VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

90 - 100 % RAM svchost.exe

https://forum.viry.cz:443/viewtopic.php?t=144798

Stránka 1 z 1

90 - 100 % RAM svchost.exe

Napsal: 11 čer 2015 10:33
od pteryx
Mám problém s procesom svchost.exe . Pri zapnutí pc sa porád ten proces zapne a strašne mi vytažuje ramky , čítala som že to sú problémy s aktualizáciami ale ja žiadne nemám.

Dakujem za odpoved

Re: 90 - 100 % RAM svchost.exe

Napsal: 11 čer 2015 16:35
od Rudy
Zdravím!
Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Aktualizovat systém je nutnost. Proč žádné aktualizace nemáte?

Re: 90 - 100 % RAM svchost.exe

Napsal: 15 črc 2015 16:08
od pteryx
# AdwCleaner v4.208 - Log vytvořen 15/07/2015 v 17:02:23
# Aktualizováno 09/07/2015 by Xplode
# Databáze : 2015-07-15.1 [Server]
# Operační system : Windows 7 Ultimate Service Pack 1 (x86)
# Uživatelské jméno : Zuzanka - ZUZANKA-PC
# Spuštěno z : C:\Users\Zuzanka\Downloads\adwcleaner_4.208.exe
# Nastavení : Čištění

***** [ Služby ] *****


***** [ Soubory / Složky ] *****

Složka Smazáno : C:\ProgramData\apn
Složka Smazáno : C:\ProgramData\CostMin
Složka Smazáno : C:\ProgramData\IePluginServices
Složka Smazáno : C:\ProgramData\WPM
Složka Smazáno : C:\ProgramData\c896fdd92a80c48f
Složka Smazáno : C:\Program Files\PCDApp
Složka Smazáno : C:\Users\Administrator\AppData\Local\Chromatic Browser
Složka Smazáno : C:\Users\Administrator\AppData\Local\torch
Složka Smazáno : C:\Users\Guest\AppData\Local\Chromatic Browser
Složka Smazáno : C:\Users\Guest\AppData\Local\torch
Složka Smazáno : C:\Users\Maminka\AppData\Local\Chromatic Browser
Složka Smazáno : C:\Users\Maminka\AppData\Local\torch
Složka Smazáno : C:\Users\UpdatusUser\AppData\Local\Chromatic Browser
Složka Smazáno : C:\Users\UpdatusUser\AppData\Local\torch
Složka Smazáno : C:\Users\Zuzanka\AppData\Local\Chromatic Browser
Složka Smazáno : C:\Users\Zuzanka\AppData\Local\torch
Složka Smazáno : C:\Users\Zuzanka\AppData\Roaming\SupTab
Složka Smazáno : C:\Users\Zuzanka\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\yasearch@yandex.ru
Složka Smazáno : C:\Users\Zuzanka\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\raieicss@aepv.co.uk
Složka Smazáno : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpjpokimfpkkibmcebmkbjdbmbliihen
Složka Smazáno : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpjpokimfpkkibmcebmkbjdbmbliihen
Složka Smazáno : C:\Users\Maminka\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpjpokimfpkkibmcebmkbjdbmbliihen
Složka Smazáno : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpjpokimfpkkibmcebmkbjdbmbliihen
[/!\] Ne Smazáno ( Junction ) : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpjpokimfpkkibmcebmkbjdbmbliihen
[/!\] Ne Smazáno ( Junction ) : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpjpokimfpkkibmcebmkbjdbmbliihen
[/!\] Ne Smazáno ( Junction ) : C:\Users\Maminka\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpjpokimfpkkibmcebmkbjdbmbliihen
[/!\] Ne Smazáno ( Junction ) : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpjpokimfpkkibmcebmkbjdbmbliihen
[/!\] Ne Smazáno ( Junction ) : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpjpokimfpkkibmcebmkbjdbmbliihen
[/!\] Ne Smazáno ( Junction ) : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpjpokimfpkkibmcebmkbjdbmbliihen
[/!\] Ne Smazáno ( Junction ) : C:\Users\Maminka\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpjpokimfpkkibmcebmkbjdbmbliihen
[/!\] Ne Smazáno ( Junction ) : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpjpokimfpkkibmcebmkbjdbmbliihen
[/!\] Ne Smazáno ( Junction ) : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpjpokimfpkkibmcebmkbjdbmbliihen
[/!\] Ne Smazáno ( Junction ) : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpjpokimfpkkibmcebmkbjdbmbliihen
[/!\] Ne Smazáno ( Junction ) : C:\Users\Maminka\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpjpokimfpkkibmcebmkbjdbmbliihen
[/!\] Ne Smazáno ( Junction ) : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpjpokimfpkkibmcebmkbjdbmbliihen
Složka Smazáno : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kpjpokimfpkkibmcebmkbjdbmbliihen
Složka Smazáno : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kpjpokimfpkkibmcebmkbjdbmbliihen
Složka Smazáno : C:\Users\Maminka\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kpjpokimfpkkibmcebmkbjdbmbliihen
Složka Smazáno : C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kpjpokimfpkkibmcebmkbjdbmbliihen
Složka Smazáno : C:\Users\Zuzanka\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kpjpokimfpkkibmcebmkbjdbmbliihen
Složka Smazáno : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kpjpokimfpkkibmcebmkbjdbmbliihen
Složka Smazáno : C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kpjpokimfpkkibmcebmkbjdbmbliihen
Složka Smazáno : C:\Users\Maminka\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kpjpokimfpkkibmcebmkbjdbmbliihen
Složka Smazáno : C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kpjpokimfpkkibmcebmkbjdbmbliihen
Složka Smazáno : C:\Users\Zuzanka\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kpjpokimfpkkibmcebmkbjdbmbliihen
Soubor Smazáno : C:\Users\Zuzanka\AppData\Local\Chromium\User Data\Default\Local Storage\chrome-extension_nkcpopggjcjkiicpenikeogioednjeac_0.localstorage
Soubor Smazáno : C:\Windows\system32\drivers\sp_rsdrv2.sys
Soubor Smazáno : C:\Users\Zuzanka\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js
Soubor Smazáno : C:\Users\Maminka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage

***** [ Naplánované úlohy ] *****

Úloha Smazáno : update-sys
Úloha Smazáno : update-S-1-5-21-4206785621-3798105966-3841772347-1000

***** [ Zástupci ] *****


***** [ Registry ] *****

Klíč Smazáno : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Klíč Smazáno : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Data Obnoveno : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Klíč Smazáno : HKCU\Software\BI
Klíč Smazáno : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Klíč Smazáno : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Klíč Smazáno : HKLM\SOFTWARE\SupDp
Klíč Smazáno : HKLM\SOFTWARE\SupTab
Klíč Smazáno : HKLM\SOFTWARE\supWPM
Klíč Smazáno : HKU\.DEFAULT\Software\AskPartnerNetwork
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F5F003B-C71B-72E3-42B4-DE51AB079EB2}
Data Smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SupTab\SEARCH~1.DLL
Data Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Prohlížeče ] *****

-\\ Internet Explorer v11.0.9600.17840

Nastavení Obnoveno : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Nastavení Obnoveno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Nastavení Obnoveno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Nastavení Obnoveno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Nastavení Obnoveno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v


-\\ Google Chrome v43.0.2357.134


-\\ Chromium v


-\\ Comodo Dragon v


-\\ Chrome Canary v


*************************

AdwCleaner[R0].txt - [324 bytů] - [15/07/2015 16:21:43]
AdwCleaner[R1].txt - [12928 bytů] - [15/07/2015 16:25:11]
AdwCleaner[R2].txt - [12987 bytů] - [15/07/2015 16:56:49]
AdwCleaner[S0].txt - [8261 bytů] - [15/07/2015 17:02:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8319 bytů] ##########

Re: 90 - 100 % RAM svchost.exe

Napsal: 15 črc 2015 17:19
od Rudy
Jak je na tom váš oper. systém s legalitou?

Re: 90 - 100 % RAM svchost.exe

Napsal: 15 črc 2015 17:22
od pteryx
Nemám tušenie , preinštalovavál mi to jeden kamarád.

Re: 90 - 100 % RAM svchost.exe

Napsal: 15 črc 2015 17:25
od Rudy
Každý uživatel by měl vědět, co v PC provozuje Zkusíme tento postup:

OTL:
Stáhněte a spusťte OTL: http://oldtimer.geekstogo.com/OTL.exe . Spusťte, zaškrněte "Pro všechny uživatele", Kontrola na havěť LOP" a Kontrola na hvěť PURITY" a do dolního bílého okna zkopírujte:
CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*loader* /s
a klikněte na >Prohledat<. Dejte oba logy.

