.dll
[2012.10.05 12:56:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_c4d03213f6fec2f2\System.Runtime.Serialization.dll
[2014.03.17 16:38:27 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22733_none_c4d175ddf6fd914c\System.Runtime.Serialization.dll
[2014.07.08 01:27:52 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22743_none_c4d27627f6fcaaa3\System.Runtime.Serialization.dll

< *w7lxe* /s >

< End of report >








OTL Extras logfile created on: 11.6.2015 21:11:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Number1\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17801)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,94 Gb Total Physical Memory | 1,35 Gb Available Physical Memory | 34,29% Memory free
7,87 Gb Paging File | 4,72 Gb Available in Paging File | 59,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,07 Gb Total Space | 516,74 Gb Free Space | 86,69% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: Number1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2495897990-1255970255-3979231297-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{56CBA49C-3CAD-45C4-8C37-C70DAD550C01}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5C9A078B-1867-457A-B94C-3FFB9B2D28F4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6068C840-3E94-4687-8A2B-987D1F6245E1}" = rport=139 | protocol=6 | dir=out | app=system |
"{66ED8DFC-EBC2-4597-9C30-2DA7B6DD5861}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{79ABD9B8-76F3-4528-9A36-D87537727105}" = lport=139 | protocol=6 | dir=in | app=system |
"{7C4A6C9E-F2A3-424F-93DA-2238A5F90E2C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7FD0F7A2-1BB2-403B-BB74-C734D05BA10A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{844A243A-F8FD-488B-908C-0B4AE5DA4534}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{89270CE0-0896-4D93-8A2C-E997E1F0883E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{99EA2FBB-568C-47CA-85C3-675CF5157A71}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9A9C8ACA-050E-478B-AFB1-62F74817B5DD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A24E9206-7341-47A8-9AB9-9E2A7AD129E4}" = rport=138 | protocol=17 | dir=out | app=system |
"{A9029726-507B-4AF3-A2CA-5075F9C21BB3}" = rport=445 | protocol=6 | dir=out | app=system |
"{A9FA741D-9521-48E2-8B53-4A71021BF00F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{ABC5D3F9-5369-438B-B346-949765F67EE2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ADCD933F-BE8F-4BC0-847C-27CADB476C28}" = lport=138 | protocol=17 | dir=in | app=system |
"{B485FA4D-0939-4F9E-B5C8-788A2EC38426}" = rport=137 | protocol=17 | dir=out | app=system |
"{B5CC9905-A50F-41DD-8D1A-4D83B3D69BA2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B813D8E0-E393-41D8-A1F8-E9030F67B26D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CD50E2AA-FF51-4DB9-BFD9-717CDB7EC6FD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D2E234C5-E3B5-4A2E-ABC1-B61B3ECC7BA1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EAE89003-5760-40CC-82D1-56BB1713F5BC}" = lport=137 | protocol=17 | dir=in | app=system |
"{F094A808-7EBC-4E03-A3F7-06B2DE7CA6F6}" = lport=445 | protocol=6 | dir=in | app=system |
"{FFE405C5-B14E-459B-81C1-0A6BE703D912}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01A4FE53-8677-44CA-A100-B4FE8D2724CB}" = protocol=6 | dir=in | app=c:\users\number1\appdata\local\temp\7zs2036\hpdiagnosticcoreui.exe |
"{047DCDA1-E382-4A04-A12B-EE16C2702DE0}" = protocol=6 | dir=in | app=c:\users\number1\appdata\local\temp\7zs4447\hpdiagnosticcoreui.exe |
"{07C30FD9-8E1D-4D0C-BA7D-873817087B93}" = protocol=17 | dir=in | app=c:\users\number1\appdata\local\temp\7zs2036\hpdiagnosticcoreui.exe |
"{0AB2CD2F-48E4-4243-9262-FEFE237283A2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0BBC259B-E6D6-4CA0-8166-8D6C1C403C61}" = protocol=17 | dir=in | app=c:\users\number1\appdata\local\temp\7zs36c4\hpdiagnosticcoreui.exe |
"{0FE1F1AE-43D1-4DF4-AD24-B9F7E5DFA6FF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{151402D9-9545-4607-B4A9-6F9C8561D319}" = protocol=6 | dir=in | app=c:\users\number1\appdata\local\temp\7zs5cf9\hpdiagnosticcoreui.exe |
"{16872FB6-7591-4C67-A360-00D347EAF69B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1AC1B072-82F8-4143-93E5-034F9709CA81}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{261DE89A-EE70-419A-828E-EF060A5B3959}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{35278DD5-C853-47A8-9582-4080F552A1AE}" = protocol=17 | dir=in | app=c:\users\number1\appdata\local\temp\7zs44f4\hpdiagnosticcoreui.exe |
