VIRY.CZ

Zdravim,prosím,o překontrolování mého logu na notebooku Acer s Windows 7 díky.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-12-2015
Ran by Paja (administrator) on PAJA-NOTEBOOK (02-01-2016 22:49:23)
Running from D:\Stažené soubory
Loaded Profiles: Paja (Available Profiles: Paja)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Nainstalovano\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Nainstalovano\Power DVD 13\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe
(CyberLink) C:\Nainstalovano\Power DVD 13\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe
(Ellora Assets Corp.) C:\Nainstalovano\Freemake\CaptureLib\CaptureLibService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Nainstalovano\reaConverter 7 Standard\rc_service.exe
() C:\Nainstalovano\ProShow\scsiaccess.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(SlimWare Utilities, Inc.) C:\Program Files\SlimDrivers\SlimDrivers.exe
(AVAST Software) C:\Nainstalovano\Avast\AvastUI.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(CyberLink Corp.) C:\Nainstalovano\Power DVD 13\PowerDVD13\PowerDVD13Agent.exe
(Microsoft Corporation) C:\Nainstalovano\Microsoft Office Enterprise 2007\Office12\GrooveMonitor.exe
(NEC Electronics Corporation) C:\Program Files\Western Digital\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(PowerISO Computing, Inc.) C:\Nainstalovano\PowerISO\PWRISOVM.EXE
() C:\Program Files\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(iSkySoft) C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(Apple Inc.) C:\Nainstalovano\Itunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ZONER software) C:\Nainstalovano\Photo Studio 17\Program32\ZPSTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
() C:\Users\Paja\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Nainstalovano\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Nainstalovano\Avast\AvastUI.exe [7021880 2015-12-18] (AVAST Software)
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2000-01-01] (Realtek Semiconductor)
HKLM\...\Run: [PowerDVD13Agent] => C:\Nainstalovano\Power DVD 13\PowerDVD13\PowerDVD13Agent.exe [517144 2013-10-23] (CyberLink Corp.)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Run: [GrooveMonitor] => C:\Nainstalovano\Microsoft Office Enterprise 2007\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM\...\Run: [NUSB3MON] => C:\Program Files\Western Digital\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-20] (NEC Electronics Corporation)
HKLM\...\Run: [PWRISOVM.EXE] => C:\Nainstalovano\PowerISO\PWRISOVM.EXE [200704 2006-12-25] (PowerISO Computing, Inc.)
HKLM\...\Run: [ProductUpdater] => C:\Program Files\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [62464 2015-06-18] ()
HKLM\...\Run: [ChicoSys] => C:\Windows\system32\cc32\webtmr.exe
HKLM\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft)
HKLM\...\Run: [DelaypluginInstall] => C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe [1960248 2015-10-29] ()
HKLM\...\Run: [iTunesHelper] => C:\Nainstalovano\Itunes\iTunesHelper.exe [157456 2015-10-16] (Apple Inc.)
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
HKU\S-1-5-21-203695958-539750940-1501531493-1000\...\Run: [DAEMON Tools Lite] => C:\Nainstalovano\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-203695958-539750940-1501531493-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Paja\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-203695958-539750940-1501531493-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Paja\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-203695958-539750940-1501531493-1000\...\Run: [PowerDVD13] => C:\Nainstalovano\Power DVD 13\PowerDVD13\PDVDLP.exe [470792 2013-10-23] (CyberLink Corp.)
HKU\S-1-5-21-203695958-539750940-1501531493-1000\...\Run: [Super MP3 Download] => C:\Nainstalovano\SuperMp3Download\SuperMp3Download.exe
HKU\S-1-5-21-203695958-539750940-1501531493-1000\...\Run: [Zoner Photo Studio Autoupdate] => C:\NAINSTALOVANO\PHOTO STUDIO 17\Program32\ZPSTRAY.EXE [563416 2015-07-12] (ZONER software)
HKU\S-1-5-21-203695958-539750940-1501531493-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-203695958-539750940-1501531493-1000\...\Policies\system: [DisableClock] 0
HKU\S-1-5-21-203695958-539750940-1501531493-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-203695958-539750940-1501531493-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-203695958-539750940-1501531493-1000\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-21-203695958-539750940-1501531493-1000\...\MountPoints2: {a502a618-d5c3-11e3-85c8-00238b4d4eb9} - I:\Unlock.exe autoplay=true
HKU\S-1-5-21-203695958-539750940-1501531493-1000\...\MountPoints2: {fed0b4e4-c241-11e3-9ac1-00238b4d4eb9} - F:\Unlock.exe autoplay=true
IFEO: [Debugger] logonui.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Nainstalovano\Avast\ashShell.dll [2015-12-18] (AVAST Software)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Nainstalovano\Microsoft Office Enterprise 2007\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Nainstalovano\Microsoft Office Enterprise 2007\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Nainstalovano\Microsoft Office Enterprise 2007\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Nainstalovano\Microsoft Office Enterprise 2007\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Nainstalovano\Microsoft Office Enterprise 2007\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-06-16]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-203695958-539750940-1501531493-1000] => 127.0.0.1:8118
AutoConfigURL: [S-1-5-21-203695958-539750940-1501531493-1000] => 127.0.0.1:8118
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{40DC63AB-CEE4-4DC9-B408-F49CC64F1E51}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4BC8D7B9-962E-4783-9952-1E606FCB20A9}: [NameServer] 10.1.1.0,10.1.1.100

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKLM -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = hxxps://gosearch.me/?q={searchTerms}&u=8a2ccd6e0fb051f271b9fdac2c41a2ef&c=DP3221&src=srch&inst=1442925936
SearchScopes: HKU\S-1-5-21-203695958-539750940-1501531493-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_6826&q={searchTerms}
SearchScopes: HKU\S-1-5-21-203695958-539750940-1501531493-1000 -> 1500C81568E2C9D8F17E29C71ECBB74C URL = hxxp://videa.seznam.cz/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-203695958-539750940-1501531493-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_6826&q={searchTerms}
SearchScopes: HKU\S-1-5-21-203695958-539750940-1501531493-1000 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = hxxps://gosearch.me/?q={searchTerms}&u=8a2ccd6e0fb051f271b9fdac2c41a2ef&c=DP3221&src=srch&inst=1442925936
SearchScopes: HKU\S-1-5-21-203695958-539750940-1501531493-1000 -> {277CAC54-E9ED-4D8D-A5EE-B68C989B0702} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_13415
SearchScopes: HKU\S-1-5-21-203695958-539750940-1501531493-1000 -> {689B78F0-8B45-4ECB-9281-07C3EDCB4AC9} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_13415
SearchScopes: HKU\S-1-5-21-203695958-539750940-1501531493-1000 -> {8C0F53C9-4A67-405B-A162-47CB1D92A819} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_13415
SearchScopes: HKU\S-1-5-21-203695958-539750940-1501531493-1000 -> {ABE66342-AAA7-446E-A568-33A94614EBF0} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_13415
SearchScopes: HKU\S-1-5-21-203695958-539750940-1501531493-1000 -> {BC7A8C3E-1862-46C6-AB34-E0AE9DAE2F9F} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_13415
SearchScopes: HKU\S-1-5-21-203695958-539750940-1501531493-1000 -> {DC0205BF-941D-4EF3-A735-94D96E507A52} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_13415
SearchScopes: HKU\S-1-5-21-203695958-539750940-1501531493-1000 -> {E3BF7B2D-C987-462D-9BF9-92F2FCC615DA} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13415
SearchScopes: HKU\S-1-5-21-203695958-539750940-1501531493-1000 -> {EF7216C8-7796-4135-8706-0946085FD933} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_13415
BHO: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Nainstalovano\Microsoft Office Enterprise 2007\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Nainstalovano\Avast\aswWebRepIE.dll [2015-12-18] (AVAST Software)
BHO: iSkysoft iMedia Converter Deluxe 5.1.0 -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> C:\ProgramData\iSkysoft\Video Converter Ultimate\WSBrowserAppMgr.dll [2015-10-29] (Wondershare)
BHO: No Name -> {D5FEC983-01DB-414A-9456-AF95AC9ED7B5} -> No File
Toolbar: HKU\S-1-5-21-203695958-539750940-1501531493-1000 -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Nainstalovano\Microsoft Office Enterprise 2007\Office12\GrooveSystemServices.dll [2006-10-26] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL No File
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL No File
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL No File
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.piesearch.com/?type=sc&ts=145123009 ... 0e25ff60bc

FireFox:
========
FF ProfilePath: C:\Users\Paja\AppData\Roaming\Mozilla\Firefox\Profiles\3456uct3.default
FF Homepage: hxxps://www.seznam.cz/
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-28] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Nainstalovano\Itunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [No File]
FF Plugin: @photodex.com/PhotodexPresenter -> C:\Program Files\Photodex Presenter\npPxPlay.dll [2014-11-11] ( )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Nainstalovano\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Nainstalovano\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Extension: Seznam lištička - C:\Users\Paja\AppData\Roaming\Mozilla\Firefox\Profiles\3456uct3.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2015-12-12]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Nainstalovano\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Nainstalovano\Avast\WebRep\FF [2015-12-18]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Nainstalovano\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Nainstalovano\Avast\SafePrice\FF [2015-12-18]
FF HKLM\...\Firefox\Extensions: [ISVCU@iSkysoft.com] - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com
FF Extension: iSkysoft iMedia Converter Deluxe - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com [2015-10-29] [not signed]
FF HKU\S-1-5-21-203695958-539750940-1501531493-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => not found
StartMenuInternet: FIREFOX.EXE - C:\Nainstalovano\Mozilla Firefox\firefox.exe hxxp://www.piesearch.com/?type=sc&ts=145123009 ... 0e25ff60bc

Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxps://www.seznam.cz/"
CHR Profile: C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-13]
CHR Extension: (Disk Google) - C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (Seznam Lištička - Email) - C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2015-02-17]
CHR Extension: (Seznam Lištička - Slovník) - C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2014-04-11]
CHR Extension: (YouTube) - C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Vyhledávání Google) - C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-03]
CHR Extension: (Dokumenty Google offline) - C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-21]
CHR Extension: (Avast Online Security) - C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-03]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-04]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2015-11-03]
CHR Extension: (Gmail) - C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-08]
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Nainstalovano\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-18]
StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe hxxp://www.piesearch.com/?type=sc&ts=145123009 ... 0e25ff60bc

Opera:
=======
OPR StartupUrls: "hxxp://www.seznam.cz/?clid=6826"
StartMenuInternet: (HKLM) OperaStable - C:\Nainstalovano\Opera\Launcher.exe hxxp://www.piesearch.com/?type=sc&ts=145123009 ... 0e25ff60bc

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [62464 2015-03-04] (Microsoft Corporation) [File not signed]
S3 AppIDSvc; C:\Windows\System32\appidsvc.dll [27648 2015-02-03] (Microsoft Corporation) [File not signed]
S3 Appinfo; C:\Windows\System32\appinfo.dll [47104 2015-06-15] (Microsoft Corporation) [File not signed]
R2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [475136 2015-02-03] (Microsoft Corporation) [File not signed]
R2 Audiosrv; C:\Windows\System32\Audiosrv.dll [475136 2015-02-03] (Microsoft Corporation) [File not signed]
R2 avast! Antivirus; C:\Nainstalovano\Avast\AvastSvc.exe [226440 2015-12-18] (AVAST Software)
R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [143872 2015-04-27] (Microsoft Corporation) [File not signed]
R2 CyberLink PowerDVD 13 Media Server Monitor Service; C:\Nainstalovano\Power DVD 13\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2013-10-23] (CyberLink)
R2 CyberLink PowerDVD 13 Media Server Service; C:\Nainstalovano\Power DVD 13\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [327432 2013-10-23] (CyberLink)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [853504 2015-05-25] (Microsoft Corporation) [File not signed]
S3 EFS; C:\Windows\System32\lsass.exe [22528 2015-07-01] (Microsoft Corporation) [File not signed]
R2 FontCache; C:\Windows\system32\FntCache.dll [909312 2015-04-20] (Microsoft Corporation) [File not signed]
R2 FreemakeVideoCapture; C:\Nainstalovano\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-04-17] (Ellora Assets Corp.) [File not signed]
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [102912 2015-06-19] (Microsoft Corporation) [File not signed]
R3 KeyIso; C:\Windows\system32\lsass.exe [22528 2015-07-01] (Microsoft Corporation) [File not signed]
S3 Microsoft Office Groove Audit Service; C:\Nainstalovano\Microsoft Office Enterprise 2007\Office12\GrooveAuditService.exe [65824 2006-10-26] (Microsoft Corporation)
S3 msiserver; C:\Windows\System32\msiexec.exe [73216 2015-06-15] (Microsoft Corporation) [File not signed]
S3 NBService; C:\Nainstalovano\Nero 7\Nero BackItUp\NBService.exe [774144 2006-11-10] (Nero AG) [File not signed]
S3 Netlogon; C:\Windows\system32\lsass.exe [22528 2015-07-01] (Microsoft Corporation) [File not signed]
R2 NlaSvc; C:\Windows\System32\nlasvc.dll [242688 2014-12-06] (Microsoft Corporation) [File not signed]
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15904544 2014-02-05] (NVIDIA Corporation)
R3 PcaSvc; C:\Windows\System32\pcasvc.dll [157184 2015-02-03] (Microsoft Corporation) [File not signed]
R2 ProfSvc; C:\Windows\system32\profsvc.dll [164864 2014-12-19] (Microsoft Corporation) [File not signed]
S3 ProtectedStorage; C:\Windows\system32\lsass.exe [22528 2015-07-01] (Microsoft Corporation) [File not signed]
R2 reaConverter_service; C:\Nainstalovano\reaConverter 7 Standard\rc_service.exe [2129408 2015-06-19] () [File not signed]
R2 SamSs; C:\Windows\system32\lsass.exe [22528 2015-07-01] (Microsoft Corporation) [File not signed]
R2 ScsiAccess; C:\Nainstalovano\ProShow\ScsiAccess.exe [186760 2014-11-11] ()
S3 TermService; C:\Windows\System32\termsrv.dll [523776 2014-10-14] (Microsoft Corporation) [File not signed]
S3 VaultSvc; C:\Windows\system32\lsass.exe [22528 2015-07-01] (Microsoft Corporation) [File not signed]
R3 WdiServiceHost; C:\Windows\system32\wdi.dll [76800 2015-01-09] (Microsoft Corporation) [File not signed]
R3 WdiSystemHost; C:\Windows\system32\wdi.dll [76800 2015-01-09] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 WinRM; C:\Windows\system32\WsmSvc.dll [1177088 2014-10-03] (Microsoft Corporation) [File not signed]
R2 wuauserv; C:\Windows\system32\wuaueng.dll [2057216 2015-07-09] (Microsoft Corporation) [File not signed]
U4 AvastVBoxSvc; "C:\Nainstalovano\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [X]
S2 MustangService_2015_10_10; C:\ProgramData\TempMoudleSet\MustangSer2728.exe [X]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [X]
S2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [243712 2011-08-08] (Windows (R) Win 7 DDK provider)
S3 AppID; C:\Windows\system32\drivers\appid.sys [50176 2015-02-03] (Microsoft Corporation) [File not signed]
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-12-18] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [81168 2015-12-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-12-18] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-12-18] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [794952 2015-12-18] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436360 2015-12-18] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [117712 2015-12-18] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209432 2015-12-18] (AVAST Software)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-04-11] (Disc Soft Ltd)
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [514560 2015-02-25] (Microsoft Corporation) [File not signed]
R3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [55848 2000-01-01] (Atheros Communications, Inc.)
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [116224 2014-12-19] (Microsoft Corporation) [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [124416 2015-07-01] (Microsoft Corporation) [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [225792 2015-07-01] (Microsoft Corporation) [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [98304 2015-07-01] (Microsoft Corporation) [File not signed]
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7517696 2011-08-03] (Intel Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.)
R3 nuvotoncir; C:\Windows\System32\DRIVERS\nuvotoncir.sys [44544 2009-08-31] (Nuvoton Technology Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2013-12-27] (NVIDIA Corporation)
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [593920 2015-02-03] (Microsoft Corporation) [File not signed]
S3 RDPWD; C:\Windows\system32\Drivers\RDPWD.sys [184320 2014-07-17] (Microsoft Corporation) [File not signed]
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [31644 2006-12-25] (PowerISO Computing, Inc.) [File not signed]
R3 SCREAMINGBDRIVER; C:\Windows\System32\drivers\ScreamingBAudio.sys [34896 2014-02-07] (Screaming Bee LLC)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2016-01-02] ()
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [74752 2014-11-11] (Microsoft Corporation) [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [31232 2014-07-17] (Microsoft Corporation) [File not signed]
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2015-06-17] (Apple, Inc.) [File not signed]
R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; C:\Nainstalovano\Power DVD 13\PowerDVD13\Common\NavFilter\000.fcl [76560 2013-10-23] (CyberLink Corp.)
S3 CTIpHook; \SystemRoot\system32\Drivers\CTIpHook.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
U4 VBoxAswDrv; \??\C:\Nainstalovano\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-02 22:49 - 2016-01-02 22:49 - 00000000 ____D C:\FRST
2016-01-02 22:28 - 2016-01-02 22:28 - 00000000 _____ C:\Users\Paja\AppData\Local\{420565C7-551E-4DB4-A42D-D66A5D182EA7}
2016-01-02 22:28 - 2016-01-02 22:28 - 00000000 _____ C:\Users\Paja\AppData\Local\{260E69FE-667F-4EA6-AAA1-CDB82EE17888}
2016-01-02 18:23 - 2016-01-02 18:23 - 00000975 _____ C:\Users\Paja\Desktop\Install Kaspersky Internet Security version 16.0.0.614.lnk
2016-01-02 00:33 - 2015-12-29 01:00 - 319213865 _____ C:\Karel-Gott-2012-z-O2-areny-druhá-čast.webm
2016-01-02 00:32 - 2015-12-29 00:49 - 595946062 _____ C:\Karel Gott - O2 arena, 2012- první část.webm
2016-01-01 22:24 - 2016-01-01 22:25 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Paja\Downloads\mbam-setup-2.1.4.1018 (1).exe
2016-01-01 22:24 - 2016-01-01 22:24 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Paja\Downloads\mbam-setup-2.1.4.1018.exe
2016-01-01 22:12 - 2016-01-01 22:12 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-01-01 22:11 - 2016-01-01 22:12 - 01907824 _____ (Kaspersky Lab) C:\Users\Paja\Downloads\kis16.0.0.614en_8204 (1).exe
2016-01-01 22:11 - 2016-01-01 22:11 - 01907824 _____ (Kaspersky Lab) C:\Users\Paja\Downloads\kis16.0.0.614en_8204.exe
2015-12-31 18:11 - 2015-12-17 20:21 - 00579654 _____ C:\Na kolíčkách 2 2016.bmp
2015-12-29 23:27 - 2015-12-30 00:39 - 00000000 ____D C:\Anička proměny
2015-12-27 16:28 - 2016-01-01 22:43 - 00000000 ____D C:\ProgramData\TempMoudleSet
2015-12-27 16:28 - 2015-12-27 16:28 - 00000270 __RSH C:\ProgramData\ntuser.pol
2015-12-21 23:53 - 2015-12-17 20:18 - 01920054 _____ C:\Přání s textem 4 2016.bmp
2015-12-21 19:12 - 2015-12-21 19:15 - 00000000 ____D C:\dnes 21.12.2015
2015-12-20 22:24 - 2015-12-20 22:24 - 01920054 _____ C:\Přání s textem 3 2016_New.bmp
2015-12-20 22:23 - 2015-12-20 22:25 - 00003812 _____ C:\Přání s textem 3 2016_data.xml
2015-12-20 22:15 - 2015-12-17 20:18 - 01920054 _____ C:\Přání s textem 3 2016.bmp
2015-12-20 20:38 - 2015-12-20 20:50 - 00000000 ____D C:\fotky trhy výběr 2015
2015-12-20 20:13 - 2015-12-22 02:32 - 00000000 ____D C:\Vánoční trhy večer 2015
2015-12-18 17:55 - 2015-12-18 18:02 - 00000000 ____D C:\flash disk z.aloha dnes .18.12.2016
2015-12-18 01:39 - 2015-12-18 01:39 - 00322760 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-12-18 01:39 - 2015-12-18 01:39 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-12-17 21:42 - 2015-12-17 21:42 - 00002593 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
2015-12-17 21:42 - 2015-12-17 21:42 - 00000000 ____D C:\Program Files\Microsoft Office
2015-12-17 21:41 - 2015-12-17 21:41 - 00000000 ____D C:\Program Files\MSECache
2015-12-15 19:37 - 2015-12-15 20:01 - 00000000 ____D C:\Users\Paja\AppData\Roaming\iPhotoDraw
2015-12-15 19:37 - 2015-12-15 19:37 - 00001794 _____ C:\Users\Paja\Desktop\iPhotoDraw 2.0.lnk
2015-12-15 19:37 - 2015-12-15 19:37 - 00000000 ____D C:\Users\Paja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iPhotoDraw 2.0
2015-12-15 18:55 - 2015-12-15 18:55 - 00000000 ____D C:\Users\Paja\AppData\Local\kiwi.software.NET
2015-12-11 00:57 - 2015-12-11 22:52 - 00000000 ____D C:\Users\Paja\AppData\Roaming\Apple Computer
2015-12-11 00:57 - 2015-12-11 00:57 - 00001632 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-12-11 00:57 - 2015-12-11 00:57 - 00000000 ____D C:\Users\Paja\AppData\Local\Apple Computer
2015-12-11 00:57 - 2015-12-11 00:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-12-11 00:57 - 2015-12-11 00:57 - 00000000 ____D C:\ProgramData\Apple Computer
2015-12-11 00:57 - 2015-12-11 00:57 - 00000000 ____D C:\Program Files\iPod
2015-12-11 00:55 - 2015-12-11 00:55 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-12-11 00:55 - 2015-12-11 00:55 - 00000000 ____D C:\Users\Paja\AppData\Local\Apple
2015-12-11 00:55 - 2015-12-11 00:55 - 00000000 ____D C:\Program Files\Bonjour
2015-12-11 00:55 - 2015-12-11 00:55 - 00000000 ____D C:\Program Files\Apple Software Update
2015-12-11 00:54 - 2015-12-11 00:57 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-12-11 00:54 - 2015-12-11 00:55 - 00000000 ____D C:\ProgramData\Apple
2015-12-07 15:23 - 2015-12-07 15:33 - 00000000 ____D C:\Vánoční trhy 2015
2015-12-05 22:23 - 2015-12-05 22:23 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12fa330b3a975.job
2015-12-03 18:39 - 2015-12-03 18:39 - 00000000 ____D C:\Program Files\Common Files\AV

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-02 22:49 - 2009-07-14 03:37 - 00000000 ____D C:\Windows
2016-01-02 22:48 - 2014-04-11 15:32 - 00000000 ____D C:\Users\Paja\AppData\Roaming\Seznam.cz
2016-01-02 22:44 - 2014-04-11 16:05 - 00000384 _____ C:\Windows\Tasks\SlimDrivers Startup.job
2016-01-02 22:43 - 2015-09-22 16:11 - 00013464 _____ C:\Windows\system32\Drivers\SWDUMon.sys
2016-01-02 22:43 - 2014-04-11 15:21 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-02 22:43 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-02 22:42 - 2014-04-11 15:21 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-02 21:57 - 2014-04-11 20:38 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-02 21:55 - 2009-07-14 05:34 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-02 21:55 - 2009-07-14 05:34 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-02 21:18 - 2014-04-11 21:02 - 00000000 ____D C:\Users\Paja\AppData\Roaming\uTorrent
2016-01-02 19:37 - 2010-11-21 02:16 - 00672046 _____ C:\Windows\system32\perfh005.dat
2016-01-02 19:37 - 2010-11-21 02:16 - 00142610 _____ C:\Windows\system32\perfc005.dat
2016-01-02 19:37 - 2010-11-20 22:01 - 01591750 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-02 19:37 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-01-02 01:57 - 2015-11-22 22:54 - 00000000 ____D C:\Users\Paja\AppData\Roaming\vlc
2016-01-02 01:31 - 2015-02-21 21:07 - 00014011 _____ C:\Users\Paja\Desktop\Nový textový dokument (2).txt
2016-01-01 22:49 - 2014-04-11 15:15 - 00000000 ____D C:\Nainstalovano
2016-01-01 22:48 - 2014-06-24 14:04 - 00000000 ____D C:\Users\Paja\AppData\Local\CrashDumps
2015-12-31 22:42 - 2015-10-29 21:41 - 00000000 ____D C:\ProgramData\iSkysoft iMedia Converter Deluxe
2015-12-28 18:58 - 2014-04-11 20:38 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-12-28 18:58 - 2014-04-11 20:38 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-12-28 00:31 - 2014-09-13 09:03 - 00000000 ____D C:\s
2015-12-27 16:28 - 2015-09-22 16:30 - 00002331 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-27 16:28 - 2015-09-19 13:42 - 00000000 ____D C:\Program Files\RayDld
2015-12-27 16:28 - 2014-06-06 10:22 - 00001098 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-12-27 16:28 - 2014-06-06 10:22 - 00001086 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-12-27 16:28 - 2014-04-11 15:40 - 00001078 _____ C:\Users\Public\Desktop\Opera.lnk
2015-12-27 16:28 - 2009-07-14 03:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-12-26 10:51 - 2014-05-02 21:24 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-12-20 01:04 - 2014-04-11 19:07 - 00000000 ____D C:\Users\Paja\AppData\Local\ElevatedDiagnostics
2015-12-20 00:03 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2015-12-18 17:39 - 2014-04-11 15:21 - 00436360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-12-18 17:39 - 2014-04-11 15:21 - 00081168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2015-12-18 01:39 - 2014-04-27 17:18 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-12-18 01:39 - 2014-04-11 17:11 - 00020900 _____ C:\Users\Paja\Desktop\Nový textový dokument.txt
2015-12-18 01:39 - 2014-04-11 15:21 - 00794952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-12-18 01:39 - 2014-04-11 15:21 - 00209432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-12-18 01:39 - 2014-04-11 15:21 - 00117712 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-12-18 01:39 - 2014-04-11 15:21 - 00081728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-12-18 01:39 - 2014-04-11 15:21 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-12-15 22:58 - 2015-09-25 19:12 - 00000000 ____D C:\fotky poslat
2015-12-09 01:11 - 2014-04-11 19:52 - 00000000 ____D C:\Users\Paja\AppData\Roaming\AIMP3
2015-12-09 00:26 - 2014-05-05 21:41 - 00000000 ____D C:\Users\Paja\AppData\Roaming\dvdcss
2015-12-05 22:23 - 2015-09-19 22:34 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f322e751134a.job

==================== Files in the root of some directories =======

2014-08-08 23:17 - 2011-07-19 02:37 - 0003262 _____ () C:\Program Files\Falco.ico
2014-08-08 23:17 - 2011-07-19 03:05 - 0000046 _____ () C:\Program Files\Falco.url
2014-07-10 07:16 - 2014-07-10 07:16 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files\Common Files\atimpenc.dll
2014-04-17 22:50 - 2014-04-19 21:57 - 0087608 _____ () C:\Users\Paja\AppData\Roaming\inst.exe
2014-04-17 22:50 - 2014-04-19 21:57 - 0007887 _____ () C:\Users\Paja\AppData\Roaming\pcouffin.cat
2014-04-17 22:50 - 2014-04-19 21:57 - 0001144 _____ () C:\Users\Paja\AppData\Roaming\pcouffin.inf
2014-04-17 22:52 - 2014-04-19 21:57 - 0000034 _____ () C:\Users\Paja\AppData\Roaming\pcouffin.log
2014-04-17 22:50 - 2014-04-19 21:57 - 0047360 _____ (VSO Software) C:\Users\Paja\AppData\Roaming\pcouffin.sys
2014-04-17 22:52 - 2015-10-18 19:50 - 0000668 _____ () C:\Users\Paja\AppData\Roaming\vso_ts_preview.xml
2014-05-02 22:58 - 2014-05-02 22:58 - 0000001 _____ () C:\Users\Paja\AppData\Local\llftool.4.40.agreement
2015-10-15 21:09 - 2015-10-15 21:13 - 0033792 _____ () C:\Users\Paja\AppData\Local\Tempserver.exe
2016-01-02 22:28 - 2016-01-02 22:28 - 0000000 _____ () C:\Users\Paja\AppData\Local\{260E69FE-667F-4EA6-AAA1-CDB82EE17888}
2016-01-02 22:28 - 2016-01-02 22:28 - 0000000 _____ () C:\Users\Paja\AppData\Local\{420565C7-551E-4DB4-A42D-D66A5D182EA7}
2014-04-11 16:49 - 2014-04-11 16:49 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Paja\AppData\Local\Temp\AskSLib.dll
C:\Users\Paja\AppData\Local\Temp\bdfilters.dll
C:\Users\Paja\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Paja\AppData\Local\Temp\FreemakeVideoConverterFull.exe
C:\Users\Paja\AppData\Local\Temp\FreemakeVideoDownloader_3.6.4.1.exe
C:\Users\Paja\AppData\Local\Temp\FreemakeVideoDownloader_3.6.4.3.exe
C:\Users\Paja\AppData\Local\Temp\FreeYouTubeDownload.exe
C:\Users\Paja\AppData\Local\Temp\hp_u_23828328.exe
C:\Users\Paja\AppData\Local\Temp\iupdate.exe
C:\Users\Paja\AppData\Local\Temp\jna1334869850114248042.dll
C:\Users\Paja\AppData\Local\Temp\KMP_3.2.0.0.exe
C:\Users\Paja\AppData\Local\Temp\listicka-partner-13415-1.1.2-offline.exe
C:\Users\Paja\AppData\Local\Temp\listicka.exe
C:\Users\Paja\AppData\Local\Temp\maucampoSetup.exe
C:\Users\Paja\AppData\Local\Temp\ose00000.exe
C:\Users\Paja\AppData\Local\Temp\OutpostSecuritySuiteProInstall_NoBase.exe
C:\Users\Paja\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Paja\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Paja\AppData\Local\Temp\sp-downloader.exe
C:\Users\Paja\AppData\Local\Temp\SpeedUpMyComputer.exe
C:\Users\Paja\AppData\Local\Temp\tmd_34011571.exe
C:\Users\Paja\AppData\Local\Temp\tmd_34012617.exe
C:\Users\Paja\AppData\Local\Temp\tmd_34013608.exe
C:\Users\Paja\AppData\Local\Temp\tmd_34014889.exe
C:\Users\Paja\AppData\Local\Temp\tmd_34016271.exe
C:\Users\Paja\AppData\Local\Temp\tmd_34016886.exe
C:\Users\Paja\AppData\Local\Temp\tmd_34017186.exe
C:\Users\Paja\AppData\Local\Temp\tmd_34017419.exe
C:\Users\Paja\AppData\Local\Temp\tmd_34017597.exe
C:\Users\Paja\AppData\Local\Temp\tmd_34017755.exe
C:\Users\Paja\AppData\Local\Temp\tmd_34018251.exe
C:\Users\Paja\AppData\Local\Temp\tmd_34018466.exe
C:\Users\Paja\AppData\Local\Temp\tmd_34018741.exe
C:\Users\Paja\AppData\Local\Temp\WinUpdat.exe
C:\Users\Paja\AppData\Local\Temp\YandexWorking.exe
C:\Users\Paja\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
C:\Users\Paja\AppData\Local\Temp\~ACE3.exe
C:\Users\Paja\AppData\Local\Temp\~D4EB.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe
[2015-05-13 14:28] - [2015-04-13 04:19] - 0259072 ____A (Microsoft Corporation) 0780A42DBD7D9969F9BF4A19AA4285B5