Re: 90 - 100 % RAM svchost.exe

Napsal: 24 črc 2015 14:57
od pteryx
OTL logfile created on: 24.7.2015 14:42:23 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Zuzanka\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17914)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 0,57 Gb Available Physical Memory | 28,44% Memory free
4,00 Gb Paging File | 2,04 Gb Available in Paging File | 50,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 33,31 Gb Free Space | 34,15% Space Free | Partition Type: NTFS
Drive D: | 135,22 Gb Total Space | 116,11 Gb Free Space | 85,87% Space Free | Partition Type: NTFS

Computer Name: ZUZANKA-PC | User Name: Zuzanka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015.07.24 14:41:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zuzanka\Downloads\OTL.exe
PRC - [2015.07.15 16:16:50 | 000,187,168 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
PRC - [2015.07.13 23:55:16 | 000,813,896 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2015.07.04 19:47:39 | 000,438,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\GWX\GWX.exe
PRC - [2015.06.18 12:55:23 | 005,495,056 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\TeamViewer_Service.exe
PRC - [2015.05.01 11:17:04 | 001,772,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2015.05.01 11:16:10 | 001,394,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2015.01.28 14:08:58 | 001,349,576 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2015.01.28 14:08:42 | 005,088,456 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2015.01.23 14:32:58 | 001,749,792 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe
PRC - [2014.11.04 13:19:48 | 000,815,392 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe
PRC - [2014.07.11 16:04:06 | 001,106,720 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 8\RealTimeProtector.exe
PRC - [2014.02.08 19:11:48 | 000,941,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2014.02.08 19:11:47 | 001,819,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013.08.19 03:09:55 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2013.02.26 00:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe


========== Modules (No Company Name) ==========

MOD - [2015.07.13 23:55:16 | 016,308,040 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\43.0.2357.134\PepperFlash\pepflashplayer.dll
MOD - [2015.07.13 23:55:14 | 001,281,864 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\43.0.2357.134\libglesv2.dll
MOD - [2015.07.13 23:55:13 | 000,080,712 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\43.0.2357.134\libegl.dll
MOD - [2014.07.11 16:04:06 | 001,106,720 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 8\RealTimeProtector.exe
MOD - [2013.01.15 18:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files\IObit\IObit Uninstaller\madexcept_.bpl
MOD - [2013.01.15 18:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 8\madexcept_.bpl
MOD - [2013.01.15 18:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files\IObit\IObit Uninstaller\maddisAsm_.bpl
MOD - [2013.01.15 18:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 8\maddisAsm_.bpl
MOD - [2013.01.15 18:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files\IObit\IObit Uninstaller\madbasic_.bpl
MOD - [2013.01.15 18:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 8\madbasic_.bpl
MOD - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
MOD - [2007.09.02 14:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll


========== Services (SafeList) ==========

SRV - [2015.06.19 20:13:19 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2015.06.18 12:55:23 | 005,495,056 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\TeamViewer_Service.exe -- (TeamViewer)
SRV - [2015.06.03 16:42:38 | 000,327,296 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2015.05.25 20:01:45 | 000,853,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\diagtrack.dll -- (DiagTrack)
SRV - [2015.05.06 19:15:39 | 000,268,464 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015.05.01 11:17:04 | 001,772,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2015.05.01 11:16:10 | 001,394,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2015.01.28 14:08:58 | 001,349,576 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2015.01.16 16:14:48 | 002,724,128 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2014.11.04 13:19:48 | 000,815,392 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe -- (AdvancedSystemCareService8)
SRV - [2014.02.08 02:02:50 | 000,569,024 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.08.13 23:39:49 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013.05.27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013.02.26 00:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt -- (EverestDriver)
DRV - [2015.03.10 17:24:42 | 000,193,464 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2015.03.10 17:24:42 | 000,135,808 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2015.03.10 17:24:42 | 000,123,424 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2015.01.27 01:23:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2014.03.15 09:49:03 | 010,180,896 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2014.02.18 10:53:18 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2014.02.18 10:53:18 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.08.13 08:40:34 | 000,032,800 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)
DRV - [2009.08.13 08:40:32 | 000,093,216 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.07.14 00:02:47 | 000,050,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2006.11.10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE11SR
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE11SR
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-4206785621-3798105966-3841772347-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-4206785621-3798105966-3841772347-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://google.sk/ [binary data]
IE - HKU\S-1-5-21-4206785621-3798105966-3841772347-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=UP97&ocid=UP97DHP
IE - HKU\S-1-5-21-4206785621-3798105966-3841772347-1000\Software\Microsoft\Internet Explorer\SearchURL\fi, = http://www.firmy.cz/phr/%s
IE - HKU\S-1-5-21-4206785621-3798105966-3841772347-1000\Software\Microsoft\Internet Explorer\SearchURL\ma, = http://www.mapy.cz/?sourceid=quicksearch_6826&query=%s
IE - HKU\S-1-5-21-4206785621-3798105966-3841772347-1000\Software\Microsoft\Internet Explorer\SearchURL\se, = http://search.seznam.cz/?sourceid=quicksearch_6826&q=%s
IE - HKU\S-1-5-21-4206785621-3798105966-3841772347-1000\Software\Microsoft\Internet Explorer\SearchURL\vi, = http://videa.seznam.cz/?q=%s
IE - HKU\S-1-5-21-4206785621-3798105966-3841772347-1000\Software\Microsoft\Internet Explorer\SearchURL\zb, = http://www.zbozi.cz/?sourceid=quicksearch_6826&q=%s
IE - HKU\S-1-5-21-4206785621-3798105966-3841772347-1000\..\SearchScopes,DefaultScope = seznam.cz-154034
IE - HKU\S-1-5-21-4206785621-3798105966-3841772347-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-4206785621-3798105966-3841772347-1000\..\SearchScopes\firmy.cz-154034: "URL" = http://www.firmy.cz/phr/{searchTerms}
IE - HKU\S-1-5-21-4206785621-3798105966-3841772347-1000\..\SearchScopes\mapy.cz-154034: "URL" = http://www.mapy.cz/?sourceid=quicksearc ... earchTerms}
IE - HKU\S-1-5-21-4206785621-3798105966-3841772347-1000\..\SearchScopes\seznam.cz-154034: "URL" = http://www.bing.com/search?FORM=UP97DF& ... -SearchBox
IE - HKU\S-1-5-21-4206785621-3798105966-3841772347-1000\..\SearchScopes\videa.seznam.cz-154034: "URL" = http://videa.seznam.cz/?q={searchTerms}
IE - HKU\S-1-5-21-4206785621-3798105966-3841772347-1000\..\SearchScopes\zbozi.cz-154034: "URL" = http://www.zbozi.cz/?sourceid=quicksear ... earchTerms}
IE - HKU\S-1-5-21-4206785621-3798105966-3841772347-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..extensions.enabledAddons: yasearch%40yandex.ru:6.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.3
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1217157.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.80.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.80.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2013.08.21 12:02:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zuzanka\AppData\Roaming\Mozilla\Extensions
[2015.07.15 17:02:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zuzanka\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions
[2015.07.15 16:17:04 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Zuzanka\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\iobitascsurfingprotection@iobit.com
[2013.08.12 15:40:35 | 000,002,015 | ---- | M] () -- C:\Users\Zuzanka\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\firmy.cz-154035.xml
[2013.08.12 15:40:35 | 000,002,078 | ---- | M] () -- C:\Users\Zuzanka\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\mapy.cz-154035.xml
[2013.08.12 15:40:35 | 000,002,148 | ---- | M] () -- C:\Users\Zuzanka\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\seznam.cz-154035.xml
[2013.08.12 15:40:35 | 000,002,019 | ---- | M] () -- C:\Users\Zuzanka\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\videa.seznam.cz-154035.xml
[2013.08.12 15:40:35 | 000,002,146 | ---- | M] () -- C:\Users\Zuzanka\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\zbozi.cz-154035.xml
File not found (No name found) -- C:\PROGRAM FILES\IOBIT APPS TOOLBAR\FF
File not found (No name found) -- C:\USERS\ZUZANKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NAHD6HA2.DEFAULT\EXTENSIONS\YASEARCH@YANDEX.RU