"{401C6463-5ADE-4B8E-AD9E-74F797ADC3DF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{443E922A-808C-4CFA-AF7C-61D384071A32}" = protocol=17 | dir=in | app=c:\users\number1\appdata\local\temp\7zs5d72\hpdiagnosticcoreui.exe |
"{48329382-A59B-4C7F-B612-C9FA3EA0AA10}" = protocol=17 | dir=in | app=c:\users\number1\appdata\local\temp\7zs5aec\hpdiagnosticcoreui.exe |
"{493482D6-EF1F-4724-88C4-C5A6D690DEB2}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{50B50413-D8BB-4F2D-8128-56CBF696184F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5218F664-2DEE-418A-B5C8-1B48B782FEEB}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{5EC92F50-582B-4AD6-89ED-694DEADAF2E7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5FDAC11B-D7E0-4908-9E65-C320BF6D31E2}" = protocol=6 | dir=in | app=c:\users\number1\appdata\local\temp\7zs5aec\hpdiagnosticcoreui.exe |
"{6BA3330A-1609-4FBC-AABF-6ACB4D5FDD12}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6C21AF93-0954-4732-A59D-CBE9631502FA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6C76C279-F8CD-4EE8-9174-50D82E93C0C0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6C7FC47E-FC2F-46C5-98D6-DE5D65EA6E8C}" = protocol=6 | dir=in | app=c:\users\number1\appdata\local\temp\7zs1dc3\hpdiagnosticcoreui.exe |
"{6FC2CE9A-50DA-4079-A551-DADA6F3AC956}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{734C55CC-77E8-4ECE-BF66-2EBF3698D9CB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7496CA69-2244-44F6-AF5A-CC9DED994932}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{77245452-A774-4CE7-B60E-82EEA7406232}" = protocol=6 | dir=out | app=system |
"{78924D15-97DC-4DB3-9DA4-74DFE277686D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{79518821-A01E-49E2-9889-2567BEECD8EE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{7E150818-79AA-44BE-8525-3A4CFAB6FAC5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7EDCE997-DFA6-4E37-A59A-426420E57F15}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{823DC37E-B129-470E-96CD-EC7070CCEE5B}" = protocol=17 | dir=in | app=c:\users\number1\appdata\local\temp\7zs5cf9\hpdiagnosticcoreui.exe |
"{88B72E9C-92C9-480C-9116-FB3D78BF8873}" = protocol=6 | dir=in | app=c:\users\number1\appdata\local\temp\7zs44f4\hpdiagnosticcoreui.exe |
"{89FEB829-794D-4755-BDAF-81955AE5B64F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8D682F3B-B2D5-4F05-828C-EA6CABF18F6C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8E267601-345D-4BF0-9C16-8215D99D073A}" = protocol=17 | dir=in | app=c:\users\number1\appdata\local\temp\7zs1dc3\hpdiagnosticcoreui.exe |
"{8FF2B204-2B04-4613-BE09-A95A97ADEDF5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9162DA0A-6BEF-4E4F-9B3A-D100AF98FF32}" = protocol=6 | dir=in | app=c:\users\number1\appdata\local\temp\7zs5d72\hpdiagnosticcoreui.exe |
"{97530A69-F52F-4767-ADFF-F7441BC8C9D3}" = protocol=6 | dir=in | app=c:\users\number1\appdata\local\temp\7zs1c72\hpdiagnosticcoreui.exe |
"{97D6C0B2-32E1-449C-AE31-88296C9BCCB1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ABD6965F-4EAF-4F11-9E4A-0D386D9A8BC5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AF8FAFC9-7931-4E5B-902A-C1FCD1A222D0}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{B164CF14-ED4A-4BFC-9DB5-B020C104EE6E}" = protocol=6 | dir=in | app=c:\users\number1\appdata\local\temp\7zs36c4\hpdiagnosticcoreui.exe |
"{B5729B5D-73B3-477E-9595-3B1E31EA046E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{B9F61881-2110-405C-BDE3-220454BA2139}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{BAE54364-C547-41AB-907D-E42F780E9A5E}" = protocol=17 | dir=in | app=c:\users\number1\appdata\local\temp\7zs1c72\hpdiagnosticcoreui.exe |
"{C948B7C6-FC6A-454C-8807-C4B5152B0C70}" = dir=in | app=c:\program files\hp\hp deskjet 3050a j611 series\bin\devicesetup.exe |
"{C9A19334-5B77-4A8A-B689-A6A255B23A6F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D9E12A96-4390-4D54-98CB-6FF57E7D5C39}" = protocol=17 | dir=in | app=c:\users\number1\appdata\local\temp\7zs4447\hpdiagnosticcoreui.exe |
"{DCCB9448-19BB-445B-8EE2-85C2389FDD20}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E24A8B3F-06F7-4818-9AE9-C7C201F59777}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EBA9888F-A8D1-472C-92DB-102F3D4989FD}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{EE763F4A-3B10-406F-98D1-9E16B1D950C4}" = dir=in | app=c:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe |
"{F55D6FD0-6F21-467A-B973-E4AEDB616B14}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"TCP Query User{F4A83BFF-CAEF-4A0E-8E54-57DBE4E89CDA}C:\program files (x86)\icq7m\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"UDP Query User{A334C07A-19A0-44FD-8521-1BFCD8DEFDF5}C:\program files (x86)\icq7m\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0378E22E-0F1D-4721-8D26-7AC7CAC2C0C8}" = Základní software zařízení HP Deskjet 3050A J611 series