C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-30 20:38

==================== End of FRST.txt ============================

Krasny den Vam preju



Odinstalujte

• McAfee Security Scan - adware z instalace Adobe Flash Playeru http://forum.viry.cz/viewtopic.php?p=1374437#p1374437
• Seznam Software - pokud nepouzivate, protoze velice casto byva instalovan jako adware

V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )

• ukoncete vsechny programy
• kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
• kliknete na Scan, pote na Cleaning
• po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah mi zkopirujte do pristi odpovedi

# AdwCleaner v5.028 - Logfile created 05/01/2016 at 00:47:29
# Updated 04/01/2016 by Xplode
# Database : 2016-01-04.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : Paja - PAJA-NOTEBOOK
# Running from : D:\Stažené soubory\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : swdumon

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\RayDld
[-] Folder Deleted : C:\Users\Paja\AppData\Local\slimware utilities inc
[-] Folder Deleted : C:\Users\Paja\AppData\Local\Temp\APN-Stub
[-] Folder Deleted : C:\Users\Paja\AppData\Roaming\Win Software

***** [ Files ] *****

[-] File Deleted : C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.piesearch.com_0.localstorage
[-] File Deleted : C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.piesearch.com_0.localstorage-journal
[-] File Deleted : C:\Users\Paja\AppData\Local\Temp\task.vbs
[-] File Deleted : C:\Users\Paja\AppData\Roaming\Mozilla\Firefox\Profiles\3456uct3.default\invalidprefs.js
[-] File Deleted : C:\Windows\system32\drivers\swdumon.sys

***** [ DLLs ] *****


***** [ Shortcuts ] *****

[-] Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
[-] Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
[-] Shortcut Disinfected : C:\Users\Public\Desktop\Opera.lnk
[-] Shortcut Disinfected : C:\Users\Paja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] Shortcut Disinfected : C:\Users\Paja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{85198F55-85AC-498A-BFE4-BBC33840F4AB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Key Deleted : HKCU\Software\undefined
[-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key Deleted : HKLM\SOFTWARE\RayDld
[-] Key Deleted : HKLM\SOFTWARE\ihpmserver
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D}
[-] Data Restored : HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command []
[-] Data Restored : HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command []
[-] Data Restored : HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command []
[-] Data Restored : HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\shell\open\command []

***** [ Web browsers ] *****

[-] [C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : google
[-] [C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : piesearch.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [3534 bytes] ##########

Ulozte na plochu aswMBR - http://files.avast.com/files/rootkit-scanner/aswmbr.exe

• spustte jako spravce (v pripade XP obycejne dvojklikem)
• souhlaste s aktualizaci virove databaze Yes - bude se stahovat cca 205 MB a nasledne se chvili bude instalovat
• vse ponechte, jak je a kliknete na Scan - vezme cca 10 min
• kliknete na Save log a ulozte vysledek skenu - obsah tohoto logu vlozte do sve pristi odpovedi

Ulozte na plochu MBAR - http://www.bleepingcomputer.com/downloa ... i-rootkit/

• Spuste dvojklikem a extrahujte na plochu
• kliknete na Next
• Aktualizujte virovou databazi klikem na Update a pokracujte na Next
• Vsechny 3 moznosti nechte zaskrtnute a zvolte Scan (potrva cca 15 minut)
• zatrhnete vsechny nalezy a take zkontrolujte zatrzitko u Create Restore Point
• kliknete na Cleanup a souhlaste s restartem - Yes
• obsah logu ulozene na plose v mbar\mbar-log-2015-mm-dd (hh-mm-ss).txt vlozte do pristi odpovedi

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2016-01-05 19:43:12
-----------------------------
19:43:12.465 OS Version: Windows 6.1.7601 Service Pack 1
19:43:12.465 Number of processors: 2 586 0x170A
19:43:12.465 ComputerName: PAJA-NOTEBOOK UserName: Paja
19:43:13.573 Initialize success
19:43:13.588 VM: initialized successfully
19:43:13.588 VM: Intel CPU virtualization not supported
19:43:15.273 AVAST engine defs: 16010500
19:43:36.520 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:43:36.536 Disk 0 Vendor: WDC_WD5000BEVT-22ZAT0 01.01A01 Size: 476940MB BusType: 11
19:43:36.707 Disk 0 MBR read successfully
19:43:36.707 Disk 0 MBR scan
19:43:36.707 Disk 0 Windows 7 default MBR code
19:43:36.723 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:43:36.739 Disk 0 Boot: NTFS code=2
19:43:36.739 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 99900 MB offset 206848
19:43:36.785 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 376938 MB offset 204802048
19:43:36.801 Disk 0 scanning sectors +976771072
19:43:36.941 Disk 0 scanning C:\Windows\system32\drivers
19:43:51.933 Service scanning
19:44:16.019 Modules scanning
19:44:16.019 Disk 0 trace - called modules:
19:44:16.066 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys ndis.sys NETwNs32.sys intelppm.sys nvlddmkm.sys dxgkrnl.sys dxgmms1.sys
19:44:16.066 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865f6030]
19:44:16.082 3 CLASSPNP.SYS[8b80459e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86135338]
19:44:16.831 AVAST engine scan C:\Windows
19:44:19.888 AVAST engine scan C:\Windows\system32
19:48:16.495 AVAST engine scan C:\Windows\system32\drivers
19:48:26.230 Disk 0 MBR has been saved successfully to "C:\Users\Paja\Desktop\MBR.dat"
19:48:26.230 The log file has been saved successfully to "C:\Users\Paja\Desktop\aswMBR.txt"


aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2016-01-05 19:43:12
-----------------------------
19:43:12.465 OS Version: Windows 6.1.7601 Service Pack 1
19:43:12.465 Number of processors: 2 586 0x170A
19:43:12.465 ComputerName: PAJA-NOTEBOOK UserName: Paja
19:43:13.573 Initialize success
19:43:13.588 VM: initialized successfully
19:43:13.588 VM: Intel CPU virtualization not supported
19:43:15.273 AVAST engine defs: 16010500
19:43:36.520 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:43:36.536 Disk 0 Vendor: WDC_WD5000BEVT-22ZAT0 01.01A01 Size: 476940MB BusType: 11
19:43:36.707 Disk 0 MBR read successfully
19:43:36.707 Disk 0 MBR scan
19:43:36.707 Disk 0 Windows 7 default MBR code
19:43:36.723 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:43:36.739 Disk 0 Boot: NTFS code=2
19:43:36.739 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 99900 MB offset 206848
19:43:36.785 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 376938 MB offset 204802048
19:43:36.801 Disk 0 scanning sectors +976771072
19:43:36.941 Disk 0 scanning C:\Windows\system32\drivers
19:43:51.933 Service scanning
19:44:16.019 Modules scanning
19:44:16.019 Disk 0 trace - called modules:
19:44:16.066 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys ndis.sys NETwNs32.sys intelppm.sys nvlddmkm.sys dxgkrnl.sys dxgmms1.sys
19:44:16.066 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865f6030]
19:44:16.082 3 CLASSPNP.SYS[8b80459e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86135338]
19:44:16.831 AVAST engine scan C:\Windows
19:44:19.888 AVAST engine scan C:\Windows\system32
19:48:16.495 AVAST engine scan C:\Windows\system32\drivers
19:48:26.230 Disk 0 MBR has been saved successfully to "C:\Users\Paja\Desktop\MBR.dat"
19:48:26.230 The log file has been saved successfully to "C:\Users\Paja\Desktop\aswMBR.txt"
19:48:33.494 AVAST engine scan C:\Users\Paja
19:50:21.259 Disk 0 MBR has been saved successfully to "C:\Users\Paja\Desktop\MBR.dat"
19:50:21.275 The log file has been saved successfully to "C:\Users\Paja\Desktop\aswMBR.txt"


aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2016-01-05 19:43:12
-----------------------------
19:43:12.465 OS Version: Windows 6.1.7601 Service Pack 1
19:43:12.465 Number of processors: 2 586 0x170A
19:43:12.465 ComputerName: PAJA-NOTEBOOK UserName: Paja
19:43:13.573 Initialize success
19:43:13.588 VM: initialized successfully
19:43:13.588 VM: Intel CPU virtualization not supported
19:43:15.273 AVAST engine defs: 16010500
19:43:36.520 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:43:36.536 Disk 0 Vendor: WDC_WD5000BEVT-22ZAT0 01.01A01 Size: 476940MB BusType: 11
19:43:36.707 Disk 0 MBR read successfully
19:43:36.707 Disk 0 MBR scan
19:43:36.707 Disk 0 Windows 7 default MBR code
19:43:36.723 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:43:36.739 Disk 0 Boot: NTFS code=2
19:43:36.739 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 99900 MB offset 206848
19:43:36.785 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 376938 MB offset 204802048
19:43:36.801 Disk 0 scanning sectors +976771072
19:43:36.941 Disk 0 scanning C:\Windows\system32\drivers
19:43:51.933 Service scanning
19:44:16.019 Modules scanning
19:44:16.019 Disk 0 trace - called modules:
19:44:16.066 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys ndis.sys NETwNs32.sys intelppm.sys nvlddmkm.sys dxgkrnl.sys dxgmms1.sys
19:44:16.066 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865f6030]
19:44:16.082 3 CLASSPNP.SYS[8b80459e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86135338]
19:44:16.831 AVAST engine scan C:\Windows
19:44:19.888 AVAST engine scan C:\Windows\system32
19:48:16.495 AVAST engine scan C:\Windows\system32\drivers
19:48:26.230 Disk 0 MBR has been saved successfully to "C:\Users\Paja\Desktop\MBR.dat"
19:48:26.230 The log file has been saved successfully to "C:\Users\Paja\Desktop\aswMBR.txt"
19:48:33.494 AVAST engine scan C:\Users\Paja
19:50:21.259 Disk 0 MBR has been saved successfully to "C:\Users\Paja\Desktop\MBR.dat"
19:50:21.275 The log file has been saved successfully to "C:\Users\Paja\Desktop\aswMBR.txt"
19:58:47.576 Disk 0 MBR has been saved successfully to "C:\Users\Paja\Desktop\MBR.dat"
19:58:47.576 The log file has been saved successfully to "C:\Users\Paja\Desktop\aswMBR.txt"


aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2016-01-05 19:43:12
-----------------------------
19:43:12.465 OS Version: Windows 6.1.7601 Service Pack 1
19:43:12.465 Number of processors: 2 586 0x170A
19:43:12.465 ComputerName: PAJA-NOTEBOOK UserName: Paja
19:43:13.573 Initialize success
19:43:13.588 VM: initialized successfully
19:43:13.588 VM: Intel CPU virtualization not supported
19:43:15.273 AVAST engine defs: 16010500
19:43:36.520 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:43:36.536 Disk 0 Vendor: WDC_WD5000BEVT-22ZAT0 01.01A01 Size: 476940MB BusType: 11
19:43:36.707 Disk 0 MBR read successfully
19:43:36.707 Disk 0 MBR scan
19:43:36.707 Disk 0 Windows 7 default MBR code
19:43:36.723 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:43:36.739 Disk 0 Boot: NTFS code=2
19:43:36.739 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 99900 MB offset 206848
19:43:36.785 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 376938 MB offset 204802048
19:43:36.801 Disk 0 scanning sectors +976771072
19:43:36.941 Disk 0 scanning C:\Windows\system32\drivers
19:43:51.933 Service scanning
19:44:16.019 Modules scanning
19:44:16.019 Disk 0 trace - called modules:
19:44:16.066 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys ndis.sys NETwNs32.sys intelppm.sys nvlddmkm.sys dxgkrnl.sys dxgmms1.sys
19:44:16.066 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865f6030]
19:44:16.082 3 CLASSPNP.SYS[8b80459e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86135338]
19:44:16.831 AVAST engine scan C:\Windows
19:44:19.888 AVAST engine scan C:\Windows\system32
19:48:16.495 AVAST engine scan C:\Windows\system32\drivers
19:48:26.230 Disk 0 MBR has been saved successfully to "C:\Users\Paja\Desktop\MBR.dat"
19:48:26.230 The log file has been saved successfully to "C:\Users\Paja\Desktop\aswMBR.txt"
19:48:33.494 AVAST engine scan C:\Users\Paja
19:50:21.259 Disk 0 MBR has been saved successfully to "C:\Users\Paja\Desktop\MBR.dat"
19:50:21.275 The log file has been saved successfully to "C:\Users\Paja\Desktop\aswMBR.txt"
19:58:47.576 Disk 0 MBR has been saved successfully to "C:\Users\Paja\Desktop\MBR.dat"
19:58:47.576 The log file has been saved successfully to "C:\Users\Paja\Desktop\aswMBR.txt"
19:59:49.320 File: C:\Users\Paja\AppData\Local\Temp\gA7NZaQO.exe.part **INFECTED** Win32:Malware-gen
19:59:49.647 File: C:\Users\Paja\AppData\Local\Temp\hp_u_23828328.exe **INFECTED** Win32:Dropper-gen [Drp]
19:59:51.363 Disk 0 MBR has been saved successfully to "C:\Users\Paja\Desktop\MBR.dat"
19:59:51.379 The log file has been saved successfully to "C:\Users\Paja\Desktop\aswMBR.txt"


aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2016-01-05 19:43:12
-----------------------------
19:43:12.465 OS Version: Windows 6.1.7601 Service Pack 1
19:43:12.465 Number of processors: 2 586 0x170A
19:43:12.465 ComputerName: PAJA-NOTEBOOK UserName: Paja
19:43:13.573 Initialize success
19:43:13.588 VM: initialized successfully
19:43:13.588 VM: Intel CPU virtualization not supported
19:43:15.273 AVAST engine defs: 16010500
19:43:36.520 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:43:36.536 Disk 0 Vendor: WDC_WD5000BEVT-22ZAT0 01.01A01 Size: 476940MB BusType: 11
19:43:36.707 Disk 0 MBR read successfully
19:43:36.707 Disk 0 MBR scan
19:43:36.707 Disk 0 Windows 7 default MBR code
19:43:36.723 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:43:36.739 Disk 0 Boot: NTFS code=2
19:43:36.739 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 99900 MB offset 206848
19:43:36.785 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 376938 MB offset 204802048
19:43:36.801 Disk 0 scanning sectors +976771072
19:43:36.941 Disk 0 scanning C:\Windows\system32\drivers
19:43:51.933 Service scanning
19:44:16.019 Modules scanning
19:44:16.019 Disk 0 trace - called modules:
19:44:16.066 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys ndis.sys NETwNs32.sys intelppm.sys nvlddmkm.sys dxgkrnl.sys dxgmms1.sys
19:44:16.066 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865f6030]
19:44:16.082 3 CLASSPNP.SYS[8b80459e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86135338]
19:44:16.831 AVAST engine scan C:\Windows
19:44:19.888 AVAST engine scan C:\Windows\system32
19:48:16.495 AVAST engine scan C:\Windows\system32\drivers
19:48:26.230 Disk 0 MBR has been saved successfully to "C:\Users\Paja\Desktop\MBR.dat"
19:48:26.230 The log file has been saved successfully to "C:\Users\Paja\Desktop\aswMBR.txt"
19:48:33.494 AVAST engine scan C:\Users\Paja
19:50:21.259 Disk 0 MBR has been saved successfully to "C:\Users\Paja\Desktop\MBR.dat"
19:50:21.275 The log file has been saved successfully to "C:\Users\Paja\Desktop\aswMBR.txt"
19:58:47.576 Disk 0 MBR has been saved successfully to "C:\Users\Paja\Desktop\MBR.dat"
19:58:47.576 The log file has been saved successfully to "C:\Users\Paja\Desktop\aswMBR.txt"
19:59:49.320 File: C:\Users\Paja\AppData\Local\Temp\gA7NZaQO.exe.part **INFECTED** Win32:Malware-gen
19:59:49.647 File: C:\Users\Paja\AppData\Local\Temp\hp_u_23828328.exe **INFECTED** Win32:Dropper-gen [Drp]
19:59:51.363 Disk 0 MBR has been saved successfully to "C:\Users\Paja\Desktop\MBR.dat"
19:59:51.379 The log file has been saved successfully to "C:\Users\Paja\Desktop\aswMBR.txt"
19:59:57.218 File: C:\Users\Paja\AppData\Local\Temp\juQSwGYr.exe.part **INFECTED** Win32:Malware-gen
19:59:57.779 File: C:\Users\Paja\AppData\Local\Temp\License Keys For All Antivirus Latest\License_Keys_For_All_Antivirus_Latest_7. února 2015\Avast All Products\Avast trial reset\ATR.exe **INFECTED** Other:Malware-gen [Trj]
20:00:00.759 File: C:\Users\Paja\AppData\Local\Temp\License Keys For All Antivirus Latest\License_Keys_For_All_Antivirus_Latest_7. února 2015\IObit Malware Fighter\IMF PRO activator & keygen.exe **INFECTED** Win32:Malware-gen
20:00:02.241 Disk 0 MBR has been saved successfully to "C:\Users\Paja\Desktop\MBR.dat"
20:00:02.241 The log file has been saved successfully to "C:\Users\Paja\Desktop\aswMBR.txt"


Jen doplním,tento program nemohl pokračovat,z důvodu napsání program přestal pracovat,tak aspoň něco viz log.

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
main: v2016.01.05.05
rootkit: v2015.12.26.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17914
Paja :: PAJA-NOTEBOOK [administrator]

5.1.2016 20:08:44
mbar-log-2016-01-05 (20-08-44).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 305824
Time elapsed: 25 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKU\S-1-5-21-203695958-539750940-1501531493-1000\SOFTWARE\XTREMERAT (Trojan.Agent.Trace) -> Delete on reboot. [73967fb79dfc8bab6752f7fa07fcb64a]

Registry Values Detected: 1
HKU\S-1-5-21-203695958-539750940-1501531493-1000\SOFTWARE\XTREMERAT|Mutex (Trojan.Agent.Trace) -> Data: svchost -> Delete on reboot. [73967fb79dfc8bab6752f7fa07fcb64a]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Users\Paja\AppData\Local\Temp\hp_u_23828328.exe (Backdoor.Agent.WD) -> Delete on reboot. [ab5ee254663376c07a481a044cb40cf4]
C:\Users\Paja\AppData\Local\Temp\iswizard05\dwm.exe (Trojan.BitCoinMiner) -> Delete on reboot. [6a9fca6cbfdafa3cc82c2608749001ff]
C:\Users\Paja\AppData\Local\Tempserver.exe (Trojan.Agent) -> Delete on reboot. [6e9b0333f2a768ceac0d7beae21e5ba5]
C:\Users\Paja\AppData\Roaming\Microsoft\Windows\svchost.dat (Trojan.Agent.SVCGen) -> Delete on reboot. [9d6cef478019290d5a1d205dcb38da26]
C:\Users\Paja\AppData\Roaming\Microsoft\Windows\svchost.xtr (Trojan.Agent.SVCGen) -> Delete on reboot. [7d8c1e1807925fd7b6c169140bf80000]
C:\Users\Paja\AppData\Local\Temp\WinUpdat.exe (Trojan.Agent) -> Delete on reboot. [39d0a4921f7ac274047fdf3b2fd52fd1]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Dejte logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101
Pozn. pri druhem a dalsim spusteni FRST je pro vytvoreni logu Addition.txt nutne tuto volbu explicitne zatrhnout pred zacatkem skenu.

Additional scan result of Farbar Recovery Scan Tool (x86) Version:06-01-2015
Ran by Paja (2016-01-06 21:41:59)
Running from D:\Stažené soubory
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2014-04-11 13:46:22)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-203695958-539750940-1501531493-500 - Administrator - Disabled)
Guest (S-1-5-21-203695958-539750940-1501531493-501 - Limited - Enabled)
Paja (S-1-5-21-203695958-539750940-1501531493-1000 - Administrator - Enabled) => C:\Users\Paja

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

"Pro Evolution Soccer 2014" (HKLM\...\{5F2F346D-43FA-47A4-97E4-1019BCE7AF45}_is1) (Version: 1.7.0.0 - )
_fm 0.0.4.5 (HKU\S-1-5-21-203695958-539750940-1501531493-1000\...\{6DBFF1BC-C61E-49DD-832C-401BCCC39907}}_is1) (Version: 0.0.4.5 - František Szijartó)
4K YouTube to MP3 2.10 (HKLM\...\4K YouTube to MP3_is1) (Version: 2.10.8.1505 - Open Media LLC)
Adobe Acrobat Reader DC - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Advent 1.6.0.2 (HKLM\...\Advent 1.6.0.2) (Version: - )
AIMP3 (HKLM\...\AIMP3) (Version: v3.60.1503, 26.09.2015 - AIMP DevTeam)
Apple Mobile Device Support (HKLM\...\{9A629DCB-415D-4A50-85B9-5C2E4F8F74A8}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 11.1.2245 - AVAST Software)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
BS.Player PRO (HKLM\...\BSPlayerp) (Version: 2.69.1079 - AB Team, d.o.o.)
CSEP 14 1.0 (HKU\S-1-5-21-203695958-539750940-1501531493-1000\...\CSEP 14 1.0) (Version: - )
Data Lifeguard Diagnostic for Windows (HKLM\...\{E40CE517-0D42-4198-96B4-C8232B257EB5}) (Version: 1.13 - Western Digital Corporation)
DVDFab 9.2.0.2 (10/06/2015) (HKLM\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.)
Dynamic-Photo HDR 5 (HKLM\...\Dynamic-Photo HDR 5_is1) (Version: - Mediachance)
FileZilla Client 3.13.1 (HKLM\...\FileZilla Client) (Version: 3.13.1 - Tim Kosse)
Free YouTube Download version 3.2.52.113 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.52.113 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.46.923 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.46.923 - DVDVideoSoft Ltd.)
Freemake Video Converter verze 4.1.6 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.6 - Ellora Assets Corporation)
GetSmile v1.952 (HKLM\...\GetSmile0903_is1) (Version: 1.952 - Sofrayt LLC)
Google Chrome (HKLM\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.1 - Google Inc.) Hidden
iPhotoDraw 2.0 (HKLM\...\{AD0EFB82-D42E-4CBB-9662-98B4916FFBDA}) (Version: 2.0.0.0 - Simen Wu)
iSkysoft iMedia Converter Deluxe(Build 5.8.0.1) (HKLM\...\iSkysoft iMedia Converter Deluxe_is1) (Version: 5.8.0.1 - iSkysoft Software)
iTunes (HKLM\...\{8862F11A-A9A0-4899-9F50-B5A79F12F3C2}) (Version: 12.3.1.23 - Apple Inc.)
Life Is Strange (HKLM\...\Life Is Strange_is1) (Version: - )
Lucius II - The Prophecy version 1.0.0 (HKLM\...\Lucius II - The Prophecy_is1) (Version: 1.0.0 - Shiver Games)
Microsoft .NET Framework 4.5.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM\...\{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}) (Version: 2.0.675.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{FD052FB9-FE90-4438-B355-15EDC89D8FB1}) (Version: 2.0.673.0 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (Czech) (HKLM\...\{95120000-00AF-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mortal Kombat Komplete Edition (HKLM\...\{9F012408-04EC-4989-932F-4C096117D2DD}_is1) (Version: - Warner Bros)
Mozilla Firefox 43.0.2 (x86 cs) (HKLM\...\Mozilla Firefox 43.0.2 (x86 cs)) (Version: 43.0.2 - Mozilla)
Neat Image v7.6.0 Pro plug-in for Photoshop (HKLM\...\Neat Image plug-in for Photoshop_is1) (Version: - Neat Image team, ABSoft)
Neat Image v7.6.0 Pro Standalone (HKLM\...\Neat Image Standalone_is1) (Version: - Neat Image team, ABSoft)
NVIDIA PhysX (HKLM\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.4229.1002 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.4229.1002 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.4229.1002 - Microsoft Corporation) Hidden
Opera Stable 34.0.2036.25 (HKLM\...\Opera 34.0.2036.25) (Version: 34.0.2036.25 - Opera Software)
PDF Decrypter Pro 3.60 (HKLM\...\PDF Decrypter Pro_is1) (Version: - pdfdecrypter.com)
Photo! Editor 1.1 (HKLM\...\PhotoToolkit_is1) (Version: - )
Photodex Presenter (HKLM\...\Photodex Presenter) (Version: - Photodex Corporation)
Podpora aplikací Apple (32bitová) (HKLM\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Pro Evolution Soccer 2015 (HKLM\...\Pro Evolution Soccer 2015_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
ProShow Producer (HKLM\...\ProShow Producer) (Version: - Photodex Corporation)
PS3 Media Server (HKLM\...\PS3 Media Server) (Version: 1.90.1 - PS3 Media Server)
PUSH Entertainment - Video Wallpaper (HKLM\...\Video Wallpaper_is1) (Version: 2.23 - PUSH Entertainment)
RadioSure (HKU\S-1-5-21-203695958-539750940-1501531493-1000\...\RadioSure) (Version: - )
reaConverter 7 Standard (HKLM\...\{659727C6-7267-4076-803B-351A467F6CAF}_is1) (Version: 7.1.43.0 - reaConverter LLC)
Resident Evil Revelations 2 (HKLM\...\Resident Evil Revelations 2_is1) (Version: - )
Sketch Drawer 3.0 (HKLM\...\Sketch Drawer_is1) (Version: 3.0 - SoftOrbits)
Skype™ 7.1 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
SoftPerfect WiFi Guard version 1.0.6 (HKLM\...\{38AFD787-4D2E-4442-92D2-7739F5F92CF4}_is1) (Version: 1.0.6 - SoftPerfect)
Trillian (HKLM\...\Trillian) (Version: - Cerulean Studios, LLC)
UberSoldier 2 (CZ) 1.00 (HKLM\...\UberSoldier 2 (CZ) 1.00) (Version: 1.00 - Monster-CZ)
Uninstall Tool (HKLM\...\Uninstall Tool_is1) (Version: 3.4.2 - CrystalIDEA Software, Inc.)
VirtualDJ Home FREE (HKLM\...\{19192A84-6172-4312-A661-D8F9A34585AB}) (Version: 7.0.4.1 - Atomix Productions)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinX HD Video Converter Deluxe 5.5.3 (HKLM\...\WinX HD Video Converter Deluxe_is1) (Version: - Digiarty Software, Inc.)
Xilisoft Video Converter Ultimate (HKU\S-1-5-21-203695958-539750940-1501531493-1000\...\Xilisoft Video Converter Ultimate) (Version: 7.8.5.20141031 - Xilisoft)
Zamzom Wireless (HKLM\...\{CED3B64B-9381-4AB8-A213-6C084C952E43}) (Version: 1.0.0 - Zamzom)
Zoner Photo Studio 17 (HKLM\...\ZonerPhotoStudio17_CZ_is1) (Version: 17.0.1.12 - ZONER software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0264E0B8-8E5F-49AC-8227-63FC5521A004} - System32\Tasks\SlimDrivers Startup => C:\Program Files\SlimDrivers\SlimDrivers.exe [2013-09-24] (SlimWare Utilities, Inc.)
Task: {0B6209B1-0FF8-48DF-AB17-83D82F43805E} - System32\Tasks\GoogleUpdateTaskMachineCore1d0414a515638e1 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-19] (Google Inc.)
Task: {0BD40F9A-711B-443F-A7FF-0A4D23AD89CD} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-18] (AVAST Software)
Task: {125A41ED-C849-4696-8A5D-E4647A0CAEDE} - System32\Tasks\GoogleUpdateTaskMachineCore1d08f2e2e042fdf => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-19] (Google Inc.)
Task: {14605887-1D73-4D16-B0B3-4C85CE06D53A} - System32\Tasks\GoogleUpdateTaskMachineCore1d0e329c6aa71d5 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-19] (Google Inc.)
Task: {20082405-070B-4AED-94F8-F477F12B7EF9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-19] (Google Inc.)
Task: {29042D63-8759-451A-ABCC-AE39A3574B93} - System32\Tasks\GoogleUpdateTaskMachineCore1d0bfeed906801e => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-19] (Google Inc.)
Task: {426026BA-E286-4FA3-8F9E-6C32093F3B04} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe
Task: {4F80126F-E5BB-42B7-A539-3C8F7F6A9C33} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
Task: {57EBABBC-E842-4BA1-A3A5-ED61FFB805A9} - System32\Tasks\Adobe Flash Player Updater
Task: {6114CB1B-6250-481A-9B66-66EF5AB541DD} - System32\Tasks\{6759A6A2-87DB-4B16-B70E-414F417269CA} => I:\Downloads\Pirate-1005.exe
Task: {638ADED8-02EE-4A28-B69C-DE75D6A718B1} - System32\Tasks\RunUninstallTool_SkipUac => C:\Nainstalovano\Uninstall Tool\UninstallTool.exe [2015-05-10] (CrystalIDEA Software)
Task: {6AEF0C98-2CB4-4B67-8C70-4C977C7355CC} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {7A7424A0-6D1A-41F8-977B-5231EE388F8A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-19] (Google Inc.)
Task: {7F678502-A58D-4804-834B-422A6EAEE73A} - System32\Tasks\GoogleUpdateTaskMachineCore1d12fa330b3a975 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-19] (Google Inc.)
Task: {83158296-37A8-403B-A88C-DD39A50C9D18} - System32\Tasks\SpyHunter4 => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
Task: {9928CF93-D222-4949-8AB3-A0A4D35CA9E5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {9FEC9B6F-3C94-4E4E-A4F9-7B67B411CAF3} - System32\Tasks\GoogleUpdateTaskMachineCore1cfff933c927ae1 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-19] (Google Inc.)
Task: {A057061E-CC52-49E0-A405-9DF5A628951D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
Task: {D622195C-D680-4FEA-9C56-59660C7C9E94} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {E2DC672A-86C8-498D-811A-7DD4FE8716E1} - System32\Tasks\avast! Emergency Update
Task: {F6183BB2-1C16-4611-8529-109175800DF5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe
Task: {FCAE1829-AF1B-4659-B9AF-4050218A5853} - System32\Tasks\GoogleUpdateTaskMachineCore1d0efb443302158 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-19] (Google Inc.)
Task: {FD090188-7BEE-4736-B126-CC23509F1570} - System32\Tasks\GoogleUpdateTaskMachineCore1d0f322e751134a => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-19] (Google Inc.)
Task: {FE9E7642-E45A-44F6-BBD4-5B9E658574BD} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan
Task: {FF62857C-26B6-46A3-9C21-20EC2BD25E0F} - System32\Tasks\Opera scheduled Autoupdate 1397227235 => C:\Nainstalovano\Opera\launcher.exe [2015-12-04] (Opera Software)
Task: {FFEAE6C6-30CB-46BC-A358-FDAAFD800007} - System32\Tasks\GoogleUpdateTaskMachineCore1cfeaea3a378319 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-19] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfeaea3a378319.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfff933c927ae1.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0414a515638e1.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d08f2e2e042fdf.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bfeed906801e.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e329c6aa71d5.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0efb443302158.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f322e751134a.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12fa330b3a975.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files\SlimDrivers\SlimDrivers.exe
Task: C:\Windows\Tasks\SpyHunter4.job => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Nainstalovano\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.piesearch.com/?type=sc&ts=145123009 ... 0e25ff60bc
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.piesearch.com/?type=sc&ts=145123009 ... 0e25ff60bc