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-4206785621-3798105966-3841772347-1000..\Run: [Advanced SystemCare 8] C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-4206785621-3798105966-3841772347-1000..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-4206785621-3798105966-3841772347-1000..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4206785621-3798105966-3841772347-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-4206785621-3798105966-3841772347-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4206785621-3798105966-3841772347-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-4206785621-3798105966-3841772347-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F19AFC2-CA01-4F37-85CD-60F2C4809357}: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{05dd361d-58df-11e4-acb8-8c89a56f02ae}\Shell - "" = AutoRun
O33 - MountPoints2\{05dd361d-58df-11e4-acb8-8c89a56f02ae}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{05dd3629-58df-11e4-acb8-8c89a56f02ae}\Shell - "" = AutoRun
O33 - MountPoints2\{05dd3629-58df-11e4-acb8-8c89a56f02ae}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{05dd3634-58df-11e4-acb8-8c89a56f02ae}\Shell - "" = AutoRun
O33 - MountPoints2\{05dd3634-58df-11e4-acb8-8c89a56f02ae}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\RunGame.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2015.07.21 09:41:41 | 000,299,008 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2015.07.21 09:41:41 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2015.07.21 09:41:41 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2015.07.21 09:41:41 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2015.07.20 16:30:34 | 000,000,000 | ---D | C] -- C:\Users\Zuzanka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks
[2015.07.20 16:30:30 | 000,000,000 | ---D | C] -- C:\Games
[2015.07.15 18:22:36 | 000,000,000 | ---D | C] -- C:\FRST
[2015.07.15 16:21:32 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015.07.15 16:16:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
[2015.07.15 16:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8
[2015.07.15 15:19:46 | 000,932,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2015.07.15 15:19:45 | 000,924,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appraiser.dll
[2015.07.15 15:19:45 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\invagent.dll
[2015.07.15 15:19:45 | 000,587,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\generaltel.dll
[2015.07.15 15:19:45 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devinv.dll
[2015.07.15 15:19:45 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\acmigration.dll
[2015.07.15 15:19:45 | 000,015,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CompatTelRunner.exe
[2015.07.15 15:19:44 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2015.07.15 15:19:40 | 002,383,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2015.07.15 15:19:29 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2015.07.15 15:19:29 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2015.07.15 15:19:29 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msaudite.dll
[2015.07.15 15:19:29 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msobjs.dll
[2015.07.15 15:19:29 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\auditpol.exe
[2015.07.15 15:19:29 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2015.07.15 15:19:06 | 001,805,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2015.07.15 15:19:06 | 000,101,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2015.07.15 15:19:05 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2015.07.15 15:19:05 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll
[2015.07.15 15:12:47 | 002,943,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2015.07.15 15:12:47 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2015.07.15 15:12:47 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2015.07.15 15:12:47 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2015.07.15 15:12:47 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2015.07.15 15:12:47 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2015.07.15 15:12:47 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wu.upgrade.ps.dll
[2015.07.15 15:12:46 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2015.07.15 15:12:46 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSetupUI.dll
[2015.07.15 15:12:30 | 002,745,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2015.07.15 15:12:29 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RdpGroupPolicyExtension.dll
[2015.07.15 15:12:28 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cewmdm.dll
[2015.07.15 15:11:27 | 004,520,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2015.07.15 15:11:26 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2015.07.15 15:11:15 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2015.07.15 15:11:14 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2015.07.15 15:09:52 | 000,685,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2015.07.15 15:09:52 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2015.07.15 15:09:52 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2015.07.15 15:09:52 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2015.07.15 15:09:52 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2015.07.15 15:09:52 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2015.07.15 15:09:51 | 000,342,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2015.07.15 15:09:50 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2015.07.15 15:09:50 | 000,418,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2015.07.15 15:09:50 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2015.07.15 15:09:50 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2015.07.15 15:09:49 | 000,689,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2015.07.15 15:09:48 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2015.07.15 15:09:47 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2015.07.15 15:09:46 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2015.07.15 15:09:46 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2015.07.15 15:09:44 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2015.07.15 15:09:41 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2015.07.15 15:09:39 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2015.07.15 15:09:38 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2015.07.09 22:44:21 | 000,000,000 | ---D | C] -- C:\Users\Zuzanka\AppData\Local\Ahri.tw
[2015.07.03 12:35:44 | 000,000,000 | ---D | C] -- C:\Users\Zuzanka\Documents\Heroes of the Storm
[2015.07.03 12:15:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
[2015.07.02 13:57:20 | 000,000,000 | ---D | C] -- C:\Program Files\Heroes of the Storm
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2015.07.24 14:45:39 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2015.07.24 14:40:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1d040a83f9233ab.job
[2015.07.24 14:39:01 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1d090204836baef.job
[2015.07.24 14:36:06 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015.07.24 14:34:40 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015.07.24 14:34:40 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015.07.24 14:32:53 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015.07.24 14:28:53 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015.07.24 14:28:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015.07.24 14:28:04 | 1610,014,720 | -HS- | M] () -- C:\hiberfil.sys
[2015.07.23 09:40:52 | 000,078,622 | ---- | M] () -- C:\Users\Zuzanka\Desktop\11060902_448686708626808_745017947609029686_o.jpg
[2015.07.22 08:48:39 | 004,006,416 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2015.07.21 19:03:49 | 000,536,547 | ---- | M] () -- C:\Users\Zuzanka\Desktop\WNZKPTU.png
[2015.07.20 16:30:36 | 000,000,769 | ---- | M] () -- C:\Users\Zuzanka\Desktop\World of Tanks.lnk
[2015.07.19 22:32:09 | 000,050,964 | ---- | M] () -- C:\Users\Zuzanka\Desktop\ss+(2015-07-19+at+10.30.31).png
[2015.07.15 04:55:37 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2015.07.15 04:55:35 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2015.07.15 04:55:32 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2015.07.15 03:52:35 | 000,299,008 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2015.07.12 08:20:34 | 000,672,158 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2015.07.12 08:20:34 | 000,657,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2015.07.12 08:20:34 | 000,142,754 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2015.07.12 08:20:34 | 000,123,008 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2015.07.09 19:44:32 | 000,015,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CompatTelRunner.exe
[2015.07.09 19:43:25 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2015.07.09 19:43:25 | 000,093,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2015.07.09 19:43:25 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2015.07.09 19:43:25 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2015.07.09 19:43:24 | 002,943,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2015.07.09 19:43:24 | 000,566,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2015.07.09 19:43:11 | 000,587,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\generaltel.dll
[2015.07.09 19:43:02 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WinSetupUI.dll
[2015.07.09 19:42:57 | 000,628,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\invagent.dll
[2015.07.09 19:42:53 | 000,342,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devinv.dll
[2015.07.09 19:42:52 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wu.upgrade.ps.dll
[2015.07.09 19:42:51 | 000,924,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\appraiser.dll
[2015.07.09 19:42:49 | 000,202,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2015.07.09 19:42:49 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\acmigration.dll
[2015.07.09 19:42:47 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2015.07.09 19:34:49 | 000,932,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2015.07.02 23:08:53 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2015.07.02 22:46:34 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2015.07.01 22:30:39 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2015.07.01 22:30:33 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2015.07.01 22:29:46 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\auditpol.exe
[2015.07.01 22:27:04 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msobjs.dll
[2015.07.01 22:26:52 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msaudite.dll
[2015.07.01 22:24:59 | 000,686,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2015.06.27 03:58:17 | 000,620,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2015.06.27 03:39:37 | 004,520,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2015.06.25 19:43:43 | 000,342,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2015.06.25 10:46:17 | 002,383,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2015.07.23 09:40:41 | 000,078,622 | ---- | C] () -- C:\Users\Zuzanka\Desktop\11060902_448686708626808_745017947609029686_o.jpg
[2015.07.21 19:03:21 | 000,536,547 | ---- | C] () -- C:\Users\Zuzanka\Desktop\WNZKPTU.png
[2015.07.20 16:30:36 | 000,000,769 | ---- | C] () -- C:\Users\Zuzanka\Desktop\World of Tanks.lnk
[2015.07.19 22:32:06 | 000,050,964 | ---- | C] () -- C:\Users\Zuzanka\Desktop\ss+(2015-07-19+at+10.30.31).png
[2015.07.15 18:35:06 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2015.04.15 15:11:17 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx14_ic.ini
[2015.03.15 16:33:27 | 000,000,132 | ---- | C] () -- C:\Users\Zuzanka\AppData\Roaming\Adobe Formát PNG CS6 – předvolby
[2014.06.19 15:46:50 | 000,000,024 | ---- | C] () -- C:\Users\Zuzanka\AppData\Roaming\temp.ini
[2014.05.21 14:26:54 | 000,000,000 | ---- | C] () -- C:\Users\Zuzanka\AppData\Local\{9FBD1D58-D0FA-4B65-A83D-BB53FEE43239}
[2014.05.16 13:07:41 | 000,007,606 | ---- | C] () -- C:\Users\Zuzanka\AppData\Local\Resmon.ResmonCfg
[2013.10.12 12:56:51 | 000,000,644 | RHS- | C] () -- C:\Users\Zuzanka\ntuser.pol
[2013.08.27 12:50:40 | 000,000,864 | ---- | C] () -- C:\Users\Zuzanka\AppData\Local\recently-used.xbel
[2013.08.17 13:57:46 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2013.08.17 13:54:10 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2013.08.12 15:37:11 | 000,000,445 | ---- | C] () -- C:\Users\Zuzanka\AppData\Local\UserProducts.xml

========== ZeroAccess Check ==========

[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015.02.13 07:26:18 | 012,875,264 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2015.05.08 14:01:58 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2015.05.08 14:01:59 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\ProductData
[2015.05.08 14:01:58 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
[2015.05.08 14:01:59 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\ProductData
[2013.09.27 09:05:30 | 000,000,000 | ---D | M] -- C:\Users\Maminka\AppData\Roaming\123 Free Solitaire
[2015.05.08 14:01:57 | 000,000,000 | ---D | M] -- C:\Users\Maminka\AppData\Roaming\IObit
[2015.04.27 07:16:23 | 000,000,000 | ---D | M] -- C:\Users\Maminka\AppData\Roaming\ProductData
[2015.07.15 10:10:44 | 000,000,000 | ---D | M] -- C:\Users\Maminka\AppData\Roaming\Seznam.cz
[2013.09.14 17:48:15 | 000,000,000 | ---D | M] -- C:\Users\Maminka\AppData\Roaming\Yandex
[2015.07.20 16:05:12 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\.minecraft
[2014.12.09 22:32:05 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\.technic
[2013.09.07 14:38:25 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\Audacity
[2015.07.05 17:34:09 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\Battle.net
[2014.05.13 19:39:32 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\Curse
[2014.08.19 14:51:56 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\DAEMON Tools Lite
[2015.05.23 20:24:29 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\GHISLER
[2015.04.17 17:07:43 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\IObit
[2015.03.22 08:56:00 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\java
[2013.08.12 20:14:57 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\LolClient
[2013.10.24 21:36:48 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\Notepad++
[2013.08.12 15:40:34 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\Opera
[2015.04.17 06:49:18 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\Opera Software
[2015.04.11 13:31:10 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\Origin
[2015.02.27 17:57:15 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\PowerISO
[2015.04.17 17:08:40 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\ProductData
[2014.08.17 10:55:38 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\RIFT
[2013.12.25 11:27:27 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\Seznam.cz
[2013.11.23 09:31:16 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\skyz
[2015.02.22 09:20:36 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2015.01.08 23:34:15 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\TeamViewer
[2015.07.24 13:02:15 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\TS3Client
[2013.12.25 11:20:11 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\TuneUp Software
[2013.11.27 12:14:36 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\twinstar_launcher
[2015.01.24 12:00:03 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\uTorrent
[2014.08.26 14:52:40 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\Wargaming.net
[2013.10.05 15:04:40 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\Yandex
[2013.12.24 20:51:11 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\Zoner