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{50D5C5CB-BC9F-48DE-9FEE-5C383EEB5DBC}" = Studie zlepšení produktu HP Deskjet 3050A J611 series
"{64C0356C-C3E0-032C-3A3D-341FD4623165}" = ATI Catalyst Install Manager
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2007
"{D7166FE7-32BA-0C4E-CEC7-E3F84470FC60}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E63C9DDB-74E0-5A5F-7979-32905406D899}" = WMV9/VC-1 Video Playback
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[kubha]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Panel nástrojů Bing
"{0F18668B-C7CE-5BC3-3878-E3DDC53EC228}" = CCC Help Greek
"{0F6D9B10-93CF-57D6-A8C6-61742B549F8C}" = CCC Help Hungarian
"{10D4F38B-5436-4673-B861-F301929B373B}" = SL-6640 Black Widow Flightstick
"{11775B47-F0F5-0D99-9CCB-ADF2F7B4793B}" = CCC Help Korean
"{1590A987-E170-860F-E565-FB8B3E0D5E2A}" = CCC Help Czech
"{1BD1DC49-0B70-0E91-B2FC-58A749838800}" = CCC Help Russian
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 7.4
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{29985347-1105-D77E-6AA0-EDC1B30906F5}" = CCC Help Thai
"{2BA5F085-B901-C43E-595C-618C2B005810}" = CCC Help Danish
"{2F92F040-AEA9-59A2-4897-3313579EB777}" = Catalyst Control Center Profiles Mobile
"{3917BE34-FF0E-8814-79C2-F398B9F5DC71}" = Catalyst Control Center Localization All
"{51B5FC11-B3FC-E703-1430-B02E1E0102E8}" = CCC Help Turkish
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5D6590E6-5E21-583B-4399-868589376986}" = Catalyst Control Center Graphics Previews Common
"{61B2A4A8-85BF-4C14-5052-5E314B5FDCCA}" = CCC Help German
"{623B8278-8CAD-45C1-B844-58B687C07805}" = Bing Bar Platform
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{653C1B5A-3287-47B1-8613-0745D4E771C4}" = Kaspersky Internet Security
"{68DF4A5B-B921-53B6-37BE-6C5B62813DAD}" = CCC Help Swedish
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{737DCE46-824C-40BA-8776-81D9D1DB04AB}" = Catalyst Control Center - Branding
"{763DCEBA-0B72-0C7D-61CF-620CE14FC161}" = Catalyst Control Center
"{778D3250-3061-C6BD-BADB-559B8177F59F}" = CCC Help Norwegian
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E0828BE-44C3-F051-3100-F6FAEE573D55}" = CCC Help Chinese Standard
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{912D30CF-F39E-4B31-AD9A-123C6B794EE2}" = HP Update
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{97DDCAB8-B770-4089-A10F-67568069D78A}" = HP Deskjet 3050A J611 series Nápověda
"{9A0049D3-078F-9470-14CE-F1E69752F512}" = CCC Help Portuguese
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A53EE2F2-B7B3-B49F-B6BF-96EF8D2D9F26}" = CCC Help Italian
"{AC76BA86-0804-1033-1959-001802114130}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1029-7B44-AB0000000001}" = Adobe Reader XI (11.0.11) - Czech
"{B19F4FF8-E3BA-1BB8-4F47-48D91F28C479}" = CCC Help Polish
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7CC9483-5BAF-4F14-0563-2C2674661112}" = Catalyst Control Center InstallProxy
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{CCE50A92-CEDE-E2C0-5783-601A3B3DC63E}" = CCC Help Finnish
"{CD09EBBD-793E-6903-6335-642A470D0B23}" = CCC Help French
"{E330ABB9-2BD8-504C-B959-26C889CC14C2}" = CCC Help Dutch
"{E3F745B0-29B9-9483-3962-A1EDD958C24E}" = CCC Help Chinese Traditional
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EEE1FF07-FDE5-0EFB-45F3-0FE909C6E539}" = CCC Help Japanese
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{FB1F181C-3CF3-5341-59F8-2C9A78BB66C5}" = CCC Help Spanish
"{FBDD9391-0A40-EBCE-B4D6-56952CD5F8B4}" = PX Profile Update
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FCE18696-8A12-B6A9-9C3B-7545EB5FE5EB}" = CCC Help English
"Adobe Flash Player ActiveX" = Adobe Flash Player 17 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 17 NPAPI
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Guard.Mail.ru" = Guard.ICQ
"HP Photo Creations" = HP Photo Creations
"ICQToolbar" = ICQ Toolbar
"InstallShield_{10D4F38B-5436-4673-B861-F301929B373B}" = SL-6640 Black Widow Flightstick
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}" = Kaspersky Internet Security
"Malá zvěrolékařka_is1" = Malá zvěrolékařka
"Mozilla Firefox 38.0.5 (x86 cs)" = Mozilla Firefox 38.0.5 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2495897990-1255970255-3979231297-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 25.10.2014 1:02:15 | Computer Name = PC | Source = WinMgmt | ID = 10
Description =