==================== Loaded Modules (Whitelisted) ==============

2014-04-11 16:24 - 2014-03-04 13:34 - 00109000 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2015-12-18 01:39 - 2015-12-18 01:39 - 00103888 _____ () C:\Nainstalovano\Avast\log.dll
2015-12-18 01:39 - 2015-12-18 01:39 - 00125512 _____ () C:\Nainstalovano\Avast\JsonRpcServer.dll
2016-01-05 20:51 - 2016-01-05 20:51 - 02808832 _____ () C:\Nainstalovano\Avast\defs\16010501\algo.dll
2015-12-18 01:39 - 2015-12-18 01:39 - 00469008 _____ () C:\Nainstalovano\Avast\ffl2.dll
2016-01-06 21:19 - 2016-01-06 21:19 - 02808832 _____ () C:\Nainstalovano\Avast\defs\16010600\algo.dll
2015-10-13 05:46 - 2015-10-13 05:46 - 00073512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:46 - 2015-10-13 05:46 - 01040144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-22 21:56 - 2015-06-19 09:18 - 02129408 _____ () C:\Nainstalovano\reaConverter 7 Standard\rc_service.exe
2014-11-11 00:42 - 2014-11-11 00:42 - 00186760 _____ () C:\Nainstalovano\ProShow\ScsiAccess.exe
2015-08-24 14:58 - 2015-08-24 14:58 - 00039384 _____ () C:\Nainstalovano\FileZilla FTP Client\fzshellext.dll
2015-12-18 01:39 - 2015-12-18 01:39 - 40539648 _____ () C:\Nainstalovano\Avast\libcef.dll
2014-05-16 00:52 - 2013-10-23 06:46 - 00862472 _____ () C:\Nainstalovano\Power DVD 13\PowerDVD13\common\UNO\UNO.dll
2014-05-16 00:52 - 2013-05-02 01:06 - 00081920 _____ () C:\Nainstalovano\Power DVD 13\PowerDVD13\Common\koan\_ctypes.pyd
2014-05-16 00:52 - 2013-05-02 01:06 - 00053248 _____ () C:\Nainstalovano\Power DVD 13\PowerDVD13\Common\Koan\_socket.pyd
2014-05-16 00:52 - 2013-05-02 01:06 - 00655360 _____ () C:\Nainstalovano\Power DVD 13\PowerDVD13\Common\Koan\_ssl.pyd
2014-05-16 00:52 - 2013-10-23 06:46 - 00043272 _____ () C:\Nainstalovano\Power DVD 13\PowerDVD13\Kernel\DHProcedure\DHProcedure.dll
2015-07-31 20:51 - 2015-06-18 11:22 - 00062464 _____ () C:\Program Files\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
2015-10-29 21:42 - 2014-10-31 16:40 - 01498112 _____ () C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
2015-10-29 21:42 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll
2015-01-23 18:31 - 2014-09-09 12:30 - 00603648 _____ () C:\Nainstalovano\Photo Studio 17\Program32\SpiderMonkey.dll
2015-12-28 18:58 - 2016-01-05 00:38 - 17882304 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_267.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:264A9BB7
AlternateDataStreams: C:\ProgramData\Temp:FB1B13D8

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ksupmgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ksupmgr => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2016-01-05 00:41 - 00000913 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 bandicam.com
127.0.0.1 ssl.bandisoft.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-203695958-539750940-1501531493-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Paja\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E855DC06-7687-46B6-ACD8-5663CC410ED6}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{678EA129-9FCB-4184-9A4F-0E0EDB40AF33}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{4CEACF5E-45A8-4243-97D9-7E9F1CCB6E77}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{3E2D6AE9-2AAF-4C46-BAB6-1BBA6D83BC3F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D6218026-0A3D-4379-BC5D-2D630637708D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{98A0E730-0888-4205-BD58-7C23F3ABE6B0}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{0CF08F9A-23AD-4785-AACC-BB2DB7DA50CF}] => (Allow) C:\Nainstalovano\uTorrent\uTorrent.exe
FirewallRules: [{B35B4A50-69D2-4131-9593-0BE9A324BF3D}] => (Allow) C:\Nainstalovano\uTorrent\uTorrent.exe
FirewallRules: [{B18231AF-D45C-4500-9D85-1975EA24EFB2}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{F5F6A779-716A-4EF9-B01C-1410D3E7DE8A}] => (Allow) C:\Nainstalovano\Microsoft Office Enterprise 2007\Office12\outlook.exe
FirewallRules: [{2BA4E93F-9DE0-4CF8-B5DE-BE96A01C9EA2}] => (Allow) C:\Nainstalovano\Microsoft Office Enterprise 2007\Office12\GROOVE.EXE
FirewallRules: [{ADF77F0E-9282-4EA5-BFF7-C89C836E2654}] => (Allow) C:\Nainstalovano\Microsoft Office Enterprise 2007\Office12\GROOVE.EXE
FirewallRules: [{CDCC11FD-5C0D-493F-9149-07E63069C5C9}] => (Allow) C:\Nainstalovano\Microsoft Office Enterprise 2007\Office12\ONENOTE.EXE
FirewallRules: [{36006F2F-4E7C-407A-B389-FDB6FDDD2135}] => (Allow) C:\Nainstalovano\Microsoft Office Enterprise 2007\Office12\ONENOTE.EXE
FirewallRules: [TCP Query User{311AF5A6-BE4B-4E34-89B1-674997B013E1}D:\hry\comamortuary\binaries\win32\udk.exe] => (Allow) D:\hry\comamortuary\binaries\win32\udk.exe
FirewallRules: [UDP Query User{241FD680-F79A-4276-861F-30E80D50E08F}D:\hry\comamortuary\binaries\win32\udk.exe] => (Allow) D:\hry\comamortuary\binaries\win32\udk.exe
FirewallRules: [{506A7663-9646-45C2-ABA6-EB5AE74A06B5}] => (Allow) C:\Nainstalovano\Power DVD 13\PowerDVD13\PowerDVD13.exe
FirewallRules: [{3AF1E1FE-BA6C-4F46-B0E2-E92B278470B9}] => (Allow) C:\Nainstalovano\Power DVD 13\PowerDVD13\Kernel\DMR\PowerDVD13DMREngine.exe
FirewallRules: [{8D7EF84C-50BB-48FC-85AA-CE6C2A4FE7E4}] => (Allow) C:\Nainstalovano\Power DVD 13\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe
FirewallRules: [{B8B5259A-F32C-407D-8A07-5B05E2E9FFDD}] => (Allow) C:\Nainstalovano\Power DVD 13\PowerDVD13\PowerDVD13Agent.exe
FirewallRules: [{318757C7-D5CD-4DA2-ADE9-3A25120CDDB5}] => (Allow) C:\Nainstalovano\Power DVD 13\PowerDVD13\PowerDVD13ML.exe
FirewallRules: [{26B2466D-1262-4606-BBDF-4D501A5982CD}] => (Allow) C:\Nainstalovano\Power DVD 13\PowerDVD13\Movie\PowerDVD.exe
FirewallRules: [{D34C63DD-D6D0-4FA4-808E-BC7489854111}] => (Allow) C:\Nainstalovano\Power DVD 13\PowerDVD13\Movie\PowerDVD Cinema\PowerDVDCinema13.exe
FirewallRules: [TCP Query User{738821F9-47F3-473E-8AA9-14DB982F1172}F:\hry\dead island\deadislandgame.exe] => (Allow) F:\hry\dead island\deadislandgame.exe
FirewallRules: [UDP Query User{91860325-C950-44D5-A1B7-6F13ECEB2B60}F:\hry\dead island\deadislandgame.exe] => (Allow) F:\hry\dead island\deadislandgame.exe
FirewallRules: [TCP Query User{0EFE5356-6222-4906-AA75-89390A51619B}F:\hry\mortal kombat komplete edition\disccontentpc\mkke.exe] => (Allow) F:\hry\mortal kombat komplete edition\disccontentpc\mkke.exe
FirewallRules: [UDP Query User{E77AB552-E91C-447E-9EE5-23A7FE027202}F:\hry\mortal kombat komplete edition\disccontentpc\mkke.exe] => (Allow) F:\hry\mortal kombat komplete edition\disccontentpc\mkke.exe
FirewallRules: [TCP Query User{EBFC04A4-D04E-41AB-807A-6ED6C9EA3A14}F:\hry\resident evil 6\bh6.exe] => (Block) F:\hry\resident evil 6\bh6.exe
FirewallRules: [UDP Query User{9612F229-83F3-4BE9-AE08-CCC7235DF3D9}F:\hry\resident evil 6\bh6.exe] => (Block) F:\hry\resident evil 6\bh6.exe
FirewallRules: [TCP Query User{D74E380A-6E8E-483A-929C-91758E1C6128}F:\hry\sniper ghost warrior 2\bin32\sniperghostwarrior2.exe] => (Block) F:\hry\sniper ghost warrior 2\bin32\sniperghostwarrior2.exe
FirewallRules: [UDP Query User{D37E1F17-9CA4-482B-BD1B-F1D518C7F8D4}F:\hry\sniper ghost warrior 2\bin32\sniperghostwarrior2.exe] => (Block) F:\hry\sniper ghost warrior 2\bin32\sniperghostwarrior2.exe
FirewallRules: [TCP Query User{CA1F2C7F-EB39-4302-B2CE-A8FCA309B815}D:\hry\fifa 2014\fifa 14\game\fifa14.exe] => (Allow) D:\hry\fifa 2014\fifa 14\game\fifa14.exe
FirewallRules: [UDP Query User{1B14D089-8A0E-4052-ABE9-A85BE7BDE73A}D:\hry\fifa 2014\fifa 14\game\fifa14.exe] => (Allow) D:\hry\fifa 2014\fifa 14\game\fifa14.exe
FirewallRules: [TCP Query User{BE115552-1BF6-4E8F-8F36-D18FF59D9484}F:\games\enemy front proper\bin32\enemyfront.exe] => (Block) F:\games\enemy front proper\bin32\enemyfront.exe
FirewallRules: [UDP Query User{C437B777-4BFE-4E0A-A6EB-4003EA21F2A8}F:\games\enemy front proper\bin32\enemyfront.exe] => (Block) F:\games\enemy front proper\bin32\enemyfront.exe
FirewallRules: [TCP Query User{6D2A9E09-F345-4A36-B0E9-F495C5EFD36B}C:\games\batman - arkham asylum [goty]\binaries\shippingpc-bmgame.exe] => (Block) C:\games\batman - arkham asylum [goty]\binaries\shippingpc-bmgame.exe
FirewallRules: [UDP Query User{4FFE92CF-1279-48BE-BE3B-093BB04AFB9E}C:\games\batman - arkham asylum [goty]\binaries\shippingpc-bmgame.exe] => (Block) C:\games\batman - arkham asylum [goty]\binaries\shippingpc-bmgame.exe
FirewallRules: [TCP Query User{8E36BF02-F6C3-43D4-8D82-2AAF7254E248}C:\games\fifa 14 (2013)\game\fifa14.exe] => (Block) C:\games\fifa 14 (2013)\game\fifa14.exe
FirewallRules: [UDP Query User{DEBACE0A-5D41-4742-AE72-38C90DDB2A88}C:\games\fifa 14 (2013)\game\fifa14.exe] => (Block) C:\games\fifa 14 (2013)\game\fifa14.exe
FirewallRules: [TCP Query User{CB19C983-064A-464B-A80C-DDF8C1BCD589}D:\hry\real boxing\binaries\win32\realboxing.exe] => (Block) D:\hry\real boxing\binaries\win32\realboxing.exe
FirewallRules: [UDP Query User{E1C9D28B-2CA7-4D59-97E2-7A40D225222B}D:\hry\real boxing\binaries\win32\realboxing.exe] => (Block) D:\hry\real boxing\binaries\win32\realboxing.exe
FirewallRules: [TCP Query User{38C61323-2EE4-46B7-B1E7-A22F3C4FCEFE}D:\hry\real boxing\binaries\gfx\gfxmediaplayeropengl.exe] => (Block) D:\hry\real boxing\binaries\gfx\gfxmediaplayeropengl.exe
FirewallRules: [UDP Query User{C141B86B-EBFA-4390-9F43-01E2A8F2F9A4}D:\hry\real boxing\binaries\gfx\gfxmediaplayeropengl.exe] => (Block) D:\hry\real boxing\binaries\gfx\gfxmediaplayeropengl.exe
FirewallRules: [TCP Query User{B8C2CB56-F37E-432F-B1C6-1C46FD560338}D:\hry\real boxing\binaries\win32\realboxinggame.exe] => (Block) D:\hry\real boxing\binaries\win32\realboxinggame.exe
FirewallRules: [UDP Query User{3AF33CFC-F37E-4803-99B5-05E613D94A3C}D:\hry\real boxing\binaries\win32\realboxinggame.exe] => (Block) D:\hry\real boxing\binaries\win32\realboxinggame.exe
FirewallRules: [{C22DF2B5-5B8F-4BC7-B103-F816BBADAFE2}] => (Allow) C:\Games\Pro Evolution Soccer 2014\pes2014.exe
FirewallRules: [{B9655359-7210-474A-A07E-78E2AB4A82A8}] => (Allow) C:\Games\Pro Evolution Soccer 2014\pes2014.exe
FirewallRules: [{35123716-9FF5-458C-9481-16895A8E5DB5}] => (Allow) C:\Nainstalovano\Mozilla Firefox\firefox.exe
FirewallRules: [{F32E71FA-1C74-4262-AD7B-0BCDF83915C1}] => (Allow) C:\Nainstalovano\Mozilla Firefox\firefox.exe
FirewallRules: [{D40B1108-6D0B-449F-BE46-8EA117FC523D}] => (Allow) C:\Nainstalovano\Photo Studio 17\Program32\MediaServer.exe
FirewallRules: [{1CA080FD-B402-4693-812F-8A9BD496B9CA}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{9E212901-E354-4AE2-A10A-F6916B27BF9C}C:\nainstalovano\vlc\vlc.exe] => (Allow) C:\nainstalovano\vlc\vlc.exe
FirewallRules: [UDP Query User{BDE95086-5CED-46C0-8A50-0EDE47791C8E}C:\nainstalovano\vlc\vlc.exe] => (Allow) C:\nainstalovano\vlc\vlc.exe
FirewallRules: [TCP Query User{34703BCD-3655-4321-8848-DFE476D97932}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{A89CCCC2-C154-4AC5-BBB0-56A2840FCCDB}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{069B9BAC-7484-4323-A0AA-36BC98077479}C:\nainstalovano\ps3 media server\jre\bin\javaw.exe] => (Allow) C:\nainstalovano\ps3 media server\jre\bin\javaw.exe
FirewallRules: [UDP Query User{1F3CC5C1-E477-442C-9829-2777CD246CB8}C:\nainstalovano\ps3 media server\jre\bin\javaw.exe] => (Allow) C:\nainstalovano\ps3 media server\jre\bin\javaw.exe
FirewallRules: [TCP Query User{69EC4CDD-10F6-4C68-B987-BB6E441E25D5}C:\nainstalovano\totalcmd\totalcmd.exe] => (Allow) C:\nainstalovano\totalcmd\totalcmd.exe
FirewallRules: [UDP Query User{3C196146-D1DA-448B-8A78-5173E8025E3F}C:\nainstalovano\totalcmd\totalcmd.exe] => (Allow) C:\nainstalovano\totalcmd\totalcmd.exe
FirewallRules: [TCP Query User{E9949285-8801-497F-8EDB-E20781E76A22}I:\games\pro evolution soccer 2015\pes2015.exe] => (Allow) I:\games\pro evolution soccer 2015\pes2015.exe
FirewallRules: [UDP Query User{7AA3C894-AAAC-45A6-9C99-5D92207E04A5}I:\games\pro evolution soccer 2015\pes2015.exe] => (Allow) I:\games\pro evolution soccer 2015\pes2015.exe
FirewallRules: [TCP Query User{B70FE225-727C-4381-B901-DF6C752EEF29}I:\games\son of nor\son.exe] => (Allow) I:\games\son of nor\son.exe
FirewallRules: [UDP Query User{2D43CF5C-7A8E-4DB3-AE8B-19850EA1B6F6}I:\games\son of nor\son.exe] => (Allow) I:\games\son of nor\son.exe
FirewallRules: [TCP Query User{6B33D2C1-7F0B-4767-B851-908E9EA55DA0}C:\nainstalovano\filezilla ftp client\filezilla.exe] => (Allow) C:\nainstalovano\filezilla ftp client\filezilla.exe
FirewallRules: [UDP Query User{64C1A521-0942-435A-BA08-ABAF2B2C536F}C:\nainstalovano\filezilla ftp client\filezilla.exe] => (Allow) C:\nainstalovano\filezilla ftp client\filezilla.exe
FirewallRules: [TCP Query User{59BF052A-8A8A-402F-8005-50C99DF753BE}D:\hry\mortal kombat komplete edition\disccontentpc\mkke.exe] => (Allow) D:\hry\mortal kombat komplete edition\disccontentpc\mkke.exe
FirewallRules: [UDP Query User{361719EC-240D-481A-8BB0-A45735A0E00B}D:\hry\mortal kombat komplete edition\disccontentpc\mkke.exe] => (Allow) D:\hry\mortal kombat komplete edition\disccontentpc\mkke.exe
FirewallRules: [{D6DF86E3-2361-4E7E-94F9-DC07ACD31202}] => (Allow) C:\Nainstalovano\ProductKeyExplorer\ProductKeyExplorer.exe
FirewallRules: [{3F559C00-F1C4-4EBA-90D1-26B4737BC70D}] => (Allow) C:\Nainstalovano\ProductKeyExplorer\ProductKeyExplorer.exe
FirewallRules: [{FA9AF04B-ADC0-4A17-9C4F-C528829AB261}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{D6FA0C13-5CB1-4953-A891-2647936CB998}] => (Allow) C:\Nainstalovano\Mozilla Firefox\firefox.exe
FirewallRules: [{578D0F63-3AF7-4897-94F7-46A8933EF93D}] => (Allow) C:\Nainstalovano\Mozilla Firefox\firefox.exe
FirewallRules: [{3F1596EC-8D8B-45B8-B7D0-A661585CD205}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0390F6E7-CBB5-46E3-AFDB-8611C62EFF4C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EA3DF2FD-6A2D-4902-8A93-EA7468D34538}] => (Allow) C:\Nainstalovano\Itunes\iTunes.exe
FirewallRules: [{4EC68615-4F29-4F53-9B8F-F2FA00325A87}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Periferní zařízení Bluetooth
Description: Periferní zařízení Bluetooth
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Periferní zařízení Bluetooth
Description: Periferní zařízení Bluetooth
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Adaptér miniportu Microsoft Virtual WiFi
Description: Adaptér miniportu Microsoft Virtual WiFi
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Periferní zařízení Bluetooth
Description: Periferní zařízení Bluetooth
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Periferní zařízení Bluetooth
Description: Periferní zařízení Bluetooth
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Periferní zařízení Bluetooth
Description: Periferní zařízení Bluetooth
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/06/2016 09:17:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/06/2016 09:17:11 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Přeskočení: Ověření Eap method DLL path name se nezdařilo. Chyba: ID typu=43, ID autora=9, ID dodavatele=0, typ dodavatele=0

Error: (01/06/2016 09:17:11 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Přeskočení: Ověření Eap method DLL path name se nezdařilo. Chyba: ID typu=25, ID autora=9, ID dodavatele=0, typ dodavatele=0

Error: (01/06/2016 09:17:11 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Přeskočení: Ověření Eap method DLL path name se nezdařilo. Chyba: ID typu=17, ID autora=9, ID dodavatele=0, typ dodavatele=0

Error: (01/05/2016 08:50:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2016 08:50:36 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Přeskočení: Ověření Eap method DLL path name se nezdařilo. Chyba: ID typu=43, ID autora=9, ID dodavatele=0, typ dodavatele=0

Error: (01/05/2016 08:50:36 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Přeskočení: Ověření Eap method DLL path name se nezdařilo. Chyba: ID typu=25, ID autora=9, ID dodavatele=0, typ dodavatele=0

Error: (01/05/2016 08:50:36 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Přeskočení: Ověření Eap method DLL path name se nezdařilo. Chyba: ID typu=17, ID autora=9, ID dodavatele=0, typ dodavatele=0

Error: (01/05/2016 08:46:38 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to kill already running streamer. [1813]

Error: (01/05/2016 08:45:11 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {46b1c073-5dc4-4fc2-bcad-6c5f72a243bd}


System errors:
=============
Error: (01/06/2016 09:17:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Intel(R) PROSet/Wireless Registry Service neuspěla při spuštění v důsledku následující chyby:
%%2

Error: (01/06/2016 09:17:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba MustangService DispalyName neuspěla při spuštění v důsledku následující chyby:
%%2

Error: (01/06/2016 09:17:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Intel(R) PROSet/Wireless Event Log neuspěla při spuštění v důsledku následující chyby:
%%2

Error: (01/06/2016 09:17:12 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN se nepodařilo spustit.

Cesta k modulu: C:\Windows\System32\IWMSSvc.dll
Kód chyby: 126

Error: (01/06/2016 09:17:10 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 22) (User: NT AUTHORITY)
Description: Služba protokolování událostí zjistila při inicializaci publikačních prostředků chybu v kanálu AirSpaceChannel. V případě analytického nebo ladicího typu kanálu to může znamenat, že došlo také k chybě při inicializaci přihlašovacích prostředků.

Error: (01/06/2016 09:17:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Virtualizace souborů nástroje Řízení uživatelských účtů neuspěla při spuštění v důsledku následující chyby:
%%2

Error: (01/05/2016 08:50:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Intel(R) PROSet/Wireless Registry Service neuspěla při spuštění v důsledku následující chyby:
%%2

Error: (01/05/2016 08:50:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba MustangService DispalyName neuspěla při spuštění v důsledku následující chyby:
%%2

Error: (01/05/2016 08:50:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Intel(R) PROSet/Wireless Event Log neuspěla při spuštění v důsledku následující chyby:
%%2

Error: (01/05/2016 08:50:37 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN se nepodařilo spustit.