========== Purity Check ==========



========== Custom Scans ==========

< >
[2009.07.14 06:53:46 | 000,032,530 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2014.05.26 17:31:46 | 000,000,936 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2014.05.26 17:31:47 | 000,000,940 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2015.02.04 20:27:35 | 000,000,940 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d040a83f9233ab.job
[2015.05.06 19:15:44 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2015.05.16 23:35:51 | 000,000,940 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d090204836baef.job

< >

< MD5 for: ATAPI.SYS >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_a5025d31bee4647c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_df26d4d57fdef5b0\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_dfc9143c98e9a6c4\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010.11.20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe
[2010.11.20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2010.11.20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010.11.20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010.11.20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

< MD5 for: HAL.DLL >
[2010.11.20 14:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\System32\hal.dll
[2010.11.20 14:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll

< MD5 for: SCECLI.DLL >
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

< MD5 for: SERVICES.EXE >
[2015.04.13 05:19:24 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=0780A42DBD7D9969F9BF4A19AA4285B5 -- C:\Windows\System32\services.exe
[2015.04.13 05:19:24 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=0780A42DBD7D9969F9BF4A19AA4285B5 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7601.18829_none_d1614ac32b8ec5cf\services.exe
[2009.07.14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2015.04.11 05:53:55 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=97981140500E86E5BBAD7B76BA890146 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7601.23033_none_d1d9ee0844ba1cc2\services.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: TCPIP.SYS >
[2010.11.20 14:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2014.04.05 04:25:01 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=5579DD18546999F5D0EC39D018726C6B -- C:\Windows\System32\drivers\tcpip.sys
[2014.04.05 04:25:01 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=5579DD18546999F5D0EC39D018726C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18438_none_b513c4dfc4b513b9\tcpip.sys
[2013.09.07 04:06:48 | 001,309,120 | ---- | M] (Microsoft Corporation) MD5=6C4F3D92764FFA22D28061A4D9235446 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_b58e8eb0ddde6cf1\tcpip.sys
[2013.09.08 04:07:12 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=CA59F7C570AF70BC174F477CFE2D9EE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_b4fa2013c4c8ebf1\tcpip.sys
[2012.10.03 18:44:01 | 001,308,040 | ---- | M] (Microsoft Corporation) MD5=D490DD0A91B4EAC3B4EE08D11EE37C31 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_b5a428d6ddce3d9a\tcpip.sys
[2013.11.26 13:07:37 | 001,309,632 | ---- | M] (Microsoft Corporation) MD5=DC08335B30D83FB61E9EFE6FDD09D40D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22525_none_b5a530b8ddcd4b8d\tcpip.sys
[2012.10.03 18:58:30 | 001,293,680 | ---- | M] (Microsoft Corporation) MD5=E23A56F843E2AEBBB209D0ACCA73C640 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_b4ef7439c4d0da52\tcpip.sys
[2014.04.05 04:16:21 | 001,310,144 | ---- | M] (Microsoft Corporation) MD5=EA47AB18E289333AB94397D77CA6E3A1 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22648_none_b59293a4dddacc9b\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

< MD5 for: WINLOGON.EXE >
[2014.07.16 04:56:14 | 000,304,640 | ---- | M] (Microsoft Corporation) MD5=4F37B93C14AEE313BEC52A23AFB15C2E -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_7224b2134c7555fa\winlogon.exe
[2014.07.17 03:39:27 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=52449FD429D6053B78AE564DEF303870 -- C:\Windows\System32\winlogon.exe
[2014.07.17 03:39:27 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=52449FD429D6053B78AE564DEF303870 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_71a5e34e334f9d18\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2014.03.04 11:17:02 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=998507B046BA314CE8245364C686FA67 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_71da23b23327143c\winlogon.exe
[2014.03.04 12:39:02 | 000,304,640 | ---- | M] (Microsoft Corporation) MD5=D53972F87D850CD2EB4B29B60CAFDD77 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_7255f1994c4f8119\winlogon.exe

< >

< %systemroot%*.* /U /s >
[8 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[2 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[9 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2015.07.20 16:05:12 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\.minecraft
[2014.12.09 22:32:05 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\.technic
[2015.04.05 10:30:48 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\Adobe
[2014.03.15 09:00:54 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\Apple Computer
[2013.10.21 14:28:27 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\ArcSoft
[2013.09.07 14:38:25 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\Audacity
[2015.07.05 17:34:09 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\Battle.net
[2014.05.13 19:39:32 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\Curse
[2014.08.19 14:51:56 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\DAEMON Tools Lite
[2015.05.23 20:24:29 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\GHISLER
[2013.08.12 12:16:09 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\Identities
[2015.04.17 17:07:43 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\IObit
[2015.03.22 08:56:00 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\java
[2013.08.12 20:14:57 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\LolClient
[2013.08.12 20:14:52 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\Macromedia
[2009.07.14 11:20:06 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\Media Center Programs
[2015.06.22 22:16:04 | 000,000,000 | --SD | M] -- C:\Users\Zuzanka\AppData\Roaming\Microsoft
[2013.12.13 23:48:30 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\Microsoft Games
[2013.08.21 12:02:24 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\Mozilla
[2013.10.24 21:36:48 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\Notepad++
[2013.08.12 16:09:16 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\NVIDIA
[2013.08.12 15:40:34 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\Opera
[2015.04.17 06:49:18 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\Opera Software
[2015.04.11 13:31:10 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\Origin
[2015.02.27 17:57:15 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\PowerISO
[2015.04.17 17:08:40 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\ProductData
[2013.10.18 20:07:41 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\PSpad
[2014.08.17 10:55:38 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\RIFT
[2014.08.18 15:36:13 | 000,000,000 | RH-D | M] -- C:\Users\Zuzanka\AppData\Roaming\SecuROM
[2013.12.25 11:27:27 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\Seznam.cz
[2015.07.24 09:10:06 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\Skype
[2013.11.23 09:31:16 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\skyz
[2015.02.22 09:20:36 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2015.01.08 23:34:15 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\TeamViewer
[2015.07.24 13:02:15 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\TS3Client
[2013.12.25 11:20:11 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\TuneUp Software
[2013.11.27 12:14:36 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\twinstar_launcher
[2015.01.24 12:00:03 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\uTorrent
[2015.06.29 15:54:15 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\vlc
[2014.08.26 14:52:40 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\Wargaming.net
[2013.08.29 23:33:21 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\WinRAR
[2013.10.05 15:04:40 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\Yandex
[2013.12.24 20:51:11 | 000,000,000 | ---D | M] -- C:\Users\Zuzanka\AppData\Roaming\Zoner

< %APPDATA%\*.exe /s >
[2015.04.29 16:49:11 | 000,588,576 | ---- | M] () -- C:\Users\Zuzanka\AppData\Roaming\IObit\IObit Uninstaller\Install_PintoStartMenutemp.exe
[2015.04.29 16:49:11 | 000,933,664 | ---- | M] () -- C:\Users\Zuzanka\AppData\Roaming\IObit\IObit Uninstaller\PPUninstallertemp.exe
[2015.04.29 16:49:13 | 000,776,992 | ---- | M] () -- C:\Users\Zuzanka\AppData\Roaming\IObit\IObit Uninstaller\UninstallDisplaytemp.exe
[2015.01.15 17:59:54 | 001,824,032 | ---- | M] (IObit) -- C:\Users\Zuzanka\AppData\Roaming\IObit\IObit Uninstaller\UninstallPromotetemp.exe
[2013.11.01 12:52:02 | 000,010,134 | R--- | M] () -- C:\Users\Zuzanka\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2014.11.28 09:41:29 | 001,385,808 | ---- | M] (BitTorrent Inc.) -- C:\Users\Zuzanka\AppData\Roaming\uTorrent\uTorrent.exe
[2013.10.12 13:30:26 | 001,141,328 | ---- | M] (BitTorrent Inc.) -- C:\Users\Zuzanka\AppData\Roaming\uTorrent\updates\3.3.2_30180.exe
[2013.11.24 19:32:10 | 000,900,440 | ---- | M] (BitTorrent Inc.) -- C:\Users\Zuzanka\AppData\Roaming\uTorrent\updates\3.3.2_30303.exe
[2014.05.14 13:51:52 | 001,272,400 | ---- | M] (BitTorrent Inc.) -- C:\Users\Zuzanka\AppData\Roaming\uTorrent\updates\3.4.1_31139.exe
[2014.06.20 13:38:24 | 001,267,536 | ---- | M] (BitTorrent Inc.) -- C:\Users\Zuzanka\AppData\Roaming\uTorrent\updates\3.4.1_31395.exe
[2014.07.11 01:58:29 | 001,322,832 | ---- | M] (BitTorrent Inc.) -- C:\Users\Zuzanka\AppData\Roaming\uTorrent\updates\3.4.2_32126.exe
[2014.10.21 10:01:32 | 001,385,808 | ---- | M] (BitTorrent Inc.) -- C:\Users\Zuzanka\AppData\Roaming\uTorrent\updates\3.4.2_34309.exe
[2014.11.28 09:41:29 | 001,385,808 | ---- | M] (BitTorrent Inc.) -- C:\Users\Zuzanka\AppData\Roaming\uTorrent\updates\3.4.2_35702.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job >
[2015.07.24 14:36:06 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2015.07.24 14:28:53 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2015.07.24 15:32:08 | 000,000,940 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2015.07.24 14:40:00 | 000,000,940 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d040a83f9233ab.job
[2015.07.24 14:39:01 | 000,000,940 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d090204836baef.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2015.07.24 14:34:40 | 000,014,224 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015.07.24 14:34:40 | 000,014,224 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015.07.22 08:48:39 | 004,006,416 | ---- | M] () -- C:\Windows\system32\FNTCACHE.DAT
[3 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"RocketDock" = "C:\Program Files\RocketDock\RocketDock.exe" -- [2007.09.02 14:58:52 | 000,495,616 | ---- | M] ()
"Steam" = "C:\Program Files\Steam\steam.exe" -silent -- [2015.06.04 20:56:54 | 002,892,992 | ---- | M] (Valve Corporation)
"Advanced SystemCare 8" = "C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto -- [2015.01.20 17:22:30 | 002,428,704 | ---- | M] (IObit)