Error - 25.10.2014 2:25:51 | Computer Name = PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 25.10.2014 2:25:51 | Computer Name = PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 25.10.2014 2:25:51 | Computer Name = PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 25.10.2014 2:25:51 | Computer Name = PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 25.10.2014 2:25:51 | Computer Name = PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 25.10.2014 2:25:51 | Computer Name = PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 25.10.2014 2:25:51 | Computer Name = PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 25.10.2014 2:25:51 | Computer Name = PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 25.10.2014 6:37:55 | Computer Name = PC | Source = Winlogon | ID = 4103
Description = Aktivace licence systému Windows se nezdařila. Chyba 0x80070005.

[ OSession Events ]
Error - 26.5.2014 11:31:22 | Computer Name = PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 222
seconds with 180 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6.6.2015 23:34:34 | Computer Name = PC | Source = Service Control Manager | ID = 7023
Description = Služba Windows Update byla ukončena s následující chybou: %%-2147024877

Error - 6.6.2015 23:43:54 | Computer Name = PC | Source = DCOM | ID = 10001
Description =

Error - 6.6.2015 23:52:04 | Computer Name = PC | Source = DCOM | ID = 10010
Description =

Error - 7.6.2015 4:14:43 | Computer Name = PC | Source = DCOM | ID = 10010
Description =

Error - 7.6.2015 11:14:00 | Computer Name = PC | Source = DCOM | ID = 10001
Description =

Error - 7.6.2015 14:13:24 | Computer Name = PC | Source = DCOM | ID = 10010
Description =

Error - 7.6.2015 23:35:45 | Computer Name = PC | Source = DCOM | ID = 10001
Description =

Error - 7.6.2015 23:43:25 | Computer Name = PC | Source = DCOM | ID = 10010
Description =

Error - 10.6.2015 15:19:19 | Computer Name = PC | Source = DCOM | ID = 10001
Description =

Error - 11.6.2015 15:08:50 | Computer Name = PC | Source = DCOM | ID = 10001
Description =


< End of report >

[Márty84]

Neco na smazani by se tam urcite naslo.