Cesta k modulu: C:\Windows\System32\IWMSSvc.dll
Kód chyby: 126


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz
Percentage of memory in use: 47%
Total physical RAM: 3066.87 MB
Available physical RAM: 1613.41 MB
Total Virtual: 3783.73 MB
Available Virtual: 2106.08 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.56 GB) (Free:2.39 GB) NTFS
Drive d: () (Fixed) (Total:368.1 GB) (Free:1.09 GB) NTFS
Drive g: (Elements) (Fixed) (Total:1863.01 GB) (Free:2.66 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 95BC2171)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=368.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 0002F734)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:06-01-2015
Ran by Paja (administrator) on PAJA-NOTEBOOK (06-01-2016 21:41:16)
Running from D:\Stažené soubory
Loaded Profiles: Paja (Available Profiles: Paja)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Nainstalovano\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Nainstalovano\Power DVD 13\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe
(CyberLink) C:\Nainstalovano\Power DVD 13\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe
(Ellora Assets Corp.) C:\Nainstalovano\Freemake\CaptureLib\CaptureLibService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Nainstalovano\reaConverter 7 Standard\rc_service.exe
() C:\Nainstalovano\ProShow\scsiaccess.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(SlimWare Utilities, Inc.) C:\Program Files\SlimDrivers\SlimDrivers.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(AVAST Software) C:\Nainstalovano\Avast\AvastUI.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(CyberLink Corp.) C:\Nainstalovano\Power DVD 13\PowerDVD13\PowerDVD13Agent.exe
(Microsoft Corporation) C:\Nainstalovano\Microsoft Office Enterprise 2007\Office12\GrooveMonitor.exe
(NEC Electronics Corporation) C:\Program Files\Western Digital\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(PowerISO Computing, Inc.) C:\Nainstalovano\PowerISO\PWRISOVM.EXE
() C:\Program Files\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(iSkySoft) C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(Apple Inc.) C:\Nainstalovano\Itunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ZONER software) C:\Nainstalovano\Photo Studio 17\Program32\ZPSTray.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Nainstalovano\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Nainstalovano\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe
(Farbar) D:\Stažené soubory\FRST(1).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Nainstalovano\Avast\AvastUI.exe [7021880 2015-12-18] (AVAST Software)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2000-01-01] (Realtek Semiconductor)
HKLM\...\Run: [PowerDVD13Agent] => C:\Nainstalovano\Power DVD 13\PowerDVD13\PowerDVD13Agent.exe [517144 2013-10-23] (CyberLink Corp.)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Run: [GrooveMonitor] => C:\Nainstalovano\Microsoft Office Enterprise 2007\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM\...\Run: [NUSB3MON] => C:\Program Files\Western Digital\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-20] (NEC Electronics Corporation)
HKLM\...\Run: [PWRISOVM.EXE] => C:\Nainstalovano\PowerISO\PWRISOVM.EXE [200704 2006-12-25] (PowerISO Computing, Inc.)
HKLM\...\Run: [ProductUpdater] => C:\Program Files\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [62464 2015-06-18] ()
HKLM\...\Run: [ChicoSys] => C:\Windows\system32\cc32\webtmr.exe
HKLM\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft)
HKLM\...\Run: [DelaypluginInstall] => C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe [1960248 2015-10-29] ()
HKLM\...\Run: [iTunesHelper] => C:\Nainstalovano\Itunes\iTunesHelper.exe [157456 2015-10-16] (Apple Inc.)
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
HKU\S-1-5-21-203695958-539750940-1501531493-1000\...\Run: [DAEMON Tools Lite] => C:\Nainstalovano\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-203695958-539750940-1501531493-1000\...\Run: [PowerDVD13] => C:\Nainstalovano\Power DVD 13\PowerDVD13\PDVDLP.exe [470792 2013-10-23] (CyberLink Corp.)
HKU\S-1-5-21-203695958-539750940-1501531493-1000\...\Run: [Super MP3 Download] => C:\Nainstalovano\SuperMp3Download\SuperMp3Download.exe
HKU\S-1-5-21-203695958-539750940-1501531493-1000\...\Run: [Zoner Photo Studio Autoupdate] => C:\NAINSTALOVANO\PHOTO STUDIO 17\Program32\ZPSTRAY.EXE [563416 2015-07-12] (ZONER software)
HKU\S-1-5-21-203695958-539750940-1501531493-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-203695958-539750940-1501531493-1000\...\Policies\system: [DisableClock] 0
HKU\S-1-5-21-203695958-539750940-1501531493-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-203695958-539750940-1501531493-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-203695958-539750940-1501531493-1000\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-21-203695958-539750940-1501531493-1000\...\MountPoints2: {a502a618-d5c3-11e3-85c8-00238b4d4eb9} - I:\Unlock.exe autoplay=true
HKU\S-1-5-21-203695958-539750940-1501531493-1000\...\MountPoints2: {fed0b4e4-c241-11e3-9ac1-00238b4d4eb9} - F:\Unlock.exe autoplay=true
IFEO: [Debugger] logonui.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Nainstalovano\Avast\ashShell.dll [2015-12-18] (AVAST Software)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Nainstalovano\Microsoft Office Enterprise 2007\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Nainstalovano\Microsoft Office Enterprise 2007\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Nainstalovano\Microsoft Office Enterprise 2007\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Nainstalovano\Microsoft Office Enterprise 2007\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Nainstalovano\Microsoft Office Enterprise 2007\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-203695958-539750940-1501531493-1000] => 127.0.0.1:8118
AutoConfigURL: [S-1-5-21-203695958-539750940-1501531493-1000] => 127.0.0.1:8118
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{40DC63AB-CEE4-4DC9-B408-F49CC64F1E51}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4BC8D7B9-962E-4783-9952-1E606FCB20A9}: [NameServer] 10.1.1.0,10.1.1.100

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKU\S-1-5-21-203695958-539750940-1501531493-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_6826&q={searchTerms}
SearchScopes: HKU\S-1-5-21-203695958-539750940-1501531493-1000 -> 1500C81568E2C9D8F17E29C71ECBB74C URL = hxxp://videa.seznam.cz/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-203695958-539750940-1501531493-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_6826&q={searchTerms}
SearchScopes: HKU\S-1-5-21-203695958-539750940-1501531493-1000 -> {E3BF7B2D-C987-462D-9BF9-92F2FCC615DA} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13415
BHO: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Nainstalovano\Microsoft Office Enterprise 2007\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Nainstalovano\Avast\aswWebRepIE.dll [2015-12-18] (AVAST Software)
BHO: iSkysoft iMedia Converter Deluxe 5.1.0 -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> C:\ProgramData\iSkysoft\Video Converter Ultimate\WSBrowserAppMgr.dll [2015-10-29] (Wondershare)
BHO: No Name -> {D5FEC983-01DB-414A-9456-AF95AC9ED7B5} -> No File
Toolbar: HKU\S-1-5-21-203695958-539750940-1501531493-1000 -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Nainstalovano\Microsoft Office Enterprise 2007\Office12\GrooveSystemServices.dll [2006-10-26] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL No File
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL No File
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL No File
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 - No File

FireFox:
========
FF ProfilePath: C:\Users\Paja\AppData\Roaming\Mozilla\Firefox\Profiles\3456uct3.default
FF Homepage: hxxps://www.seznam.cz/
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-05] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Nainstalovano\Itunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [No File]
FF Plugin: @photodex.com/PhotodexPresenter -> C:\Program Files\Photodex Presenter\npPxPlay.dll [2014-11-11] ( )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Nainstalovano\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Nainstalovano\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Nainstalovano\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Nainstalovano\Avast\WebRep\FF [2015-12-18]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Nainstalovano\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Nainstalovano\Avast\SafePrice\FF [2015-12-18]
FF HKLM\...\Firefox\Extensions: [ISVCU@iSkysoft.com] - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com
FF Extension: iSkysoft iMedia Converter Deluxe - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com [2015-10-29] [not signed]
FF HKU\S-1-5-21-203695958-539750940-1501531493-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => not found

Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxps://www.seznam.cz/"
CHR Profile: C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-13]
CHR Extension: (Disk Google) - C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (Seznam Lištička - Email) - C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2015-02-17]
CHR Extension: (Seznam Lištička - Slovník) - C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2014-04-11]
CHR Extension: (YouTube) - C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Vyhledávání Google) - C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-03]
CHR Extension: (Dokumenty Google offline) - C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-21]
CHR Extension: (Avast Online Security) - C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-03]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-04]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2015-11-03]
CHR Extension: (Gmail) - C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-08]
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Nainstalovano\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-18]

Opera:
=======
OPR StartupUrls: "hxxp://www.seznam.cz/?clid=6826"

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [62464 2015-03-04] (Microsoft Corporation) [File not signed]
S3 AppIDSvc; C:\Windows\System32\appidsvc.dll [27648 2015-02-03] (Microsoft Corporation) [File not signed]
S3 Appinfo; C:\Windows\System32\appinfo.dll [47104 2015-06-15] (Microsoft Corporation) [File not signed]
R2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [475136 2015-02-03] (Microsoft Corporation) [File not signed]
R2 Audiosrv; C:\Windows\System32\Audiosrv.dll [475136 2015-02-03] (Microsoft Corporation) [File not signed]
R2 avast! Antivirus; C:\Nainstalovano\Avast\AvastSvc.exe [226440 2015-12-18] (AVAST Software)
R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [143872 2015-04-27] (Microsoft Corporation) [File not signed]
R2 CyberLink PowerDVD 13 Media Server Monitor Service; C:\Nainstalovano\Power DVD 13\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2013-10-23] (CyberLink)
R2 CyberLink PowerDVD 13 Media Server Service; C:\Nainstalovano\Power DVD 13\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [327432 2013-10-23] (CyberLink)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [853504 2015-05-25] (Microsoft Corporation) [File not signed]
S3 EFS; C:\Windows\System32\lsass.exe [22528 2015-07-01] (Microsoft Corporation) [File not signed]
R2 FontCache; C:\Windows\system32\FntCache.dll [909312 2015-04-20] (Microsoft Corporation) [File not signed]
R2 FreemakeVideoCapture; C:\Nainstalovano\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-04-17] (Ellora Assets Corp.) [File not signed]
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [102912 2015-06-19] (Microsoft Corporation) [File not signed]
R3 KeyIso; C:\Windows\system32\lsass.exe [22528 2015-07-01] (Microsoft Corporation) [File not signed]
S3 Microsoft Office Groove Audit Service; C:\Nainstalovano\Microsoft Office Enterprise 2007\Office12\GrooveAuditService.exe [65824 2006-10-26] (Microsoft Corporation)
S3 msiserver; C:\Windows\System32\msiexec.exe [73216 2015-06-15] (Microsoft Corporation) [File not signed]
S3 NBService; C:\Nainstalovano\Nero 7\Nero BackItUp\NBService.exe [774144 2006-11-10] (Nero AG) [File not signed]
S3 Netlogon; C:\Windows\system32\lsass.exe [22528 2015-07-01] (Microsoft Corporation) [File not signed]
R2 NlaSvc; C:\Windows\System32\nlasvc.dll [242688 2014-12-06] (Microsoft Corporation) [File not signed]
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15904544 2014-02-05] (NVIDIA Corporation)
R3 PcaSvc; C:\Windows\System32\pcasvc.dll [157184 2015-02-03] (Microsoft Corporation) [File not signed]
R2 ProfSvc; C:\Windows\system32\profsvc.dll [164864 2014-12-19] (Microsoft Corporation) [File not signed]
S3 ProtectedStorage; C:\Windows\system32\lsass.exe [22528 2015-07-01] (Microsoft Corporation) [File not signed]
R2 reaConverter_service; C:\Nainstalovano\reaConverter 7 Standard\rc_service.exe [2129408 2015-06-19] () [File not signed]
R2 SamSs; C:\Windows\system32\lsass.exe [22528 2015-07-01] (Microsoft Corporation) [File not signed]
R2 ScsiAccess; C:\Nainstalovano\ProShow\ScsiAccess.exe [186760 2014-11-11] ()
S3 TermService; C:\Windows\System32\termsrv.dll [523776 2014-10-14] (Microsoft Corporation) [File not signed]
R3 VaultSvc; C:\Windows\system32\lsass.exe [22528 2015-07-01] (Microsoft Corporation) [File not signed]
R3 WdiServiceHost; C:\Windows\system32\wdi.dll [76800 2015-01-09] (Microsoft Corporation) [File not signed]
R3 WdiSystemHost; C:\Windows\system32\wdi.dll [76800 2015-01-09] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 WinRM; C:\Windows\system32\WsmSvc.dll [1177088 2014-10-03] (Microsoft Corporation) [File not signed]
R2 wuauserv; C:\Windows\system32\wuaueng.dll [2057216 2015-07-09] (Microsoft Corporation) [File not signed]
U4 AvastVBoxSvc; "C:\Nainstalovano\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [X]
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe" [X]
S2 MustangService_2015_10_10; C:\ProgramData\TempMoudleSet\MustangSer2728.exe [X]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [X]
S2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [243712 2011-08-08] (Windows (R) Win 7 DDK provider)
S3 AppID; C:\Windows\system32\drivers\appid.sys [50176 2015-02-03] (Microsoft Corporation) [File not signed]
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-12-18] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [81168 2015-12-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-12-18] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-12-18] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [794952 2015-12-18] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436360 2015-12-18] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [117712 2015-12-18] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209432 2015-12-18] (AVAST Software)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-04-11] (Disc Soft Ltd)
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [514560 2015-02-25] (Microsoft Corporation) [File not signed]
R3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [55848 2000-01-01] (Atheros Communications, Inc.)
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [116224 2014-12-19] (Microsoft Corporation) [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [124416 2015-07-01] (Microsoft Corporation) [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [225792 2015-07-01] (Microsoft Corporation) [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [98304 2015-07-01] (Microsoft Corporation) [File not signed]
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7517696 2011-08-03] (Intel Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.)
R3 nuvotoncir; C:\Windows\System32\DRIVERS\nuvotoncir.sys [44544 2009-08-31] (Nuvoton Technology Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2013-12-27] (NVIDIA Corporation)
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [593920 2015-02-03] (Microsoft Corporation) [File not signed]
S3 RDPWD; C:\Windows\system32\Drivers\RDPWD.sys [184320 2014-07-17] (Microsoft Corporation) [File not signed]
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [31644 2006-12-25] (PowerISO Computing, Inc.) [File not signed]
R3 SCREAMINGBDRIVER; C:\Windows\System32\drivers\ScreamingBAudio.sys [34896 2014-02-07] (Screaming Bee LLC)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2016-01-06] ()
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [74752 2014-11-11] (Microsoft Corporation) [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [31232 2014-07-17] (Microsoft Corporation) [File not signed]
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2015-06-17] (Apple, Inc.) [File not signed]
R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; C:\Nainstalovano\Power DVD 13\PowerDVD13\Common\NavFilter\000.fcl [76560 2013-10-23] (CyberLink Corp.)
S3 CTIpHook; \SystemRoot\system32\Drivers\CTIpHook.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
U4 VBoxAswDrv; \??\C:\Nainstalovano\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-05 20:08 - 2016-01-06 21:16 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-01-05 20:08 - 2016-01-05 20:08 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-05 20:07 - 2016-01-05 20:07 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-05 19:48 - 2016-01-05 20:00 - 00013373 _____ C:\Users\Paja\Desktop\aswMBR.txt
2016-01-05 19:48 - 2016-01-05 20:00 - 00000512 _____ C:\Users\Paja\Desktop\MBR.dat
2016-01-05 00:49 - 2016-01-06 21:18 - 00013464 _____ C:\Windows\system32\Drivers\SWDUMon.sys
2016-01-05 00:49 - 2016-01-05 00:49 - 00000000 ____D C:\Users\Paja\AppData\Local\SlimWare Utilities Inc
2016-01-05 00:41 - 2016-01-05 00:38 - 00000030 _____ C:\AVScanner.ini
2016-01-02 22:55 - 2016-01-06 21:39 - 00029696 _____ C:\Users\Paja\AppData\Local\MSGBOX.EXE
2016-01-02 22:49 - 2016-01-06 21:41 - 00000000 ____D C:\FRST
2016-01-02 22:28 - 2016-01-02 22:28 - 00000000 _____ C:\Users\Paja\AppData\Local\{420565C7-551E-4DB4-A42D-D66A5D182EA7}
2016-01-02 22:28 - 2016-01-02 22:28 - 00000000 _____ C:\Users\Paja\AppData\Local\{260E69FE-667F-4EA6-AAA1-CDB82EE17888}
2016-01-02 18:23 - 2016-01-02 18:23 - 00000975 _____ C:\Users\Paja\Desktop\Install Kaspersky Internet Security version 16.0.0.614.lnk
2016-01-02 00:33 - 2015-12-29 01:00 - 319213865 _____ C:\Karel-Gott-2012-z-O2-areny-druhá-čast.webm
2016-01-02 00:32 - 2015-12-29 00:49 - 595946062 _____ C:\Karel Gott - O2 arena, 2012- první část.webm
2016-01-01 22:24 - 2016-01-01 22:25 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Paja\Downloads\mbam-setup-2.1.4.1018 (1).exe
2016-01-01 22:24 - 2016-01-01 22:24 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Paja\Downloads\mbam-setup-2.1.4.1018.exe
2016-01-01 22:12 - 2016-01-01 22:12 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-01-01 22:11 - 2016-01-01 22:12 - 01907824 _____ (Kaspersky Lab) C:\Users\Paja\Downloads\kis16.0.0.614en_8204 (1).exe
2016-01-01 22:11 - 2016-01-01 22:11 - 01907824 _____ (Kaspersky Lab) C:\Users\Paja\Downloads\kis16.0.0.614en_8204.exe
2015-12-31 18:11 - 2015-12-17 20:21 - 00579654 _____ C:\Na kolíčkách 2 2016.bmp
2015-12-29 23:27 - 2015-12-30 00:39 - 00000000 ____D C:\Anička proměny
2015-12-27 16:28 - 2016-01-01 22:43 - 00000000 ____D C:\ProgramData\TempMoudleSet
2015-12-27 16:28 - 2015-12-27 16:28 - 00000270 __RSH C:\ProgramData\ntuser.pol
2015-12-21 23:53 - 2015-12-17 20:18 - 01920054 _____ C:\Přání s textem 4 2016.bmp
2015-12-21 19:12 - 2015-12-21 19:15 - 00000000 ____D C:\dnes 21.12.2015
2015-12-20 22:24 - 2015-12-20 22:24 - 01920054 _____ C:\Přání s textem 3 2016_New.bmp
2015-12-20 22:23 - 2015-12-20 22:25 - 00003812 _____ C:\Přání s textem 3 2016_data.xml
2015-12-20 22:15 - 2015-12-17 20:18 - 01920054 _____ C:\Přání s textem 3 2016.bmp
2015-12-20 20:38 - 2015-12-20 20:50 - 00000000 ____D C:\fotky trhy výběr 2015
2015-12-20 20:13 - 2015-12-22 02:32 - 00000000 ____D C:\Vánoční trhy večer 2015
2015-12-18 17:55 - 2015-12-18 18:02 - 00000000 ____D C:\flash disk z.aloha dnes .18.12.2016
2015-12-18 01:39 - 2015-12-18 01:39 - 00322760 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-12-18 01:39 - 2015-12-18 01:39 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-12-17 21:42 - 2015-12-17 21:42 - 00002593 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
2015-12-17 21:42 - 2015-12-17 21:42 - 00000000 ____D C:\Program Files\Microsoft Office
2015-12-17 21:41 - 2015-12-17 21:41 - 00000000 ____D C:\Program Files\MSECache
2015-12-15 19:37 - 2015-12-15 20:01 - 00000000 ____D C:\Users\Paja\AppData\Roaming\iPhotoDraw
2015-12-15 19:37 - 2015-12-15 19:37 - 00001794 _____ C:\Users\Paja\Desktop\iPhotoDraw 2.0.lnk
2015-12-15 19:37 - 2015-12-15 19:37 - 00000000 ____D C:\Users\Paja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iPhotoDraw 2.0
2015-12-15 18:55 - 2015-12-15 18:55 - 00000000 ____D C:\Users\Paja\AppData\Local\kiwi.software.NET
2015-12-11 00:57 - 2015-12-11 22:52 - 00000000 ____D C:\Users\Paja\AppData\Roaming\Apple Computer
2015-12-11 00:57 - 2015-12-11 00:57 - 00001632 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-12-11 00:57 - 2015-12-11 00:57 - 00000000 ____D C:\Users\Paja\AppData\Local\Apple Computer
2015-12-11 00:57 - 2015-12-11 00:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-12-11 00:57 - 2015-12-11 00:57 - 00000000 ____D C:\ProgramData\Apple Computer
2015-12-11 00:57 - 2015-12-11 00:57 - 00000000 ____D C:\Program Files\iPod
2015-12-11 00:55 - 2015-12-11 00:55 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-12-11 00:55 - 2015-12-11 00:55 - 00000000 ____D C:\Users\Paja\AppData\Local\Apple
2015-12-11 00:55 - 2015-12-11 00:55 - 00000000 ____D C:\Program Files\Bonjour
2015-12-11 00:55 - 2015-12-11 00:55 - 00000000 ____D C:\Program Files\Apple Software Update
2015-12-11 00:54 - 2015-12-11 00:57 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-12-11 00:54 - 2015-12-11 00:55 - 00000000 ____D C:\ProgramData\Apple
2015-12-07 15:23 - 2015-12-07 15:33 - 00000000 ____D C:\Vánoční trhy 2015

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-06 21:32 - 2009-07-14 05:34 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-06 21:32 - 2009-07-14 05:34 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-06 21:18 - 2014-04-11 16:05 - 00000384 _____ C:\Windows\Tasks\SlimDrivers Startup.job
2016-01-06 21:17 - 2014-04-11 15:21 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-06 21:17 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-06 01:29 - 2015-02-21 21:07 - 00014121 _____ C:\Users\Paja\Desktop\Nový textový dokument (2).txt
2016-01-06 01:29 - 2014-04-11 19:52 - 00000000 ____D C:\Users\Paja\AppData\Roaming\AIMP3
2016-01-06 00:57 - 2014-04-11 20:38 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-06 00:42 - 2014-04-11 15:21 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-05 22:08 - 2014-04-11 17:11 - 00020926 _____ C:\Users\Paja\Desktop\Nový textový dokument.txt
2016-01-05 20:08 - 2015-10-15 19:28 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-05 20:06 - 2014-04-11 15:15 - 00000000 ____D C:\Nainstalovano
2016-01-05 20:00 - 2014-06-24 14:04 - 00000000 ____D C:\Users\Paja\AppData\Local\CrashDumps
2016-01-05 02:26 - 2014-04-11 21:02 - 00000000 ____D C:\Users\Paja\AppData\Roaming\uTorrent
2016-01-05 02:26 - 2010-11-21 02:16 - 00672046 _____ C:\Windows\system32\perfh005.dat
2016-01-05 02:26 - 2010-11-21 02:16 - 00142610 _____ C:\Windows\system32\perfc005.dat
2016-01-05 02:26 - 2010-11-20 22:01 - 01591750 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-05 02:26 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-01-05 01:47 - 2014-10-02 13:59 - 00002405 _____ C:\Users\Paja\Desktop\Windows 8 oprava.txt
2016-01-05 00:47 - 2015-09-22 16:30 - 00001244 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-05 00:47 - 2015-09-22 16:07 - 00000000 ____D C:\AdwCleaner
2016-01-05 00:47 - 2014-06-06 10:22 - 00000814 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-01-05 00:47 - 2014-04-11 15:40 - 00000747 _____ C:\Users\Public\Desktop\Opera.lnk
2016-01-05 00:38 - 2014-04-11 20:38 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-01-05 00:38 - 2014-04-11 20:38 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-01-05 00:37 - 2014-08-22 16:05 - 00000000 ____D C:\Users\Paja\AppData\Local\Adobe
2016-01-05 00:34 - 2014-04-11 15:32 - 00000000 ____D C:\Users\Paja\AppData\Roaming\Seznam.cz
2016-01-05 00:34 - 2014-04-11 15:32 - 00000000 ____D C:\Program Files\Seznam.cz
2016-01-04 22:33 - 2015-11-22 22:54 - 00000000 ____D C:\Users\Paja\AppData\Roaming\vlc
2016-01-02 22:49 - 2009-07-14 03:37 - 00000000 ____D C:\Windows
2015-12-31 22:42 - 2015-10-29 21:41 - 00000000 ____D C:\ProgramData\iSkysoft iMedia Converter Deluxe
2015-12-28 00:31 - 2014-09-13 09:03 - 00000000 ____D C:\s
2015-12-27 16:28 - 2014-06-06 10:22 - 00001098 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-12-27 16:28 - 2009-07-14 03:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-12-26 10:51 - 2014-05-02 21:24 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-12-20 01:04 - 2014-04-11 19:07 - 00000000 ____D C:\Users\Paja\AppData\Local\ElevatedDiagnostics
2015-12-20 00:03 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2015-12-18 17:39 - 2014-04-11 15:21 - 00436360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-12-18 17:39 - 2014-04-11 15:21 - 00081168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2015-12-18 01:39 - 2014-04-27 17:18 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-12-18 01:39 - 2014-04-11 15:21 - 00794952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-12-18 01:39 - 2014-04-11 15:21 - 00209432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-12-18 01:39 - 2014-04-11 15:21 - 00117712 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-12-18 01:39 - 2014-04-11 15:21 - 00081728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-12-18 01:39 - 2014-04-11 15:21 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-12-15 22:58 - 2015-09-25 19:12 - 00000000 ____D C:\fotky poslat
2015-12-09 00:26 - 2014-05-05 21:41 - 00000000 ____D C:\Users\Paja\AppData\Roaming\dvdcss

==================== Files in the root of some directories =======

2014-08-08 23:17 - 2011-07-19 02:37 - 0003262 _____ () C:\Program Files\Falco.ico
2014-08-08 23:17 - 2011-07-19 03:05 - 0000046 _____ () C:\Program Files\Falco.url
2014-07-10 07:16 - 2014-07-10 07:16 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files\Common Files\atimpenc.dll
2014-04-17 22:50 - 2014-04-19 21:57 - 0087608 _____ () C:\Users\Paja\AppData\Roaming\inst.exe
2014-04-17 22:50 - 2014-04-19 21:57 - 0007887 _____ () C:\Users\Paja\AppData\Roaming\pcouffin.cat
2014-04-17 22:50 - 2014-04-19 21:57 - 0001144 _____ () C:\Users\Paja\AppData\Roaming\pcouffin.inf
2014-04-17 22:52 - 2014-04-19 21:57 - 0000034 _____ () C:\Users\Paja\AppData\Roaming\pcouffin.log
2014-04-17 22:50 - 2014-04-19 21:57 - 0047360 _____ (VSO Software) C:\Users\Paja\AppData\Roaming\pcouffin.sys
2014-04-17 22:52 - 2015-10-18 19:50 - 0000668 _____ () C:\Users\Paja\AppData\Roaming\vso_ts_preview.xml
2014-05-02 22:58 - 2014-05-02 22:58 - 0000001 _____ () C:\Users\Paja\AppData\Local\llftool.4.40.agreement
2016-01-02 22:55 - 2016-01-06 21:39 - 0029696 _____ () C:\Users\Paja\AppData\Local\MSGBOX.EXE
2016-01-02 22:28 - 2016-01-02 22:28 - 0000000 _____ () C:\Users\Paja\AppData\Local\{260E69FE-667F-4EA6-AAA1-CDB82EE17888}
2016-01-02 22:28 - 2016-01-02 22:28 - 0000000 _____ () C:\Users\Paja\AppData\Local\{420565C7-551E-4DB4-A42D-D66A5D182EA7}
2014-04-11 16:49 - 2014-04-11 16:49 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Paja\AppData\Local\Temp\AskSLib.dll
C:\Users\Paja\AppData\Local\Temp\bdfilters.dll
C:\Users\Paja\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Paja\AppData\Local\Temp\FreemakeVideoConverterFull.exe
C:\Users\Paja\AppData\Local\Temp\FreemakeVideoDownloader_3.6.4.1.exe
C:\Users\Paja\AppData\Local\Temp\FreemakeVideoDownloader_3.6.4.3.exe
C:\Users\Paja\AppData\Local\Temp\FreeYouTubeDownload.exe
C:\Users\Paja\AppData\Local\Temp\iupdate.exe
C:\Users\Paja\AppData\Local\Temp\jna1334869850114248042.dll
C:\Users\Paja\AppData\Local\Temp\KMP_3.2.0.0.exe
C:\Users\Paja\AppData\Local\Temp\listicka-partner-13415-1.1.2-offline.exe
C:\Users\Paja\AppData\Local\Temp\listicka.exe
C:\Users\Paja\AppData\Local\Temp\maucampoSetup.exe
C:\Users\Paja\AppData\Local\Temp\ose00000.exe
C:\Users\Paja\AppData\Local\Temp\OutpostSecuritySuiteProInstall_NoBase.exe
C:\Users\Paja\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Paja\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Paja\AppData\Local\Temp\sp-downloader.exe
C:\Users\Paja\AppData\Local\Temp\SpeedUpMyComputer.exe
C:\Users\Paja\AppData\Local\Temp\sqlite3.dll
C:\Users\Paja\AppData\Local\Temp\tmd_34011571.exe
C:\Users\Paja\AppData\Local\Temp\tmd_34012617.exe
C:\Users\Paja\AppData\Local\Temp\tmd_34013608.exe
C:\Users\Paja\AppData\Local\Temp\tmd_34014889.exe
C:\Users\Paja\AppData\Local\Temp\tmd_34016271.exe
C:\Users\Paja\AppData\Local\Temp\tmd_34016886.exe
C:\Users\Paja\AppData\Local\Temp\tmd_34017186.exe
C:\Users\Paja\AppData\Local\Temp\tmd_34017419.exe
C:\Users\Paja\AppData\Local\Temp\tmd_34017597.exe
C:\Users\Paja\AppData\Local\Temp\tmd_34017755.exe
C:\Users\Paja\AppData\Local\Temp\tmd_34018251.exe
C:\Users\Paja\AppData\Local\Temp\tmd_34018466.exe
C:\Users\Paja\AppData\Local\Temp\tmd_34018741.exe
C:\Users\Paja\AppData\Local\Temp\YandexWorking.exe
C:\Users\Paja\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
C:\Users\Paja\AppData\Local\Temp\~ACE3.exe
C:\Users\Paja\AppData\Local\Temp\~D4EB.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe
[2015-05-13 14:28] - [2015-04-13 04:19] - 0259072 ____A (Microsoft Corporation) 0780A42DBD7D9969F9BF4A19AA4285B5

C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-30 20:38

==================== End of FRST.txt ============================

Ulozte na plochu rkill.exe, ukoncete vsechny aplikace a spustte - kdyby ho havet blokovala, pouzijte alternativni odkaz

• http://download.bleepingcomputer.com/grinler/rkill.exe
• http://download.bleepingcomputer.com/grinler/rkill.com
• obsah logu vytvoreneho take na plose (rkill.txt) zaslete v pristi odpovedi
• nerestartujte ted pocitac jinak prijdete o ucinek rkillu

POZOR - TATO UTILITA MA VELKOU SCHOPNOST MAZAT - NESPOUSTEJTE JI BEZ DOPORUCENI RADCE
Ulozte na plochu ComboFix.exe - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete antiviry a vsechny real-time ochrany
• spustte ComboFix jako spravce (lepe pod uctem s administratorskym opravnenim)
• s licencnimi podminkami souhlaste - Ano
• pokud je nabidnuta instalace konzoly pro zotaveni, souhlaste
• v prubehu skenovani nechte PC v klidu - nic nespoustejte a do okna ComboFixu neklikejte
• vysledek skenu naleznete v C:\ComboFix.txt, jehoz obsah mi zkopirujte do pristi odpovedi.

Rkill 2.8.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/07/2016 12:01:12 AM in x86 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\system32\GWX\GWX.exe (PID: 3764) [WD-HEUR]

1 proccess terminated!

Possibly Patched Files.