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2015.06.25 19:43:43 | 000,815,312 | ---- | M] (Microsoft Corporation) MD5=A7B6589F92C9CB498CDBA42EBEB23EE4 -- C:\Program Files\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2015.07.13 23:55:16 | 000,813,896 | ---- | M] (Google Inc.) MD5=3BBEC4CC2A388B4C5D1EFE20EAD7D98F -- C:\Program Files\Google\Chrome\Application\chrome.exe

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2015.07.24 14:45:39 | 000,000,512 | ---- | M] () MD5=DD5CEF2B8C15F29B0F75273FCA9A82C9 -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2013.10.12 13:31:17 | 000,031,924 | ---- | M] () -- \Users\Zuzanka\AppData\Roaming\uTorrent\Adobe Photoshop CS3 + Crack.torrent
[2014.10.21 18:24:11 | 000,137,709 | ---- | M] () -- \Users\Zuzanka\AppData\Roaming\uTorrent\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu].torrent
[2014.04.16 11:19:02 | 000,013,844 | ---- | M] () -- \Users\Zuzanka\AppData\Roaming\uTorrent\The Sims 2 Pets+Serial+Crack.torrent
[2014.08.18 18:09:54 | 000,023,014 | ---- | M] () -- \Users\Zuzanka\AppData\Roaming\uTorrent\The.Sims.3.Seasons.inc.Crackfix-RELOADED.torrent