Jak je to s legalitou systemu? Enterprise neni zrovna bezna domaci verze. To je pracovni/firemni pocitac?


Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu (cili Vlastni sken vsech disku) http://forum.viry.cz/viewtopic.php?f=29&t=137928 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

[kubha]

No systém se mi tváří jako legální ale pokud vidíte něco jíného za info budu rád.
Jinak log zde:


Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 16.6.2015
Čas skenování: 15:50:13
Protokol: mam.txt
Správce: Ano

Verze: 2.01.6.1022
Databáze malwaru: v2015.06.14.05
Databáze rootkitů: v2015.06.02.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Number1

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 572787
Uplynulý čas: 2 hod, 20 min, 37 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 1
PUP.Optional.ICQToolbar.A, C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe, 2200, , [594458622268280ee4e5b942ce357888]

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 14
PUP.Optional.ICQToolbar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}, , [5c4102b82367f93d452981e69172847c],
PUP.Optional.ICQToolbar.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}, , [5c4102b82367f93d452981e69172847c],
PUP.Optional.ICQToolbar.A, HKLM\SOFTWARE\CLASSES\ICQToolBar.IEHook.1, , [5c4102b82367f93d452981e69172847c],
PUP.Optional.ICQToolbar.A, HKLM\SOFTWARE\CLASSES\ICQToolBar.IEHook, , [5c4102b82367f93d452981e69172847c],
PUP.Optional.ICQToolbar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ICQToolBar.IEHook, , [5c4102b82367f93d452981e69172847c],
PUP.Optional.ICQToolbar.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ICQToolBar.IEHook, , [5c4102b82367f93d452981e69172847c],
PUP.Optional.ICQToolbar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ICQToolBar.IEHook.1, , [5c4102b82367f93d452981e69172847c],
PUP.Optional.ICQToolbar.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ICQToolBar.IEHook.1, , [5c4102b82367f93d452981e69172847c],
PUP.Optional.ICQToolbar.A, HKU\S-1-5-21-2495897990-1255970255-3979231297-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{855F3B16-6D32-4FE6-8A56-BBB695989046}, , [5c4102b82367f93d452981e69172847c],
PUP.Optional.ICQToolbar.A, HKU\S-1-5-21-2495897990-1255970255-3979231297-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{855F3B16-6D32-4FE6-8A56-BBB695989046}, , [5c4102b82367f93d452981e69172847c],
PUP.Optional.ICQToolbar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\EXPLORER BARS\{855F3B16-6D32-4FE6-8A56-BBB695989046}, , [5c4102b82367f93d452981e69172847c],
PUP.Optional.ICQToolbar.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ICQ SERVICE, , [594458622268280ee4e5b942ce357888],
PUP.Optional.ICQ.A, HKU\S-1-5-21-2495897990-1255970255-3979231297-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6552C7DD-90A4-4387-B795-F8F96747DE19}, , [7c2168525d2d4bebb86d572f2bdae41c],
PUP.Optional.ICQToolbar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ICQToolbar, , [6a33308a6a2074c2c482f0f8877cd42c],