* C:\Windows\system32\services.exe
* C:\Windows\system32\lsass.exe
* C:\Windows\system32\winlogon.exe
* C:\Windows\system32\conhost.exe
* C:\Windows\system32\conhost.exe

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* C:\Windows\System32\comctl32.dll : 530 432 : 04/24/2015 06:56 PM : 58788565442368b0615ddaf1d452b843 [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.17514_none_3ba388ec36399c85\comctl32.dll : 530 432 : 11/20/2010 10:29 PM : bdac1aa64495d0f7e1ff810ebbf1f018 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.18201_none_3bab3b80363456bb\comctl32.dll : 530 432 : 07/04/2013 12:50 AM : 75f5e1fe8d55cf8e577e0ec5f2290d3f [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.18837_none_3b90d8dc36473182\comctl32.dll : 530 432 : 04/24/2015 06:56 PM : 58788565442368b0615ddaf1d452b843 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.22376_none_3bee2a494f8638cf\comctl32.dll : 530 432 : 07/04/2013 12:54 AM : 700bd5a6aa5381d1d8adc4045149dbf6 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.23039_none_3c1c4e5d4f63373c\comctl32.dll : 530 432 : 04/24/2015 07:00 PM : 71dd9528dd7d36eb853020401d66089d [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll : 530 432 : 11/20/2010 10:29 PM : bdac1aa64495d0f7e1ff810ebbf1f018 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_ec80f00e8593ece5\comctl32.dll : 530 432 : 07/04/2013 12:50 AM : 75f5e1fe8d55cf8e577e0ec5f2290d3f [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll : 530 432 : 04/24/2015 06:56 PM : 58788565442368b0615ddaf1d452b843 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.22376_none_ee67d2d082b9f619\comctl32.dll : 530 432 : 07/04/2013 12:54 AM : 700bd5a6aa5381d1d8adc4045149dbf6 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.23039_none_ee6532a082bc3b56\comctl32.dll : 530 432 : 04/24/2015 07:00 PM : 71dd9528dd7d36eb853020401d66089d [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll : 1 680 896 : 11/20/2010 10:29 PM : 352b3dc62a0d259a82a052238425c872 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458\comctl32.dll : 1 680 896 : 03/30/2015 04:02 AM : 346daa8204508a44b7211cc28b830cc5 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll : 1 680 896 : 04/24/2015 06:54 PM : 885e18b2d0a445fb637850282530eb72 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.23011_none_2b19399a457dfe3d\comctl32.dll : 1 680 896 : 03/30/2015 04:00 AM : 791206e0343ad8e61826e063f2e4c885 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.23039_none_2b1a83ee457cfdf3\comctl32.dll : 1 680 896 : 04/24/2015 06:57 PM : f7f754ddaa6af9d3f3549f7013bfdf70 [Pos Repl]

* C:\Windows\System32\conhost.exe : 271 360 : 05/09/2015 04:12 AM : 015e337aba03750d890a035819688fe1 [NoSig]
+-> C:\Windows\SoftwareDistribution\Download\ad7b8cfdb711865249ce6247b8e8e8d1\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.17965_none_762e298260837866\conhost.exe : 271 360 : 10/04/2012 03:57 PM : 310e9119d0a1cfdf1da897089b533d81 [Pos Repl]
+-> C:\Windows\SoftwareDistribution\Download\ad7b8cfdb711865249ce6247b8e8e8d1\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.22125_none_76e2de1f7980dbae\conhost.exe : 271 360 : 10/04/2012 03:47 PM : 053bb2b53053f7e90a2884a855d9c21f [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.17514_none_7663313c605bdebe\conhost.exe : 271 360 : 11/20/2010 10:29 PM : 156f20e7a89573c2fd7cbc305dfc181f [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.17625_none_765963806063112d\conhost.exe : 271 872 : 04/11/2014 07:52 PM : 4766160c4b63bb76ffec0ddf6103a396 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.17932_none_764b9868606dd88e\conhost.exe : 271 360 : 04/11/2014 07:53 PM : 47005361ff2a479a0554f352266baed3 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.18015_none_76641140605b1ff3\conhost.exe : 271 360 : 11/30/2012 03:55 AM : 3fa214b377b8711d859f950fdfeff739 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.18229_none_765d4648605f9b8e\conhost.exe : 271 360 : 08/02/2013 01:52 AM : 2de16a63f71d10b42ace01e759078600 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.18847_none_7645b14060718fac\conhost.exe : 271 360 : 05/09/2015 04:12 AM : 015e337aba03750d890a035819688fe1 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.21738_none_76db313d798618ed\conhost.exe : 271 872 : 04/11/2014 07:52 PM : 4b955c851f3fbdc23f7e0e5a0e0e49fa [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.22091_none_76932b9d79bd3cc2\conhost.exe : 271 360 : 04/11/2014 07:53 PM : 3803f847b0bcdaea538e346a0b6486d3 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.22177_none_76aecf1779a79a11\conhost.exe : 271 360 : 11/30/2012 05:58 AM : 4f76642d9fef5bfd7fb3e4b16010067a [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.22616_none_76eeb7d37977cad7\conhost.exe : 271 360 : 03/04/2014 11:38 AM : dfe0b6256b7b570e91efaddf6d591e20 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.22653_none_76c07745799aee96\conhost.exe : 271 360 : 04/12/2014 03:06 AM : d3a6e0d1c8ff738a1cc4e77cab3fcd91 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.23049_none_76d126c1798d9566\conhost.exe : 271 360 : 05/09/2015 06:40 AM : 7b6eac99f571a2d99777fd2dd7b38490 [Pos Repl]

* C:\Windows\System32\cryptsvc.dll : 143 872 : 04/27/2015 08:04 PM : 33f67bbcc3c0499d3f3382473114cfa8 [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll : 136 192 : 11/20/2010 10:29 PM : a585bebf7d054bd9618eda0922d5484a [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_77d7a417f9359661\cryptsvc.dll : 140 288 : 05/10/2013 05:49 AM : 33adf6e0853ab39ea1723be82842c1d3 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_77d8a461f934afb8\cryptsvc.dll : 140 288 : 05/13/2013 05:45 AM : 3897dff247d9ed0006190349de264e14 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_7812b70bf9088686\cryptsvc.dll : 140 288 : 07/09/2013 05:46 AM : 7ca1becea5de2643addad32670e7a4c9 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18526_none_77fe1d2ff917cf34\cryptsvc.dll : 143 872 : 07/07/2014 02:40 AM : 623e143f2df17c0106a9988f5d7dc878 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18741_none_77e37fb1f92c82b1\cryptsvc.dll : 143 872 : 02/03/2015 04:12 AM : 49474b3e37969af4b5c076f42b623aff [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18839_none_77f653d3f91d2e9f\cryptsvc.dll : 143 872 : 04/27/2015 08:04 PM : 33f67bbcc3c0499d3f3382473114cfa8 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_7882b2d71239f8d6\cryptsvc.dll : 142 848 : 05/10/2013 06:06 AM : e122aa1c9a3cc46ff9ddde46e5eb0c58 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_7883b3211239122d\cryptsvc.dll : 142 848 : 05/11/2013 05:59 AM : ac04d05309bb2c418d0d80b9fb014642 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_7840d305126b8725\cryptsvc.dll : 142 848 : 07/09/2013 02:57 PM : 6db499defcc827317c5371164a7cdb27 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_784ea5b51260b460\cryptsvc.dll : 142 848 : 10/05/2013 02:52 AM : f2d9242c3bbd1c36467fcae1ae01733f [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22908_none_789f60191223613f\cryptsvc.dll : 145 920 : 10/30/2014 03:14 AM : 3031b5dc2a58a7bce6651ea9b7dd6390 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22948_none_787420691243d103\cryptsvc.dll : 145 920 : 02/03/2015 04:31 AM : b97e16d36db7b7dd22c97857506fa58a [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.23040_none_786bf63b124b398d\cryptsvc.dll : 145 920 : 04/27/2015 07:55 PM : 59af628bef750ee470fd36751ca52137 [Pos Repl]

* C:\Windows\System32\kernel32.dll : 868 352 : 05/09/2015 04:13 AM : 957655757f43858692289b96f73716d8 [NoSig]
+-> C:\Windows\SoftwareDistribution\Download\ad7b8cfdb711865249ce6247b8e8e8d1\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17965_none_95904772b4b53b61\kernel32.dll : 868 352 : 10/04/2012 05:43 PM : 3ed262888758e350c29e02207af9ac59 [Pos Repl]
+-> C:\Windows\SoftwareDistribution\Download\ad7b8cfdb711865249ce6247b8e8e8d1\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22125_none_9644fc0fcdb29ea9\kernel32.dll : 868 352 : 10/04/2012 05:32 PM : 63350392c018d28c87e6fcb638dfcfe8 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_95c54f2cb48da1b9\kernel32.dll : 857 600 : 11/20/2010 10:29 PM : 5553784d774ca845380650e010bbda2c [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17617_none_95c851f0b48aeae5\kernel32.dll : 868 352 : 04/11/2014 07:52 PM : 02d5e2d9d9497f314c97e082a1cb9808 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17932_none_95adb658b49f9b89\kernel32.dll : 868 352 : 04/11/2014 07:53 PM : 6f93a0f455963dc8a9a16bb682c8d589 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18015_none_95c62f30b48ce2ee\kernel32.dll : 868 352 : 11/30/2012 05:47 AM : ae09b85158c66e2c154c5c9b3c0027b3 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18409_none_95d507dcb48120f5\kernel32.dll : 868 352 : 03/04/2014 10:17 AM : f74ffa7654702f81884bdb41eb80dac2 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18847_none_95a7cf30b4a352a7\kernel32.dll : 868 352 : 05/09/2015 04:13 AM : 957655757f43858692289b96f73716d8 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21728_none_96481f19cdafbff7\kernel32.dll : 868 352 : 04/11/2014 07:52 PM : 5717fc9d2a1daa0596dc7d940f2d613c [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22091_none_95f5498dcdeeffbd\kernel32.dll : 868 352 : 04/11/2014 07:53 PM : 9139b25aa9ca8749a11f2be863ef391b [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22177_none_9610ed07cdd95d0c\kernel32.dll : 868 352 : 11/30/2012 06:01 AM : 6d0d4b00c7cb4fa829f396a83b327894 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22616_none_9650d5c3cda98dd2\kernel32.dll : 872 448 : 03/04/2014 11:39 AM : 8237bf64fdd5ff36985070b8ebef144d [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22653_none_96229535cdccb191\kernel32.dll : 872 448 : 04/12/2014 03:06 AM : 0acc3056081e646e242a8eab2348271a [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23049_none_963344b1cdbf5861\kernel32.dll : 872 448 : 05/09/2015 06:41 AM : 8d5cc74bfa8f947cb283527806db7b1f [Pos Repl]

* C:\Windows\System32\lpk.dll : 26 624 : 07/15/2015 03:55 AM : 6d77d118d54bf6c5045b02cf0fa8d9af [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_abda8263b8c87657\lpk.dll : 26 624 : 07/14/2009 02:15 AM : 4f154d2c9c6df951fd6e5aabbae6b5ee [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18177_none_ab9c8559b8f68f07\lpk.dll : 26 112 : 06/06/2013 05:52 AM : f632602316001d517f4ef3b53b9a6c33 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18768_none_aba860f3b8ed7b57\lpk.dll : 26 624 : 02/20/2015 05:13 AM : dd16c06b79da2fbd422e87923c6c0c9d [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18914_none_abda7333b8c88494\lpk.dll : 26 624 : 07/03/2015 06:57 PM : 6093e2b608533f7259c463c774026fe4 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18923_none_abcea2fdb8d1872e\lpk.dll : 26 624 : 07/15/2015 03:55 AM : 6d77d118d54bf6c5045b02cf0fa8d9af [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22350_none_ac34c1dcd20a42b5\lpk.dll : 26 112 : 06/06/2013 06:03 AM : 6ad2c4ae940c3a73c7e5a50b8bbdbde5 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22974_none_ac232e90d216cedd\lpk.dll : 26 624 : 02/20/2015 06:17 AM : ab4b8f91c6d0566304a241ec9da8ea21 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.23117_none_ac66e8fed1e3a3a5\lpk.dll : 26 624 : 07/03/2015 06:47 PM : 7702f43fd43fac83013dfa36d2c426e6 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.23126_none_ac5b18c8d1eca63f\lpk.dll : 26 624 : 07/15/2015 03:59 AM : e5b13a197ba69ae4c20f6ec4d81f5825 [Pos Repl]

* C:\Windows\System32\lsass.exe : 22 528 : 07/01/2015 09:29 PM : dc0b4400073a404b53f571126b58f480 [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_a851f4adbb0d5141\lsass.exe : 22 528 : 07/14/2009 02:14 AM : f42309c4191c506b71db5d1126d26318 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_a84828d7bb1480d7\lsass.exe : 22 528 : 11/17/2011 06:29 AM : 81951f51e318aecc2d68559e47485cc4 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_a828bb43bb2beb28\lsass.exe : 22 528 : 11/17/2011 06:29 AM : 81951f51e318aecc2d68559e47485cc4 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17940_none_a82d8b59bb293454\lsass.exe : 22 528 : 11/17/2011 06:29 AM : 81951f51e318aecc2d68559e47485cc4 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18270_none_a80cf783bb41b5b7\lsass.exe : 22 016 : 09/25/2013 01:49 AM : 803b370865d907ea21dc0c2b6a8936b5 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18443_none_a8306bf1bb26a837\lsass.exe : 22 528 : 04/12/2014 03:11 AM : dd17e1573651293d4ed31053795b3471 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18489_none_a80b2dfdbb41b005\lsass.exe : 22 528 : 05/30/2014 08:52 AM : 213601d688579b98f576ba7ca88496de [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18496_none_a7fd5d33bb4c7ff1\lsass.exe : 22 528 : 04/12/2014 03:11 AM : dd17e1573651293d4ed31053795b3471 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18526_none_a8490e8dbb13b981\lsass.exe : 22 528 : 04/12/2014 03:11 AM : dd17e1573651293d4ed31053795b3471 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18606_none_a85eb04bbb037ec6\lsass.exe : 22 528 : 09/19/2014 10:23 AM : ac0d7a5778d5a8c17ecfeecb302b4fa4 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18637_none_a83f40d1bb1aebf0\lsass.exe : 22 528 : 04/12/2014 03:11 AM : dd17e1573651293d4ed31053795b3471 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18714_none_a851e1b1bb0d6530\lsass.exe : 22 528 : 01/10/2015 07:27 AM : 1bfcf24227b53f35ba534bf94f0db95c [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18717_none_a854e28fbb0ab135\lsass.exe : 22 528 : 01/14/2015 06:40 AM : ba0fe19728f5fa8473fb13c9c031fcc0 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18719_none_a856e323bb08e3e3\lsass.exe : 22 528 : 01/15/2015 08:42 AM : bf08de8e4fa1f143d41b3241f7fce5f6 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18738_none_a8404301bb1a026e\lsass.exe : 22 528 : 01/29/2015 04:01 AM : 4b66fc6316d1940837965c01d6ddd9a1 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18741_none_a82e710fbb286cfe\lsass.exe : 22 528 : 02/03/2015 04:11 AM : 27945cf21e17afbff1e31993aaee4551 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18779_none_a816039bbb398b89\lsass.exe : 22 528 : 03/06/2015 06:09 AM : f65f365ac0d1657917efdb52445c848b [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18798_none_a7ff6379bb4aaa14\lsass.exe : 22 528 : 03/17/2015 05:56 AM : 981ce3e3a653511799f4a862494b66a8 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18812_none_a84fe303bb0f2fa9\lsass.exe : 22 528 : 04/04/2015 04:04 AM : 618ba9298726844da4e9e53c7c8d4015 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18839_none_a8414531bb1918ec\lsass.exe : 22 528 : 04/27/2015 08:04 PM : 1667d76fbf42b24b9de3e8b0a7cf06be [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18869_none_a820d56dbb316cbf\lsass.exe : 22 528 : 05/25/2015 07:00 PM : d2967f6d4205a227aaa7d094c12f7141 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18909_none_a861b6dbbb00c240\lsass.exe : 22 528 : 06/27/2015 06:49 PM : 43972ed806646274c05e6ba2c1585b99 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18912_none_a84fe4e9bb0f2cd0\lsass.exe : 22 528 : 07/01/2015 09:29 PM : dc0b4400073a404b53f571126b58f480 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_a8a284cad4562b09\lsass.exe : 22 528 : 11/17/2011 06:24 AM : fbcb2dfa40862daa7b1534c9538208a5 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_a8d76e24d42eb666\lsass.exe : 22 528 : 06/02/2012 05:51 AM : fa7b950e4ca6aa260c4eaba19e03644d [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22099_none_a889f15ed46779fd\lsass.exe : 22 528 : 08/24/2012 05:53 PM : 7abc23f3d86880ad62acedc7479608f8 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22465_none_a8a66792d452b56a\lsass.exe : 22 016 : 09/25/2013 01:54 AM : 559c7769b397f07e12725ee55337d4c6 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22653_none_a8af3ab6d44c6119\lsass.exe : 22 528 : 04/12/2014 03:06 AM : 627b40eb2595d8fcf1960f33389eb7d3 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22705_none_a8e74cccd4220539\lsass.exe : 22 528 : 05/30/2014 08:34 AM : 0421593a1955fe63245b700560b44600 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22712_none_a8d97c02d42cd525\lsass.exe : 22 528 : 04/12/2014 03:06 AM : 627b40eb2595d8fcf1960f33389eb7d3 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22736_none_a8c7dd52d4397263\lsass.exe : 22 528 : 04/12/2014 03:06 AM : 627b40eb2595d8fcf1960f33389eb7d3 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22807_none_a8e94f46d420350e\lsass.exe : 22 528 : 04/12/2014 03:06 AM : 627b40eb2595d8fcf1960f33389eb7d3 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22814_none_a8db7e7cd42b04fa\lsass.exe : 22 528 : 09/19/2014 10:29 AM : f0f6e52554e314a71e776b1086b5b3dd [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22843_none_a8ba0e6ed4443f76\lsass.exe : 22 528 : 04/12/2014 03:06 AM : 627b40eb2595d8fcf1960f33389eb7d3 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22920_none_a8ccaf4ed436b8b6\lsass.exe : 22 528 : 01/10/2015 07:57 AM : 0b0a841a8de520cb85ea985ddd21cae3 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22923_none_a8cfb02cd43404bb\lsass.exe : 22 528 : 04/12/2014 03:06 AM : 627b40eb2595d8fcf1960f33389eb7d3 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22925_none_a8d1b0c0d4323769\lsass.exe : 22 528 : 04/12/2014 03:06 AM : 627b40eb2595d8fcf1960f33389eb7d3 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22943_none_a8ba1054d4443c9d\lsass.exe : 22 528 : 01/27/2015 04:27 AM : 2668762334e663b7bd68067a047c4187 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22948_none_a8bf11c6d43fbb50\lsass.exe : 22 528 : 02/03/2015 04:31 AM : 8cad69b705d065ccaaa0e4c17c07b21e [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22983_none_a88ed0a4d464ac61\lsass.exe : 22 528 : 03/06/2015 06:11 AM : be2d700a9b21b40622c250fe1206a02f [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23002_none_a8e427dcd424e6c4\lsass.exe : 22 528 : 03/17/2015 05:45 AM : 3228be5229f9eefb18654a56b016f642 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23017_none_a8de5962d4288168\lsass.exe : 22 528 : 04/04/2015 04:10 AM : 35f0817c803dfc520cbf7031b72b6a17 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23040_none_a8b6e798d44723da\lsass.exe : 22 528 : 04/27/2015 07:55 PM : 24d7fcb0a817b4d841a3ca67212fe500 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23072_none_a8987868d45daa5b\lsass.exe : 22 528 : 05/25/2015 07:05 PM : 91d8b4ff9cd5725dd6507f49cc50bb03 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23112_none_a8d959d6d42cffdc\lsass.exe : 22 528 : 06/27/2015 07:03 PM : 172e23440447bae4c02be92c11dff544 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23115_none_a8dc5ab4d42a4be1\lsass.exe : 22 528 : 07/01/2015 06:51 PM : a1fedb23c022280b2649b553d8113f18 [Pos Repl]

* C:\Windows\System32\mshtml.dll : 19 877 376 : 07/02/2015 10:21 PM : 116f506573b59b85cd0dc18527e9951a [NoSig]
+-> C:\Windows\SoftwareDistribution\Download\6dfae1897b52da070a9261cc27751d1a\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.18404_none_300f7afcf7658d2d\mshtml.dll : 6 041 088 : 02/24/2014 03:05 AM : cbdc75b3f879a5778bd3ca3b502134ac [Pos Repl]
+-> C:\Windows\SoftwareDistribution\Download\6dfae1897b52da070a9261cc27751d1a\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.22609_none_309e1b20107ea8d1\mshtml.dll : 6 041 600 : 02/24/2014 03:00 AM : e0c79f80427d0a7835640aca2fe9fe46 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16866_none_34e13028da54e0fd\mshtml.dll : 14 358 016 : 04/11/2014 07:54 PM : 3242a084cd8f934337e711f7c7ee5e6b [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16428_none_997b8a267eda3b8c\mshtml.dll : 17 142 784 : 04/11/2014 10:06 PM : f9f114b2a6f876c92d317a755494f233 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16521_none_997159b27ee1a416\mshtml.dll : 17 074 688 : 03/01/2014 05:30 AM : 70462e0a4e293fc80620ab945d8a59bb [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16659_none_9968d4647ee7d914\mshtml.dll : 17 073 152 : 03/31/2014 00:57 AM : ccf19c82f6145e4a467f7cb9af82026c [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17041_none_99a96bc87eb74836\mshtml.dll : 17 387 008 : 03/06/2014 10:19 AM : ea85144f35ede6ee25c484d4242ff2c8 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17105_none_999a3f947ec3654f\mshtml.dll : 17 384 448 : 04/29/2014 01:48 PM : 5869fbc754578a59c8c8635b99db79de [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17107_none_999a12047ec39891\mshtml.dll : 17 382 912 : 05/06/2014 04:25 AM : eb5347f6149d3ff25f4d609a21a3bd67 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17126_none_999c29607ec1b19e\mshtml.dll : 17 271 296 : 05/30/2014 10:18 AM : d5ecbb3bfdc73a59440d9ca79ab3a342 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17207_none_998f42187ecbb482\mshtml.dll : 17 276 416 : 06/19/2014 01:16 AM : dfa59840bb1220afd261fdae83543959 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17239_none_999215667ec933c9\mshtml.dll : 17 524 224 : 07/25/2014 02:51 PM : 8453ddf167ce2986aa4ab04bc6824925 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17280_none_9997e3e07ec3cbd3\mshtml.dll : 17 455 104 : 08/18/2014 11:26 PM : 7bf1ce9240cb9dd27c3e30733176eb8e [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17358_none_99895cd67ecf68c7\mshtml.dll : 17 484 800 : 09/19/2014 02:44 AM : f91e55da404b834648a3b0a2477c10db [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17420_none_997c424c7ed96bab\mshtml.dll : 19 781 632 : 11/06/2014 04:10 AM : 93074c4fa92a8399404d032f6af72c1b [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17501_none_996f5b047ee36e8f\mshtml.dll : 19 749 376 : 11/22/2014 03:22 AM : 220505b0b3e96c857dd01729af0cd369 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17633_none_99675e667ee909c7\mshtml.dll : 19 740 160 : 01/12/2015 03:25 AM : 61c74d794c14e9fc94d93f5f0f72a3f9 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17691_none_996d8db27ee36e8f\mshtml.dll : 19 720 192 : 02/21/2015 01:25 AM : 95cb6079b3e62d4301958023c2070a48 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17728_none_995b1c487ef28c86\mshtml.dll : 19 695 616 : 03/13/2015 04:42 AM : 2f42037dd6f2831332653eb7f35d7e9a [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17801_none_994eeb407efbc262\mshtml.dll : 19 691 008 : 04/21/2015 05:24 PM : d74445161e58644309f858342f5e265c [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17843_none_9952bed87ef85b00\mshtml.dll : 19 607 040 : 05/27/2015 03:08 PM : 975421ac32f9f6e27a58f75dab4b5871 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17914_none_9944d7467f03448d\mshtml.dll : 19 877 376 : 06/25/2015 04:10 AM : fa9dfdaf0d0ba0f2e5bf85c2aa557a6f [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17923_none_9945ee587f024443\mshtml.dll : 19 877 376 : 07/02/2015 10:21 PM : 116f506573b59b85cd0dc18527e9951a [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_3004c3bef76d8ca4\mshtml.dll : 5 977 600 : 11/20/2010 10:29 PM : c50799f0d47dfb9774f721521b6c41d5 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16545_none_2bb118903c7c66f6\mshtml.dll : 12 347 904 : 04/11/2014 08:20 PM : 10d0fa4f2a6adbeea0fff10583cc5407 [Pos Repl]

* C:\Windows\System32\ole32.dll : 1 414 656 : 07/04/2015 06:48 PM : 4548507ed3c17db4739dbbeaf6378004 [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.17514_none_ae2511475093798f\ole32.dll : 1 414 144 : 11/20/2010 10:29 PM : 928cf7268086631f54c3d8e17238c6dd [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.18915_none_ae2602615092a123\ole32.dll : 1 414 656 : 07/04/2015 06:48 PM : 4548507ed3c17db4739dbbeaf6378004 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.23118_none_aeb2782c69adc034\ole32.dll : 1 414 656 : 07/04/2015 06:48 PM : 1327be7f332b0695c0158d6dde9551a9 [Pos Repl]

* C:\Windows\System32\schannel.dll : 248 832 : 07/01/2015 09:30 PM : 98226182583df1715f1be6ccea6e8d95 [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.17514_none_241db4f9b384efcc\schannel.dll : 224 256 : 11/20/2010 10:29 PM : 135f7ac9be35ab1df727faf2e60e92f8 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.17725_none_2413e923b38c1f62\schannel.dll : 224 768 : 11/17/2011 06:34 AM : 1affb765af1fdcc0c185c38e9ddddaee [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.17856_none_23f47b8fb3a389b3\schannel.dll : 225 280 : 06/02/2012 05:40 AM : 3d3cbd1847f980fb03343a63671e7886 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.17940_none_23f94ba5b3a0d2df\schannel.dll : 247 808 : 08/24/2012 05:57 PM : af78f66116814fdd6677cebd73035cdd [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.18270_none_23d8b7cfb3b95442\schannel.dll : 247 808 : 09/25/2013 02:57 AM : aa6f6457116b559b76bc6a012cb4c293 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.18409_none_242d6da9b3786f08\schannel.dll : 247 808 : 03/04/2014 10:17 AM : 828185688fdaae6c7959b884abed1766 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.18489_none_23d6ee49b3b94e90\schannel.dll : 247 808 : 05/30/2014 08:52 AM : f95e1e9d97d25c11f29ca34c843a6f4d [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.18606_none_242a7097b37b1d51\schannel.dll : 248 832 : 09/19/2014 10:23 AM : 8cfaefcd7f1e004950fcae870a501b3e [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.18714_none_241da1fdb38503bb\schannel.dll : 248 832 : 01/10/2015 07:27 AM : 7c893dba0a58855a99da68b751fd223b [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.18738_none_240c034db391a0f9\schannel.dll : 248 832 : 01/29/2015 04:01 AM : c13a0b0d53f0e8277d1e695981ef7855 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.18741_none_23fa315bb3a00b89\schannel.dll : 248 832 : 02/03/2015 04:12 AM : 77949ecd7d87bc4a181c9b5e3d019d4f [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.18779_none_23e1c3e7b3b12a14\schannel.dll : 248 832 : 03/06/2015 06:10 AM : d5063b86dc3f85b93d02af68099f4c9a [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.18798_none_23cb23c5b3c2489f\schannel.dll : 248 832 : 03/17/2015 05:57 AM : bc09159aff6639db2cb28058731199f0 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.18839_none_240d057db390b777\schannel.dll : 248 832 : 04/27/2015 08:05 PM : c34e0f9846d0ff902ced82db5ab104ba [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.18843_none_23fc33d5b39e3b5e\schannel.dll : 248 832 : 05/05/2015 02:12 AM : 2665a3d34d1c62df303723422215b001 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.18869_none_23ec95b9b3a90b4a\schannel.dll : 248 832 : 05/25/2015 07:01 PM : bbabc6702529cfadac0ec2b28168a288 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.18909_none_242d7727b37860cb\schannel.dll : 248 832 : 06/27/2015 06:50 PM : 5497deedb238cc233b4b71b56a82262a [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.18912_none_241ba535b386cb5b\schannel.dll : 248 832 : 07/01/2015 09:30 PM : 98226182583df1715f1be6ccea6e8d95 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.21861_none_246e4516cccdc994\schannel.dll : 224 768 : 11/17/2011 06:29 AM : 3dbcbd8adb406c43a2127544d7ba974e [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.22010_none_24a32e70cca654f1\schannel.dll : 225 280 : 06/02/2012 05:55 AM : c5b2dc72f2453cef2e150a81f696703d [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.22099_none_2455b1aaccdf1888\schannel.dll : 247 808 : 08/24/2012 05:58 PM : abf890af1b55146f7dfe7a937f503b0a [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.22465_none_247227deccca53f5\schannel.dll : 247 808 : 09/25/2013 03:00 AM : b3d791020560fff9438fca764027ce3d [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.22616_none_24a93b90cca0dbe5\schannel.dll : 247 808 : 03/04/2014 11:39 AM : 2ca65ec66d4ea3c6e8bad9f2115aaa64 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.22705_none_24b30d18cc99a3c4\schannel.dll : 247 808 : 05/30/2014 08:35 AM : ee9b43c83860e9a0e824965f4e4c719a [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.22712_none_24a53c4ecca473b0\schannel.dll : 247 808 : 06/05/2014 03:16 PM : 515869f5d4a1bf839d74e381766285a9 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.22736_none_24939d9eccb110ee\schannel.dll : 247 808 : 07/07/2014 02:40 AM : c2597cc43e9f3f54f87526045e5d616a [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.22807_none_24b50f92cc97d399\schannel.dll : 247 808 : 07/07/2014 02:40 AM : c2597cc43e9f3f54f87526045e5d616a [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.22814_none_24a73ec8cca2a385\schannel.dll : 248 832 : 09/19/2014 10:29 AM : f07fc786d166ab6c6c7e217c82ad4a78 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.22843_none_2485cebaccbbde01\schannel.dll : 248 832 : 10/14/2014 02:50 AM : 51499f7d51aa8ee15d94e397796a8da2 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.22865_none_24722f76ccca4891\schannel.dll : 248 832 : 10/14/2014 02:50 AM : 51499f7d51aa8ee15d94e397796a8da2 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.22920_none_24986f9accae5741\schannel.dll : 248 832 : 01/10/2015 07:58 AM : 4af0f351c4cf3294818fc76a3e1c4043 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.22923_none_249b7078ccaba346\schannel.dll : 248 832 : 01/14/2015 07:21 AM : b5583d45daa4f8912107e2d2eff773fc [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.22925_none_249d710ccca9d5f4\schannel.dll : 248 832 : 01/15/2015 09:09 AM : a8a5f532bc58817e2044bea8f1deaa59 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.22943_none_2485d0a0ccbbdb28\schannel.dll : 248 832 : 01/27/2015 04:28 AM : 25271a7bda42737dd5d5339f50ef431c [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.22948_none_248ad212ccb759db\schannel.dll : 248 832 : 02/03/2015 04:32 AM : 86ceda9380e183b19c76adc62e380301 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.22983_none_245a90f0ccdc4aec\schannel.dll : 248 832 : 03/06/2015 06:11 AM : 19efcc3987487958463aae6012821d3c [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.23002_none_24afe828cc9c854f\schannel.dll : 248 832 : 03/17/2015 05:45 AM : 7cc414a44d15221a14f7e8ec7994c2f9 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.23040_none_2482a7e4ccbec265\schannel.dll : 248 832 : 04/27/2015 07:56 PM : 2c1c6a33216f25acec06126911697765 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.23045_none_2487a956ccba4118\schannel.dll : 248 832 : 05/05/2015 04:27 AM : 81e49397682c109eb2b0a9fe7838d89c [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.23072_none_246438b4ccd548e6\schannel.dll : 248 832 : 05/25/2015 07:07 PM : d44f44ef0bb8c2947bc20e40a33258d3 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.23112_none_24a51a22cca49e67\schannel.dll : 248 832 : 06/27/2015 07:04 PM : c269830364fd00a4fda8bcdc6dfaf03d [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.23115_none_24a81b00cca1ea6c\schannel.dll : 248 832 : 07/01/2015 06:52 PM : 2a6acff1df12d136e55a3578380778e7 [Pos Repl]