< *keygen* /s >

< *loader* /s >
[2012.03.13 13:18:28 | 003,297,128 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6\Photodownloader.exe
[2012.03.13 11:41:34 | 000,000,860 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6\Photodownloader.exe.manifest
[2012.03.13 11:41:58 | 000,011,161 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6\apd\shared_assets\bitmaps\main_window\C_LoadError.png
[2012.03.13 11:42:00 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6\apd\shared_assets\locales\da_dk\Photodownloader.ini
[2012.03.13 11:42:02 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6\apd\shared_assets\locales\de_de\Photodownloader.ini
[2012.03.13 11:42:02 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6\apd\shared_assets\locales\en_us\Photodownloader.ini
[2012.03.13 11:42:02 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6\apd\shared_assets\locales\es_es\Photodownloader.ini
[2012.03.13 11:42:02 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6\apd\shared_assets\locales\fi_fi\Photodownloader.ini
[2012.03.13 11:42:02 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6\apd\shared_assets\locales\fr_fr\Photodownloader.ini
[2012.03.13 11:42:02 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6\apd\shared_assets\locales\it_it\Photodownloader.ini
[2012.03.13 11:42:04 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6\apd\shared_assets\locales\ja_jp\Photodownloader.ini
[2012.03.13 11:42:04 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6\apd\shared_assets\locales\ko_kr\Photodownloader.ini
[2012.03.13 11:42:04 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6\apd\shared_assets\locales\nl_nl\Photodownloader.ini
[2012.03.13 11:42:04 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6\apd\shared_assets\locales\no_no\Photodownloader.ini
[2012.03.13 11:42:04 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6\apd\shared_assets\locales\pt_br\Photodownloader.ini
[2012.03.13 11:42:04 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6\apd\shared_assets\locales\sv_se\Photodownloader.ini
[2012.03.13 11:42:06 | 000,000,324 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6\apd\shared_assets\locales\zh_cn\Photodownloader.ini
[2012.03.13 11:42:06 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS6\apd\shared_assets\locales\zh_tw\Photodownloader.ini
[2012.02.23 00:11:56 | 000,078,336 | ---- | M] () -- \Program Files\Common Files\Adobe\dynamiclinkmediaserver\1.0\MXF_SDK_MetaMetadata_BinaryLoader_4.4.3.dll
[2012.02.23 00:11:56 | 000,155,136 | ---- | M] () -- \Program Files\Common Files\Adobe\dynamiclinkmediaserver\1.0\MXF_SDK_MetaMetadata_XSDLoader2_4.4.3.dll
[2012.02.23 00:11:56 | 000,117,248 | ---- | M] () -- \Program Files\Common Files\Adobe\dynamiclinkmediaserver\1.0\MXF_SDK_MetaMetadata_XSDLoader_4.4.3.dll
[2006.10.26 13:40:34 | 000,057,344 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006.10.26 13:40:34 | 000,005,120 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2015.01.19 17:23:36 | 002,161,440 | ---- | M] () -- \Program Files\IObit\Advanced SystemCare 8\ActionCenterDownloader.exe
[2013.06.04 10:57:24 | 000,057,224 | ---- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2013.06.04 10:57:24 | 000,083,848 | ---- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader.dll
[2014.12.10 03:28:04 | 000,001,701 | ---- | M] () -- \Program Files\Steam\friends\broadcastuploaderrornotification.res
[2014.11.11 20:48:42 | 000,007,825 | ---- | M] () -- \Program Files\Steam\remoteui\static\libs\images\ajax-loader.gif
[2015.06.16 20:43:33 | 000,169,384 | ---- | M] () -- \Program Files\Steam\steamapps\common\Half-Life\cstrike\models\qloader.mdl
[2015.06.16 20:23:44 | 000,352,548 | ---- | M] () -- \Program Files\Steam\steamapps\common\Half-Life\valve\models\loader.mdl
[2015.06.16 20:26:42 | 000,012,764 | ---- | M] () -- \Program Files\Steam\steamapps\common\Half-Life\valve\sound\ambience\loader_hydra1.wav
[2015.06.16 20:29:09 | 000,012,164 | ---- | M] () -- \Program Files\Steam\steamapps\common\Half-Life\valve\sound\ambience\loader_step1.wav
[2015.05.06 19:24:01 | 000,015,670 | ---- | M] () -- \ProgramData\IObit\ASCDownloader\ASC8Downloader.log
[2015.04.17 17:07:23 | 000,001,462 | ---- | M] () -- \ProgramData\IObit\ASCDownloader\ASCInstaller_Downloader.log
[2015.07.24 14:29:50 | 000,210,108 | ---- | M] () -- \ProgramData\IObit\ASCDownloader\Downloader.log
[2012.02.16 14:44:38 | 000,000,404 | ---- | M] () -- \Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.152\deploy\assets\storeImages\layout\small_loader.gif
[2015.05.06 19:24:01 | 000,015,670 | ---- | M] () -- \Users\All Users\IObit\ASCDownloader\ASC8Downloader.log
[2015.04.17 17:07:23 | 000,001,462 | ---- | M] () -- \Users\All Users\IObit\ASCDownloader\ASCInstaller_Downloader.log
[2015.07.24 14:29:50 | 000,210,108 | ---- | M] () -- \Users\All Users\IObit\ASCDownloader\Downloader.log
[2015.06.08 15:52:46 | 000,009,418 | ---- | M] () -- \Users\Zuzanka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.36.2_0\img\gifloader.gif
[2015.07.21 21:26:21 | 000,019,121 | ---- | M] () -- \Users\Zuzanka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K6LVHXB1\AdLoader-288a31a04e1398b1a794975bf93ce9a4.min[1].js
[2015.07.23 09:30:25 | 000,000,404 | ---- | M] () -- \Users\Zuzanka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K6LVHXB1\loader-squares[1].gif
[2015.07.21 21:26:21 | 000,001,980 | ---- | M] () -- \Users\Zuzanka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LD5WG27W\AdLoader[1].htm
[2015.07.23 09:35:51 | 000,050,167 | ---- | M] () -- \Users\Zuzanka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LD5WG27W\loader[1].gif
[2015.07.19 22:47:08 | 000,000,353 | ---- | M] () -- \Users\Zuzanka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LD5WG27W\queryLoader[1].css
[2015.07.24 11:47:35 | 000,000,353 | ---- | M] () -- \Users\Zuzanka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MD3FP84F\queryLoader[1].css
[2015.07.10 20:57:33 | 000,000,353 | ---- | M] () -- \Users\Zuzanka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YN3VPNX3\queryLoader[2].css
[2014.12.12 17:41:17 | 000,012,811 | ---- | M] () -- \Users\Zuzanka\AppData\Local\Overwolf\InstallerCache\preloader_3337.gif
[2014.03.12 21:38:14 | 000,256,288 | ---- | M] () -- \Users\Zuzanka\AppData\Local\Skillbrains\lightshot\5.1.0.15\uploader.dll
[2015.06.05 20:08:42 | 000,072,638 | ---- | M] () -- \Users\Zuzanka\AppData\Local\Skype\Apps\login\images\loader.gif
[2015.06.05 20:08:42 | 000,003,032 | ---- | M] () -- \Users\Zuzanka\AppData\Local\Skype\Apps\login\images\loader.png
[2015.06.05 20:08:42 | 000,006,012 | ---- | M] () -- \Users\Zuzanka\AppData\Local\Skype\Apps\login\images\normal\loader_15fps.gif
[2015.06.05 20:08:42 | 000,021,956 | ---- | M] () -- \Users\Zuzanka\AppData\Local\Skype\Apps\login\images\normal\loader_30fps.gif
[2015.06.05 20:08:42 | 000,009,772 | ---- | M] () -- \Users\Zuzanka\AppData\Local\Skype\Apps\login\images\retina\loader@2x.png
[2013.11.21 20:22:33 | 000,720,680 | ---- | M] () -- \Users\Zuzanka\AppData\Roaming\.technic\modpacks\hexxit\ForgeModLoader-client-0.log
[2013.11.21 20:15:55 | 000,000,000 | ---- | M] () -- \Users\Zuzanka\AppData\Roaming\.technic\modpacks\hexxit\ForgeModLoader-client-0.log.lck
[2013.11.21 19:19:18 | 000,661,109 | ---- | M] () -- \Users\Zuzanka\AppData\Roaming\.technic\modpacks\hexxit\ForgeModLoader-client-1.log
[2013.11.21 18:41:15 | 000,616,493 | ---- | M] () -- \Users\Zuzanka\AppData\Roaming\.technic\modpacks\hexxit\ForgeModLoader-client-2.log
[2014.12.09 23:02:12 | 000,448,096 | ---- | M] () -- \Users\Zuzanka\AppData\Roaming\.technic\modpacks\tekkitlite\ForgeModLoader-client-0.log
[2014.12.09 22:48:56 | 000,000,000 | ---- | M] () -- \Users\Zuzanka\AppData\Roaming\.technic\modpacks\tekkitlite\ForgeModLoader-client-0.log.lck
[2013.11.21 20:29:08 | 000,522,606 | ---- | M] () -- \Users\Zuzanka\AppData\Roaming\.technic\modpacks\tekkitmain\ForgeModLoader-client-0.log
[2013.11.21 20:26:19 | 000,000,000 | ---- | M] () -- \Users\Zuzanka\AppData\Roaming\.technic\modpacks\tekkitmain\ForgeModLoader-client-0.log.lck
[2013.08.29 23:43:49 | 000,082,784 | ---- | M] () -- \Windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
[2009.07.14 14:25:34 | 002,202,645 | R--- | M] () -- \Windows\Setup\SCRIPTS\Windows7Loader.exe
[2015.05.09 05:08:08 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[3 \Windows\System32\*.tmp files -> \Windows\System32\*.tmp -> ]
[2015.02.16 09:46:46 | 000,012,532 | ---- | M] () -- \Windows\System32\Adobe\Shockwave 12\shockwave_Projector_Loader.dcr
[2009.07.14 06:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2015.03.11 21:56:38 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18741_cs-cz_352654f75b66aedd.manifest
[2015.03.11 21:56:38 | 000,034,744 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18741_cs-cz_352654f75b66aedd_winload.exe.mui_3bc5b827
[2015.03.11 21:56:38 | 000,030,136 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18741_cs-cz_352654f75b66aedd_winresume.exe.mui_ff8b5358
[2015.03.11 21:56:44 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18741_none_5d0aa07fcb041510.manifest
[2015.03.11 21:56:45 | 000,521,384 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18741_none_5d0aa07fcb041510_winload.exe_75835076
[2015.03.11 21:56:45 | 000,455,752 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18741_none_5d0aa07fcb041510_winresume.exe_85cd1215
[2009.07.14 04:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 04:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2015.05.06 19:49:24 | 000,000,612 | ---- | M] () -- \Windows\winsxs\FileMaps\programdata_microsoft_diagnosis_asimovuploader_0413bca0c3dfdda4.cdf-ms
[2009.07.14 10:42:11 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2014.07.08 23:41:55 | 000,002,777 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18526_cs-cz_3540f2755b51fb60.manifest
[2015.02.03 05:54:10 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18741_cs-cz_352654f75b66aedd.manifest
[2014.07.08 23:42:00 | 000,002,777 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22736_cs-cz_35bfc13a7477b442.manifest
[2014.12.13 03:50:10 | 000,002,777 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22908_cs-cz_35e2355e745d8d6b.manifest
[2015.01.13 00:09:15 | 000,002,777 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22921_cs-cz_35c59380747413ec.manifest
[2015.01.16 08:24:33 | 000,002,777 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22923_cs-cz_35c794147472469a.manifest
[2015.01.27 06:12:13 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22943_cs-cz_35b1f43c74827e7c.manifest
[2015.02.03 06:04:47 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22948_cs-cz_35b6f5ae747dfd2f.manifest
[2015.03.17 07:30:44 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23002_cs-cz_35dc0bc4746328a3.manifest
[2015.05.06 19:48:39 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23040_cs-cz_35aecb80748565b9.manifest
[2015.05.25 20:50:50 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23072_cs-cz_35905c50749bec3a.manifest
[2010.11.20 05:02:40 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2014.08.19 05:02:10 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18574_none_5ced2dcdcb19ba9a.manifest
[2015.02.03 05:32:58 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18741_none_5d0aa07fcb041510.manifest
[2014.08.19 05:09:35 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22780_none_5d67fb6ae4430e20.manifest
[2014.12.12 08:03:57 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22908_none_5dc680e6e3faf39e.manifest
[2015.01.12 05:35:19 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22921_none_5da9df08e4117a1f.manifest
[2015.01.14 08:45:13 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22923_none_5dabdf9ce40faccd.manifest
[2015.01.27 05:51:15 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22943_none_5d963fc4e41fe4af.manifest
[2015.02.03 05:54:42 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22948_none_5d9b4136e41b6362.manifest
[2015.03.17 07:06:11 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23002_none_5dc0574ce4008ed6.manifest
[2015.05.06 19:48:39 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23040_none_5d931708e422cbec.manifest
[2015.05.25 20:35:55 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23072_none_5d74a7d8e439526d.manifest
[2009.07.14 03:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.05.09 05:08:08 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18847_none_0c9bd9e5da27bd35\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:46:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_0d04f7bcf35dc79a\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 07:53:29 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_0d3fdb3af3327f5f\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.03.04 12:35:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22616_none_0d44e078f32df860\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.04.12 04:03:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_0d169feaf3511c1f\api-ms-win-core-libraryloader-l1-1-0.dll
[2015.05.09 07:34:47 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23049_none_0d274f66f343c2ef\api-ms-win-core-libraryloader-l1-1-0.dll

< End of report >

Re: 90 - 100 % RAM svchost.exe

Napsal: 24 črc 2015 14:57
od pteryx
OTL Extras logfile created on: 24.7.2015 14:42:23 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Zuzanka\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17914)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 0,57 Gb Available Physical Memory | 28,44% Memory free
4,00 Gb Paging File | 2,04 Gb Available in Paging File | 50,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 33,31 Gb Free Space | 34,15% Space Free | Partition Type: NTFS
Drive D: | 135,22 Gb Total Space | 116,11 Gb Free Space | 85,87% Space Free | Partition Type: NTFS