Hodnoty registru: 7
PUP.Optional.ICQToolbar.A, HKU\S-1-5-21-2495897990-1255970255-3979231297-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{855F3B16-6D32-4FE6-8A56-BBB695989046}, , [5c4102b82367f93d452981e69172847c],
PUP.Optional.ICQToolbar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{855F3B16-6D32-4FE6-8A56-BBB695989046}, ICQToolBar, , [5c4102b82367f93d452981e69172847c]
PUP.Optional.ICQToolbar.A, HKU\S-1-5-21-2495897990-1255970255-3979231297-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{855F3B16-6D32-4fe6-8A56-BBB695989046}, , [16876852a4e64cea37371c4bae55867a],
PUP.Optional.ICQToolbar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{855F3B16-6D32-4FE6-8A56-BBB695989046}, , [38656852e7a3181e4e2005623cc719e7],
PUP.Optional.ICQToolbar.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ICQ SERVICE|ImagePath, C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe, , [594458622268280ee4e5b942ce357888]
PUP.Optional.ICQ.A, HKU\S-1-5-21-2495897990-1255970255-3979231297-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6552C7DD-90A4-4387-B795-F8F96747DE19}|URL, http://search.icq.com/search/results.ph ... earchTerms}, , [7c2168525d2d4bebb86d572f2bdae41c]
PUP.Optional.ICQ.A, HKU\S-1-5-21-2495897990-1255970255-3979231297-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6552C7DD-90A4-4387-B795-F8F96747DE19}|FaviconURL, http://c.icq.com/search/favicon_icq7.ico, , [b2eb4c6ef298ec4a6abb1b6b15f0af51]

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 36
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\BG, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\CZ, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\DE, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\EN, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\ES, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\FR, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\HE, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\IT, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\RU, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\SK, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\TR, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\Program Files (x86)\ICQ6Toolbar, , [6a33308a6a2074c2c482f0f8877cd42c],