* C:\Windows\System32\services.exe : 259 072 : 04/13/2015 04:19 AM : 0780a42dbd7d9969f9bf4a19aa4285b5 [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe : 259 072 : 07/14/2009 02:14 AM : 5f1b6a9c35d3d5ca72d6d6fdef9747d6 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7601.18829_none_d1614ac32b8ec5cf\services.exe : 259 072 : 04/13/2015 04:19 AM : 0780a42dbd7d9969f9bf4a19aa4285b5 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7601.23033_none_d1d9ee0844ba1cc2\services.exe : 259 072 : 04/11/2015 04:53 AM : 97981140500e86e5bbad7b76ba890146 [Pos Repl]

* C:\Windows\System32\smss.exe : 69 632 : 05/25/2015 07:00 PM : abd1dc994fd40c5f74f7dfdceeb64599 [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_ac10fe207a85352b\smss.exe : 69 632 : 07/14/2009 02:14 AM : 16742790895960690237a5143cedec8b [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18113_none_ae40f33e7774c473\smss.exe : 69 632 : 03/19/2013 03:49 AM : de91dcc7bc55e940979097e98f743205 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18738_none_ae30603c778069f2\smss.exe : 69 632 : 01/29/2015 04:01 AM : 0c41393891e2eb9f8fdf28a0654c5b5e [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18741_none_ae1e8e4a778ed482\smss.exe : 69 632 : 02/03/2015 04:12 AM : 01c6c743fe49d0fb3f0a1391fef1deb3 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18798_none_adef80b477b11198\smss.exe : 69 632 : 03/17/2015 05:56 AM : 485436c2a90318218777401fb973558c [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18839_none_ae31626c777f8070\smss.exe : 69 632 : 04/27/2015 08:04 PM : 03cd13a169c19558f637c2f36b974bda [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18869_none_ae10f2a87797d443\smss.exe : 69 632 : 05/25/2015 07:00 PM : abd1dc994fd40c5f74f7dfdceeb64599 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22379_none_ae8fb42390bda114\smss.exe : 69 632 : 07/08/2013 04:02 AM : 634e0b45780f502304592c5615a31089 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22436_none_aeb7f4db909fe272\smss.exe : 69 632 : 08/29/2013 01:51 AM : d2a72c71cd6c18a99e920ec5761f0c7d [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22653_none_ae9f57f190b2c89d\smss.exe : 69 632 : 04/12/2014 03:06 AM : d8a5e3b8eb601b897ac78b060177e460 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22908_none_aeda6eb19085b310\smss.exe : 69 632 : 04/12/2014 03:06 AM : d8a5e3b8eb601b897ac78b060177e460 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22921_none_aebdccd3909c3991\smss.exe : 69 632 : 04/12/2014 03:06 AM : d8a5e3b8eb601b897ac78b060177e460 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22923_none_aebfcd67909a6c3f\smss.exe : 69 632 : 04/12/2014 03:06 AM : d8a5e3b8eb601b897ac78b060177e460 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22943_none_aeaa2d8f90aaa421\smss.exe : 69 632 : 01/27/2015 04:27 AM : ea4931a2ee99926c89935fc92526d7a4 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22948_none_aeaf2f0190a622d4\smss.exe : 69 632 : 02/03/2015 04:31 AM : 7ffc65934b6cc409d62448adfe50ebf1 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23002_none_aed44517908b4e48\smss.exe : 69 632 : 03/17/2015 05:45 AM : bce230b8626e42e997285173a9426ee5 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23040_none_aea704d390ad8b5e\smss.exe : 69 632 : 04/27/2015 07:55 PM : ac1d1026d06d6f74d32356772a3e321e [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23072_none_ae8895a390c411df\smss.exe : 69 632 : 05/25/2015 07:06 PM : 1f4bf2d256946ef3a2426c843f3941d6 [Pos Repl]

* C:\Windows\System32\termsrv.dll : 523 776 : 10/14/2014 02:50 AM : fcfd4f50419b4bc72e80066da10d2e54 [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_90a6abb3b286306d\termsrv.dll : 521 216 : 11/20/2010 10:29 PM : 382c804c92811be57829d8e550a900e2 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18540_none_908223ffb2a23885\termsrv.dll : 523 264 : 07/17/2014 02:39 AM : e05e31f7bf577228e27cffca5b54abbd [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18637_none_9093f7d7b293cb1c\termsrv.dll : 523 776 : 10/14/2014 02:50 AM : fcfd4f50419b4bc72e80066da10d2e54 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.22750_none_9100f2c4cbc7f167\termsrv.dll : 525 824 : 07/16/2014 03:56 AM : 278f31dd3bfde48f2e1fff882fbd24b5 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.22843_none_910ec574cbbd1ea2\termsrv.dll : 526 848 : 10/14/2014 02:50 AM : dd01319264b6d19e379bdd079a27da91 [Pos Repl]

* C:\Windows\System32\wdigest.dll : 172 032 : 07/01/2015 09:30 PM : 6ae6e08938d5ba9d8ba305506620b48d [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7600.16385_none_3aa3a13ade08a93a\wdigest.dll : 171 520 : 07/14/2009 02:16 AM : 0450cf487ecd8a67b56f59f9a96d024d [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.18409_none_3ce46db2daeaac10\wdigest.dll : 172 032 : 03/04/2014 10:17 AM : 3a1abe045a3e30799576e83a2d012b43 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.18489_none_3c8dee52db2b8b98\wdigest.dll : 172 032 : 05/30/2014 08:52 AM : c71cc796f0e2e9bd542c87532706fcfe [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.18606_none_3ce170a0daed5a59\wdigest.dll : 172 032 : 09/19/2014 10:23 AM : 37bc079204bf9b087d6de6b728908b4b [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.18714_none_3cd4a206daf740c3\wdigest.dll : 172 032 : 01/10/2015 07:27 AM : a12d64a94ec57079c2d96a741cb4ff53 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.18738_none_3cc30356db03de01\wdigest.dll : 172 032 : 01/29/2015 04:01 AM : 1956eebac1414d270b7f3576dc6dbb4d [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.18741_none_3cb13164db124891\wdigest.dll : 172 032 : 02/03/2015 04:12 AM : 49376c9720930363acf92799c6878bff [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.18779_none_3c98c3f0db23671c\wdigest.dll : 172 032 : 03/06/2015 06:10 AM : 4e15e2d20ae755fdeacd96f359f732db [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.18798_none_3c8223cedb3485a7\wdigest.dll : 172 032 : 03/17/2015 05:57 AM : 655c88135254c78e6fb66b6c2f6ac5da [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.18812_none_3cd2a358daf90b3c\wdigest.dll : 172 032 : 04/04/2015 04:05 AM : 6954b10c2cf2d99e3f138fb9bdf32547 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.18839_none_3cc40586db02f47f\wdigest.dll : 172 032 : 04/27/2015 08:05 PM : 850f756363237a2eb069b9b25ef8bec3 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.18869_none_3ca395c2db1b4852\wdigest.dll : 172 032 : 05/25/2015 07:01 PM : a9e8f961f7fe1edeef8f46eeb800f2d8 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.18909_none_3ce47730daea9dd3\wdigest.dll : 172 032 : 06/27/2015 06:50 PM : 6e1039fd5dc9ce93e234464a09f3fa41 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.18912_none_3cd2a53edaf90863\wdigest.dll : 172 032 : 07/01/2015 09:30 PM : 6ae6e08938d5ba9d8ba305506620b48d [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.22616_none_3d603b99f41318ed\wdigest.dll : 172 032 : 03/04/2014 11:39 AM : 2d934b2b5ca353d353a8166c0125d122 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.22705_none_3d6a0d21f40be0cc\wdigest.dll : 172 032 : 05/30/2014 08:35 AM : 16cb333a257a1f4f32df2000287b4ba0 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.22712_none_3d5c3c57f416b0b8\wdigest.dll : 172 032 : 03/04/2014 11:39 AM : 2d934b2b5ca353d353a8166c0125d122 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.22736_none_3d4a9da7f4234df6\wdigest.dll : 172 032 : 03/04/2014 11:39 AM : 2d934b2b5ca353d353a8166c0125d122 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.22807_none_3d6c0f9bf40a10a1\wdigest.dll : 172 032 : 03/04/2014 11:39 AM : 2d934b2b5ca353d353a8166c0125d122 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.22814_none_3d5e3ed1f414e08d\wdigest.dll : 172 032 : 09/19/2014 10:29 AM : 3d46ee1128a16acc8df8ac9e44939c0d [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.22843_none_3d3ccec3f42e1b09\wdigest.dll : 172 032 : 03/04/2014 11:39 AM : 2d934b2b5ca353d353a8166c0125d122 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.22865_none_3d292f7ff43c8599\wdigest.dll : 172 032 : 03/04/2014 11:39 AM : 2d934b2b5ca353d353a8166c0125d122 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.22920_none_3d4f6fa3f4209449\wdigest.dll : 172 032 : 01/10/2015 07:58 AM : c8ad6cae235349b1b21300e206b5ff51 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.22923_none_3d527081f41de04e\wdigest.dll : 172 032 : 03/04/2014 11:39 AM : 2d934b2b5ca353d353a8166c0125d122 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.22925_none_3d547115f41c12fc\wdigest.dll : 172 032 : 03/04/2014 11:39 AM : 2d934b2b5ca353d353a8166c0125d122 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.22943_none_3d3cd0a9f42e1830\wdigest.dll : 172 032 : 01/27/2015 04:28 AM : fb5c9a4d643f6c0fa3b2386d35c7a2d9 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.22948_none_3d41d21bf42996e3\wdigest.dll : 172 032 : 02/03/2015 04:32 AM : ac863cc3ed0fe6faad8cc1a5f4a9507b [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.22983_none_3d1190f9f44e87f4\wdigest.dll : 172 032 : 03/06/2015 06:12 AM : 80c225e765b2239084829d821fe5c537 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.23002_none_3d66e831f40ec257\wdigest.dll : 172 032 : 03/17/2015 05:45 AM : 94956fceb403a6a5d32f22fbcf4a45a9 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.23017_none_3d6119b7f4125cfb\wdigest.dll : 172 032 : 04/04/2015 04:11 AM : d8620bb81e6b8d0f861a59705cd902d6 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.23040_none_3d39a7edf430ff6d\wdigest.dll : 172 032 : 04/27/2015 07:56 PM : a77fb2fe527836b10cd2a1cd4695b17c [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.23072_none_3d1b38bdf44785ee\wdigest.dll : 172 032 : 05/25/2015 07:07 PM : 523476c1b9322a9f71df8f2cebe61f8c [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.23112_none_3d5c1a2bf416db6f\wdigest.dll : 172 032 : 06/27/2015 07:04 PM : a6639c62ae100428b8b23f1c7b375490 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.23115_none_3d5f1b09f4142774\wdigest.dll : 172 032 : 07/01/2015 06:52 PM : ef7087780f9dc32f9f6c554bd1257900 [Pos Repl]

* C:\Windows\System32\wininet.dll : 1 951 232 : 06/19/2015 06:15 PM : 63b01f72fd727d5736dbef54174d8f93 [NoSig]
+-> C:\Windows\SoftwareDistribution\Download\6dfae1897b52da070a9261cc27751d1a\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.18404_none_1eb55bde770f23f7\wininet.dll : 981 504 : 02/24/2014 03:05 AM : d7680abc79be227c084f56f117adf62f [Pos Repl]
+-> C:\Windows\SoftwareDistribution\Download\6dfae1897b52da070a9261cc27751d1a\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.22609_none_1f43fc0190283f9b\wininet.dll : 982 016 : 02/24/2014 03:01 AM : 015b6050f4c326cb6cca61cc4dccc6eb [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16866_none_2387110a59fe77c7\wininet.dll : 1 766 400 : 04/11/2014 07:54 PM : e3cde294db1dbd63c4cba9c36b196208 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.16428_none_88216b07fe83d256\wininet.dll : 1 818 112 : 04/11/2014 10:06 PM : b5eb5bd3066959611e1f7a80fd6cc172 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.16521_none_88173a93fe8b3ae0\wininet.dll : 1 820 160 : 03/01/2014 03:32 AM : aafeab4fc9d70253f8c7e353e879e8a2 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17041_none_884f4ca9fe60df00\wininet.dll : 1 789 440 : 03/06/2014 06:41 AM : e4e829ee073e046b0eb19b5fecb19b8c [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17126_none_88420a41fe6b4868\wininet.dll : 1 790 976 : 05/30/2014 08:21 AM : 771cdbc3d62437d6db070820bb1edccf [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17207_none_883522f9fe754b4c\wininet.dll : 1 791 488 : 06/18/2014 11:13 PM : ccc198257901beea2fbf8eb1e7678356 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17239_none_8837f647fe72ca93\wininet.dll : 1 792 512 : 07/25/2014 11:05 AM : b945baa81b4805ad6bddf4d026dcfb47 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17280_none_883dc4c1fe6d629d\wininet.dll : 1 812 992 : 08/18/2014 09:46 PM : d58988722c72d265b51a54103dfc2c6f [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17358_none_882f3db7fe78ff91\wininet.dll : 1 810 944 : 09/19/2014 00:59 AM : 7ae80f921027cf88cb9d0433088a3e55 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17420_none_8822232dfe830275\wininet.dll : 1 892 864 : 11/06/2014 02:52 AM : 6dd7d61a8ef3dfec4faefeb395e77424 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17501_none_88153be5fe8d0559\wininet.dll : 1 888 256 : 11/22/2014 02:00 AM : 5e4e0e43e0a5bf9f089696dfa7a3d677 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17633_none_880d3f47fe92a091\wininet.dll : 1 888 256 : 01/12/2015 02:00 AM : f285d499ec42969d963ca49eada63218 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17691_none_88136e93fe8d0559\wininet.dll : 1 888 256 : 02/20/2015 02:01 AM : ea6ea6912f27f05c61d8d747517eb47e [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17728_none_8800fd29fe9c2350\wininet.dll : 1 888 256 : 03/13/2015 03:20 AM : c46904f2e9e121a91dddabb48d7648c3 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17801_none_87f4cc21fea5592c\wininet.dll : 1 882 112 : 04/21/2015 04:02 PM : cb5f450d21b9d76b7f01d006e4aedb40 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17843_none_87f89fb9fea1f1ca\wininet.dll : 1 950 720 : 05/23/2015 03:20 AM : e4eb138060bae0dbab1a3b71a3141fe7 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17914_none_87eab827feacdb57\wininet.dll : 1 951 232 : 06/19/2015 06:15 PM : 63b01f72fd727d5736dbef54174d8f93 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\wininet.dll : 980 992 : 11/20/2010 10:29 PM : 44214c94911c7cfb1d52cb64d5e8368d [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16545_none_1a56f971bc25fdc0\wininet.dll : 1 129 472 : 04/11/2014 08:20 PM : 62077f806bc59cbd5a404338d710d133 [Pos Repl]

* C:\Windows\System32\winlogon.exe : 304 128 : 07/17/2014 02:39 AM : 52449fd429d6053b78ae564def303870 [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe : 286 720 : 11/20/2010 10:29 PM : 6d13e1406f50c66e2a95d97f22c47560 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_71da23b23327143c\winlogon.exe : 304 128 : 03/04/2014 10:17 AM : 998507b046ba314ce8245364c686fa67 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_71a5e34e334f9d18\winlogon.exe : 304 128 : 07/17/2014 02:39 AM : 52449fd429d6053b78ae564def303870 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_7255f1994c4f8119\winlogon.exe : 304 640 : 03/04/2014 11:39 AM : d53972f87d850cd2eb4b29b60cafdd77 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_7224b2134c7555fa\winlogon.exe : 304 640 : 07/16/2014 03:56 AM : 4f37b93c14aee313bec52a23afb15c2e [Pos Repl]

* C:\Windows\System32\wuauclt.exe : 135 168 : 07/09/2015 06:42 PM : 594a7af88348468dab24781bf3921230 [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.5.7601.17514_none_c315782c0def9f8f\wuauclt.exe : 47 104 : 11/20/2010 10:29 PM : 75b06acd9d8dc0fe3603294e1899f496 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.256_none_79d6786e99338140\wuauclt.exe : 53 784 : 06/02/2012 11:19 PM : 2e0b0a051ffaa86e358465bb0880d453 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.320_none_79d7b1ac99325eca\wuauclt.exe : 54 240 : 05/14/2014 05:23 PM : 072678e0d68e9c3a7960328671134c7b [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7601.18804_none_8b4f0446acb2edd5\wuauclt.exe : 131 584 : 03/25/2015 04:00 AM : cff96e0ce6f81f5968a6d61786642855 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7601.18917_none_8b47371eacb852f2\wuauclt.exe : 135 168 : 07/09/2015 06:42 PM : 594a7af88348468dab24781bf3921230 [Pos Repl]

* C:\Windows\System32\drivers\http.sys : 514 560 : 02/25/2015 04:03 AM : 487569e5da56a5a432ff8af6d3599cf9 [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.1.7601.17514_none_aec86634771d0623\http.sys : 513 536 : 11/20/2010 10:29 PM : 871917b07a141bff43d76d8844d48106 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.1.7601.18772_none_ae85731c774f8f0a\http.sys : 514 560 : 02/25/2015 04:03 AM : 487569e5da56a5a432ff8af6d3599cf9 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.1.7601.22976_none_af1312f590699157\http.sys : 514 560 : 02/24/2015 06:59 AM : 5e714d8de046ca462986e0db79b027f8 [Pos Repl]

* C:\Windows\System32\drivers\mrxdav.sys : 116 224 : 12/19/2014 02:34 AM : 03f899f521d2aaed1c55008f734df252 [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-webdavredir-mrxdav_31bf3856ad364e35_6.1.7601.17514_none_16b24f2323fdbda5\mrxdav.sys : 115 712 : 11/20/2010 10:29 PM : ceb46ab7c01c9f825f8cc6babc18166a [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-webdavredir-mrxdav_31bf3856ad364e35_6.1.7601.18201_none_16ba01b723f877db\mrxdav.sys : 115 712 : 07/04/2013 10:48 AM : 21f4b24acfc79a483515bd986dd9043f [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-webdavredir-mrxdav_31bf3856ad364e35_6.1.7601.18706_none_16bf0ca723f3e851\mrxdav.sys : 116 224 : 12/19/2014 02:34 AM : 03f899f521d2aaed1c55008f734df252 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-webdavredir-mrxdav_31bf3856ad364e35_6.1.7601.22376_none_16fcf0803d4a59ef\mrxdav.sys : 116 736 : 07/04/2013 11:01 AM : 42705b8bce824c8a6f4a12d706a9cede [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-webdavredir-mrxdav_31bf3856ad364e35_6.1.7601.22913_none_173ada8e3d1c552e\mrxdav.sys : 116 736 : 12/19/2014 02:40 AM : 1c3ebf74425637371dd208b67381a949 [Pos Repl]

* C:\Windows\System32\drivers\mrxsmb.sys : 124 416 : 07/01/2015 08:18 PM : 01c5b803f6e1fdf8f16f0763da9b997d [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.17514_none_8198d720af5f882e\mrxsmb.sys : 123 904 : 11/20/2010 10:29 PM : b272b4c3e085ea860c12f2e4faf2ffa2 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.17565_none_8163c7ceaf872d3a\mrxsmb.sys : 123 904 : 02/23/2011 05:47 AM : ed3d3419b064f28d812995ed8cadc541 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.17605_none_81a4a93caf5682bb\mrxsmb.sys : 123 904 : 04/27/2011 03:17 AM : 5d16c921e3671636c0eba3bbaac5fd25 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.18909_none_81a8994eaf52f92d\mrxsmb.sys : 124 416 : 06/27/2015 05:37 PM : e8d313f401499d79298e1559cf44d18d [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.18912_none_8196c75caf6163bd\mrxsmb.sys : 124 416 : 07/01/2015 08:18 PM : 01c5b803f6e1fdf8f16f0763da9b997d [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.21666_none_81ee64e3c8a3e65b\mrxsmb.sys : 123 904 : 02/23/2011 04:09 AM : c76fd653db8b90da85ead12b12fffc9f [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.21714_none_822275d1c87d251f\mrxsmb.sys : 123 904 : 04/27/2011 03:15 AM : 39a8ff477b3f5d0edfe814155841c735 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.23112_none_82203c49c87f36c9\mrxsmb.sys : 124 928 : 06/27/2015 05:36 PM : 40060c3f325133cf0b7244a20706d61b [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.23115_none_82233d27c87c82ce\mrxsmb.sys : 124 928 : 07/01/2015 05:36 PM : b379802b88b9f1e360e485099b4eb425 [Pos Repl]

* C:\Windows\System32\drivers\rdpwd.sys : 184 320 : 07/17/2014 02:03 AM : cd9214a6ae17d188d17c3cf8cb9cc693 [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.17514_none_4d7cf2333344a165\rdpwd.sys : 183 808 : 11/20/2010 10:29 PM : 288b06960d78428ff89e811632684e20 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.17779_none_4d4117e93370c20c\rdpwd.sys : 183 808 : 02/17/2012 05:14 AM : 244c83332f44589ae98fc347f11b2693 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.17830_none_4d6356e533586b60\rdpwd.sys : 183 808 : 04/28/2012 04:17 AM : f031683e6d1fea157abb2ff260b51e61 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.18540_none_4d586a7f3360a97d\rdpwd.sys : 184 320 : 07/17/2014 02:03 AM : cd9214a6ae17d188d17c3cf8cb9cc693 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.21924_none_4dfbc4c44c6a5495\rdpwd.sys : 183 808 : 02/17/2012 05:09 AM : 2570d1f85c0ce1096e075f2de96d11d9 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.21982_none_4db8e4a84c9cc98d\rdpwd.sys : 183 808 : 04/28/2012 04:08 AM : f665adb892f8002248274d9a22dddb00 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.22750_none_4dd739444c86625f\rdpwd.sys : 186 368 : 07/16/2014 03:16 AM : e1e18e2987072861707681a0e6d16f21 [Pos Repl]

* C:\Windows\System32\drivers\stream.sys : 54 656 : 04/11/2015 04:07 AM : 575df237408ca735631f7a0dc423d873 [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-streamclass_31bf3856ad364e35_6.1.7600.16385_none_5e3aebd498f644ed\stream.sys : 53 632 : 07/14/2009 00:50 AM : 45b44fc9e5ac0db02b19d515ee809de5 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-streamclass_31bf3856ad364e35_6.1.7601.18828_none_60651fc295e95aea\stream.sys : 54 656 : 04/11/2015 04:07 AM : 575df237408ca735631f7a0dc423d873 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-streamclass_31bf3856ad364e35_6.1.7601.23033_none_60dec351af13cb34\stream.sys : 54 656 : 04/11/2015 04:07 AM : ab4804ea38071e127a18c344b082699e [Pos Repl]

* C:\Windows\System32\drivers\tdx.sys : 74 752 : 11/11/2014 02:32 AM : 7fe680a3dfa421c4a8e4879ae4c5aab0 [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys : 74 752 : 11/20/2010 10:29 PM : b459575348c20e8121d6039da063c704 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.18658_none_ec1ddecd3a74adaa\tdx.sys : 74 752 : 11/11/2014 02:32 AM : 7fe680a3dfa421c4a8e4879ae4c5aab0 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.22865_none_ec99acb4539d1a87\tdx.sys : 74 752 : 11/11/2014 02:40 AM : d4eb5d50a5171245223ed7bc6427fbcd [Pos Repl]

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 bandicam.com
127.0.0.1 ssl.bandisoft.com

Program finished at: 01/07/2016 12:04:16 AM
Execution time: 0 hours(s), 3 minute(s), and 4 seconds(s)