Computer Name: ZUZANKA-PC | User Name: Zuzanka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = OperaStable] -- Reg Error: Key error. File not found
.js [@ = JSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.txt [@ = Word Reader-TXT] -- Reg Error: Key error. File not found
.vbe [@ = VBEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4206785621-3798105966-3841772347-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\launcher.exe" -noautoupdate -- "%1"
https [open] -- "C:\Program Files\Opera\launcher.exe" -noautoupdate -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06D457BA-D7EB-4CFE-A6C6-D5AB60B654B3}" = rport=138 | protocol=17 | dir=out | app=system |
"{0D9A72D4-A37E-4F49-9E88-567330DEA7CC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{11DF9060-0D10-45AB-AC70-1546ADFFA0BA}" = lport=138 | protocol=17 | dir=in | app=system |
"{224A046D-CA38-434B-92AC-26640CD3FCF0}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"{258F4A49-29C6-454B-8183-FE8F959DD073}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{290EBB17-40C1-41ED-A03B-203140A9E07A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{374C9322-7B93-47B6-AF65-DAA8A2120F5E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3CE94607-A08A-4D4D-8D8E-490FD29C2B81}" = lport=137 | protocol=17 | dir=in | app=system |
"{4A60FBEA-53A2-4D6A-B0C8-F303EC13AB64}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6020723A-2F95-4E2E-9F9C-09F2075547BC}" = lport=445 | protocol=6 | dir=in | app=system |
"{61FECED3-A720-47E0-8983-EB8AEA325521}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{658A7B77-7E03-4140-B549-2736D9587DFD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{667D9C8B-8811-440A-B9E8-5C6C888C0648}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9DE72347-7E0E-41AF-BFBF-12A3EFDF3964}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9E469360-BA45-4899-9A4F-82A4A2A141B5}" = rport=137 | protocol=17 | dir=out | app=system |
"{CE0487C5-FAF2-493C-87F6-91ACE0BFD28E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D9E6558F-3A92-4CA0-B575-F92F9E3E0DD4}" = rport=445 | protocol=6 | dir=out | app=system |
"{DD083EB1-A09C-4099-B096-92010B38CE10}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E7A5695A-3A20-4C5E-AAA9-7BD098F28587}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EE8F41FA-597B-47B1-80B6-852990BD9823}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{EEB628F4-9A94-43A6-83BB-212FD151E0A7}" = lport=139 | protocol=6 | dir=in | app=system |
"{FBAB7428-4B70-4285-884E-02E6DF3ED43D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FE9C745B-0153-42F7-8812-9C387C9C6601}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C0005F9-0F01-4035-9068-7DC8B1A63557}" = protocol=17 | dir=in | app=c:\users\zuzanka\appdata\roaming\utorrent\utorrent.exe |
"{117F1139-EBF3-494C-8385-A494B5D30ED7}" = protocol=6 | dir=in | app=c:\users\zuzanka\appdata\roaming\utorrent\utorrent.exe |
"{17CB8B1A-A1D5-47F0-90B5-D3B28AF12D0D}" = protocol=6 | dir=in | app=c:\program files\heroes of the storm\versions\base36144\heroesofthestorm.exe |
"{1E2D4DBB-9C58-47B2-99F1-1A5E4B21F890}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{25ECA7E7-9002-4191-81FD-6990A4ABEBE7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2AF9ABD3-C4A7-401E-BF0F-8559E01734D4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2D3E5E5F-2B68-470A-8705-9E6D55140662}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3287BEC8-1065-4E48-B610-CC884C0E99BB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{33520F70-C189-4796-AC2F-972C761AFE2E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2737\agent.exe |
"{33E6F4DE-F21E-4F0A-B409-57100E54CFC3}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{3E1820A4-DFD6-46F4-9942-C373CA4B52C9}" = protocol=6 | dir=in | app=c:\users\zuzanka\appdata\roaming\utorrent\utorrent.exe |
"{3E4FC3BD-84D3-484B-A91C-6B2322A29928}" = protocol=6 | dir=in | app=c:\program files\battle.net\battle.net.exe |
"{46AEB7FA-4B8C-436D-B9C0-BAE6D297A267}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4B43AC09-8188-4071-B725-7B6DFC93608B}" = protocol=17 | dir=in | app=c:\program files\teamviewer\teamviewer_service.exe |
"{4C80517A-15EB-4315-98C5-430A37A07F32}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2753\agent.exe |
"{4FA02E25-3D8C-4902-87BE-25A1C3CF4638}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{66A88DFE-51D1-46B1-8BB2-43B3C388EAB4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{66DE5D99-5857-4A0F-88CE-36C64C3365AB}" = protocol=6 | dir=in | app=c:\program files\teamviewer\teamviewer.exe |
"{67166FC7-4E15-43D9-9717-C16B7E87D9C2}" = protocol=6 | dir=in | app=c:\program files\steam\bin\steamwebhelper.exe |
"{72D84145-EEB4-45E9-9094-8B42069625C9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{790F0D6B-9A3E-4A58-A225-7912A6776B13}" = protocol=6 | dir=in | app=c:\program files\teamviewer\teamviewer_service.exe |
"{7B3B1266-F2F3-47DC-9A68-EA9EDD0D2822}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7F8F2122-359F-4A0C-91E5-A7F6F2D5EA90}" = protocol=17 | dir=in | app=c:\program files\steam\bin\steamwebhelper.exe |
"{87012649-5A4B-49C8-B1D2-2DDADB63A9B1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\half-life\hl.exe |
"{871984E2-E6D0-4C99-827E-EA2FA25854D4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{87F4153C-9D7F-4E5B-BE5F-A8E9B5D7AD10}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8B7D0B80-8FF2-4606-A023-45596A52564E}" = protocol=17 | dir=in | app=c:\program files\heroes of the storm\versions\base36144\heroesofthestorm.exe |
"{922E86B1-9BDC-49C5-9235-0AE01DD93131}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{94D956A9-3725-496E-9A20-6C0F615E82AF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{9742FDCC-3A01-4EDA-9E42-A5A978762D45}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A506E82D-B910-4043-B146-EE471D452A76}" = protocol=17 | dir=in | app=c:\program files\hearthstone\hearthstone.exe |
"{B2B06127-31F6-4382-BD1F-77E1075073A6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B366143E-5E62-4C19-8CF5-0DE4B464A1FC}" = protocol=6 | dir=out | app=system |
"{C3B3EB9E-BA32-4907-8302-9FE6D06F762C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D2FA7F15-A425-4EFF-BE81-13D91471B24F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2737\agent.exe |
"{D4ACC319-6F83-44EA-AB33-130EFFFDC2C0}" = protocol=6 | dir=in | app=c:\program files\hearthstone\hearthstone.exe |
"{D4CC5A81-D50D-4629-8A2C-89ACE4C92F03}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DA5A0418-1BB5-4FBA-B8D1-15D2D6220CCD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DB1C4D10-3880-4EB0-88A9-D41A9D0FFEE0}" = protocol=17 | dir=in | app=c:\program files\battle.net\battle.net.exe |
"{DDB07507-A48E-4AEF-8EE5-1DECFA48B9D1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\half-life\hl.exe |
"{E4C7EF34-D861-423B-B767-FB498C6F9E30}" = protocol=17 | dir=in | app=c:\program files\teamviewer\teamviewer.exe |
"{EA14C49D-73D7-4B24-B772-BE9BBA054ECA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F667CB07-D001-459D-AFEE-11C754741067}" = protocol=17 | dir=in | app=c:\users\zuzanka\appdata\roaming\utorrent\utorrent.exe |
"{FBA2A06A-5623-4E1C-A228-AB4DF0639160}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2753\agent.exe |
"{FFE5F881-7495-4CD3-B03E-2AC47047744F}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"TCP Query User{2D97269F-C4EB-41BE-931A-C8EECCBC8D93}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{52454E17-F7C3-4396-B3F7-C3D54D647DBC}D:\program files\minecraft\runtime\jre-x32\1.8.0_25\bin\javaw.exe" = protocol=6 | dir=in | app=d:\program files\minecraft\runtime\jre-x32\1.8.0_25\bin\javaw.exe |
"TCP Query User{8CFF227F-1913-4430-94D8-A95BD488F678}D:\documents and settings\dokumenty\minecraft 1.6.1\runtime\jre-x32\1.8.0_25\bin\javaw.exe" = protocol=6 | dir=in | app=d:\documents and settings\dokumenty\minecraft 1.6.1\runtime\jre-x32\1.8.0_25\bin\javaw.exe |
"TCP Query User{9A8DF7ED-A30D-430A-84BF-95EED9687FA5}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{F2EA7A55-D8EF-4C72-936A-BFD149DF34D0}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{5CF3EB37-2512-4791-9839-CF17F3EEC438}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{7A7178E1-06CA-4525-882A-8A343D23C8AF}D:\program files\minecraft\runtime\jre-x32\1.8.0_25\bin\javaw.exe" = protocol=17 | dir=in | app=d:\program files\minecraft\runtime\jre-x32\1.8.0_25\bin\javaw.exe |
"UDP Query User{8B1FA614-6DFE-4908-9F80-11C80AE9C641}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{9CBCAC81-59C5-4306-97C8-573D4E91B88A}D:\documents and settings\dokumenty\minecraft 1.6.1\runtime\jre-x32\1.8.0_25\bin\javaw.exe" = protocol=17 | dir=in | app=d:\documents and settings\dokumenty\minecraft 1.6.1\runtime\jre-x32\1.8.0_25\bin\javaw.exe |
"UDP Query User{EB6C486D-666A-4885-B646-437285538567}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 7.6
"{26A24AE4-039D-4CA4-87B4-2F03217080FF}" = Java 7 Update 80
"{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1" = lightshot-5.1.0.15
"{3282FBE1-35FC-48D8-98CA-115A5EF1F9B4}" = NVIDIA PhysX
"{3911CF56-9EF2-39BA-846A-C27BD3CD0685}" = Microsoft .NET Framework 4.5.2
"{4869414E-7AEA-4C8E-BE1C-8D40977FD517}" = Adobe Illustrator CS6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62618F58-EDD0-40A1-8CFE-DA8DA93576E4}" = ESET NOD32 Antivirus
"{69EDC871-8A8A-34A8-B511-FF7CE3C4B0B7}" = Microsoft .NET Framework 4.5.2 (CSY)
"{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{0B7A4B67-2A38-42B1-9857-662FAB361E08}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{FDF9A959-241A-4662-A8DE-7DED9C22D160}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029" = Microsoft .NET Framework 4.5.2 (čeština)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 334.89
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Ovladač řídící jednotky 3D Vision 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Systémový software PhysX 9.13.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizace NVIDIA 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{DA60AB6B-6C9C-4B5F-BC61-3B0D9BCBD50B}" = WinFast Dongle Mini Device Utilities
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 17 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"Advanced SystemCare 8_is1" = Advanced SystemCare 8
"Battle.net" = Battle.net
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"Hearthstone" = Hearthstone
"Heroes of the Storm" = Heroes of the Storm
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"IObit Surfing Protection_is1" = Surfing Protection
"IObitUninstall" = IObit Uninstaller
"RocketDock_is1" = RocketDock 1.3.5
"Steam" = Steam
"Steam App 10" = Counter-Strike
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer" = TeamViewer 10
"TVRTLDrv" = WinFast DTV Dongle Mini
"VLC media player" = VLC media player
"WinRAR archiver" = WinRAR 4.20 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4206785621-3798105966-3841772347-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1" = World of Tanks
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 20.4.2015 22:10:15 | Computer Name = Zuzanka-PC | Source = AdvancedSystemCareService8 | ID = 0
Description =