Soubory: 227
PUP.Optional.ICQToolbar.A, C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll, , [5c4102b82367f93d452981e69172847c],
HackTool.Wpakill, C:\Windows\Setup\scripts\faXcooL.exe, , [7d20cceebbcf84b29156e2a15fa113ed],
PUP.Optional.ICQPlugin.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\searchplugins\icqplugin-1.xml, , [f6a7bdfdbdcd7eb8e05728d29a695ca4],
PUP.Optional.ICQPlugin.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\searchplugins\icqplugin-10.xml, , [cbd2704a5a30db5ba0973dbddf24c739],
PUP.Optional.ICQPlugin.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\searchplugins\icqplugin-11.xml, , [0796f4c67614eb4b8fa876849f6415eb],
PUP.Optional.ICQPlugin.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\searchplugins\icqplugin-12.xml, , [584541792a604beba691ef0bca396997],
PUP.Optional.ICQPlugin.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\searchplugins\icqplugin-13.xml, , [f0ad9822dbafd0661b1c9961f013fd03],
PUP.Optional.ICQPlugin.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\searchplugins\icqplugin-14.xml, , [8a13a2182664f640280f40bac93a07f9],
PUP.Optional.ICQPlugin.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\searchplugins\icqplugin-15.xml, , [77263b7fb9d179bd2611d02aaa597090],
PUP.Optional.ICQPlugin.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\searchplugins\icqplugin-16.xml, , [7d2011a9e7a3bd79b5821bdfb053c43c],
PUP.Optional.ICQPlugin.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\searchplugins\icqplugin-17.xml, , [a4f9a11975150432b28500faaf5453ad],
PUP.Optional.ICQPlugin.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\searchplugins\icqplugin-18.xml, , [613ce8d28a006fc73dfaaf4bcc374ab6],
PUP.Optional.ICQPlugin.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\searchplugins\icqplugin-19.xml, , [dbc26951ed9d84b2f93e47b312f16b95],
PUP.Optional.ICQPlugin.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\searchplugins\icqplugin-2.xml, , [8c11c0faa6e46bcbec4b31c9d330ea16],
PUP.Optional.ICQPlugin.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\searchplugins\icqplugin-3.xml, , [d9c4bcfeb8d253e39c9b1ddd5aa99b65],
PUP.Optional.ICQPlugin.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\searchplugins\icqplugin-4.xml, , [6e2f8c2e800aa98d1621fdfdcd36ed13],
PUP.Optional.ICQPlugin.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\searchplugins\icqplugin-5.xml, , [009d9525fd8d87af5ddada20eb180cf4],
PUP.Optional.ICQPlugin.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\searchplugins\icqplugin-6.xml, , [ecb113a76c1e5fd7d067c03a16ede51b],
PUP.Optional.ICQPlugin.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\searchplugins\icqplugin-7.xml, , [e7b6e2d8404a979f8bac758516ed40c0],
PUP.Optional.ICQPlugin.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\searchplugins\icqplugin-8.xml, , [b2ebaf0b0684e84e7eb90ded867d07f9],
PUP.Optional.ICQPlugin.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\searchplugins\icqplugin-9.xml, , [2b722b8f7f0b77bf5cdb29d1ab58fc04],
PUP.Optional.ICQPlugin.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\searchplugins\icqplugin.xml, , [f3aa4278018963d36acd36c4f80ba35d],
PUP.Optional.ICQToolbar.A, C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe, , [594458622268280ee4e5b942ce357888],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome.manifest, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\install.rdf, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\about.dtd, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\about.xul, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\autocomplete.xml, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\dating.js, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\exitobserver.js, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\fb-smiles-replace-thread.js, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\fb-smiles.js, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\globals.js, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\heureka.js, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\highlight.js, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\hpprotect.js, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\hpprotect.xul, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtabs.css, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtabs.js, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtabs_ltr.css, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtabs_rtl.css, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtoolbar.js, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtoolbar.xul, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\jcarousel.css, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\jquery-1.4.2.min.js, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\jquery-1.4.4.min.js, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\jquery.jcarousel.min.js, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\jquery.lionbars.0.3.min.js, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\localfileupdate.js, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\menu-button.xml, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab.html, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newtab.js, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\options.js, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\options.xul, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\parsegamesxml.js, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\parsemenuxml.js, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\peoplesearch.js, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\peoplesearch.xul, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\ppc.js, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\prefutils.js, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\search.js, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\splitter.xml, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\statistics.js, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\tabcontext.js, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\utilities.js, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\voucher.js, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\zoom.js, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\paging_left.png, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\arrow-selected.png, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\arrow_ltr.png, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\arrow_rtl.png, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\bgLarge.gif, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\bgSmall.gif, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\buttonBlue.gif, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\buttonGreen.gif, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\fb-sample-big.png, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\fb-settings.png, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\icq_logo.png, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\paging_right.png, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\recent_bg_strip.jpg, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\recent_shadow_ltr.png, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\recent_shadow_rtl.png, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\rs_del.png, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\searchLogo.gif, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\search_bg_button.jpg, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\search_bg_button.png, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\search_bg_strip.jpg, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\sites_bg_strip.jpg, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\tooltip-arrow.png, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\tooltip-close.png, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\hpprotect.dtd, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\icq_locale.dtd, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\itb.properties, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\itb_options.dtd, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\options.properties, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\hpprotect.dtd, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\icq_locale.dtd, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\itb.properties, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\itb_options.dtd, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\options.properties, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\hpprotect.dtd, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\icq_locale.dtd, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\itb.properties, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\itb_options.dtd, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\options.properties, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\hpprotect.dtd, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\icq_locale.dtd, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\itb.properties, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\itb_options.dtd, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\options.properties, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\hpprotect.dtd, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\icq_locale.dtd, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\itb.properties, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\itb_options.dtd, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\options.properties, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\hpprotect.dtd, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\icq_locale.dtd, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\itb.properties, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\itb_options.dtd, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\options.properties, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\hpprotect.dtd, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\icq_locale.dtd, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\itb.properties, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\itb_options.dtd, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\options.properties, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\hpprotect.dtd, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\icq_locale.dtd, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\itb.properties, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\itb_options.dtd, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\options.properties, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\hpprotect.dtd, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\icq_locale.dtd, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\itb.properties, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\itb_options.dtd, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\options.properties, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\hpprotect.dtd, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\icq_locale.dtd, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\itb.properties, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\itb_options.dtd, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\options.properties, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\hpprotect.dtd, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\icq_locale.dtd, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\itb.properties, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\itb_options.dtd, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\options.properties, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\about.css, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\abt.png, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\ain.png, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\ang.png, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\default.css, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\dis.png, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\down_arrow.jpg, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\down_arrow.png, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\dropmarker.css, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\fbsmileslogo.png, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\hide.png, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\icons.png, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\logo_small.gif, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\more_vouchers_r.png, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\more_vouchers_y.png, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\options.css, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\peoplesearch.css, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\voucher_bg.png, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\voucher_bg_y.png, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components\ITB_History.js, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\prefs.js, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\user.js, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\manifest.mf, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.rsa, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.sf, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.gif, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.src, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\zvew1jun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.xml, , [e6b713a70882191d19ed3ea66e9552ae],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\Configuration.xml, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\OptionDlg.xml, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\RegionalSettings.xml, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\UserInterface.xml, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\BG\Configuration.xml, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\BG\OptionDlg.xml, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\BG\RegionalSettings.xml, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\BG\UserInterface.xml, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\DE\Configuration.xml, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\DE\OptionDlg.xml, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\DE\RegionalSettings.xml, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\DE\UserInterface.xml, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\EN\Configuration.xml, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\EN\OptionDlg.xml, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\EN\RegionalSettings.xml, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\EN\UserInterface.xml, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\ES\Configuration.xml, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\ES\OptionDlg.xml, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\ES\RegionalSettings.xml, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\ES\UserInterface.xml, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\FR\Configuration.xml, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\FR\OptionDlg.xml, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\FR\RegionalSettings.xml, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\FR\UserInterface.xml, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\HE\Configuration.xml, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\HE\OptionDlg.xml, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\HE\RegionalSettings.xml, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\HE\UserInterface.xml, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\IT\Configuration.xml, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\IT\OptionDlg.xml, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\IT\RegionalSettings.xml, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\IT\UserInterface.xml, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\RU\Configuration.xml, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\RU\OptionDlg.xml, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\RU\RegionalSettings.xml, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\RU\UserInterface.xml, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\SK\Configuration.xml, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\SK\OptionDlg.xml, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\SK\RegionalSettings.xml, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\SK\UserInterface.xml, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\TR\Configuration.xml, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\TR\OptionDlg.xml, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\TR\RegionalSettings.xml, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\TR\UserInterface.xml, , [6a338d2d3c4e81b5390ca7417e857090],
PUP.Optional.ICQToolbar.A, C:\Program Files (x86)\ICQ6Toolbar\config.xml, , [6a33308a6a2074c2c482f0f8877cd42c],
PUP.Optional.ICQToolbar.A, C:\Program Files (x86)\ICQ6Toolbar\Icons.bmp, , [6a33308a6a2074c2c482f0f8877cd42c],
PUP.Optional.ICQToolbar.A, C:\Program Files (x86)\ICQ6Toolbar\icq6Toolbar.ico, , [6a33308a6a2074c2c482f0f8877cd42c],
PUP.Optional.ICQToolbar.A, C:\Program Files (x86)\ICQ6Toolbar\ICQUnToolbar.exe, , [6a33308a6a2074c2c482f0f8877cd42c],
PUP.Optional.ICQToolbar.A, C:\Program Files (x86)\ICQ6Toolbar\logo_small.gif, , [6a33308a6a2074c2c482f0f8877cd42c],
PUP.Optional.ICQToolbar.A, C:\Program Files (x86)\ICQ6Toolbar\ServiceStarter.exe, , [6a33308a6a2074c2c482f0f8877cd42c],
PUP.Optional.ICQToolbar.A, C:\Program Files (x86)\ICQ6Toolbar\short.wav, , [6a33308a6a2074c2c482f0f8877cd42c],
PUP.Optional.ICQToolbar.A, C:\Program Files (x86)\ICQ6Toolbar\Version.txt, , [6a33308a6a2074c2c482f0f8877cd42c],
PUP.Optional.ICQToolbar.A, C:\Program Files (x86)\ICQ6Toolbar\voucher.bmp, , [6a33308a6a2074c2c482f0f8877cd42c],
PUP.Optional.ICQToolbar.A, C:\Program Files (x86)\ICQ6Toolbar\voucher2.bmp, , [6a33308a6a2074c2c482f0f8877cd42c],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[Márty84]

No cracknuty system se vzdycky tvari jako legalni
Prece musite vedet, jestli jste tuto verzi systemu opravdu kupoval, nebo cracknul


Vsechny nalezy MBAM nechte odstranit. Po odstraneni a restartu pc test zopakujte, at vime, jestli se to nevraci. Napiste vysledek testu a podle nej se zaridime dale.




18.7. pro neaktivitu http://forum.viry.cz/viewtopic.php?f=12&t=123975