ComboFix 16-01-07.01 - Paja 07.01.2016 0:09.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3067.1414 [GMT 1:00]
Spuštěný z: d:\stažené soubory\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\DSC_0515.JPG
C:\DSC_0583.JPG
C:\DSC_0584.JPG
C:\DSC_0585.JPG
C:\DSC_0587.JPG
C:\DSC_0598.JPG
C:\DSC_0625.JPG
C:\DSC_0908.JPG
C:\DSC_0909.JPG
C:\DSCN2349.JPG
C:\DSCN2352.JPG
C:\DSCN2357.JPG
C:\DSCN2358.JPG
C:\DSCN2359.JPG
C:\DSCN2360.JPG
C:\DSCN2361.JPG
C:\DSCN2362.JPG
C:\DSCN2422.JPG
C:\DSCN2423.JPG
C:\DSCN2427.JPG
C:\DSCN2428.JPG
C:\DSCN2526.JPG
C:\DSCN2527.JPG
C:\DSCN2557.JPG
C:\DSCN2558.JPG
C:\DSCN2564.JPG
C:\DSCN2565.JPG
C:\DSCN2609.JPG
C:\DSCN3602.JPG
c:\programdata\Roaming
c:\users\Paja\AppData\Local\MSGBOX.EXE
c:\users\Paja\AppData\Local\Temp\{603B3164-5CE7-446B-BAEE-E47ADF4DD62A}\InstallFlashPlayer.exe
c:\users\Paja\AppData\Local\Temp\{D53F08B4-E1CB-461B-A3D5-90BC01099A63}\TaskScheduler.exe
c:\users\Paja\AppData\Local\Temp\License Keys For All Antivirus Latest\License_Keys_For_All_Antivirus_Latest_7. února 2015\IObit Malware Fighter\IMF PRO activator & keygen.exe
c:\users\Paja\AppData\Local\Temp\License Keys For All Antivirus Latest\License_Keys_For_All_Antivirus_Latest_7. února 2015\Kaspersky All Products\Kaspersky Trial Resetter 2015 [December 2014]\Kaspersky Trial Resetter 2015.exe
c:\users\Paja\AppData\Local\Temp\License Keys For All Antivirus Latest\License_Keys_For_All_Antivirus_Latest_7. února 2015\Kaspersky All Products\Keys_Kaspersky (Update February 2015)\Kaspersky Reset Trial 4.0.1.27\KRT_4.0.1.27.exe
c:\users\Paja\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1025\SetupResources.dll
c:\users\Paja\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1028\SetupResources.dll
c:\users\Paja\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1029\SetupResources.dll
c:\users\Paja\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1030\SetupResources.dll
c:\users\Paja\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1031\SetupResources.dll
c:\users\Paja\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1032\SetupResources.dll
c:\users\Paja\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1033\SetupResources.dll
c:\users\Paja\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1035\SetupResources.dll
c:\users\Paja\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1036\SetupResources.dll
c:\users\Paja\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1037\SetupResources.dll
c:\users\Paja\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1038\SetupResources.dll
c:\users\Paja\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1040\SetupResources.dll
c:\users\Paja\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1041\SetupResources.dll
c:\users\Paja\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1042\SetupResources.dll
c:\users\Paja\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1043\SetupResources.dll
c:\users\Paja\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1044\SetupResources.dll
c:\users\Paja\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1045\SetupResources.dll
c:\users\Paja\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1046\SetupResources.dll
c:\users\Paja\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1049\SetupResources.dll
c:\users\Paja\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1053\SetupResources.dll
c:\users\Paja\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1055\SetupResources.dll
c:\users\Paja\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\2052\SetupResources.dll
c:\users\Paja\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\2070\SetupResources.dll
c:\users\Paja\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\3076\SetupResources.dll
c:\users\Paja\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\3082\SetupResources.dll
c:\users\Paja\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\dotNetFx40LP_Full_x86cs.exe
c:\users\Paja\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\Setup.exe
c:\users\Paja\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupEngine.dll
c:\users\Paja\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupUi.dll
c:\users\Paja\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupUtility.exe
c:\users\Paja\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\sqmapi.dll
c:\users\Paja\AppData\Local\Temp\MozUpdater\bgupdate\updater.exe
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\BCGCBPRO8002D9B60E3.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\BCGPOleAcc9B39C142.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\Drweb323680E0DF.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\em2v01DC7D73.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\em2v6300DBD6.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\gdiplus38B07F0B.DLL
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\gdiplus536CC5AD.DLL
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\gdiplus5461AF19.DLL
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\gdiplus55EBB4A3.DLL
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\gdiplus5ABC3C3B.DLL
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\gdiplus5C39907C.DLL
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\gdiplus74C97B78.DLL
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\gdiplus78D63180.DLL
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\gdiplus9071448E.DLL
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\gdiplus985FC367.DLL
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\gdiplusA455ADFC.DLL
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\gdiplusAF831C96.DLL
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\gdiplusB1DBFAF0.DLL
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\gdiplusD6EBAEF5.DLL
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\gdiplusDC8C5D2A.DLL
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\gdiplusE1DA3D0E.DLL
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\gdiplusF33DEC0A.DLL
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\MFC71109CB9C7.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\MFC71249A74F9.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\MFC713F517409.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\MFC71461BF8FA.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\MFC7149090881.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\MFC715B49AA52.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\MFC716011AF24.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\MFC716251E7FF.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\MFC718A0B572D.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\MFC71AE66EE48.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\MFC71CB545924.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\MFC71E906F697.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\MFC71F47B49DB.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\mfc71u12406601.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\mfc71u4C5C5DD0.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\mfc71u4D1989F2.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\mfc71u93490C3B.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\mfc71uE8BEE4D1.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\mfc71uF18EADFB.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\msvcp710E7F954E.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\msvcp712CF144D3.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\msvcp71318C1171.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\msvcp71346249B2.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\msvcp714536764D.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\msvcp714D58BA94.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\msvcp7150E1E867.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\msvcp7151207FF7.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\msvcp7158986D1C.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\msvcp7162535DFA.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\msvcp7169869529.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\msvcp7177B7CF3F.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\msvcp7178516802.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\msvcp7198B02AF4.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\msvcp71B4C16822.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\msvcp71BBF6D7CF.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\msvcp71C138A21F.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\msvcp71C50F23DB.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\msvcp71EB0FA0C2.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\msvcp71EF1A49EE.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\msvcp71F4FBCFF4.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\msvcp71F525E9F7.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\msvcp71FC7343DA.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\msvcr7103CBFF9A.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\msvcr7113A22A6A.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\msvcr71264D7D03.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\msvcr712E243769.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\msvcr7135AD2B54.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\msvcr713C2058C6.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\msvcr71402AC422.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\msvcr7144B7F012.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\msvcr7166D31FF4.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\msvcr716A7F987A.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\msvcr7193442B58.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\msvcr719D484A5A.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\msvcr71BA5A88D0.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\msvcr71BB261ECC.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\msvcr71CC2005AB.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\msvcr71D1A5E404.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\msvcr71E0570AA5.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\msvcr71E0BAC39B.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\msvcr71EE7C0081.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\msvcr71F02E11D7.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\msvcr71F2E0F0EF.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\msvcr71F5084597.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\msvcr71FD47894B.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\Msvcrt11D4118E.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\ndvddiscD56CC44A.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\NeAcEnc9FC8C58A.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\NeAudio03401DC6.ax
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\NeAudio23F533956.ax
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\NeDVDD5561BD2.ax
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\NeEm2a529CBA7F.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\NeEm2a57A96039.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\NeroBurnRights35C73148.cpl
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\NeroIPP18F99FA5.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\NeroIPP55B9FD4A.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\NeroMediaCon041A55CE.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\NeroMediaConD4CB9F82.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\NeroRcPluginAti3935D9B2.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\NeroRcPluginHauppaugeD1EEA012.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\NeRSDB05C2D9D9.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\NeVcr50E5ADBC.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\NeVideo81EF602B.ax
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\NeVideoHD4007CEA0.ax
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\SetupNeroMobileUnsignedA8C35C16.exe
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\TMPVImporterF67588C5.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\UDFImporter4B649A67.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Cab\Tmp\VMPEGEncNDX44D4A2E4.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Redist\50comupd.exe
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Redist\AReadyLB_Nero.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Redist\DirectX\DSETUP.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Redist\DirectX\dsetup32.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Redist\DirectX\dxsetup.exe
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Redist\instmsia.exe
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Redist\instmsiw.exe
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Redist\MS\System\asycfilt.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Redist\MS\System\comctl32.ocx
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Redist\MS\System\mfc42.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Redist\MS\System\msvcirt.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Redist\MS\System\msvcp60.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Redist\MS\System\msvcrt.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Redist\MS\System\oleaut32.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Redist\MS\System\olepro32.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Redist\MS\System\stdole2.tlb
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Redist\ShFolder.Exe
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Setup\APATCH.DLL
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Setup\NeroDelTmp.exe
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Setup\NiReg.exe
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Setup\NPS.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Setup\UninstallNero.exe
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\Setup\unrar.dll
c:\users\Paja\AppData\Local\Temp\NeroDemo11537\SetupX.exe
c:\users\Paja\AppData\Local\Temp\NeroInstallFiles\NERO20120813121238302\ISSetupPrerequisites\lightscribeSystemSoftware\LS_LAUNCHER.exe
c:\users\Paja\AppData\Local\Temp\NeroInstallFiles\NERO20120813121238302\ISSetupPrerequisites\lightscribeSystemSoftware\LSDriveDetect.exe
c:\users\Paja\AppData\Local\Temp\NeroInstallFiles\NERO20120813121238302\ISSetupPrerequisites\lightscribeSystemSoftware\PRQStarter-1.exe
c:\users\Paja\AppData\Local\Temp\NeroInstallFiles\NERO20120813121238302\ISSetupPrerequisites\microsoftVcRedist2010Sp1X64\PRQStarter-1.exe
c:\users\Paja\AppData\Local\Temp\NeroInstallFiles\NERO20120813121238302\ISSetupPrerequisites\microsoftVcRedist2010Sp1X64\vcredist_x64.exe
c:\users\Paja\AppData\Local\Temp\NeroInstallFiles\NERO20120813121238302\ISSetupPrerequisites\microsoftVcRedist2010Sp1X86\PRQStarter-1.exe
c:\users\Paja\AppData\Local\Temp\NeroInstallFiles\NERO20120813121238302\ISSetupPrerequisites\microsoftVcRedist2010Sp1X86\vcredist_x86.exe
c:\users\Paja\AppData\Local\Temp\NeroInstallFiles\NERO20120813121238302\ISSetupPrerequisites\msi4.5ForWindows6.0X64\PRQStarter-1.exe
c:\users\Paja\AppData\Local\Temp\NeroInstallFiles\NERO20120813121238302\ISSetupPrerequisites\msi4.5ForWindows6.0X86\PRQStarter-1.exe
c:\users\Paja\AppData\Local\Temp\NeroInstallFiles\NERO20120813121238302\ISSetupPrerequisites\msi4.5ForWindowsxpX86\PRQStarter-1.exe
c:\users\Paja\AppData\Local\Temp\NeroInstallFiles\NERO20120813121238302\ISSetupPrerequisites\msi4.5ForWindowsxpX86\WindowsXP-KB942288-v3-x86.exe
c:\users\Paja\AppData\Local\Temp\NeroInstallFiles\NERO20120813121238302\ISSetupPrerequisites\neroAskToolbar\ApnIC.dll
c:\users\Paja\AppData\Local\Temp\NeroInstallFiles\NERO20120813121238302\ISSetupPrerequisites\neroAskToolbar\ApnStub.exe
c:\users\Paja\AppData\Local\Temp\NeroInstallFiles\NERO20120813121238302\ISSetupPrerequisites\neroAskToolbar\ApnToolbarInstaller.exe
c:\users\Paja\AppData\Local\Temp\NeroInstallFiles\NERO20120813121238302\ISSetupPrerequisites\neroAskToolbar\AskToolbarNRO.exe
c:\users\Paja\AppData\Local\Temp\NeroInstallFiles\NERO20120813121238302\ISSetupPrerequisites\neroAskToolbar\AskToolbarNRO3.exe
c:\users\Paja\AppData\Local\Temp\NeroInstallFiles\NERO20120813121238302\ISSetupPrerequisites\neroAskToolbar\NeroBar.exe
c:\users\Paja\AppData\Local\Temp\NeroInstallFiles\NERO20120813121238302\ISSetupPrerequisites\neroAskToolbar\PRQStarter-1.exe
c:\users\Paja\AppData\Local\Temp\NeroInstallFiles\NERO20120813121238302\ISSetupPrerequisites\rebootValidator\PRQStarter-1.exe
c:\users\Paja\AppData\Local\Temp\NeroInstallFiles\NERO20120813121238302\ISSetupPrerequisites\systemRequirementValidator\NeroOSValidator.exe
c:\users\Paja\AppData\Local\Temp\NeroInstallFiles\NERO20120813121238302\ISSetupPrerequisites\systemRequirementValidator\PRQStarter-1.exe
c:\users\Paja\AppData\Local\Temp\NeroInstallFiles\NERO20120813121238302\setup.exe
c:\users\Paja\AppData\Local\Temp\nsa14FE.tmp\AdventSetupx.exe
c:\users\Paja\AppData\Local\Temp\nsf453A.tmp\System.dll
c:\users\Paja\AppData\Local\Temp\nsjC41A.tmp\AdvSplash.dll
c:\users\Paja\AppData\Local\Temp\nsjC41A.tmp\Genealogy.dll
c:\users\Paja\AppData\Local\Temp\nsjC41A.tmp\InstallOptions.dll
c:\users\Paja\AppData\Local\Temp\nsjC41A.tmp\LangDLL.dll
c:\users\Paja\AppData\Local\Temp\nsjC41A.tmp\System.dll
c:\users\Paja\AppData\Local\Temp\nsl4FC7.tmp\DTLite.exe
c:\users\Paja\AppData\Local\Temp\nsm9562.tmp\setupvlc-2.2.1-win32.exe
c:\users\Paja\AppData\Local\Temp\nsp87DB.tmp\setupphotoemx.exe
c:\users\Paja\AppData\Local\Temp\nsqD898.tmp\dvdshrink.exe
c:\users\Paja\AppData\Local\Temp\nsy3C9A.tmp\setupphotoemx.exe
c:\users\Paja\AppData\Local\Temp\nsyCF82.tmp\InstallOptions.dll
c:\users\Paja\AppData\Local\Temp\nsyCF82.tmp\System.dll
c:\users\Paja\AppData\Local\Temp\nsz8B1C.tmp\System.dll
c:\users\Paja\AppData\Local\Temp\par-Paja\cache-exiftool-9.16\278090af.dll
c:\users\Paja\AppData\Local\Temp\par-Paja\cache-exiftool-9.16\34bdba63.dll
c:\users\Paja\AppData\Local\Temp\par-Paja\cache-exiftool-9.16\4a2ee9db.dll
c:\users\Paja\AppData\Local\Temp\par-Paja\cache-exiftool-9.16\671d8b64.dll
c:\users\Paja\AppData\Local\Temp\par-Paja\cache-exiftool-9.16\6d48952f.dll
c:\users\Paja\AppData\Local\Temp\par-Paja\cache-exiftool-9.16\9a6a9a93.dll
c:\users\Paja\AppData\Local\Temp\par-Paja\cache-exiftool-9.16\d183fe29.dll
c:\users\Paja\AppData\Local\Temp\par-Paja\cache-exiftool-9.16\exiftool.exe
c:\users\Paja\AppData\Local\Temp\par-Paja\cache-exiftool-9.16\perl58.dll
c:\users\Paja\AppData\Local\Temp\vb_base\vbcorent.dll
c:\users\Paja\AppData\Local\Temp\vb_base\vbcorent.sys
c:\users\Paja\AppData\Local\Temp\wrd-15d8-13f4-1011b7c.~lk\0.mdd
c:\users\Paja\AppData\Local\Temp\wrd-15d8-13f4-1011b7c.~lk\1.mdd
c:\users\Paja\AppData\Local\Temp\wrd-15d8-13f4-1011b7c.~lk\2.mdd
c:\users\Paja\AppData\Local\Temp\wrd-15d8-13f4-1011b7c.~lk\3.mdd
c:\users\Paja\AppData\Local\Temp\wrd-15d8-13f4-1011b7c.~lk\4.mdd
c:\users\Paja\AppData\Local\Temp\wrd-15ec-1294-34092f.~lk\0.mdd
c:\users\Paja\AppData\Local\Temp\wrd-15ec-1294-34092f.~lk\1.mdd
c:\users\Paja\AppData\Local\Temp\wrd-15ec-1294-34092f.~lk\2.mdd
c:\users\Paja\AppData\Local\Temp\wrd-15ec-1294-34092f.~lk\3.mdd
c:\users\Paja\AppData\Local\Temp\wrd-15ec-1294-34092f.~lk\4.mdd
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-12-06 do 2016-01-06 )))))))))))))))))))))))))))))))
.
.
2016-01-06 23:20 . 2016-01-06 23:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-01-05 19:08 . 2016-01-06 20:16 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2016-01-05 19:08 . 2016-01-05 19:08 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-01-05 19:07 . 2016-01-05 19:07 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-01-04 23:49 . 2016-01-06 20:18 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2016-01-04 23:49 . 2016-01-04 23:49 -------- d-----w- c:\users\Paja\AppData\Local\SlimWare Utilities Inc
2016-01-02 21:49 . 2016-01-06 20:42 -------- d-----w- C:\FRST
2016-01-01 21:12 . 2016-01-01 21:12 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2015-12-29 22:27 . 2015-12-29 23:39 -------- d-----w- C:\Anička proměny
2015-12-27 15:28 . 2016-01-01 21:43 -------- d-----w- c:\programdata\TempMoudleSet
2015-12-21 18:12 . 2015-12-21 18:15 -------- d-----w- C:\dnes 21.12.2015
2015-12-20 19:38 . 2015-12-20 19:50 -------- d-----w- C:\fotky trhy výběr 2015
2015-12-20 19:13 . 2015-12-22 01:32 -------- d-----w- C:\Vánoční trhy večer 2015
2015-12-18 16:55 . 2015-12-18 17:02 -------- d-----w- C:\flash disk z.aloha dnes .18.12.2016
2015-12-18 00:39 . 2015-12-18 00:39 322760 ----a-w- c:\windows\system32\aswBoot.exe
2015-12-18 00:39 . 2015-12-18 00:39 43112 ----a-w- c:\windows\avastSS.scr
2015-12-17 20:41 . 2015-12-17 20:41 -------- d-----w- c:\program files\MSECache
2015-12-15 18:37 . 2015-12-15 19:01 -------- d-----w- c:\users\Paja\AppData\Roaming\iPhotoDraw
2015-12-15 17:55 . 2015-12-15 17:55 -------- d-----w- c:\users\Paja\AppData\Local\kiwi.software.NET
2015-12-10 23:57 . 2015-12-10 23:57 -------- d-----w- c:\users\Paja\AppData\Local\Apple Computer
2015-12-10 23:57 . 2015-12-11 21:52 -------- d-----w- c:\users\Paja\AppData\Roaming\Apple Computer
2015-12-10 23:57 . 2015-12-10 23:57 -------- d-----w- c:\program files\iPod
2015-12-10 23:57 . 2015-12-10 23:57 -------- d-----w- c:\programdata\Apple Computer
2015-12-10 23:55 . 2015-12-10 23:55 -------- d-----w- c:\users\Paja\AppData\Local\Apple
2015-12-10 23:55 . 2015-12-10 23:55 -------- d-----w- c:\program files\Apple Software Update
2015-12-10 23:55 . 2015-12-10 23:55 -------- d-----w- c:\program files\Bonjour
2015-12-10 23:54 . 2015-12-10 23:57 -------- d-----w- c:\program files\Common Files\Apple
2015-12-10 23:54 . 2015-12-10 23:55 -------- d-----w- c:\programdata\Apple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-01-04 23:38 . 2014-04-11 19:38 796864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-01-04 23:38 . 2014-04-11 19:38 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-12-18 16:39 . 2014-04-11 14:21 436360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2015-12-18 16:39 . 2014-04-11 14:21 81168 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2015-12-18 00:39 . 2014-04-11 14:21 117712 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-12-18 00:39 . 2014-04-27 16:18 24016 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-12-18 00:39 . 2014-04-11 14:21 209432 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-12-18 00:39 . 2014-04-11 14:21 81728 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-12-18 00:39 . 2014-04-11 14:21 49776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-12-18 00:39 . 2014-04-11 14:21 794952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-07-10 06:16 . 2014-07-10 06:16 2174976 ----a-w- c:\program files\Common Files\atimpenc.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2015-07-01 . DC0B4400073A404B53F571126B58F480 . 22528 . . [6.1.7601.18912] . . c:\windows\System32\lsass.exe
[-] 2015-07-01 . DC0B4400073A404B53F571126B58F480 . 22528 . . [6.1.7601.18912] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18912_none_a84fe4e9bb0f2cd0\lsass.exe
[-] 2015-07-01 . A1FEDB23C022280B2649B553D8113F18 . 22528 . . [6.1.7601.23115] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23115_none_a8dc5ab4d42a4be1\lsass.exe
[-] 2015-06-27 . 172E23440447BAE4C02BE92C11DFF544 . 22528 . . [6.1.7601.23112] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23112_none_a8d959d6d42cffdc\lsass.exe
[-] 2015-06-27 . 43972ED806646274C05E6BA2C1585B99 . 22528 . . [6.1.7601.18909] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18909_none_a861b6dbbb00c240\lsass.exe
[-] 2015-05-25 . 91D8B4FF9CD5725DD6507F49CC50BB03 . 22528 . . [6.1.7601.23072] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23072_none_a8987868d45daa5b\lsass.exe
[-] 2015-05-25 . D2967F6D4205A227AAA7D094C12F7141 . 22528 . . [6.1.7601.18869] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18869_none_a820d56dbb316cbf\lsass.exe
[-] 2015-04-27 . 1667D76FBF42B24B9DE3E8B0A7CF06BE . 22528 . . [6.1.7601.18839] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18839_none_a8414531bb1918ec\lsass.exe
[-] 2015-04-27 . 24D7FCB0A817B4D841A3CA67212FE500 . 22528 . . [6.1.7601.23040] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23040_none_a8b6e798d44723da\lsass.exe
[-] 2015-04-04 . 35F0817C803DFC520CBF7031B72B6A17 . 22528 . . [6.1.7601.23017] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23017_none_a8de5962d4288168\lsass.exe
[-] 2015-04-04 . 618BA9298726844DA4E9E53C7C8D4015 . 22528 . . [6.1.7601.18812] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18812_none_a84fe303bb0f2fa9\lsass.exe
[-] 2015-03-17 . 981CE3E3A653511799F4A862494B66A8 . 22528 . . [6.1.7601.18798] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18798_none_a7ff6379bb4aaa14\lsass.exe
[-] 2015-03-17 . 3228BE5229F9EEFB18654A56B016F642 . 22528 . . [6.1.7601.23002] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23002_none_a8e427dcd424e6c4\lsass.exe
[-] 2015-03-06 . BE2D700A9B21B40622C250FE1206A02F . 22528 . . [6.1.7601.22983] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22983_none_a88ed0a4d464ac61\lsass.exe
[-] 2015-03-06 . F65F365AC0D1657917EFDB52445C848B . 22528 . . [6.1.7601.18779] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18779_none_a816039bbb398b89\lsass.exe
[-] 2015-02-03 . 8CAD69B705D065CCAAA0E4C17C07B21E . 22528 . . [6.1.7601.22948] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22948_none_a8bf11c6d43fbb50\lsass.exe
[-] 2015-02-03 . 27945CF21E17AFBFF1E31993AAEE4551 . 22528 . . [6.1.7601.18741] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18741_none_a82e710fbb286cfe\lsass.exe
[-] 2015-01-29 . 4B66FC6316D1940837965C01D6DDD9A1 . 22528 . . [6.1.7601.18738] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18738_none_a8404301bb1a026e\lsass.exe
[-] 2015-01-27 . 2668762334E663B7BD68067A047C4187 . 22528 . . [6.1.7601.22943] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22943_none_a8ba1054d4443c9d\lsass.exe
[-] 2015-01-15 . BF08DE8E4FA1F143D41B3241F7FCE5F6 . 22528 . . [6.1.7601.18719] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18719_none_a856e323bb08e3e3\lsass.exe
[-] 2015-01-14 . BA0FE19728F5FA8473FB13C9C031FCC0 . 22528 . . [6.1.7601.18717] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18717_none_a854e28fbb0ab135\lsass.exe
[-] 2015-01-10 . 0B0A841A8DE520CB85EA985DDD21CAE3 . 22528 . . [6.1.7601.22920] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22920_none_a8ccaf4ed436b8b6\lsass.exe
[-] 2015-01-10 . 1BFCF24227B53F35BA534BF94F0DB95C . 22528 . . [6.1.7601.18714] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18714_none_a851e1b1bb0d6530\lsass.exe
[-] 2014-09-19 . F0F6E52554E314A71E776B1086B5B3DD . 22528 . . [6.1.7601.22814] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22814_none_a8db7e7cd42b04fa\lsass.exe
[-] 2014-09-19 . AC0D7A5778D5A8C17ECFEECB302B4FA4 . 22528 . . [6.1.7601.18606] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18606_none_a85eb04bbb037ec6\lsass.exe
[7] 2014-05-30 . 213601D688579B98F576BA7CA88496DE . 22528 . . [6.1.7601.18489] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18489_none_a80b2dfdbb41b005\lsass.exe
[7] 2014-05-30 . 0421593A1955FE63245B700560B44600 . 22528 . . [6.1.7601.22705] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22705_none_a8e74cccd4220539\lsass.exe
[7] 2014-04-12 . DD17E1573651293D4ED31053795B3471 . 22528 . . [6.1.7601.18443] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18443_none_a8306bf1bb26a837\lsass.exe
[7] 2014-04-12 . DD17E1573651293D4ED31053795B3471 . 22528 . . [6.1.7601.18443] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18496_none_a7fd5d33bb4c7ff1\lsass.exe
[7] 2014-04-12 . DD17E1573651293D4ED31053795B3471 . 22528 . . [6.1.7601.18443] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18526_none_a8490e8dbb13b981\lsass.exe
[7] 2014-04-12 . DD17E1573651293D4ED31053795B3471 . 22528 . . [6.1.7601.18443] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18637_none_a83f40d1bb1aebf0\lsass.exe
[7] 2014-04-12 . 627B40EB2595D8FCF1960F33389EB7D3 . 22528 . . [6.1.7601.22653] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22653_none_a8af3ab6d44c6119\lsass.exe
[7] 2014-04-12 . 627B40EB2595D8FCF1960F33389EB7D3 . 22528 . . [6.1.7601.22653] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22712_none_a8d97c02d42cd525\lsass.exe
[7] 2014-04-12 . 627B40EB2595D8FCF1960F33389EB7D3 . 22528 . . [6.1.7601.22653] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22736_none_a8c7dd52d4397263\lsass.exe
[7] 2014-04-12 . 627B40EB2595D8FCF1960F33389EB7D3 . 22528 . . [6.1.7601.22653] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22807_none_a8e94f46d420350e\lsass.exe
[7] 2014-04-12 . 627B40EB2595D8FCF1960F33389EB7D3 . 22528 . . [6.1.7601.22653] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22843_none_a8ba0e6ed4443f76\lsass.exe
[7] 2014-04-12 . 627B40EB2595D8FCF1960F33389EB7D3 . 22528 . . [6.1.7601.22653] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22923_none_a8cfb02cd43404bb\lsass.exe
[7] 2014-04-12 . 627B40EB2595D8FCF1960F33389EB7D3 . 22528 . . [6.1.7601.22653] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22925_none_a8d1b0c0d4323769\lsass.exe
[7] 2013-09-25 . 559C7769B397F07E12725EE55337D4C6 . 22016 . . [6.1.7601.22465] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22465_none_a8a66792d452b56a\lsass.exe
[7] 2013-09-25 . 803B370865D907EA21DC0C2B6A8936B5 . 22016 . . [6.1.7601.18270] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18270_none_a80cf783bb41b5b7\lsass.exe
[7] 2012-08-24 . 7ABC23F3D86880AD62ACEDC7479608F8 . 22528 . . [6.1.7601.22099] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22099_none_a889f15ed46779fd\lsass.exe
[7] 2012-06-02 . FA7B950E4CA6AA260C4EABA19E03644D . 22528 . . [6.1.7601.22010] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_a8d76e24d42eb666\lsass.exe
[7] 2011-11-17 . 81951F51E318AECC2D68559E47485CC4 . 22528 . . [6.1.7601.17725] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_a84828d7bb1480d7\lsass.exe
[7] 2011-11-17 . 81951F51E318AECC2D68559E47485CC4 . 22528 . . [6.1.7601.17725] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_a828bb43bb2beb28\lsass.exe
[7] 2011-11-17 . 81951F51E318AECC2D68559E47485CC4 . 22528 . . [6.1.7601.17725] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17940_none_a82d8b59bb293454\lsass.exe
[7] 2011-11-17 . FBCB2DFA40862DAA7B1534C9538208A5 . 22528 . . [6.1.7601.21861] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_a8a284cad4562b09\lsass.exe
[7] 2009-07-14 . F42309C4191C506B71DB5D1126D26318 . 22528 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_a851f4adbb0d5141\lsass.exe
.
[-] 2015-04-13 . 0780A42DBD7D9969F9BF4A19AA4285B5 . 259072 . . [6.1.7600.16385] . . c:\windows\System32\services.exe
[-] 2015-04-13 . 0780A42DBD7D9969F9BF4A19AA4285B5 . 259072 . . [6.1.7601.18829] . . c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7601.18829_none_d1614ac32b8ec5cf\services.exe
[-] 2015-04-11 . 97981140500E86E5BBAD7B76BA890146 . 259072 . . [6.1.7601.23033] . . c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7601.23033_none_d1d9ee0844ba1cc2\services.exe
[7] 2009-07-14 . 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 . 259072 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
.
[-] 2014-07-17 . 52449FD429D6053B78AE564DEF303870 . 304128 . . [6.1.7601.17514] . . c:\windows\System32\winlogon.exe
[-] 2014-07-17 . 52449FD429D6053B78AE564DEF303870 . 304128 . . [6.1.7601.18540] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_71a5e34e334f9d18\winlogon.exe
[-] 2014-07-16 . 4F37B93C14AEE313BEC52A23AFB15C2E . 304640 . . [6.1.7601.22750] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_7224b2134c7555fa\winlogon.exe
[7] 2014-03-04 . D53972F87D850CD2EB4B29B60CAFDD77 . 304640 . . [6.1.7601.22616] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_7255f1994c4f8119\winlogon.exe
[7] 2014-03-04 . 998507B046BA314CE8245364C686FA67 . 304128 . . [6.1.7601.18409] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_71da23b23327143c\winlogon.exe
[7] 2010-11-20 . 6D13E1406F50C66E2A95D97F22C47560 . 286720 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
.
[-] 2015-07-09 . 594A7AF88348468DAB24781BF3921230 . 135168 . . [7.6.7601.18917] . . c:\windows\System32\wuauclt.exe
[-] 2015-07-09 . 594A7AF88348468DAB24781BF3921230 . 135168 . . [7.6.7601.18917] . . c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7601.18917_none_8b47371eacb852f2\wuauclt.exe
[-] 2015-03-25 . CFF96E0CE6F81F5968A6D61786642855 . 131584 . . [7.6.7601.18804] . . c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7601.18804_none_8b4f0446acb2edd5\wuauclt.exe
[7] 2014-05-14 . 072678E0D68E9C3A7960328671134C7B . 54240 . . [7.6.7600.320] . . c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.320_none_79d7b1ac99325eca\wuauclt.exe
[7] 2012-06-02 . 2E0B0A051FFAA86E358465BB0880D453 . 53784 . . [7.6.7600.256] . . c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.256_none_79d6786e99338140\wuauclt.exe
[7] 2010-11-20 . 75B06ACD9D8DC0FE3603294E1899F496 . 47104 . . [7.5.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.5.7601.17514_none_c315782c0def9f8f\wuauclt.exe
.
[-] 2014-11-11 . D4EB5D50A5171245223ED7BC6427FBCD . 74752 . . [6.1.7601.22865] . . c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.22865_none_ec99acb4539d1a87\tdx.sys
[-] 2014-11-11 . 7FE680A3DFA421C4A8E4879AE4C5AAB0 . 74752 . . [6.1.7601.18658] . . c:\windows\System32\drivers\tdx.sys
[-] 2014-11-11 . 7FE680A3DFA421C4A8E4879AE4C5AAB0 . 74752 . . [6.1.7601.18658] . . c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.18658_none_ec1ddecd3a74adaa\tdx.sys
[7] 2010-11-20 . B459575348C20E8121D6039DA063C704 . 74752 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys
.
[-] 2015-04-24 . 71DD9528DD7D36EB853020401D66089D . 530432 . . [5.82] . . c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.23039_none_3c1c4e5d4f63373c\comctl32.dll
[-] 2015-04-24 . 71DD9528DD7D36EB853020401D66089D . 530432 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.23039_none_ee6532a082bc3b56\comctl32.dll
[-] 2015-04-24 . F7F754DDAA6AF9D3F3549F7013BFDF70 . 1680896 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.23039_none_2b1a83ee457cfdf3\comctl32.dll
[-] 2015-04-24 . 58788565442368B0615DDAF1D452B843 . 530432 . . [5.82] . . c:\windows\System32\comctl32.dll
[-] 2015-04-24 . 58788565442368B0615DDAF1D452B843 . 530432 . . [5.82] . . c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.18837_none_3b90d8dc36473182\comctl32.dll
[-] 2015-04-24 . 58788565442368B0615DDAF1D452B843 . 530432 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
[-] 2015-04-24 . 885E18B2D0A445FB637850282530EB72 . 1680896 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
[-] 2015-03-30 . 346DAA8204508A44B7211CC28B830CC5 . 1680896 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458\comctl32.dll
[-] 2015-03-30 . 791206E0343AD8E61826E063F2E4C885 . 1680896 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.23011_none_2b19399a457dfe3d\comctl32.dll
[7] 2013-07-04 . 700BD5A6AA5381D1D8ADC4045149DBF6 . 530432 . . [5.82] . . c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.22376_none_3bee2a494f8638cf\comctl32.dll
[7] 2013-07-04 . 700BD5A6AA5381D1D8ADC4045149DBF6 . 530432 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.22376_none_ee67d2d082b9f619\comctl32.dll
[7] 2013-07-04 . 75F5E1FE8D55CF8E577E0EC5F2290D3F . 530432 . . [5.82] . . c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.18201_none_3bab3b80363456bb\comctl32.dll
[7] 2013-07-04 . 75F5E1FE8D55CF8E577E0EC5F2290D3F . 530432 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_ec80f00e8593ece5\comctl32.dll
[7] 2010-11-20 . BDAC1AA64495D0F7E1FF810EBBF1F018 . 530432 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
[7] 2010-11-20 . BDAC1AA64495D0F7E1FF810EBBF1F018 . 530432 . . [5.82] . . c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.17514_none_3ba388ec36399c85\comctl32.dll
[7] 2010-11-20 . 352B3DC62A0D259A82A052238425C872 . 1680896 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
.
[-] 2015-04-27 . 33F67BBCC3C0499D3F3382473114CFA8 . 143872 . . [6.1.7600.16385] . . c:\windows\System32\cryptsvc.dll
[-] 2015-04-27 . 33F67BBCC3C0499D3F3382473114CFA8 . 143872 . . [6.1.7601.18839] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18839_none_77f653d3f91d2e9f\cryptsvc.dll
[-] 2015-04-27 . 59AF628BEF750EE470FD36751CA52137 . 145920 . . [6.1.7601.23040] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.23040_none_786bf63b124b398d\cryptsvc.dll
[-] 2015-02-03 . B97E16D36DB7B7DD22C97857506FA58A . 145920 . . [6.1.7601.22948] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22948_none_787420691243d103\cryptsvc.dll
[-] 2015-02-03 . 49474B3E37969AF4B5C076F42B623AFF . 143872 . . [6.1.7601.18741] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18741_none_77e37fb1f92c82b1\cryptsvc.dll
[-] 2014-10-30 . 3031B5DC2A58A7BCE6651EA9B7DD6390 . 145920 . . [6.1.7601.22856] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22908_none_789f60191223613f\cryptsvc.dll
[-] 2014-07-07 . 623E143F2DF17C0106A9988F5D7DC878 . 143872 . . [6.1.7601.18526] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18526_none_77fe1d2ff917cf34\cryptsvc.dll
[7] 2013-10-05 . F2D9242C3BBD1C36467FCAE1AE01733F . 142848 . . [6.1.7601.22473] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_784ea5b51260b460\cryptsvc.dll
[7] 2013-07-09 . 6DB499DEFCC827317C5371164A7CDB27 . 142848 . . [6.1.7601.22380] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_7840d305126b8725\cryptsvc.dll
[7] 2013-07-09 . 7CA1BECEA5DE2643ADDAD32670E7A4C9 . 140288 . . [6.1.7601.18205] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_7812b70bf9088686\cryptsvc.dll
[7] 2013-05-13 . 3897DFF247D9ED0006190349DE264E14 . 140288 . . [6.1.7601.18151] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_77d8a461f934afb8\cryptsvc.dll
[7] 2013-05-11 . AC04D05309BB2C418D0D80B9FB014642 . 142848 . . [6.1.7601.22322] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_7883b3211239122d\cryptsvc.dll
[7] 2013-05-10 . E122AA1C9A3CC46FF9DDDE46E5EB0C58 . 142848 . . [6.1.7601.22321] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_7882b2d71239f8d6\cryptsvc.dll
[7] 2013-05-10 . 33ADF6E0853AB39EA1723BE82842C1D3 . 140288 . . [6.1.7601.18150] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_77d7a417f9359661\cryptsvc.dll
[7] 2010-11-20 . A585BEBF7D054BD9618EDA0922D5484A . 136192 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
.
[-] 2015-05-09 . 8D5CC74BFA8F947CB283527806DB7B1F . 872448 . . [6.1.7601.23049] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23049_none_963344b1cdbf5861\kernel32.dll
[-] 2015-05-09 . 957655757F43858692289B96F73716D8 . 868352 . . [6.1.7601.18015] . . c:\windows\System32\kernel32.dll
[-] 2015-05-09 . 957655757F43858692289B96F73716D8 . 868352 . . [6.1.7601.18015] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18847_none_95a7cf30b4a352a7\kernel32.dll
[7] 2014-04-12 . 0ACC3056081E646E242A8EAB2348271A . 872448 . . [6.1.7601.22653] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22653_none_96229535cdccb191\kernel32.dll
[7] 2014-04-11 . 6F93A0F455963DC8A9A16BB682C8D589 . 868352 . . [6.1.7601.17932] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17932_none_95adb658b49f9b89\kernel32.dll
[7] 2014-04-11 . 9139B25AA9CA8749A11F2BE863EF391B . 868352 . . [6.1.7601.22091] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22091_none_95f5498dcdeeffbd\kernel32.dll
[7] 2014-04-11 . 02D5E2D9D9497F314C97E082A1CB9808 . 868352 . . [6.1.7601.17617] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17617_none_95c851f0b48aeae5\kernel32.dll
[7] 2014-04-11 . 5717FC9D2A1DAA0596DC7D940F2D613C . 868352 . . [6.1.7601.21728] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21728_none_96481f19cdafbff7\kernel32.dll
[7] 2014-03-04 . 8237BF64FDD5FF36985070B8EBEF144D . 872448 . . [6.1.7601.22616] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22616_none_9650d5c3cda98dd2\kernel32.dll
[7] 2014-03-04 . F74FFA7654702F81884BDB41EB80DAC2 . 868352 . . [6.1.7601.18409] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18409_none_95d507dcb48120f5\kernel32.dll
[7] 2012-11-30 . 6D0D4B00C7CB4FA829F396A83B327894 . 868352 . . [6.1.7601.22177] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22177_none_9610ed07cdd95d0c\kernel32.dll
[7] 2012-11-30 . AE09B85158C66E2C154C5C9B3C0027B3 . 868352 . . [6.1.7601.18015] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18015_none_95c62f30b48ce2ee\kernel32.dll
[7] 2012-10-04 . 3ED262888758E350C29E02207AF9AC59 . 868352 . . [6.1.7601.17965] . . c:\windows\SoftwareDistribution\Download\ad7b8cfdb711865249ce6247b8e8e8d1\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17965_none_95904772b4b53b61\kernel32.dll
[7] 2012-10-04 . 63350392C018D28C87E6FCB638DFCFE8 . 868352 . . [6.1.7601.22125] . . c:\windows\SoftwareDistribution\Download\ad7b8cfdb711865249ce6247b8e8e8d1\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22125_none_9644fc0fcdb29ea9\kernel32.dll
[7] 2010-11-20 . 5553784D774CA845380650E010BBDA2C . 857600 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_95c54f2cb48da1b9\kernel32.dll
.
[-] 2015-07-15 . E5B13A197BA69AE4C20F6EC4D81F5825 . 26624 . . [6.1.7601.23126] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.23126_none_ac5b18c8d1eca63f\lpk.dll
[-] 2015-07-15 . 6D77D118D54BF6C5045B02CF0FA8D9AF . 26624 . . [6.1.7601.18923] . . c:\windows\System32\lpk.dll
[-] 2015-07-15 . 6D77D118D54BF6C5045B02CF0FA8D9AF . 26624 . . [6.1.7601.18923] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18923_none_abcea2fdb8d1872e\lpk.dll
[-] 2015-07-03 . 6093E2B608533F7259C463C774026FE4 . 26624 . . [6.1.7601.18914] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18914_none_abda7333b8c88494\lpk.dll
[-] 2015-07-03 . 7702F43FD43FAC83013DFA36D2C426E6 . 26624 . . [6.1.7601.23117] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.23117_none_ac66e8fed1e3a3a5\lpk.dll
[-] 2015-02-20 . AB4B8F91C6D0566304A241EC9DA8EA21 . 26624 . . [6.1.7601.22974] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22974_none_ac232e90d216cedd\lpk.dll
[-] 2015-02-20 . DD16C06B79DA2FBD422E87923C6C0C9D . 26624 . . [6.1.7601.18768] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18768_none_aba860f3b8ed7b57\lpk.dll
[7] 2013-06-06 . 6AD2C4AE940C3A73C7E5A50B8BBDBDE5 . 26112 . . [6.1.7601.22350] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22350_none_ac34c1dcd20a42b5\lpk.dll
[7] 2013-06-06 . F632602316001D517F4EF3B53B9A6C33 . 26112 . . [6.1.7601.18177] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18177_none_ab9c8559b8f68f07\lpk.dll
[7] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_abda8263b8c87657\lpk.dll
.
[-] 2015-07-02 . 116F506573B59B85CD0DC18527E9951A . 19877376 . . [11.00.9600.17842] . . c:\windows\System32\mshtml.dll
[-] 2015-07-02 . 116F506573B59B85CD0DC18527E9951A . 19877376 . . [11.00.9600.17924] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17923_none_9945ee587f024443\mshtml.dll
[-] 2015-06-25 . FA9DFDAF0D0BA0F2E5BF85C2AA557A6F . 19877376 . . [11.00.9600.17915] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17914_none_9944d7467f03448d\mshtml.dll
[-] 2015-05-27 . 975421AC32F9F6E27A58F75DAB4B5871 . 19607040 . . [11.00.9600.17842] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17843_none_9952bed87ef85b00\mshtml.dll
[-] 2015-04-21 . D74445161E58644309F858342F5E265C . 19691008 . . [11.00.9600.17801] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17801_none_994eeb407efbc262\mshtml.dll
[-] 2015-03-13 . 2F42037DD6F2831332653EB7F35D7E9A . 19695616 . . [11.00.9600.17728] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17728_none_995b1c487ef28c86\mshtml.dll
[-] 2015-02-21 . 95CB6079B3E62D4301958023C2070A48 . 19720192 . . [11.00.9600.17690] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17691_none_996d8db27ee36e8f\mshtml.dll
[-] 2015-01-12 . 61C74D794C14E9FC94D93F5F0F72A3F9 . 19740160 . . [11.00.9600.17631] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17633_none_99675e667ee909c7\mshtml.dll
[-] 2014-11-22 . 220505B0B3E96C857DD01729AF0CD369 . 19749376 . . [11.00.9600.17496] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17501_none_996f5b047ee36e8f\mshtml.dll
[-] 2014-11-06 . 93074C4FA92A8399404D032F6AF72C1B . 19781632 . . [11.00.9600.17420] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17420_none_997c424c7ed96bab\mshtml.dll
[-] 2014-09-19 . F91E55DA404B834648A3B0A2477C10DB . 17484800 . . [11.00.9600.17344] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17358_none_99895cd67ecf68c7\mshtml.dll
[-] 2014-08-18 . 7BF1CE9240CB9DD27C3E30733176EB8E . 17455104 . . [11.00.9600.17280] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17280_none_9997e3e07ec3cbd3\mshtml.dll
[-] 2014-07-25 . 8453DDF167CE2986AA4AB04BC6824925 . 17524224 . . [11.00.9600.17239] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17239_none_999215667ec933c9\mshtml.dll
[7] 2014-06-19 . DFA59840BB1220AFD261FDAE83543959 . 17276416 . . [11.00.9600.17207] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17207_none_998f42187ecbb482\mshtml.dll
[7] 2014-05-30 . D5ECBB3BFDC73A59440D9CA79AB3A342 . 17271296 . . [11.00.9600.17126] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17126_none_999c29607ec1b19e\mshtml.dll
[7] 2014-05-06 . EB5347F6149D3FF25F4D609A21A3BD67 . 17382912 . . [11.00.9600.17107] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17107_none_999a12047ec39891\mshtml.dll
[7] 2014-04-29 . 5869FBC754578A59C8C8635B99DB79DE . 17384448 . . [11.00.9600.17105] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17105_none_999a3f947ec3654f\mshtml.dll
[7] 2014-04-11 . F9F114B2A6F876C92D317A755494F233 . 17142784 . . [11.00.9600.16428] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16428_none_997b8a267eda3b8c\mshtml.dll
[7] 2014-04-11 . 10D0FA4F2A6ADBEEA0FFF10583CC5407 . 12347904 . . [9.00.8112.16545] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16545_none_2bb118903c7c66f6\mshtml.dll
[7] 2014-04-11 . 3242A084CD8F934337E711F7C7EE5E6B . 14358016 . . [10.00.9200.16866] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16866_none_34e13028da54e0fd\mshtml.dll
[7] 2014-03-30 . CCF19C82F6145E4A467F7CB9AF82026C . 17073152 . . [11.00.9600.16659] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16659_none_9968d4647ee7d914\mshtml.dll
[7] 2014-03-06 . EA85144F35EDE6EE25C484D4242FF2C8 . 17387008 . . [11.00.9600.17041] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17041_none_99a96bc87eb74836\mshtml.dll
[7] 2014-03-01 . 70462E0A4E293FC80620AB945D8A59BB . 17074688 . . [11.00.9600.16521] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16521_none_997159b27ee1a416\mshtml.dll
[7] 2014-02-24 . CBDC75B3F879A5778BD3CA3B502134AC . 6041088 . . [8.00.7601.18404] . . c:\windows\SoftwareDistribution\Download\6dfae1897b52da070a9261cc27751d1a\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.18404_none_300f7afcf7658d2d\mshtml.dll
[7] 2014-02-24 . E0C79F80427D0A7835640ACA2FE9FE46 . 6041600 . . [8.00.7601.22609] . . c:\windows\SoftwareDistribution\Download\6dfae1897b52da070a9261cc27751d1a\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.22609_none_309e1b20107ea8d1\mshtml.dll
[7] 2010-11-20 . C50799F0D47DFB9774F721521B6C41D5 . 5977600 . . [8.00.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_3004c3bef76d8ca4\mshtml.dll
.
[-] 2015-06-19 . 63B01F72FD727D5736DBEF54174D8F93 . 1951232 . . [11.00.9600.16428] . . c:\windows\System32\wininet.dll
[-] 2015-06-19 . 63B01F72FD727D5736DBEF54174D8F93 . 1951232 . . [11.00.9600.17909] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17914_none_87eab827feacdb57\wininet.dll
[-] 2015-05-23 . E4EB138060BAE0DBAB1A3B71A3141FE7 . 1950720 . . [11.00.9600.17840] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17843_none_87f89fb9fea1f1ca\wininet.dll
[-] 2015-04-21 . CB5F450D21B9D76B7F01D006E4AEDB40 . 1882112 . . [11.00.9600.17801] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17801_none_87f4cc21fea5592c\wininet.dll
[-] 2015-03-13 . C46904F2E9E121A91DDDABB48D7648C3 . 1888256 . . [11.00.9600.17728] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17728_none_8800fd29fe9c2350\wininet.dll
[-] 2015-02-20 . EA6EA6912F27F05C61D8D747517EB47E . 1888256 . . [11.00.9600.17689] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17691_none_88136e93fe8d0559\wininet.dll
[-] 2015-01-12 . F285D499EC42969D963CA49EADA63218 . 1888256 . . [11.00.9600.17631] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17633_none_880d3f47fe92a091\wininet.dll
[-] 2014-11-22 . 5E4E0E43E0A5BF9F089696DFA7A3D677 . 1888256 . . [11.00.9600.17496] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17501_none_88153be5fe8d0559\wininet.dll
[-] 2014-11-06 . 6DD7D61A8EF3DFEC4FAEFEB395E77424 . 1892864 . . [11.00.9600.17420] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17420_none_8822232dfe830275\wininet.dll
[-] 2014-09-18 . 7AE80F921027CF88CB9D0433088A3E55 . 1810944 . . [11.00.9600.17344] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17358_none_882f3db7fe78ff91\wininet.dll
[-] 2014-08-18 . D58988722C72D265B51A54103DFC2C6F . 1812992 . . [11.00.9600.17280] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17280_none_883dc4c1fe6d629d\wininet.dll
[-] 2014-07-25 . B945BAA81B4805AD6BDDF4D026DCFB47 . 1792512 . . [11.00.9600.17239] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17239_none_8837f647fe72ca93\wininet.dll
[7] 2014-06-18 . CCC198257901BEEA2FBF8EB1E7678356 . 1791488 . . [11.00.9600.17207] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17207_none_883522f9fe754b4c\wininet.dll
[7] 2014-05-30 . 771CDBC3D62437D6DB070820BB1EDCCF . 1790976 . . [11.00.9600.17126] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17126_none_88420a41fe6b4868\wininet.dll
[7] 2014-04-11 . B5EB5BD3066959611E1F7A80FD6CC172 . 1818112 . . [11.00.9600.16428] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.16428_none_88216b07fe83d256\wininet.dll
[7] 2014-04-11 . 62077F806BC59CBD5A404338D710D133 . 1129472 . . [9.00.8112.16545] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16545_none_1a56f971bc25fdc0\wininet.dll
[7] 2014-04-11 . E3CDE294DB1DBD63C4CBA9C36B196208 . 1766400 . . [10.00.9200.16866] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16866_none_2387110a59fe77c7\wininet.dll
[7] 2014-03-06 . E4E829EE073E046B0EB19B5FECB19B8C . 1789440 . . [11.00.9600.17041] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17041_none_884f4ca9fe60df00\wininet.dll
[7] 2014-03-01 . AAFEAB4FC9D70253F8C7E353E879E8A2 . 1820160 . . [11.00.9600.16521] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.16521_none_88173a93fe8b3ae0\wininet.dll
[7] 2014-02-24 . D7680ABC79BE227C084F56F117ADF62F . 981504 . . [8.00.7601.18404] . . c:\windows\SoftwareDistribution\Download\6dfae1897b52da070a9261cc27751d1a\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.18404_none_1eb55bde770f23f7\wininet.dll
[7] 2014-02-24 . 015B6050F4C326CB6CCA61CC4DCCC6EB . 982016 . . [8.00.7601.22609] . . c:\windows\SoftwareDistribution\Download\6dfae1897b52da070a9261cc27751d1a\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.22609_none_1f43fc0190283f9b\wininet.dll
[7] 2010-11-20 . 44214C94911C7CFB1D52CB64D5E8368D . 980992 . . [8.00.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\wininet.dll
.
[-] 2015-07-04 . 4548507ED3C17DB4739DBBEAF6378004 . 1414656 . . [6.1.7600.16385] . . c:\windows\System32\ole32.dll
[-] 2015-07-04 . 4548507ED3C17DB4739DBBEAF6378004 . 1414656 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.18915_none_ae2602615092a123\ole32.dll
[-] 2015-07-04 . 1327BE7F332B0695C0158D6DDE9551A9 . 1414656 . . [6.1.7601.23118] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.23118_none_aeb2782c69adc034\ole32.dll
[7] 2010-11-20 . 928CF7268086631F54C3D8E17238C6DD . 1414144 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.17514_none_ae2511475093798f\ole32.dll
.
[-] 2014-10-14 . FCFD4F50419B4BC72E80066DA10D2E54 . 523776 . . [6.1.7601.17514] . . c:\windows\System32\termsrv.dll
[-] 2014-10-14 . FCFD4F50419B4BC72E80066DA10D2E54 . 523776 . . [6.1.7601.18637] . . c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18637_none_9093f7d7b293cb1c\termsrv.dll
[-] 2014-10-14 . DD01319264B6D19E379BDD079A27DA91 . 526848 . . [6.1.7601.22843] . . c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.22843_none_910ec574cbbd1ea2\termsrv.dll
[-] 2014-07-17 . E05E31F7BF577228E27CFFCA5B54ABBD . 523264 . . [6.1.7601.18540] . . c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18540_none_908223ffb2a23885\termsrv.dll
[-] 2014-07-16 . 278F31DD3BFDE48F2E1FFF882FBD24B5 . 525824 . . [6.1.7601.22750] . . c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.22750_none_9100f2c4cbc7f167\termsrv.dll
[7] 2010-11-20 . 382C804C92811BE57829D8E550A900E2 . 521216 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_90a6abb3b286306d\termsrv.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-12-18 00:39 750216 ----a-w- c:\nainstalovano\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\nainstalovano\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"PowerDVD13"="c:\nainstalovano\Power DVD 13\PowerDVD13\PDVDLP.exe" [2013-10-23 470792]
"Zoner Photo Studio Autoupdate"="c:\nainstalovano\PHOTO STUDIO 17\Program32\ZPSTRAY.EXE" [2015-07-12 563416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\nainstalovano\Avast\AvastUI.exe" [2015-12-18 7021880]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2000-01-01 12021464]
"PowerDVD13Agent"="c:\nainstalovano\Power DVD 13\PowerDVD13\PowerDVD13Agent.exe" [2013-10-23 517144]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"GrooveMonitor"="c:\nainstalovano\Microsoft Office Enterprise 2007\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NUSB3MON"="c:\program files\Western Digital\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"PWRISOVM.EXE"="c:\nainstalovano\PowerISO\PWRISOVM.EXE" [2006-12-25 200704]
"ProductUpdater"="c:\program files\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe" [2015-06-18 62464]
"iSkysoft Helper Compact.exe"="c:\program files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe" [2014-10-31 2066432]
"DelaypluginInstall"="c:\programdata\iSkysoft\Video Converter Ultimate\DelayPluginI.exe" [2015-10-29 1960248]
"iTunesHelper"="c:\nainstalovano\Itunes\iTunesHelper.exe" [2015-10-16 157456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableClock"= 0 (0x0)
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2015-12-18 117712]
R2 MustangService_2015_10_10;MustangService DispalyName;c:\programdata\TempMoudleSet\MustangSer2728.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-01-02 315488]
R3 AMPPAL;Virtuální adaptér Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 243712]
R3 CTIpHook;CTIpHook;c:\windows\system32\Drivers\CTIpHook.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-06-19 102912]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.11.266\McCHSvc.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2016-01-06 13464]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2014-04-11 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2012-09-19 11520]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2015-12-18 794952]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2015-12-18 436360]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2014-04-11 243128]
S2 {09F57980-3432-4AFC-957D-27AC45FAE1F5};Power Control [2014/05/16 01:55];c:\nainstalovano\Power DVD 13\PowerDVD13\Common\NavFilter\000.fcl [2013-10-23 11:49 76560]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2015-12-18 24016]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2015-12-18 81168]
S2 CyberLink PowerDVD 13 Media Server Monitor Service;CyberLink PowerDVD 13 Media Server Monitor Service;c:\nainstalovano\Power DVD 13\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [2013-10-23 77576]
S2 CyberLink PowerDVD 13 Media Server Service;CyberLink PowerDVD 13 Media Server Service;c:\nainstalovano\Power DVD 13\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [2013-10-23 327432]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\nainstalovano\Freemake\CaptureLib\CaptureLibService.exe [2014-04-17 9216]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-02-11 35088]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-02-05 1593632]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-02-05 15904544]
S2 reaConverter_service;reaConverter folders service;c:\nainstalovano\reaConverter 7 Standard\rc_service.exe [2015-06-19 2129408]
S3 NETwNs32;___ Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2011-08-03 7517696]
S3 nuvotoncir;Nuvoton IR Transceiver;c:\windows\system32\DRIVERS\nuvotoncir.sys [2009-08-31 44544]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2013-12-27 34080]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2014-04-17 47360]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2000-01-01 197224]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2014-02-07 34896]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-12-16 22:43 1000264 ----a-w- c:\program files\Google\Chrome\Application\47.0.2526.106\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2015-11-18 16:22 286904 ----a-w- c:\program files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Obsah adresáře 'Naplánované úlohy'
.
2016-01-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-11 23:38]
.
2016-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-09-19 21:34]
.
2014-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cfeaea3a378319.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-09-19 21:34]
.
2015-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cfff933c927ae1.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-09-19 21:34]
.
2015-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0414a515638e1.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-09-19 21:34]
.
2015-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d08f2e2e042fdf.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-09-19 21:34]
.
2015-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0bfeed906801e.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-09-19 21:34]
.
2015-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0e329c6aa71d5.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-09-19 21:34]
.
2015-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0efb443302158.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-09-19 21:34]
.
2015-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0f322e751134a.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-09-19 21:34]
.
2015-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d12fa330b3a975.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-09-19 21:34]
.
2016-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-09-19 21:34]
.
2016-01-06 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files\SlimDrivers\SlimDrivers.exe [2013-09-24 10:49]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = 127.0.0.1:8118
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xportovat do aplikace Microsoft Excel - c:\nainst~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4BC8D7B9-962E-4783-9952-1E606FCB20A9}: NameServer = 10.1.1.0,10.1.1.100
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} -
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} -
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} -
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} -
FF - ProfilePath - c:\users\Paja\AppData\Roaming\Mozilla\Firefox\Profiles\3456uct3.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.seznam.cz/
FF - prefs.js: network.proxy.type - 4
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{91397D20-1446-11D4-8AF4-0040CA1127B6} - (no file)
HKCU-Run-Super MP3 Download - c:\nainstalovano\SuperMp3Download\SuperMp3Download.exe
HKLM-Run-ChicoSys - c:\windows\system32\cc32\webtmr.exe
SafeBoot-ksupmgr
AddRemove-Lucius II - The Prophecy_is1 - i:\games\Lucius II - The Prophecy\Uninstall\unins000.exe
AddRemove-Resident Evil Revelations 2_is1 - i:\games\Resident Evil Revelations 2\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{09F57980-3432-4AFC-957D-27AC45FAE1F5}]
"ImagePath"="\??\c:\nainstalovano\Power DVD 13\PowerDVD13\Common\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2016-01-07 00:24:52
ComboFix-quarantined-files.txt 2016-01-06 23:24
.
Před spuštěním: 1 227 612 160
Po spuštění: 5 590 237 184
.
- - End Of File - - 4392226E78BC44AE1B10E6F21930BE7F
A36C5E4F47E84449FF07ED3517B43A31

Pokud jeste nemate, presunte ComboFix na plochu.

• Otevrete Poznamkovy blok (Start -> Spustit -> notepad)
• zkopirujte do nej skript nize a ulozte na plochu jako CFScript (Typ souboru: Textovy dokument)

  Kód: Vybrat vše

  KillAll::
  
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "DAEMON Tools Lite"=-
  "Zoner Photo Studio Autoupdate"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "GrooveMonitor"=-
  
  DDs::
  uInternet Settings,ProxyServer = 127.0.0.1:8118
  uInternet Settings,ProxyOverride = <local>;*.local
  FF - ProfilePath - c:\users\Paja\AppData\Roaming\Mozilla\Firefox\Profiles\3456uct3.default\
  FF - prefs.js: network.proxy.type - 4
  
  RegLock::
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  
  ClearJavaCache::
  
  Reboot::

• Tento CFScript.txt chytte, doslova pretahnete nad ikonu ComboFixu a pustte.
  
• Po restartu na Vas vyskoci log, jehoz obsah mi vlozte do dalsi odpovedi.

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou Windows. V tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

chci se zeptat,kde najdu ten soubor cf.skript abych ho mohl přetáhnout do toho kombo fixu díky.

CFScript stahnete odtud a ulozte ho do stejne slozky jako mate ComboFix.exe, pak jej pretahnete nad ComboFix.

http://leteckaposta.cz/194413471