Error - 21.4.2015 2:49:51 | Computer Name = Zuzanka-PC | Source = AdvancedSystemCareService8 | ID = 0
Description =

Error - 21.4.2015 9:12:42 | Computer Name = Zuzanka-PC | Source = AdvancedSystemCareService8 | ID = 0
Description =

Error - 21.4.2015 9:12:42 | Computer Name = Zuzanka-PC | Source = AdvancedSystemCareService8 | ID = 0
Description =

Error - 21.4.2015 17:10:18 | Computer Name = Zuzanka-PC | Source = AdvancedSystemCareService8 | ID = 0
Description =

Error - 21.4.2015 17:10:18 | Computer Name = Zuzanka-PC | Source = AdvancedSystemCareService8 | ID = 0
Description =

Error - 22.4.2015 4:07:14 | Computer Name = Zuzanka-PC | Source = AdvancedSystemCareService8 | ID = 0
Description =

Error - 22.4.2015 4:07:15 | Computer Name = Zuzanka-PC | Source = AdvancedSystemCareService8 | ID = 0
Description =

Error - 22.4.2015 22:19:36 | Computer Name = Zuzanka-PC | Source = AdvancedSystemCareService8 | ID = 0
Description =

Error - 22.4.2015 22:19:36 | Computer Name = Zuzanka-PC | Source = AdvancedSystemCareService8 | ID = 0
Description =

[ Media Center Events ]
Error - 14.4.2014 9:22:31 | Computer Name = Zuzanka-PC | Source = MCUpdate | ID = 0
Description = 15:22:30 - Chyba při připojování k Internetu 15:22:30 - Nelze kontaktovat
server..

[ System Events ]
Error - 20.7.2015 3:14:35 | Computer Name = Zuzanka-PC | Source = NetBT | ID = 4311
Description = Inicializace se nezdařila, protože ovladač zařízení nemohl být vytvořen.
K
identifikaci rozhraní, jehož inicializace se nezdařila, lze použít řetězec 8C89A56F02AE.
Je reprezentován adresou MAC tohoto rozhraní nebo globálně jedinečným identifikátorem
(GUID), pokud nemohlo rozhraní NetBT získat adresu MAC podle identifikátoru GUID.
Pokud nebyla k dispozici adresa MAC ani identifikátor GUID, je řetězec reprezentován
názvem zařízení clusteru.

Error - 20.7.2015 3:14:35 | Computer Name = Zuzanka-PC | Source = NetBT | ID = 4311
Description = Inicializace se nezdařila, protože ovladač zařízení nemohl být vytvořen.
K
identifikaci rozhraní, jehož inicializace se nezdařila, lze použít řetězec 8C89A56F02AE.
Je reprezentován adresou MAC tohoto rozhraní nebo globálně jedinečným identifikátorem
(GUID), pokud nemohlo rozhraní NetBT získat adresu MAC podle identifikátoru GUID.
Pokud nebyla k dispozici adresa MAC ani identifikátor GUID, je řetězec reprezentován
názvem zařízení clusteru.

Error - 21.7.2015 1:54:50 | Computer Name = Zuzanka-PC | Source = NetBT | ID = 4311
Description = Inicializace se nezdařila, protože ovladač zařízení nemohl být vytvořen.
K
identifikaci rozhraní, jehož inicializace se nezdařila, lze použít řetězec 8C89A56F02AE.
Je reprezentován adresou MAC tohoto rozhraní nebo globálně jedinečným identifikátorem
(GUID), pokud nemohlo rozhraní NetBT získat adresu MAC podle identifikátoru GUID.
Pokud nebyla k dispozici adresa MAC ani identifikátor GUID, je řetězec reprezentován
názvem zařízení clusteru.

Error - 21.7.2015 1:54:50 | Computer Name = Zuzanka-PC | Source = NetBT | ID = 4311
Description = Inicializace se nezdařila, protože ovladač zařízení nemohl být vytvořen.
K
identifikaci rozhraní, jehož inicializace se nezdařila, lze použít řetězec 8C89A56F02AE.
Je reprezentován adresou MAC tohoto rozhraní nebo globálně jedinečným identifikátorem
(GUID), pokud nemohlo rozhraní NetBT získat adresu MAC podle identifikátoru GUID.
Pokud nebyla k dispozici adresa MAC ani identifikátor GUID, je řetězec reprezentován
názvem zařízení clusteru.

Error - 22.7.2015 2:46:31 | Computer Name = Zuzanka-PC | Source = NetBT | ID = 4311
Description = Inicializace se nezdařila, protože ovladač zařízení nemohl být vytvořen.
K
identifikaci rozhraní, jehož inicializace se nezdařila, lze použít řetězec 8C89A56F02AE.
Je reprezentován adresou MAC tohoto rozhraní nebo globálně jedinečným identifikátorem
(GUID), pokud nemohlo rozhraní NetBT získat adresu MAC podle identifikátoru GUID.
Pokud nebyla k dispozici adresa MAC ani identifikátor GUID, je řetězec reprezentován
názvem zařízení clusteru.

Error - 22.7.2015 2:46:31 | Computer Name = Zuzanka-PC | Source = NetBT | ID = 4311
Description = Inicializace se nezdařila, protože ovladač zařízení nemohl být vytvořen.
K
identifikaci rozhraní, jehož inicializace se nezdařila, lze použít řetězec 8C89A56F02AE.
Je reprezentován adresou MAC tohoto rozhraní nebo globálně jedinečným identifikátorem
(GUID), pokud nemohlo rozhraní NetBT získat adresu MAC podle identifikátoru GUID.
Pokud nebyla k dispozici adresa MAC ani identifikátor GUID, je řetězec reprezentován
názvem zařízení clusteru.

Error - 23.7.2015 10:34:28 | Computer Name = Zuzanka-PC | Source = NetBT | ID = 4311
Description = Inicializace se nezdařila, protože ovladač zařízení nemohl být vytvořen.
K
identifikaci rozhraní, jehož inicializace se nezdařila, lze použít řetězec 8C89A56F02AE.
Je reprezentován adresou MAC tohoto rozhraní nebo globálně jedinečným identifikátorem
(GUID), pokud nemohlo rozhraní NetBT získat adresu MAC podle identifikátoru GUID.
Pokud nebyla k dispozici adresa MAC ani identifikátor GUID, je řetězec reprezentován
názvem zařízení clusteru.

Error - 23.7.2015 10:34:28 | Computer Name = Zuzanka-PC | Source = NetBT | ID = 4311
Description = Inicializace se nezdařila, protože ovladač zařízení nemohl být vytvořen.
K
identifikaci rozhraní, jehož inicializace se nezdařila, lze použít řetězec 8C89A56F02AE.
Je reprezentován adresou MAC tohoto rozhraní nebo globálně jedinečným identifikátorem
(GUID), pokud nemohlo rozhraní NetBT získat adresu MAC podle identifikátoru GUID.
Pokud nebyla k dispozici adresa MAC ani identifikátor GUID, je řetězec reprezentován
názvem zařízení clusteru.

Error - 24.7.2015 8:28:08 | Computer Name = Zuzanka-PC | Source = NetBT | ID = 4311
Description = Inicializace se nezdařila, protože ovladač zařízení nemohl být vytvořen.
K
identifikaci rozhraní, jehož inicializace se nezdařila, lze použít řetězec 8C89A56F02AE.
Je reprezentován adresou MAC tohoto rozhraní nebo globálně jedinečným identifikátorem
(GUID), pokud nemohlo rozhraní NetBT získat adresu MAC podle identifikátoru GUID.
Pokud nebyla k dispozici adresa MAC ani identifikátor GUID, je řetězec reprezentován
názvem zařízení clusteru.

Error - 24.7.2015 8:28:08 | Computer Name = Zuzanka-PC | Source = NetBT | ID = 4311
Description = Inicializace se nezdařila, protože ovladač zařízení nemohl být vytvořen.
K
identifikaci rozhraní, jehož inicializace se nezdařila, lze použít řetězec 8C89A56F02AE.
Je reprezentován adresou MAC tohoto rozhraní nebo globálně jedinečným identifikátorem
(GUID), pokud nemohlo rozhraní NetBT získat adresu MAC podle identifikátoru GUID.
Pokud nebyla k dispozici adresa MAC ani identifikátor GUID, je řetězec reprezentován
názvem zařízení clusteru.


< End of report >

Re: 90 - 100 % RAM svchost.exe

Napsal: 24 črc 2015 18:06
od Rudy
Váš oper systém legální není, z čehož vyplývá, že vám nepomůžeme. Viz pravidla: http://forum.viry.cz/viewtopic.php?f=12&t=115512 .
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz