VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Potrebujem kontrolu na malware pls!

https://forum.viry.cz:443/viewtopic.php?t=148558

Stránka 1 z 1

Potrebujem kontrolu na malware pls!

Napsal: 01 dub 2016 06:23
od Slovak
Logfile of random's system information tool 1.10 (written by random/random)
Run by Trifon at 2016-04-01 07:21:18
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 164 GB (72%) free of 229 GB
Total RAM: 8131 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:21:21, on 1. 4. 2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18231)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Trifon.exe

F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O9 - Extra button: Odosla? do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&osla? do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office

\Office15\ONBttnIE.dll
O9 - Extra button: Lync Volanie kliknutim - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Volanie kliknutim - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: &Prepojene poznamky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office

\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojene poznamky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office

\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files (x86)\Alcohol Soft\Alcohol

120\AxAutoMntSrv.exe
O23 - Service: BitRaider Mini-Support Service Stub Loader (BRSptStub) - BitRaider, LLC - C:\ProgramData\BitRaider\BRSptStub.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service

\GfExperienceService.exe
O23 - Service: Slu?ba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Slu?ba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel

32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file

missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R)

Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R)

Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service

\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision

\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player

\wmpnetwk.exe (file missing)

--
End of file - 10113 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1

ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1

ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\AVAST Software\Avast\afwServ.exe"
"C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe"
"C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-d020b3ee-e804-4e57-913c-2a87cb018a62 -

SystemEventPortName:HostProcess-7f2809bd-cf9e-4e85-8971-40850cf51ced -IoCancelEventPortName:HostProcess-95947f53-34cc-4432-a625-abaac325dcc6 -

NonStateChangingEventPortName:HostProcess-1cbb8313-7482-4fa7-bdc3-19766e161032 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -

LifetimeId:d350a533-17f9-4b8a-bdb7-e38d37ccfc1f -DeviceGroupId:
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" nss 584ea06d-fb53-4877-879b-0f014fa526c2 1
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
\??\C:\Windows\system32\conhost.exe "697836019556590706726221-18170965731734521471607442310-1665200456970043366
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "1976740923-1904760235-1415183829-1413807003262389683251714341-13617854391647351846
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\explorer.exe"
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Windows\system32\GWX\GWX.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 --no-rate-limit "--database=C:\Users\Trifon\AppData\Local

\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel=m --annotation=plat=Win32 --annotation=prod=Chrome --

annotation=ver=49.0.2623.110 --handshake-handle=0xdc
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3304.0.1802943614\64753151" --supports-dual-gpus=false --gpu-

driver-bug-workarounds=3,11,25,54,64 --gpu-vendor-id=0x10de --gpu-device-id=0x05e6 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.4181 --ignored="

--type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-

features=AutomaticTabDiscarding<AutomaticTabDiscarding,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --lang=sk --force-

fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-

gen2/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/CrossDevicePromo/14DaySingleProfile/*DataReductionPro

xyConfigService/Control_Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*Extensi

onInstallVerification/Enforce/*GFE/CrimePaddingControl/InstanceID/Enabled/IntelligentSessionRestore/Enabled2/MaterialDesignDownloads/Enabled/*NetworkQualityE

stimator/Enabled/*OmniboxBundledExperimentV1/PreventUWYTDefaultForNonURLInputsStable/PasswordBranding/Disabled/*PasswordGeneration/Disabled/PreRead/Default/*

QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/AllExceptAsyncScripts_11011_1_1_10/SHA1IdentityUIWarning/Enabled/SHA1Toolbar

UIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/Di

sableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-

Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_85/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-

Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-

Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/WebFontsIntervention/Default/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/

--instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-

settings=fetchDeferLateScripts=true,fetchIncreaseFontPriority=true,fetchIncreasePriorities=true --device-scale-factor=1 --num-raster-threads=2 --content-

image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --

channel="3304.1.1553247923\177858368" /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-

features=AutomaticTabDiscarding<AutomaticTabDiscarding,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --lang=sk --force-

fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-

gen2/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/14DaySingleProfile/*DataReductionPr

oxyConfigService/Control_Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*Extens

ionInstallVerification/Enforce/*GFE/CrimePaddingControl/InstanceID/Enabled/IntelligentSessionRestore/Enabled2/MaterialDesignDownloads/Enabled/*NetworkQuality

Estimator/Enabled/*OmniboxBundledExperimentV1/PreventUWYTDefaultForNonURLInputsStable/PasswordBranding/Disabled/*PasswordGeneration/Disabled/PreRead/Default/

*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/AllExceptAsyncScripts_11011_1_1_10/SHA1IdentityUIWarning/Enabled/SHA1Toolba

rUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/D

isableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-

Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_85/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-

Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-

Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/WebFontsIntervention/Default/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/

--extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-

settings=fetchDeferLateScripts=true,fetchIncreaseFontPriority=true,fetchIncreasePriorities=true --device-scale-factor=1 --num-raster-threads=2 --content-

image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --

channel="3304.2.779936806\792413011" /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-

features=AutomaticTabDiscarding<AutomaticTabDiscarding,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --lang=sk --force-

fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-

gen2/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/14DaySingleProfile/*DataReductionPr

oxyConfigService/Control_Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*Extens

ionInstallVerification/Enforce/*GFE/CrimePaddingControl/InstanceID/Enabled/IntelligentSessionRestore/Enabled2/MaterialDesignDownloads/Enabled/*NetworkQuality

Estimator/Enabled/*OmniboxBundledExperimentV1/PreventUWYTDefaultForNonURLInputsStable/PasswordBranding/Disabled/*PasswordGeneration/Disabled/PreRead/Default/

*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/AllExceptAsyncScripts_11011_1_1_10/SHA1IdentityUIWarning/Enabled/SHA1Toolba

rUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/D

isableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-

Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_85/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-

Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-

Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/WebFontsIntervention/Default/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/

--extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-

settings=fetchDeferLateScripts=true,fetchIncreaseFontPriority=true,fetchIncreasePriorities=true --device-scale-factor=1 --num-raster-threads=2 --content-

image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --

channel="3304.3.685719122\136175913" /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-

features=AutomaticTabDiscarding<AutomaticTabDiscarding,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --lang=sk --force-

fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-

gen2/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/14DaySingleProfile/*DataReductionPr

oxyConfigService/Control_Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*Extens

ionInstallVerification/Enforce/*GFE/CrimePaddingControl/InstanceID/Enabled/IntelligentSessionRestore/Enabled2/MaterialDesignDownloads/Enabled/*NetworkQuality

Estimator/Enabled/*OmniboxBundledExperimentV1/PreventUWYTDefaultForNonURLInputsStable/PasswordBranding/Disabled/*PasswordGeneration/Disabled/PreRead/Default/

*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/AllExceptAsyncScripts_11011_1_1_10/SHA1IdentityUIWarning/Enabled/SHA1Toolba

rUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/D

isableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-

Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_85/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-

Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-

Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/WebFontsIntervention/Default/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/

--extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-

settings=fetchDeferLateScripts=true,fetchIncreaseFontPriority=true,fetchIncreasePriorities=true --device-scale-factor=1 --num-raster-threads=2 --content-

image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --

channel="3304.4.2138258538\152383311" /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-

features=AutomaticTabDiscarding<AutomaticTabDiscarding,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --lang=sk --force-

fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-

gen2/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/14DaySingleProfile/*DataReductionPr

oxyConfigService/Control_Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*Extens

ionInstallVerification/Enforce/*GFE/CrimePaddingControl/InstanceID/Enabled/IntelligentSessionRestore/Enabled2/MaterialDesignDownloads/Enabled/*NetworkQuality

Estimator/Enabled/*OmniboxBundledExperimentV1/PreventUWYTDefaultForNonURLInputsStable/PasswordBranding/Disabled/*PasswordGeneration/Disabled/PreRead/Default/

*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/AllExceptAsyncScripts_11011_1_1_10/SHA1IdentityUIWarning/Enabled/SHA1Toolba

rUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/D

isableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-

Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_85/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-

Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-

Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/WebFontsIntervention/Default/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/

--extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-

settings=fetchDeferLateScripts=true,fetchIncreaseFontPriority=true,fetchIncreasePriorities=true --device-scale-factor=1 --num-raster-threads=2 --content-

image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --

channel="3304.5.1381325305\509048873" /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-

features=AutomaticTabDiscarding<AutomaticTabDiscarding,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --lang=sk --force-

fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-

gen2/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/14DaySingleProfile/*DataReductionPr

oxyConfigService/Control_Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*Extens

ionInstallVerification/Enforce/*GFE/CrimePaddingControl/InstanceID/Enabled/IntelligentSessionRestore/Enabled2/MaterialDesignDownloads/Enabled/*NetworkQuality

Estimator/Enabled/*OmniboxBundledExperimentV1/PreventUWYTDefaultForNonURLInputsStable/PasswordBranding/Disabled/*PasswordGeneration/Disabled/PreRead/Default/

*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/AllExceptAsyncScripts_11011_1_1_10/SHA1IdentityUIWarning/Enabled/SHA1Toolba

rUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/D

isableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-

Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_85/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-

Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-

Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/WebFontsIntervention/Default/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/

--extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-

settings=fetchDeferLateScripts=true,fetchIncreaseFontPriority=true,fetchIncreasePriorities=true --device-scale-factor=1 --num-raster-threads=2 --content-

image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --

channel="3304.6.1822998668\872775641" /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-

features=AutomaticTabDiscarding<AutomaticTabDiscarding,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --lang=sk --force-

fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-

gen2/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/14DaySingleProfile/*DataReductionPr

oxyConfigService/Control_Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*Extens

ionInstallVerification/Enforce/*GFE/CrimePaddingControl/InstanceID/Enabled/IntelligentSessionRestore/Enabled2/MaterialDesignDownloads/Enabled/*NetworkQuality

Estimator/Enabled/*OmniboxBundledExperimentV1/PreventUWYTDefaultForNonURLInputsStable/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PreRead/Default

/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/AllExceptAsyncScripts_11011_1_1_10/SHA1IdentityUIWarning/Enabled/SHA1Toolb

arUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/

DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-

Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_85/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-

Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-

Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/WebFontsIntervention/Default/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/

--enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-

settings=fetchDeferLateScripts=true,fetchIncreaseFontPriority=true,fetchIncreasePriorities=true --device-scale-factor=1 --num-raster-threads=2 --content-

image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --

channel="3304.8.1814478512\1143238458" /prefetch:1
taskhost.exe $(Arg0)
C:\Windows\system32\sppsvc.exe

"D:\Downloads\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\Trifon\AppData\Roaming\Mozilla\Firefox\Profiles\rk8vrt1e.default

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll


C:\Program Files (x86)\Mozilla Firefox\plugins\
npMeetingJoinPluginOC.dll
npwachk.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-02-09 228552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-14 901600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-21 256456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL [2014-01-23 881880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL [2016-02-09 2348336]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-02-09 163016]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-14 678656]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-21 194504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL [2014-01-22 707800]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [2016-02-09 1741096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-21 256456]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-21 194504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2013-10-22 7203032]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2015-08-18 2585744]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2015-08-18 1514528]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2014-08-25 293872]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2016-03-23 7139256]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-04-01 07:21:18 ----D---- C:\rsit
2016-04-01 07:13:02 ----A---- C:\Users\Trifon\AppData\Roaming\redirect2.dat
2016-03-31 12:17:01 ----D---- C:\Users\Trifon\AppData\Roaming\dvdcss
2016-03-30 18:27:36 ----D---- C:\Users\Trifon\AppData\Roaming\chportu
2016-03-30 18:27:18 ----RASHD---- C:\Users\Trifon\AppData\Roaming\taskmgr
2016-03-30 18:27:18 ----A---- C:\Users\Trifon\AppData\Roaming\chport.exe
2016-03-30 18:26:22 ----A---- C:\Users\Trifon\AppData\Roaming\update.dat
2016-03-30 18:26:22 ----A---- C:\Users\Trifon\AppData\Roaming\Launcher.dat
2016-03-26 19:23:34 ----D---- C:\ProgramData\SkidRow
2016-03-09 17:43:35 ----A---- C:\Windows\SYSWOW64\ucrtbase.dll
2016-03-09 17:43:35 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-03-09 17:43:35 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-03-09 17:43:35 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-03-09 17:43:35 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-09 17:43:35 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-09 17:43:35 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-03-09 17:43:35 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-03-09 17:43:35 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-09 17:43:35 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-03-09 17:43:35 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-03-09 17:43:35 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-03-09 17:43:35 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-09 17:43:35 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-03-09 17:43:35 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-03-09 17:43:35 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-03-09 17:43:35 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-03-09 17:43:35 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-03-09 17:43:35 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-03-09 17:43:35 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-09 17:43:35 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-03-09 17:43:35 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l2-1-0.dll
2016-03-09 17:43:35 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-2-0.dll
2016-03-09 17:43:35 ----A---- C:\Windows\system32\win32k.sys
2016-03-09 17:43:35 ----A---- C:\Windows\system32\ucrtbase.dll
2016-03-09 17:43:35 ----A---- C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-03-09 17:43:35 ----A---- C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-03-09 17:43:35 ----A---- C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-03-09 17:43:35 ----A---- C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-09 17:43:35 ----A---- C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-09 17:43:35 ----A---- C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-03-09 17:43:35 ----A---- C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-03-09 17:43:35 ----A---- C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-09 17:43:35 ----A---- C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-03-09 17:43:35 ----A---- C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-03-09 17:43:35 ----A---- C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-03-09 17:43:35 ----A---- C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-09 17:43:35 ----A---- C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-03-09 17:43:35 ----A---- C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-03-09 17:43:35 ----A---- C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-03-09 17:43:35 ----A---- C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-03-09 17:43:35 ----A---- C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-03-09 17:43:35 ----A---- C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-03-09 17:43:35 ----A---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-09 17:43:35 ----A---- C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-03-09 17:43:35 ----A---- C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-03-09 17:43:35 ----A---- C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-03-09 17:43:34 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2016-03-09 17:43:34 ----A---- C:\Windows\SYSWOW64\wups.dll
2016-03-09 17:43:34 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2016-03-09 17:43:34 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2016-03-09 17:43:34 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2016-03-09 17:43:34 ----A---- C:\Windows\system32\wuwebv.dll
2016-03-09 17:43:34 ----A---- C:\Windows\system32\wups2.dll
2016-03-09 17:43:34 ----A---- C:\Windows\system32\wups.dll
2016-03-09 17:43:34 ----A---- C:\Windows\system32\wudriver.dll
2016-03-09 17:43:34 ----A---- C:\Windows\system32\wucltux.dll
2016-03-09 17:43:34 ----A---- C:\Windows\system32\wuaueng.dll
2016-03-09 17:43:34 ----A---- C:\Windows\system32\wuauclt.exe
2016-03-09 17:43:34 ----A---- C:\Windows\system32\wuapp.exe
2016-03-09 17:43:34 ----A---- C:\Windows\system32\wuapi.dll
2016-03-09 17:43:34 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2016-03-09 17:43:34 ----A---- C:\Windows\system32\WinSetupUI.dll
2016-03-09 17:43:34 ----A---- C:\Windows\system32\drivers\ntfs.sys
2016-03-09 17:43:33 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2016-03-09 17:43:33 ----A---- C:\Windows\SYSWOW64\asycfilt.dll
2016-03-09 17:43:33 ----A---- C:\Windows\system32\oleaut32.dll
2016-03-09 17:43:33 ----A---- C:\Windows\system32\drivers\USBSTOR.SYS
2016-03-09 17:43:33 ----A---- C:\Windows\system32\asycfilt.dll
2016-03-09 17:43:32 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2016-03-09 17:43:32 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2016-03-09 17:43:32 ----A---- C:\Windows\SYSWOW64\occache.dll
2016-03-09 17:43:32 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2016-03-09 17:43:32 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2016-03-09 17:43:32 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2016-03-09 17:43:32 ----A---- C:\Windows\SYSWOW64\inseng.dll
2016-03-09 17:43:32 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2016-03-09 17:43:32 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2016-03-09 17:43:32 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2016-03-09 17:43:32 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2016-03-09 17:43:32 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2016-03-09 17:43:32 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-03-09 17:43:32 ----A---- C:\Windows\system32\inseng.dll
2016-03-09 17:43:32 ----A---- C:\Windows\system32\iertutil.dll
2016-03-09 17:43:32 ----A---- C:\Windows\system32\iernonce.dll
2016-03-09 17:43:32 ----A---- C:\Windows\system32\ieetwproxystub.dll
2016-03-09 17:43:32 ----A---- C:\Windows\system32\ieetwcollector.exe
2016-03-09 17:43:32 ----A---- C:\Windows\system32\ie4uinit.exe
2016-03-09 17:43:31 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2016-03-09 17:43:31 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2016-03-09 17:43:31 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2016-03-09 17:43:31 ----A---- C:\Windows\SYSWOW64\jscript.dll
2016-03-09 17:43:31 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2016-03-09 17:43:31 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2016-03-09 17:43:31 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2016-03-09 17:43:31 ----A---- C:\Windows\system32\urlmon.dll
2016-03-09 17:43:31 ----A---- C:\Windows\system32\occache.dll
2016-03-09 17:43:31 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2016-03-09 17:43:31 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2016-03-09 17:43:31 ----A---- C:\Windows\system32\iedkcs32.dll
2016-03-09 17:43:31 ----A---- C:\Windows\system32\dxtrans.dll
2016-03-09 17:43:30 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2016-03-09 17:43:30 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2016-03-09 17:43:30 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2016-03-09 17:43:30 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2016-03-09 17:43:30 ----A---- C:\Windows\SYSWOW64\ieui.dll
2016-03-09 17:43:30 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2016-03-09 17:43:30 ----A---- C:\Windows\system32\vbscript.dll
2016-03-09 17:43:30 ----A---- C:\Windows\system32\msfeeds.dll
2016-03-09 17:43:30 ----A---- C:\Windows\system32\iesetup.dll
2016-03-09 17:43:30 ----A---- C:\Windows\system32\ieapfltr.dll
2016-03-09 17:43:29 ----A---- C:\Windows\SYSWOW64\wininet.dll
2016-03-09 17:43:29 ----A---- C:\Windows\SYSWOW64\msrating.dll
2016-03-09 17:43:29 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2016-03-09 17:43:29 ----A---- C:\Windows\system32\mshtmled.dll
2016-03-09 17:43:29 ----A---- C:\Windows\system32\jsproxy.dll
2016-03-09 17:43:29 ----A---- C:\Windows\system32\ieui.dll
2016-03-09 17:43:29 ----A---- C:\Windows\system32\ieframe.dll
2016-03-09 17:43:29 ----A---- C:\Windows\system32\dxtmsft.dll
2016-03-09 17:43:28 ----A---- C:\Windows\system32\wininet.dll
2016-03-09 17:43:28 ----A---- C:\Windows\system32\webcheck.dll
2016-03-09 17:43:28 ----A---- C:\Windows\system32\mshtmlmedia.dll
2016-03-09 17:43:28 ----A---- C:\Windows\system32\jscript9diag.dll
2016-03-09 17:43:28 ----A---- C:\Windows\system32\jscript9.dll
2016-03-09 17:43:28 ----A---- C:\Windows\system32\jscript.dll
2016-03-09 17:43:28 ----A---- C:\Windows\system32\ieUnatt.exe
2016-03-09 17:43:27 ----A---- C:\Windows\system32\msrating.dll
2016-03-09 17:43:27 ----A---- C:\Windows\system32\MshtmlDac.dll
2016-03-09 17:43:27 ----A---- C:\Windows\system32\mshtml.dll
2016-03-09 17:43:13 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2016-03-09 17:43:13 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-03-09 17:43:13 ----A---- C:\Windows\system32\ntdll.dll
2016-03-09 17:43:13 ----A---- C:\Windows\system32\KernelBase.dll
2016-03-09 17:43:12 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2016-03-09 17:43:12 ----A---- C:\Windows\SYSWOW64\schannel.dll
2016-03-09 17:43:12 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2016-03-09 17:43:12 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2016-03-09 17:43:12 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2016-03-09 17:43:12 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2016-03-09 17:43:12 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2016-03-09 17:43:12 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2016-03-09 17:43:12 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2016-03-09 17:43:12 ----A---- C:\Windows\system32\wow64win.dll
2016-03-09 17:43:12 ----A---- C:\Windows\system32\wow64.dll
2016-03-09 17:43:12 ----A---- C:\Windows\system32\winsrv.dll
2016-03-09 17:43:12 ----A---- C:\Windows\system32\wdigest.dll
2016-03-09 17:43:12 ----A---- C:\Windows\system32\TSpkg.dll
2016-03-09 17:43:12 ----A---- C:\Windows\system32\sspicli.dll
2016-03-09 17:43:12 ----A---- C:\Windows\system32\srcore.dll
2016-03-09 17:43:12 ----A---- C:\Windows\system32\smss.exe
2016-03-09 17:43:12 ----A---- C:\Windows\system32\schannel.dll
2016-03-09 17:43:12 ----A---- C:\Windows\system32\rpcrt4.dll
2016-03-09 17:43:12 ----A---- C:\Windows\system32\ncrypt.dll
2016-03-09 17:43:12 ----A---- C:\Windows\system32\msv1_0.dll
2016-03-09 17:43:12 ----A---- C:\Windows\system32\lsasrv.dll
2016-03-09 17:43:12 ----A---- C:\Windows\system32\kernel32.dll
2016-03-09 17:43:12 ----A---- C:\Windows\system32\kerberos.dll
2016-03-09 17:43:12 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-03-09 17:43:12 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2016-03-09 17:43:12 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-03-09 17:43:12 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2016-03-09 17:43:12 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2016-03-09 17:43:12 ----A---- C:\Windows\system32\csrsrv.dll
2016-03-09 17:43:12 ----A---- C:\Windows\system32\conhost.exe
2016-03-09 17:43:12 ----A---- C:\Windows\system32\advapi32.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-03-09 17:43:11 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-03-09 17:43:11 ----A---- C:\Windows\SYSWOW64\wow32.dll
2016-03-09 17:43:11 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2016-03-09 17:43:11 ----A---- C:\Windows\SYSWOW64\user.exe
2016-03-09 17:43:11 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2016-03-09 17:43:11 ----A---- C:\Windows\SYSWOW64\srclient.dll
2016-03-09 17:43:11 ----A---- C:\Windows\SYSWOW64\setup16.exe
2016-03-09 17:43:11 ----A---- C:\Windows\SYSWOW64\secur32.dll
2016-03-09 17:43:11 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2016-03-09 17:43:11 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2016-03-09 17:43:11 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2016-03-09 17:43:11 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2016-03-09 17:43:11 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2016-03-09 17:43:11 ----A---- C:\Windows\SYSWOW64\instnm.exe
2016-03-09 17:43:11 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2016-03-09 17:43:11 ----A---- C:\Windows\SYSWOW64\credssp.dll
2016-03-09 17:43:11 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2016-03-09 17:43:11 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2016-03-09 17:43:11 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2016-03-09 17:43:11 ----A---- C:\Windows\system32\wow64cpu.dll
2016-03-09 17:43:11 ----A---- C:\Windows\system32\sspisrv.dll
2016-03-09 17:43:11 ----A---- C:\Windows\system32\srclient.dll
2016-03-09 17:43:11 ----A---- C:\Windows\system32\secur32.dll
2016-03-09 17:43:11 ----A---- C:\Windows\system32\rstrui.exe
2016-03-09 17:43:11 ----A---- C:\Windows\system32\ntvdm64.dll
2016-03-09 17:43:11 ----A---- C:\Windows\system32\msobjs.dll
2016-03-09 17:43:11 ----A---- C:\Windows\system32\msaudite.dll
2016-03-09 17:43:11 ----A---- C:\Windows\system32\lsass.exe
2016-03-09 17:43:11 ----A---- C:\Windows\system32\cryptbase.dll
2016-03-09 17:43:11 ----A---- C:\Windows\system32\credssp.dll
2016-03-09 17:43:11 ----A---- C:\Windows\system32\auditpol.exe
2016-03-09 17:43:11 ----A---- C:\Windows\system32\apisetschema.dll
2016-03-09 17:43:11 ----A---- C:\Windows\system32\adtschema.dll
2016-03-09 17:43:08 ----A---- C:\Windows\SYSWOW64\mfds.dll
2016-03-09 17:43:08 ----A---- C:\Windows\SYSWOW64\lpk.dll
2016-03-09 17:43:08 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2016-03-09 17:43:08 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2016-03-09 17:43:08 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2016-03-09 17:43:08 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2016-03-09 17:43:08 ----A---- C:\Windows\system32\wmp.dll
2016-03-09 17:43:08 ----A---- C:\Windows\system32\seclogon.dll
2016-03-09 17:43:08 ----A---- C:\Windows\system32\mfds.dll
2016-03-09 17:43:08 ----A---- C:\Windows\system32\lpk.dll
2016-03-09 17:43:08 ----A---- C:\Windows\system32\fontsub.dll
2016-03-09 17:43:08 ----A---- C:\Windows\system32\dciman32.dll
2016-03-09 17:43:08 ----A---- C:\Windows\system32\atmlib.dll
2016-03-09 17:43:08 ----A---- C:\Windows\system32\atmfd.dll
2016-03-09 17:43:07 ----A---- C:\Windows\SYSWOW64\wmploc.DLL
2016-03-09 17:43:07 ----A---- C:\Windows\SYSWOW64\wmp.dll
2016-03-09 17:43:07 ----A---- C:\Windows\SYSWOW64\spwmp.dll
2016-03-09 17:43:07 ----A---- C:\Windows\SYSWOW64\dxmasf.dll
2016-03-09 17:43:07 ----A---- C:\Windows\system32\wmploc.DLL
2016-03-09 17:43:07 ----A---- C:\Windows\system32\spwmp.dll
2016-03-09 17:43:07 ----A---- C:\Windows\system32\dxmasf.dll
2016-03-09 17:43:06 ----A---- C:\Windows\system32\invagent.dll
2016-03-09 17:43:06 ----A---- C:\Windows\system32\generaltel.dll
2016-03-09 17:43:06 ----A---- C:\Windows\system32\devinv.dll
2016-03-09 17:43:06 ----A---- C:\Windows\system32\CompatTelRunner.exe
2016-03-09 17:43:06 ----A---- C:\Windows\system32\appraiser.dll
2016-03-09 17:43:06 ----A---- C:\Windows\system32\aeinv.dll
2016-03-09 17:43:06 ----A---- C:\Windows\system32\acmigration.dll

======List of files/folders modified in the last 1 month======

2016-04-01 07:21:21 ----D---- C:\Program Files\trend micro
2016-04-01 07:20:36 ----D---- C:\Windows\Temp
2016-04-01 07:19:04 ----SD---- C:\Users\Trifon\AppData\Roaming\Microsoft
2016-04-01 07:16:45 ----D---- C:\Windows\System32
2016-04-01 07:16:45 ----D---- C:\Windows\inf
2016-04-01 07:16:45 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-04-01 07:11:57 ----D---- C:\Windows\system32\Tasks
2016-04-01 07:11:43 ----D---- C:\ProgramData\NVIDIA
2016-03-31 20:34:17 ----D---- C:\Users\Trifon\AppData\Roaming\vlc
2016-03-31 19:49:46 ----D---- C:\Users\Trifon\AppData\Roaming\uTorrent
2016-03-31 11:21:09 ----D---- C:\Windows\system32\config
2016-03-30 18:06:21 ----HD---- C:\ProgramData
2016-03-29 23:43:37 ----D---- C:\Program Files (x86)\Steam
2016-03-29 09:45:17 ----D---- C:\Windows
2016-03-28 15:14:17 ----D---- C:\Users\Trifon\AppData\Roaming\RenPy
2016-03-26 13:19:55 ----RSD---- C:\Windows\Fonts
2016-03-24 23:28:23 ----SHD---- C:\System Volume Information
2016-03-24 23:28:23 ----SD---- C:\Windows\SYSWOW64\GWX
2016-03-24 23:28:23 ----SD---- C:\Windows\system32\GWX
2016-03-24 23:28:23 ----D---- C:\Windows\winsxs
2016-03-23 22:32:27 ----D---- C:\Users\Trifon\AppData\Roaming\CDisplayEx
2016-03-23 20:41:34 ----D---- C:\Program Files (x86)\Common Files
2016-03-23 08:15:16 ----D---- C:\Windows\system32\catroot2
2016-03-18 11:04:51 ----D---- C:\Windows\rescache
2016-03-17 11:29:09 ----D---- C:\Windows\Microsoft.NET
2016-03-16 16:39:15 ----RSD---- C:\Windows\assembly
2016-03-16 12:23:15 ----SHD---- C:\Windows\Installer
2016-03-16 12:22:31 ----D---- C:\ProgramData\Microsoft Help
2016-03-16 08:06:48 ----D---- C:\Windows\SysWOW64
2016-03-16 08:06:48 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2016-03-12 21:34:51 ----RD---- C:\Program Files (x86)
2016-03-10 12:08:10 ----D---- C:\Windows\SYSWOW64\sk-SK
2016-03-10 12:08:10 ----D---- C:\Windows\SYSWOW64\en-US
2016-03-10 12:08:10 ----D---- C:\Windows\SYSWOW64\cs-CZ
2016-03-10 12:08:10 ----D---- C:\Windows\system32\sk-SK
2016-03-10 12:08:10 ----D---- C:\Windows\system32\en-US
2016-03-10 12:08:10 ----D---- C:\Windows\system32\drivers
2016-03-10 12:08:10 ----D---- C:\Windows\system32\cs-CZ
2016-03-10 12:08:10 ----D---- C:\Program Files\Internet Explorer
2016-03-10 12:08:10 ----D---- C:\Program Files (x86)\Internet Explorer
2016-03-10 12:08:09 ----D---- C:\Windows\system32\DriverStore
2016-03-10 12:08:09 ----D---- C:\Windows\AppPatch
2016-03-10 12:08:09 ----D---- C:\Program Files\Windows Media Player
2016-03-10 12:08:09 ----D---- C:\Program Files (x86)\Windows Media Player
2016-03-09 22:59:20 ----A---- C:\Windows\win.ini
2016-03-09 22:58:56 ----D---- C:\Windows\system32\MRT
2016-03-09 22:56:23 ----A---- C:\Windows\system32\MRT.exe
2016-03-09 22:56:22 ----D---- C:\Windows\system32\appraiser

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswNdisFlt;Avast! Firewall Driver; C:\Windows\system32\DRIVERS\aswNdisFlt.sys [2016-02-14 478128]
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2016-02-14 74544]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2016-02-14 287016]
R0 iaStorA;iaStorA; C:\Windows\system32\DRIVERS\iaStorA.sys [2013-08-07 644968]
R0 iaStorF;iaStorF; C:\Windows\system32\DRIVERS\iaStorF.sys [2013-08-07 28008]
R0 iusb3hcs;Ovládač prepínača hostiteľského radiča Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2014-08-25 20464]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2015-10-10 381440]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2012-08-22 15232]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2016-02-14 37144]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2016-02-14 103064]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2016-03-09 1070904]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2016-02-23 463744]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2015/10/10 21:44:31]; \??\C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [2009-02-28 146928]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2016-02-14 37656]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2016-03-09 107792]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2016-02-14 165344]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2013-10-22 3692632]
R3 ISCT;Intel(R) Smart Connect Technology Device Driver; C:\Windows\system32\DRIVERS\ISCTD.sys [2014-04-29 44744]
R3 iusb3hub;Ovládač rozbočovača Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2014-08-25 383984]
R3 iusb3xhc;Ovládač hostiteľského radiča Intel(R) USB 3.0 eXtensible; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2014-08-25 795120]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2013-09-16 99288]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-08-18 19600]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2015-08-18 38032]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2012-12-28 805088]
S1 aswNetSec;aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [2016-02-23 552880]
S3 ajscxgjo;ajscxgjo; C:\Windows\system32\drivers\ajscxgjo.sys []
S3 BRDriver64_1_3_3_E02B25FC;BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [2016-01-18 78088]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2015-06-11 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 asComSvc;ASUS Com Service; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [2014-06-18 936728]
R2 AsSysCtrlService;ASUS System Control Service; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [2014-06-18 1360016]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-02-14 237096]
R2 avast! Firewall;Avast Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [2016-02-14 119128]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-08-18

1148560]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-

08-27 747520]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL

\jhi_service.exe [2013-09-16 169432]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

[2013-09-16 390616]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-08-18 1706128]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2015-08-18 21833360]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-08-18 933168]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2015-10-14 76888]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-08-17 409776]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-05

105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-05

125112]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-10 144200]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2015-11-05 51376]
S3 BRSptStub;BitRaider Mini-Support Service Stub Loader; C:\ProgramData\BitRaider\BRSptStub.exe [2016-01-18 363208]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-10 144200]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2015-12-21 194032]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-02-08 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client

\SocketHeciServer.exe [2013-08-27 828376]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-01-16 147624]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2013-01-25 178760]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-01

5132888]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2015-10-14 838224]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2015-10-16 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET

\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET

\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET

\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]

-----------------EOF-----------------

Re: Potrebujem kontrolu na malware pls!

Napsal: 02 dub 2016 17:55
od Rudy
Zdravím!
Jak je na tom váš oper. systém s legalitou?

Re: Potrebujem kontrolu na malware pls!

Napsal: 02 dub 2016 20:24
od Slovak
Legálne, kúpení. Ja viem, štandardne ľudia nemajú túto verziu doma.

Re: Potrebujem kontrolu na malware pls!

Napsal: 02 dub 2016 20:53
od Rudy
Udělejte sken OTL:

Stáhněte a spusťte OTL: http://oldtimer.geekstogo.com/OTL.exe . Spusťte, zaškrněte "Pro všechny uživatele", Kontrola na havěť LOP" a Kontrola na hvěť PURITY" a do dolního bílého okna zkopírujte:
CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*loader* /s
a klikněte na >Prohledat<. Dejte oba logy.

Re: Potrebujem kontrolu na malware pls!

Napsal: 02 dub 2016 21:40
od Slovak
OTL logfile created on: 2. 4. 2016 22:26:10 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Trifon\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18230)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

7,94 Gb Total Physical Memory | 6,42 Gb Available Physical Memory | 80,90% Memory free
7,94 Gb Paging File | 6,41 Gb Available in Paging File | 80,79% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223,47 Gb Total Space | 161,64 Gb Free Space | 72,33% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 324,54 Gb Free Space | 34,84% Space Free | Partition Type: NTFS
Drive G: | 149,05 Gb Total Space | 148,77 Gb Free Space | 99,81% Space Free | Partition Type: NTFS
Drive H: | 931,28 Gb Total Space | 259,82 Gb Free Space | 27,90% Space Free | Partition Type: FAT32

Computer Name: TRIFON-PC | User Name: Trifon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2016/04/02 22:14:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Trifon\Desktop\OTL.exe
PRC - [2016/03/28 23:34:22 | 003,077,712 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2016/03/28 23:34:22 | 002,061,392 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
PRC - [2016/03/23 16:09:47 | 007,139,256 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2016/02/14 14:46:02 | 000,237,096 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2016/02/14 14:46:00 | 000,119,128 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2015/10/14 14:15:23 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2015/08/18 10:48:55 | 002,585,744 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2015/08/18 10:48:55 | 001,706,128 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2015/08/17 23:43:04 | 000,409,776 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2014/08/25 05:50:12 | 000,293,872 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2014/06/18 07:54:04 | 001,360,016 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
PRC - [2014/06/18 07:54:00 | 000,936,728 | R--- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
PRC - [2013/09/16 12:18:28 | 000,390,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2013/09/16 12:17:42 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2009/12/23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


========== Modules (No Company Name) ==========

MOD - [2016/03/28 23:34:28 | 002,549,840 | ---- | M] () -- C:\Program Files (x86)\Steam\video.dll
MOD - [2016/03/28 23:34:22 | 000,829,008 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2016/03/11 02:56:14 | 000,783,360 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2016/02/18 00:25:36 | 000,281,088 | ---- | M] () -- C:\Program Files (x86)\Steam\openvr_api.dll
MOD - [2016/02/14 14:46:03 | 000,480,760 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\ffl2.dll
MOD - [2016/02/14 14:46:03 | 000,113,496 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\log.dll
MOD - [2016/02/14 14:46:02 | 000,133,768 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
MOD - [2016/02/09 03:33:30 | 048,400,672 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2016/02/09 01:14:32 | 002,549,760 | ---- | M] () -- C:\Program Files (x86)\Steam\libavcodec-56.dll
MOD - [2016/02/09 01:14:32 | 000,491,008 | ---- | M] () -- C:\Program Files (x86)\Steam\libavformat-56.dll
MOD - [2016/02/09 01:14:32 | 000,485,888 | ---- | M] () -- C:\Program Files (x86)\Steam\libswscale-3.dll
MOD - [2016/02/09 01:14:32 | 000,442,880 | ---- | M] () -- C:\Program Files (x86)\Steam\libavutil-54.dll
MOD - [2016/02/09 01:14:32 | 000,332,800 | ---- | M] () -- C:\Program Files (x86)\Steam\libavresample-2.dll
MOD - [2015/12/18 09:45:46 | 040,539,648 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2015/07/03 18:12:46 | 004,962,816 | ---- | M] () -- C:\Program Files (x86)\Steam\v8.dll
MOD - [2015/07/03 18:12:28 | 001,556,992 | ---- | M] () -- C:\Program Files (x86)\Steam\icui18n.dll
MOD - [2015/07/03 18:12:28 | 001,187,840 | ---- | M] () -- C:\Program Files (x86)\Steam\icuuc.dll


========== Services (SafeList) ==========

SRV:64bit: - [2016/02/14 14:46:02 | 000,237,096 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2016/02/14 14:46:00 | 000,119,128 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2016/02/08 20:14:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2015/08/18 10:48:55 | 021,833,360 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2015/08/18 10:48:55 | 001,148,560 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV:64bit: - [2015/07/23 02:02:54 | 001,390,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2013/08/27 14:32:30 | 000,828,376 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R)
SRV:64bit: - [2013/08/27 14:32:14 | 000,747,520 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2013/05/27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2016/01/18 21:48:41 | 000,363,208 | ---- | M] (BitRaider, LLC) [On_Demand | Stopped] -- C:\ProgramData\BitRaider\BRSptStub.exe -- (BRSptStub)
SRV - [2016/01/17 10:41:42 | 000,146,888 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/11/05 21:36:48 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2015/10/14 22:56:14 | 000,838,224 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2015/10/14 14:15:23 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2015/08/18 10:48:55 | 001,706,128 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2015/08/17 23:43:04 | 000,409,776 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014/06/18 07:54:04 | 001,360,016 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2014/06/18 07:54:00 | 000,936,728 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe -- (asComSvc)
SRV - [2014/03/21 00:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/16 12:18:28 | 000,390,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/09/16 12:17:42 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012/01/05 17:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv)
SRV - [2009/12/23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2016/03/09 17:26:36 | 001,070,904 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2016/03/09 17:26:36 | 000,107,792 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswmonflt.sys -- (aswMonFlt)
DRV:64bit: - [2016/02/23 17:11:45 | 000,552,880 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswnetsec.sys -- (aswNetSec)
DRV:64bit: - [2016/02/23 17:11:45 | 000,463,744 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2016/02/14 14:46:11 | 000,287,016 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswvmm.sys -- (aswVmm)
DRV:64bit: - [2016/02/14 14:46:04 | 000,165,344 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2016/02/14 14:46:03 | 000,103,064 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2016/02/14 14:46:03 | 000,074,544 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2016/02/14 14:46:03 | 000,037,656 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2016/02/14 14:46:01 | 000,037,144 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2016/02/14 14:46:00 | 000,478,128 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdisFlt.sys -- (aswNdisFlt)
DRV:64bit: - [2015/10/10 21:46:43 | 000,381,440 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2015/08/18 10:48:55 | 000,038,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2015/08/18 10:48:55 | 000,019,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2015/06/11 19:15:53 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014/08/25 05:49:22 | 000,020,464 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2014/08/25 05:49:14 | 000,795,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2014/08/25 05:49:14 | 000,383,984 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2014/04/29 10:51:00 | 000,044,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD.sys -- (ISCT)
DRV:64bit: - [2013/09/16 12:17:42 | 000,099,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:64bit: - [2013/08/07 14:23:46 | 000,644,968 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/08/07 14:23:46 | 000,028,008 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2012/12/28 03:26:12 | 000,805,088 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2016/01/18 23:40:01 | 000,078,088 | ---- | M] (BitRaider) [File_System | On_Demand | Stopped] -- C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys -- (BRDriver64_1_3_3_E02B25FC)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/28 19:40:18 | 000,146,928 | ---- | M] (CyberLink Corp.) [2015/10/10 21:44:31] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1601266965-4254244799-107981220-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.viceice.com/
IE - HKU\S-1-5-21-1601266965-4254244799-107981220-1000\..\SearchScopes,DefaultScope = {2039DD3E-4E72-4C20-90E7-9FD959AA7D06}
IE - HKU\S-1-5-21-1601266965-4254244799-107981220-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IESR02
IE - HKU\S-1-5-21-1601266965-4254244799-107981220-1000\..\SearchScopes\{2039DD3E-4E72-4C20-90E7-9FD959AA7D06}: "URL" = http://www.google.com/cse?cx=partner-pu ... gsc.page=1
IE - HKU\S-1-5-21-1601266965-4254244799-107981220-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "viceice"
FF - prefs.js..browser.search.selectedEngine: "viceice"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.viceice.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:43.0.4

FF - user.js..browser.startup.homepage: "http://www.viceice.com"
FF - user.js..browser.search.defaultenginename: "viceice"
FF - user.js..browser.search.selectedEngine: "viceice"
FF - user.js..browser.search.update: false
FF - user.js..browser.search.useDBForOrder: true

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2016/02/15 12:03:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2016/02/15 12:03:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\sp@avast.com: C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016/02/15 12:03:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 43.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 43.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2016/01/17 10:41:41 | 000,000,000 | ---D | M]

[2015/10/10 21:41:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Trifon\AppData\Roaming\mozilla\Extensions
[2016/01/16 14:27:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Trifon\AppData\Roaming\mozilla\Firefox\Profiles\rk8vrt1e.default\extensions
[2016/01/16 14:27:03 | 000,989,188 | ---- | M] () (No name found) -- C:\Users\Trifon\AppData\Roaming\mozilla\firefox\profiles\rk8vrt1e.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2016/03/30 18:27:18 | 000,000,926 | R--- | M] () -- C:\Users\Trifon\AppData\Roaming\mozilla\firefox\profiles\rk8vrt1e.default\searchplugins\starter.xml
[2016/01/17 10:41:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2016/01/17 10:41:42 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2015/11/18 16:57:24 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[2010/07/12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\3.0.1_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck\11.1.0.221_1\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\11.1.0.221_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpcdepnceibhgcfmkehlleemiejahmbp\1.2_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdeoflfbkpmebldjfkemfhjomgjipgn\0.1_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmlmehpiikmcdamekkndkbkcefnfefai\1.1.0.0_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\

O1 HOSTS File: ([2015/12/16 14:29:36 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\S-1-5-21-1601266965-4254244799-107981220-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.23.254.124 217.23.254.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F4109E8-C368-4BBD-B627-550F3133A50A}: DhcpNameServer = 217.23.254.124 217.23.254.125
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1601266965-4254244799-107981220-1000 Winlogon: Shell - (C:\Users\Trifon\AppData\Roaming\taskmgr\taskmgr.exe) - C:\Users\Trifon\AppData\Roaming\taskmgr\taskmgr.exe ()
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6ba8e36e-6f74-11e5-9acc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6ba8e36e-6f74-11e5-9acc-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Bin\ASSETUP.exe
O33 - MountPoints2\{f01fa5cc-6f79-11e5-bb95-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f01fa5cc-6f79-11e5-bb95-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Bin\ASSETUP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2016/04/02 22:14:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Trifon\Desktop\OTL.exe
[2016/04/01 07:21:18 | 000,000,000 | ---D | C] -- C:\rsit
[2016/03/31 12:17:01 | 000,000,000 | ---D | C] -- C:\Users\Trifon\AppData\Roaming\dvdcss
[2016/03/30 18:27:36 | 000,000,000 | ---D | C] -- C:\Users\Trifon\AppData\Roaming\chportu
[2016/03/30 18:27:18 | 000,000,000 | RHSD | C] -- C:\Users\Trifon\AppData\Roaming\taskmgr
[2016/03/30 17:52:00 | 000,000,000 | ---D | C] -- C:\Users\Trifon\Documents\Aoishiro
[2016/03/29 20:21:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Walking Dead Michonne Episode 2
[2016/03/26 19:23:34 | 000,000,000 | ---D | C] -- C:\ProgramData\SkidRow
[2016/03/25 11:05:34 | 000,000,000 | ---D | C] -- C:\Users\Trifon\AppData\Local\Microsoft Games
[2016/03/09 17:43:35 | 000,994,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ucrtbase.dll
[2016/03/09 17:43:35 | 000,922,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ucrtbase.dll
[2016/03/09 17:43:35 | 000,066,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-private-l1-1-0.dll
[2016/03/09 17:43:35 | 000,063,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-private-l1-1-0.dll
[2016/03/09 17:43:35 | 000,022,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-math-l1-1-0.dll
[2016/03/09 17:43:35 | 000,020,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-math-l1-1-0.dll
[2016/03/09 17:43:35 | 000,019,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-multibyte-l1-1-0.dll
[2016/03/09 17:43:35 | 000,019,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-multibyte-l1-1-0.dll
[2016/03/09 17:43:35 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-string-l1-1-0.dll
[2016/03/09 17:43:35 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-string-l1-1-0.dll
[2016/03/09 17:43:35 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-stdio-l1-1-0.dll
[2016/03/09 17:43:35 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-stdio-l1-1-0.dll
[2016/03/09 17:43:35 | 000,016,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-runtime-l1-1-0.dll
[2016/03/09 17:43:35 | 000,016,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-runtime-l1-1-0.dll
[2016/03/09 17:43:35 | 000,015,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-convert-l1-1-0.dll
[2016/03/09 17:43:35 | 000,015,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-convert-l1-1-0.dll
[2016/03/09 17:43:35 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-time-l1-1-0.dll
[2016/03/09 17:43:35 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-time-l1-1-0.dll
[2016/03/09 17:43:35 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-2-0.dll
[2016/03/09 17:43:35 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-2-0.dll
[2016/03/09 17:43:35 | 000,013,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-filesystem-l1-1-0.dll
[2016/03/09 17:43:35 | 000,013,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-filesystem-l1-1-0.dll
[2016/03/09 17:43:35 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-process-l1-1-0.dll
[2016/03/09 17:43:35 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-process-l1-1-0.dll
[2016/03/09 17:43:35 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-heap-l1-1-0.dll
[2016/03/09 17:43:35 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-heap-l1-1-0.dll
[2016/03/09 17:43:35 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-conio-l1-1-0.dll
[2016/03/09 17:43:35 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-conio-l1-1-0.dll
[2016/03/09 17:43:35 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-utility-l1-1-0.dll
[2016/03/09 17:43:35 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-utility-l1-1-0.dll
[2016/03/09 17:43:35 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-locale-l1-1-0.dll
[2016/03/09 17:43:35 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-locale-l1-1-0.dll
[2016/03/09 17:43:35 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-environment-l1-1-0.dll
[2016/03/09 17:43:35 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-environment-l1-1-0.dll
[2016/03/09 17:43:35 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-2-0.dll
[2016/03/09 17:43:35 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-2-0.dll
[2016/03/09 17:43:35 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-1.dll
[2016/03/09 17:43:35 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-1.dll
[2016/03/09 17:43:35 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l2-1-0.dll
[2016/03/09 17:43:35 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l2-1-0.dll
[2016/03/09 17:43:35 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-timezone-l1-1-0.dll
[2016/03/09 17:43:35 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-timezone-l1-1-0.dll
[2016/03/09 17:43:35 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l2-1-0.dll
[2016/03/09 17:43:35 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l2-1-0.dll
[2016/03/09 17:43:35 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-2-0.dll
[2016/03/09 17:43:35 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-2-0.dll
[2016/03/09 17:43:34 | 003,169,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2016/03/09 17:43:34 | 000,709,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2016/03/09 17:43:34 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2016/03/09 17:43:34 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2016/03/09 17:43:34 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2016/03/09 17:43:34 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2016/03/09 17:43:34 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2016/03/09 17:43:34 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2016/03/09 17:43:34 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSetupUI.dll
[2016/03/09 17:43:34 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2016/03/09 17:43:34 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2016/03/09 17:43:34 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2016/03/09 17:43:34 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2016/03/09 17:43:34 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2016/03/09 17:43:34 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wu.upgrade.ps.dll
[2016/03/09 17:43:33 | 000,862,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2016/03/09 17:43:32 | 000,718,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2016/03/09 17:43:32 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2016/03/09 17:43:32 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2016/03/09 17:43:32 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2016/03/09 17:43:32 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2016/03/09 17:43:32 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2016/03/09 17:43:32 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2016/03/09 17:43:32 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2016/03/09 17:43:32 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2016/03/09 17:43:32 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2016/03/09 17:43:32 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2016/03/09 17:43:32 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2016/03/09 17:43:31 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2016/03/09 17:43:31 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2016/03/09 17:43:31 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2016/03/09 17:43:31 | 000,663,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2016/03/09 17:43:31 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2016/03/09 17:43:31 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2016/03/09 17:43:31 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2016/03/09 17:43:31 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2016/03/09 17:43:31 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2016/03/09 17:43:30 | 002,123,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2016/03/09 17:43:30 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2016/03/09 17:43:30 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2016/03/09 17:43:30 | 000,798,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2016/03/09 17:43:30 | 000,571,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2016/03/09 17:43:30 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2016/03/09 17:43:30 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2016/03/09 17:43:30 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2016/03/09 17:43:29 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2016/03/09 17:43:29 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2016/03/09 17:43:29 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2016/03/09 17:43:29 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2016/03/09 17:43:29 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2016/03/09 17:43:29 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2016/03/09 17:43:28 | 006,052,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2016/03/09 17:43:28 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2016/03/09 17:43:28 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2016/03/09 17:43:28 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2016/03/09 17:43:28 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2016/03/09 17:43:28 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2016/03/09 17:43:27 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2016/03/09 17:43:27 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2016/03/09 17:43:13 | 005,572,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2016/03/09 17:43:13 | 001,733,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2016/03/09 17:43:13 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2016/03/09 17:43:12 | 003,994,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2016/03/09 17:43:12 | 003,938,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2016/03/09 17:43:12 | 001,461,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2016/03/09 17:43:12 | 001,214,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2016/03/09 17:43:12 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2016/03/09 17:43:12 | 000,880,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2016/03/09 17:43:12 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2016/03/09 17:43:12 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2016/03/09 17:43:12 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2016/03/09 17:43:12 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2016/03/09 17:43:12 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2016/03/09 17:43:12 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2016/03/09 17:43:12 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2016/03/09 17:43:12 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2016/03/09 17:43:12 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2016/03/09 17:43:11 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2016/03/09 17:43:11 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2016/03/09 17:43:11 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2016/03/09 17:43:11 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2016/03/09 17:43:11 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2016/03/09 17:43:11 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe
[2016/03/09 17:43:11 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll
[2016/03/09 17:43:11 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll
[2016/03/09 17:43:11 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2016/03/09 17:43:11 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
[2016/03/09 17:43:11 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptbase.dll
[2016/03/09 17:43:11 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2016/03/09 17:43:11 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2016/03/09 17:43:11 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2016/03/09 17:43:11 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2016/03/09 17:43:11 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2016/03/09 17:43:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2016/03/09 17:43:11 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2016/03/09 17:43:11 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2016/03/09 17:43:11 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2016/03/09 17:43:11 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2016/03/09 17:43:11 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2016/03/09 17:43:11 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2016/03/09 17:43:11 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2016/03/09 17:43:11 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2016/03/09 17:43:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2016/03/09 17:43:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2016/03/09 17:43:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2016/03/09 17:43:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2016/03/09 17:43:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2016/03/09 17:43:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2016/03/09 17:43:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2016/03/09 17:43:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2016/03/09 17:43:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2016/03/09 17:43:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2016/03/09 17:43:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2016/03/09 17:43:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2016/03/09 17:43:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2016/03/09 17:43:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2016/03/09 17:43:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2016/03/09 17:43:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2016/03/09 17:43:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2016/03/09 17:43:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2016/03/09 17:43:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2016/03/09 17:43:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2016/03/09 17:43:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2016/03/09 17:43:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2016/03/09 17:43:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2016/03/09 17:43:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2016/03/09 17:43:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2016/03/09 17:43:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2016/03/09 17:43:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2016/03/09 17:43:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2016/03/09 17:43:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2016/03/09 17:43:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2016/03/09 17:43:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2016/03/09 17:43:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2016/03/09 17:43:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2016/03/09 17:43:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2016/03/09 17:43:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2016/03/09 17:43:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2016/03/09 17:43:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2016/03/09 17:43:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2016/03/09 17:43:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2016/03/09 17:43:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2016/03/09 17:43:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2016/03/09 17:43:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2016/03/09 17:43:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2016/03/09 17:43:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2016/03/09 17:43:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2016/03/09 17:43:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2016/03/09 17:43:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2016/03/09 17:43:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2016/03/09 17:43:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2016/03/09 17:43:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2016/03/09 17:43:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2016/03/09 17:43:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2016/03/09 17:43:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2016/03/09 17:43:08 | 014,634,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2016/03/09 17:43:08 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfds.dll
[2016/03/09 17:43:08 | 000,372,736 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2016/03/09 17:43:08 | 000,299,520 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2016/03/09 17:43:08 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfds.dll
[2016/03/09 17:43:08 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2016/03/09 17:43:08 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2016/03/09 17:43:08 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2016/03/09 17:43:08 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2016/03/09 17:43:08 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2016/03/09 17:43:08 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2016/03/09 17:43:07 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2016/03/09 17:43:07 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2016/03/09 17:43:07 | 011,411,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2016/03/09 17:43:07 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwmp.dll
[2016/03/09 17:43:07 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll
[2016/03/09 17:43:07 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdxm.ocx
[2016/03/09 17:43:07 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxmasf.dll
[2016/03/09 17:43:07 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx
[2016/03/09 17:43:07 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll
[2016/03/09 17:43:06 | 001,373,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2016/03/09 17:43:06 | 001,168,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2016/03/09 17:43:06 | 000,696,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2016/03/09 17:43:06 | 000,689,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2016/03/09 17:43:06 | 000,499,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2016/03/09 17:43:06 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\acmigration.dll
[2016/03/09 17:43:06 | 000,038,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CompatTelRunner.exe

========== Files - Modified Within 30 Days ==========

[2016/04/02 22:27:03 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2016/04/02 22:14:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Trifon\Desktop\OTL.exe
[2016/04/02 21:35:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2016/04/02 12:20:03 | 000,013,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2016/04/02 12:20:03 | 000,013,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2016/04/02 12:17:45 | 001,587,976 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2016/04/02 12:17:45 | 000,661,796 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2016/04/02 12:17:45 | 000,655,292 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2016/04/02 12:17:45 | 000,141,944 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2016/04/02 12:17:45 | 000,122,662 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2016/04/02 12:12:17 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2016/04/02 12:12:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016/04/02 12:12:10 | 2099,212,287 | -HS- | M] () -- C:\hiberfil.sys
[2016/04/01 07:20:58 | 001,222,144 | ---- | M] () -- C:\Users\Trifon\Desktop\RSITx64.exe
[2016/04/01 07:13:02 | 000,000,316 | ---- | M] () -- C:\Users\Trifon\AppData\Roaming\redirect2.dat
[2016/03/30 18:26:23 | 240,397,312 | ---- | M] () -- C:\Users\Trifon\AppData\Roaming\Launcher.dat
[2016/03/30 18:26:22 | 000,000,009 | ---- | M] () -- C:\Users\Trifon\AppData\Roaming\update.dat
[2016/03/29 21:40:29 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\Minecraft Story Mode A Telltale Games Series.lnk
[2016/03/29 20:37:52 | 000,002,213 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2016/03/29 20:21:13 | 000,001,324 | ---- | M] () -- C:\Users\Trifon\Desktop\The Walking Dead Michonne Episode 2.lnk
[2016/03/29 10:53:09 | 000,000,222 | ---- | M] () -- C:\Users\Trifon\Desktop\Frosty Kiss.url
[2016/03/27 10:07:06 | 000,432,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2016/03/16 08:06:48 | 001,554,464 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2016/03/09 17:26:36 | 001,070,904 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2016/03/09 17:26:36 | 000,107,792 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswmonflt.sys

========== Files Created - No Company Name ==========

[2016/04/01 07:20:57 | 001,222,144 | ---- | C] () -- C:\Users\Trifon\Desktop\RSITx64.exe
[2016/04/01 07:13:02 | 000,000,316 | ---- | C] () -- C:\Users\Trifon\AppData\Roaming\redirect2.dat
[2016/03/30 18:26:22 | 240,397,312 | ---- | C] () -- C:\Users\Trifon\AppData\Roaming\Launcher.dat
[2016/03/30 18:26:22 | 000,000,009 | ---- | C] () -- C:\Users\Trifon\AppData\Roaming\update.dat
[2016/03/29 21:40:29 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\Minecraft Story Mode A Telltale Games Series.lnk
[2016/03/29 21:40:29 | 000,000,919 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft Story Mode A Telltale Games Series.lnk
[2016/03/29 20:21:13 | 000,001,324 | ---- | C] () -- C:\Users\Trifon\Desktop\The Walking Dead Michonne Episode 2.lnk
[2016/03/29 10:53:09 | 000,000,222 | ---- | C] () -- C:\Users\Trifon\Desktop\Frosty Kiss.url
[2016/01/13 14:41:11 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2015/10/16 14:12:29 | 000,000,082 | ---- | C] () -- C:\Windows\SysWow64\winsevr.dat
[2015/10/14 14:15:41 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2015/10/14 14:15:23 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2015/10/14 13:29:43 | 000,079,872 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2015/10/10 20:43:24 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2015/10/10 20:42:40 | 001,554,464 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2015/10/10 20:39:05 | 000,015,232 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2015/10/10 20:38:26 | 000,000,138 | ---- | C] () -- C:\Windows\scd.ini
[2015/10/10 20:38:25 | 000,060,220 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2015/10/10 20:38:25 | 000,000,000 | ---- | C] () -- C:\Windows\Ascd_err.ini
[2015/10/10 20:36:17 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2015/10/10 20:36:13 | 000,042,097 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2016/01/22 08:19:58 | 014,179,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2016/01/22 08:05:58 | 012,877,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2015/12/04 20:27:56 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\.mono
[2016/01/07 15:01:31 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\11bitstudios
[2015/12/02 15:29:05 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\AC3Filter
[2015/10/10 21:53:29 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\AVAST Software
[2016/03/23 22:32:27 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\CDisplayEx
[2016/03/30 18:27:36 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\chportu
[2016/01/01 18:43:54 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\Cinders
[2016/02/25 23:23:59 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\Mass Effect
[2016/03/28 15:14:17 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\RenPy
[2016/01/09 20:13:24 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\SmartSteamEmu
[2016/02/23 20:42:32 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\Steam
[2016/04/02 12:12:41 | 000,000,000 | RHSD | M] -- C:\Users\Trifon\AppData\Roaming\taskmgr
[2015/10/16 18:26:58 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\The Creative Assembly
[2015/10/14 18:05:50 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\uplay
[2016/04/01 19:24:32 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\uTorrent
[2015/10/14 12:34:44 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\Wargaming.net

========== Purity Check ==========



========== Custom Scans ==========

< >
[2009/07/14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 07:08:49 | 000,032,564 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2016/01/30 14:25:26 | 000,000,932 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2016/01/30 14:25:26 | 000,000,936 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< >

< MD5 for: ATAPI.SYS >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010/11/20 15:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010/11/20 15:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009/07/14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
[2010/11/20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010/11/20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
[2010/11/20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010/11/20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010/11/20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2011/02/26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2016/01/22 08:27:19 | 003,231,232 | ---- | M] (Microsoft Corporation) MD5=20DBEE43BF607324BFC79A02F3467DCD -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.23338_none_b052775aa98671d5\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2016/01/22 07:12:59 | 002,973,184 | ---- | M] (Microsoft Corporation) MD5=2A156D5EBF221EF2A6AE7CE452324DAC -- C:\Windows\SysWOW64\explorer.exe
[2016/01/22 07:12:59 | 002,973,184 | ---- | M] (Microsoft Corporation) MD5=2A156D5EBF221EF2A6AE7CE452324DAC -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.19135_none_ba1a821dc4cc4ada\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2016/01/22 07:19:39 | 003,231,232 | ---- | M] (Microsoft Corporation) MD5=9D77CC4A36FEEA644D002CFB9B2D42C0 -- C:\Windows\explorer.exe
[2016/01/22 07:19:39 | 003,231,232 | ---- | M] (Microsoft Corporation) MD5=9D77CC4A36FEEA644D002CFB9B2D42C0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.19135_none_afc5d7cb906b88df\explorer.exe
[2010/11/20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2016/01/22 08:07:00 | 002,973,696 | ---- | M] (Microsoft Corporation) MD5=CEA6C2000AEC6CAF3CD6F3F73848E40A -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.23338_none_baa721acdde733d0\explorer.exe
[2011/02/26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe

< MD5 for: HAL.DLL >
[2009/07/14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
[2010/11/20 15:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\SysNative\hal.dll
[2010/11/20 15:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll

< MD5 for: SCECLI.DLL >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SERVICES.EXE >
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2015/04/11 06:31:36 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=43DCEC23557C32F7702C8D5BC729738F -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7601.23033_none_2df8898bfd178df8\services.exe
[2015/04/13 05:28:33 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=71C85477DF9347FE8E7BC55768473FCA -- C:\Windows\SysNative\services.exe
[2015/04/13 05:28:33 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=71C85477DF9347FE8E7BC55768473FCA -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7601.18829_none_2d7fe646e3ec3705\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2014/04/05 04:47:20 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=04ADD18EE5CC9FBEDAEC1DD1CD0CB45E -- C:\Windows\SysNative\drivers\tcpip.sys
[2014/04/05 04:47:20 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=04ADD18EE5CC9FBEDAEC1DD1CD0CB45E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18438_none_113260637d1284ef\tcpip.sys
[2012/10/03 19:56:54 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[2013/09/08 04:30:37 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_1118bb977d265d27\tcpip.sys
[2014/04/05 04:37:43 | 001,897,408 | ---- | M] (Microsoft Corporation) MD5=4F80944B03112F486212DC20BE166079 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22648_none_11b12f2896383dd1\tcpip.sys
[2010/11/20 15:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2013/09/07 04:27:48 | 001,896,896 | ---- | M] (Microsoft Corporation) MD5=75F9106B74585D38C8FF6BB5CAD262D7 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_11ad2a34963bde27\tcpip.sys
[2009/07/14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2012/10/03 19:44:29 | 001,902,472 | ---- | M] (Microsoft Corporation) MD5=D5707FC2300AA5B04B7BFE86D40C0133 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2014/03/04 13:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014/03/04 11:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[2014/07/17 04:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\SysNative\winlogon.exe
[2014/07/17 04:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_cdc47ed1ebad0e4e\winlogon.exe
[2014/07/16 05:23:23 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=98AA0BFEE089C7E5DADB94190D93456C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_ce434d9704d2c730\winlogon.exe
[2009/10/28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< >

< %systemroot%*.* /U /s >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2015/12/04 20:27:56 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\.mono
[2016/01/07 15:01:31 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\11bitstudios
[2015/12/02 15:29:05 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\AC3Filter
[2015/11/02 10:20:55 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\Adobe
[2015/10/10 21:53:29 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\AVAST Software
[2016/03/23 22:32:27 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\CDisplayEx
[2016/03/30 18:27:36 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\chportu
[2016/01/01 18:43:54 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\Cinders
[2015/10/10 21:45:57 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\CyberLink
[2016/03/31 12:17:01 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\dvdcss
[2015/10/10 20:53:52 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\Google
[2015/10/10 20:33:37 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\Identities
[2015/10/10 20:45:10 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\InstallShield
[2016/01/03 15:30:07 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\InstallShield Installation Information
[2015/10/10 20:46:42 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\Intel Corporation
[2015/10/10 20:25:45 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\Macromedia
[2016/02/25 23:23:59 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\Mass Effect
[2009/07/14 09:45:14 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\Media Center Programs
[2016/04/01 07:19:04 | 000,000,000 | --SD | M] -- C:\Users\Trifon\AppData\Roaming\Microsoft
[2015/10/10 21:41:41 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\Mozilla
[2015/10/10 21:40:10 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\Nero
[2015/11/23 22:26:26 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\NVIDIA
[2016/03/28 15:14:17 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\RenPy
[2016/01/09 20:13:24 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\SmartSteamEmu
[2016/02/23 20:42:32 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\Steam
[2016/04/02 12:12:41 | 000,000,000 | RHSD | M] -- C:\Users\Trifon\AppData\Roaming\taskmgr
[2015/10/16 18:26:58 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\The Creative Assembly
[2015/10/14 18:05:50 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\uplay
[2016/04/01 19:24:32 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\uTorrent
[2016/04/02 22:25:16 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\vlc
[2015/10/14 12:34:44 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\Wargaming.net
[2015/10/10 21:52:03 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\Winamp
[2015/10/22 15:31:06 | 000,000,000 | ---D | M] -- C:\Users\Trifon\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2014/12/05 18:50:53 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Users\Trifon\AppData\Roaming\chportu\App\Chrome-bin\chrome.exe
[2014/12/05 18:50:54 | 000,073,544 | ---- | M] () -- C:\Users\Trifon\AppData\Roaming\chportu\App\Chrome-bin\wow_helper.exe
[2014/12/05 18:50:43 | 002,057,544 | ---- | M] (Google Inc.) -- C:\Users\Trifon\AppData\Roaming\chportu\App\Chrome-bin\39.0.2171.95\delegate_execute.exe
[2014/12/05 18:50:49 | 001,949,000 | ---- | M] (Google Inc.) -- C:\Users\Trifon\AppData\Roaming\chportu\App\Chrome-bin\39.0.2171.95\nacl64.exe
[2013/05/23 19:15:46 | 000,802,816 | ---- | M] (Acresso Software Inc. ) -- C:\Users\Trifon\AppData\Roaming\InstallShield Installation Information\{5A0D1CE9-01BE-47E7-A019-45D5970AC1DA}\setup.exe
[2016/02/25 23:15:27 | 000,981,345 | ---- | M] () -- C:\Users\Trifon\AppData\Roaming\Mass Effect\Uninstall\unins000.exe
[2016/01/14 15:45:09 | 000,010,134 | R--- | M] () -- C:\Users\Trifon\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2016/03/30 18:27:18 | 153,448,448 | RHS- | M] () -- C:\Users\Trifon\AppData\Roaming\taskmgr\taskmgr.exe
[2015/04/25 20:30:00 | 000,294,312 | ---- | M] (emc) -- C:\Users\Trifon\AppData\Roaming\uTorrent\uninstall.exe
[2015/02/22 21:30:00 | 000,416,168 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Trifon\AppData\Roaming\uTorrent\utorrent.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2016/04/02 12:12:17 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2016/04/02 22:35:00 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2016/01/17 10:41:42 | 000,392,136 | ---- | M] (Mozilla Corporation) MD5=1103DF442ACE5870CAFE6977EF192CA5 -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2016/02/09 08:10:26 | 000,815,312 | ---- | M] (Microsoft Corporation) MD5=9A663A210C03A364AF5357F5E68203AB -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2016/03/27 09:59:05 | 000,874,136 | ---- | M] (Google Inc.) MD5=FAB888AC8D8609A963FCCC6F120FF1BA -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2016/04/02 22:27:03 | 000,000,512 | ---- | M] () MD5=67F0399630CD23DD86CBC4098253A39F -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2016/03/26 12:12:18 | 000,010,483 | ---- | M] () -- \Users\Trifon\AppData\Roaming\uTorrent\The Royal Trap - Full PreCracked - Foxy Games.torrent
[2016/01/11 15:17:22 | 000,010,470 | ---- | M] () -- \Users\Trifon\AppData\Roaming\uTorrent\Zoom Player MAX 11.0 Final [ENG-PL] [Crack] [AT-TEAM].rar.torrent

< *keygen* /s >

Re: Potrebujem kontrolu na malware pls!

Napsal: 02 dub 2016 21:41
od Slovak
< *loader* /s >
[2014/09/03 00:27:24 | 000,268,432 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll
[2014/09/03 00:27:24 | 000,019,096 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2009/11/20 17:22:16 | 000,010,779 | ---- | M] () -- \Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\mm\MediaCtrl\ImageLoader.kc
[2009/11/20 17:22:22 | 000,003,490 | ---- | M] () -- \Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\widget\langloader.kc
[2009/11/20 17:22:22 | 000,013,373 | ---- | M] () -- \Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\widget\layoutloader.kc
[2015/08/18 10:48:55 | 001,176,208 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\ExtensionLoader.dll
[2014/06/10 17:42:34 | 000,065,344 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2014/06/10 17:42:34 | 000,067,904 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader64.dll
[2014/06/10 17:42:30 | 000,070,464 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader.dll
[2014/06/10 17:42:30 | 000,085,312 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader64.dll
[2014/12/10 03:28:04 | 000,001,701 | ---- | M] () -- \Program Files (x86)\Steam\friends\broadcastuploaderrornotification.res
[2014/11/11 20:48:42 | 000,007,825 | ---- | M] () -- \Program Files (x86)\Steam\remoteui\static\libs\images\ajax-loader.gif
[2006/12/23 17:37:56 | 000,044,032 | ---- | M] () -- \Program Files (x86)\WinRAR\RarExtLoader.exe
[2016/02/14 14:46:02 | 000,087,480 | ---- | M] () -- \Program Files\AVAST Software\Avast\aswWrcIELoader32.exe
[2016/02/14 14:46:02 | 000,103,016 | ---- | M] () -- \Program Files\AVAST Software\Avast\aswWrcIELoader64.exe
[2016/02/14 14:46:01 | 000,059,104 | ---- | M] () -- \Program Files\AVAST Software\Avast\ie_loader.exe
[2016/02/14 14:46:03 | 000,019,136 | ---- | M] () -- \Program Files\AVAST Software\Avast\setup\CRT\avast.vc140.crt\amd64\api-ms-win-core-libraryloader-l1-1-0.dll
[2016/02/14 14:46:03 | 000,019,136 | ---- | M] () -- \Program Files\AVAST Software\Avast\setup\CRT\avast.vc140.crt\x86\api-ms-win-core-libraryloader-l1-1-0.dll
[2016/02/14 14:46:01 | 000,066,808 | ---- | M] () -- \Program Files\AVAST Software\Avast\x64\ie_loader.exe
[2015/12/01 10:19:06 | 001,701,016 | ---- | M] () -- \Program Files\AVAST Software\SZBrowser\1.46.1990.139\resources\bundled_extensions\video-downloader.crx
[2016/02/01 12:20:02 | 001,755,262 | ---- | M] () -- \Program Files\AVAST Software\SZBrowser\1.48.2066.44\resources\bundled_extensions\video-downloader.crx
[2016/02/01 12:20:02 | 001,755,262 | ---- | M] () -- \Program Files\AVAST Software\SZBrowser\resources\bundled_extensions\video-downloader.crx
[2014/09/03 00:27:24 | 000,364,176 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll
[2014/09/03 00:27:24 | 000,019,096 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2016/01/26 13:41:00 | 000,003,208 | ---- | M] () -- \ProgramData\AVAST Software\SZBrowser\profile\Trifon\Extensions\blgbpiedcngldakfgncemilphjcmnmio\1.8.12.271_0\skin\ajax-loader.gif
[2016/01/27 18:09:18 | 000,003,737 | ---- | M] () -- \ProgramData\AVAST Software\SZBrowser\profile\Trifon\Extensions\lhnnoklckomcfdlknmjaenoodlpfdclc\0.3.25.114_0\icons\loader.gif
[2016/01/26 13:41:00 | 000,003,208 | ---- | M] () -- \Users\All Users\AVAST Software\SZBrowser\profile\Trifon\Extensions\blgbpiedcngldakfgncemilphjcmnmio\1.8.12.271_0\skin\ajax-loader.gif
[2016/01/27 18:09:18 | 000,003,737 | ---- | M] () -- \Users\All Users\AVAST Software\SZBrowser\profile\Trifon\Extensions\lhnnoklckomcfdlknmjaenoodlpfdclc\0.3.25.114_0\icons\loader.gif
[2016/02/28 15:09:33 | 000,003,270 | ---- | M] () -- \Users\Public\Documents\Blizzard Entertainment\World of Warcraft\Logs\Downloader.log
[2016/03/08 17:26:00 | 000,003,208 | ---- | M] () -- \Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\skin\ajax-loader.gif
[2016/02/12 11:35:36 | 000,003,605 | ---- | M] () -- \Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\loader.gif
[2016/03/16 16:39:58 | 000,141,824 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.O29577370#\28bd3f5a5a5e02219acadbeb5ecfc7e9\Microsoft.Office.InfoPath.CLRLoader.ni.dll
[2016/03/16 16:39:58 | 000,000,768 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.O29577370#\28bd3f5a5a5e02219acadbeb5ecfc7e9\Microsoft.Office.InfoPath.CLRLoader.ni.dll.aux
[2013/05/09 01:43:22 | 000,019,080 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00005109110000000100000000F01FEC\15.0.4420\FL_VSTOLoaderUI_dll_amd64_ln.3643236F_FC70_11D3_A536_0090278A1BB8
[2012/10/01 20:34:40 | 000,019,048 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00005109110000000100000000F01FEC\15.0.4420\FL_VSTOLoaderUI_dll_amd64_ln.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25
[2013/05/09 01:43:22 | 000,019,080 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00005109110000000100000000F01FEC\15.0.4420\FL_VSTOLoaderUI_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8
[2012/10/01 20:34:40 | 000,019,048 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00005109110000000100000000F01FEC\15.0.4420\FL_VSTOLoaderUI_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25
[2013/05/09 01:43:22 | 000,364,168 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00005109110000000100000000F01FEC\15.0.4420\VSTOLoader_dll_amd64.3643236F_FC70_11D3_A536_0090278A1BB8
[2012/10/01 20:34:40 | 000,364,128 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00005109110000000100000000F01FEC\15.0.4420\VSTOLoader_dll_amd64.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25
[2013/05/09 01:43:22 | 000,268,440 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00005109110000000100000000F01FEC\15.0.4420\VSTOLoader_dll_x86.3643236F_FC70_11D3_A536_0090278A1BB8
[2012/10/01 20:34:40 | 000,268,384 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00005109110000000100000000F01FEC\15.0.4420\VSTOLoader_dll_x86.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25
[2016/02/10 23:31:21 | 000,017,128 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.InfoPath.CLRLoader\v4.0_15.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.CLRLoader.dll
[2016/02/11 20:30:35 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2016/02/11 20:30:35 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2016/02/14 14:46:05 | 000,019,136 | ---- | M] () -- \Windows\winsxs\amd64_avast.vc140.crt_fcc99ee6193ebbca_14.0.23506.0_none_545784f92070b665\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 03:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009/07/14 03:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 19:28:57 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17135_none_66dcd6a595588d81\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 07:41:11 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17179_none_66b5981d957562a1\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 19:26:17 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21335_none_67667556ae762a72\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 07:36:06 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21386_none_67316604ae9dcf7e\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 19:38:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_68a2edab92971725\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 07:38:44 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/02 04:12:19 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/05/25 20:11:40 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18869_none_68a6d625929398fb\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/07/15 05:06:41 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18923_none_68cc15ff92788e54\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/07/15 20:00:47 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18933_none_68c146139280aa45\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/07/23 01:52:00 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18939_none_68c747cf927b424f\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/09/29 05:01:16 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.19018_none_68dbbf7f926c2458\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/10/20 02:53:47 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.19045_none_68b84edd92872c26\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/12/30 20:54:58 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.19110_none_68d3bf15927356c7\api-ms-win-core-libraryloader-l1-1-0.dll
[2016/01/16 20:54:07 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.19131_none_68bf1f879282a800\api-ms-win-core-libraryloader-l1-1-0.dll
[2016/01/22 08:12:24 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.19135_none_68c320af927f0d5c\api-ms-win-core-libraryloader-l1-1-0.dll
[2016/02/11 20:41:37 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.19160_none_689daf79929be27c\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 19:35:00 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_6957a248ab947a6d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 07:39:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_69239340abbb38d0\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/04/12 04:28:21 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_69353b6eabae8d55\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/05/25 20:14:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23072_none_691e7920abbfd697\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/07/15 05:11:33 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23126_none_69588bcaab93ad65\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/07/15 20:05:03 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23136_none_694dbbdeab9bc956\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/07/22 23:52:11 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23142_none_693eeacaaba77feb\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/09/28 20:06:01 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23223_none_69558cd2ab965e87\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/10/01 19:57:33 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23226_none_69588db0ab93aa8c\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/10/20 03:01:41 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23250_none_69321c30abb16655\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/12/30 21:06:14 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23313_none_69605ea4ab8e3fbd\api-ms-win-core-libraryloader-l1-1-0.dll
[2016/01/17 02:28:14 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23334_none_694bbf16ab9d90f6\api-ms-win-core-libraryloader-l1-1-0.dll
[2016/01/22 08:17:41 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23338_none_694fc03eab99f652\api-ms-win-core-libraryloader-l1-1-0.dll
[2016/02/10 20:48:13 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23349_none_6945f09caba12b9a\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/10/16 14:58:47 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.19021_cs-cz_915a6c4113b415c1.manifest
[2015/10/16 14:58:47 | 000,033,216 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.19021_cs-cz_915a6c4113b415c1_winload.efi.mui_35ee487d
[2015/10/16 14:58:47 | 000,034,752 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.19021_cs-cz_915a6c4113b415c1_winload.exe.mui_3bc5b827
[2015/10/16 14:58:47 | 000,029,632 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.19021_cs-cz_915a6c4113b415c1_winresume.efi.mui_f412814e
[2015/10/16 14:58:47 | 000,030,144 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.19021_cs-cz_915a6c4113b415c1_winresume.exe.mui_ff8b5358
[2015/10/16 14:58:47 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.19021_en-us_d4b0b79cfaae721f.manifest
[2015/10/16 14:58:47 | 000,033,216 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.19021_en-us_d4b0b79cfaae721f_winload.efi.mui_35ee487d
[2015/10/16 14:58:47 | 000,033,216 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.19021_en-us_d4b0b79cfaae721f_winload.exe.mui_3bc5b827
[2015/10/16 14:58:47 | 000,029,632 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.19021_en-us_d4b0b79cfaae721f_winresume.efi.mui_f412814e
[2015/10/16 14:58:47 | 000,029,632 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.19021_en-us_d4b0b79cfaae721f_winresume.exe.mui_ff8b5358
[2015/10/16 14:58:47 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.19021_none_b93eb7c983517bf4.manifest
[2015/10/16 14:58:47 | 000,692,672 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.19021_none_b93eb7c983517bf4_winload.efi_75834aa0
[2015/10/16 14:58:47 | 000,619,056 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.19021_none_b93eb7c983517bf4_winload.exe_75835076
[2015/10/16 14:58:47 | 000,616,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.19021_none_b93eb7c983517bf4_winresume.efi_85cd069f
[2015/10/16 14:58:47 | 000,532,176 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.19021_none_b93eb7c983517bf4_winresume.exe_85cd1215
[2009/07/14 04:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009/07/14 04:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2015/10/16 14:53:05 | 000,000,616 | ---- | M] () -- \Windows\winsxs\FileMaps\programdata_microsoft_diagnosis_asimovuploader_0413bca0c3dfdda4.cdf-ms
[2009/07/26 20:38:16 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2009/07/14 04:44:20 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a.manifest
[2015/02/03 06:49:45 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18741_cs-cz_9144f07b13c42013.manifest
[2015/02/03 05:35:06 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18741_en-us_d49b3bd6fabe7c71.manifest
[2015/10/01 21:47:40 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.19021_cs-cz_915a6c4113b415c1.manifest
[2015/10/01 20:06:16 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.19021_en-us_d4b0b79cfaae721f.manifest
[2015/01/13 00:17:25 | 000,004,141 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22921_cs-cz_91e42f042cd18522.manifest
[2015/01/13 00:17:17 | 000,004,141 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22921_en-us_d53a7a6013cbe180.manifest
[2015/01/16 08:36:46 | 000,004,141 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22923_cs-cz_91e62f982ccfb7d0.manifest
[2015/01/16 08:36:33 | 000,004,141 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22923_en-us_d53c7af413ca142e.manifest
[2015/02/03 07:30:16 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22948_cs-cz_91d591322cdb6e65.manifest
[2015/02/03 05:54:55 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22948_en-us_d52bdc8e13d5cac3.manifest
[2015/05/25 22:04:06 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23072_cs-cz_91aef7d42cf95d70.manifest
[2015/05/25 20:25:12 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23072_en-us_d505433013f3b9ce.manifest
[2015/07/15 07:49:58 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23126_cs-cz_91e90a7e2ccd343e.manifest
[2015/07/15 05:32:59 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23126_en-us_d53f55da13c7909c.manifest
[2015/07/15 22:47:39 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23136_cs-cz_91de3a922cd5502f.manifest
[2015/07/15 20:15:00 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23136_en-us_d53485ee13cfac8d.manifest
[2015/07/23 05:58:18 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23142_cs-cz_91cf697e2ce106c4.manifest
[2015/07/23 00:05:32 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23142_en-us_d525b4da13db6322.manifest
[2015/09/29 00:00:52 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23223_cs-cz_91e60b862ccfe560.manifest
[2015/09/28 20:18:04 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23223_en-us_d53c56e213ca41be.manifest
[2015/10/01 21:13:38 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23226_cs-cz_91e90c642ccd3165.manifest
[2015/10/01 20:08:53 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23226_en-us_d53f57c013c78dc3.manifest
[2015/10/20 04:31:26 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23250_cs-cz_91c29ae42ceaed2e.manifest
[2015/10/20 03:13:06 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23250_en-us_d518e64013e5498c.manifest
[2015/12/30 22:44:48 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23313_cs-cz_91f0dd582cc7c696.manifest
[2015/12/30 21:17:40 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23313_en-us_d54728b413c222f4.manifest
[2016/01/17 04:04:48 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23334_cs-cz_91dc3dca2cd717cf.manifest
[2016/01/17 02:37:42 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23334_en-us_d532892613d1742d.manifest
[2016/01/22 10:02:23 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23338_cs-cz_91e03ef22cd37d2b.manifest
[2016/01/22 08:29:17 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23338_en-us_d5368a4e13cdd989.manifest
[2016/02/10 22:49:07 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23349_cs-cz_91d66f502cdab273.manifest
[2016/02/10 20:59:02 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23349_en-us_d52cbaac13d50ed1.manifest
[2009/07/14 04:13:42 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef.manifest
[2011/02/05 15:09:31 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66.manifest
[2011/02/05 15:04:44 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20897_none_b79c80e49f7bc9f4.manifest
[2010/11/20 06:12:44 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89.manifest
[2011/02/05 19:34:23 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2015/02/03 05:51:30 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18741_none_b9293c0383618646.manifest
[2015/10/01 20:31:17 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.19021_none_b93eb7c983517bf4.manifest
[2011/02/05 15:09:57 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e.manifest
[2015/01/12 05:50:53 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22921_none_b9c87a8c9c6eeb55.manifest
[2015/01/16 08:37:02 | 000,005,511 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22923_none_b9ca7b209c6d1e03.manifest
[2015/02/03 06:17:47 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22948_none_b9b9dcba9c78d498.manifest
[2015/05/25 20:45:47 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23072_none_b993435c9c96c3a3.manifest
[2015/07/15 05:48:43 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23126_none_b9cd56069c6a9a71.manifest
[2015/07/15 20:39:45 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23136_none_b9c2861a9c72b662.manifest
[2015/07/23 03:47:39 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23142_none_b9b3b5069c7e6cf7.manifest
[2015/09/28 22:29:36 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23223_none_b9ca570e9c6d4b93.manifest
[2015/10/01 20:34:58 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23226_none_b9cd57ec9c6a9798.manifest
[2015/10/20 03:39:39 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23250_none_b9a6e66c9c885361.manifest
[2015/12/30 21:45:21 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23313_none_b9d528e09c652cc9.manifest
[2016/01/17 02:57:33 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23334_none_b9c089529c747e02.manifest
[2016/01/22 08:51:12 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23338_none_b9c48a7a9c70e35e.manifest
[2016/02/10 21:26:17 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23349_none_b9babad89c7818a6.manifest
[2009/07/14 04:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2015/10/16 11:40:41 | 000,532,176 | ---- | M] () -- \Windows\winsxs\Temp\PendingRenames\1c47c7b8f607d101b24c00007004380d.amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.19021_none_b93eb7c983517bf4_winresume.exe_85cd1215
[2015/10/16 11:20:34 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Temp\PendingRenames\282d35e9f307d101832000007004380d.amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2015/10/16 11:20:34 | 000,642,944 | ---- | M] () -- \Windows\winsxs\Temp\PendingRenames\282d35e9f307d101842000007004380d.amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.efi_75834aa0
[2015/10/16 11:20:34 | 000,566,208 | ---- | M] () -- \Windows\winsxs\Temp\PendingRenames\2a3848e9f307d101862000007004380d.amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.efi_85cd069f
[2015/10/16 11:20:34 | 000,518,672 | ---- | M] () -- \Windows\winsxs\Temp\PendingRenames\6c8056e9f307d101872000007004380d.amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.exe_85cd1215
[2015/10/16 11:40:41 | 000,619,056 | ---- | M] () -- \Windows\winsxs\Temp\PendingRenames\7a9db6b8f607d101b04c00007004380d.amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.19021_none_b93eb7c983517bf4_winload.exe_75835076
[2015/10/16 11:40:41 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Temp\PendingRenames\99b6aab8f607d101a74c00007004380d.amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.19021_cs-cz_915a6c4113b415c1.manifest
[2015/10/16 11:40:41 | 000,033,216 | ---- | M] () -- \Windows\winsxs\Temp\PendingRenames\99b6aab8f607d101a84c00007004380d.amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.19021_cs-cz_915a6c4113b415c1_winload.efi.mui_35ee487d
[2015/10/16 11:40:41 | 000,034,752 | ---- | M] () -- \Windows\winsxs\Temp\PendingRenames\99b6aab8f607d101a94c00007004380d.amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.19021_cs-cz_915a6c4113b415c1_winload.exe.mui_3bc5b827
[2015/10/16 11:40:41 | 000,029,632 | ---- | M] () -- \Windows\winsxs\Temp\PendingRenames\99b6aab8f607d101aa4c00007004380d.amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.19021_cs-cz_915a6c4113b415c1_winresume.efi.mui_f412814e
[2015/10/16 11:40:41 | 000,030,144 | ---- | M] () -- \Windows\winsxs\Temp\PendingRenames\99b6aab8f607d101ab4c00007004380d.amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.19021_cs-cz_915a6c4113b415c1_winresume.exe.mui_ff8b5358
[2015/10/16 11:40:41 | 000,005,744 | ---- | M] () -- \Windows\winsxs\Temp\PendingRenames\99b6aab8f607d101ae4c00007004380d.amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.19021_none_b93eb7c983517bf4.manifest
[2015/10/16 11:40:41 | 000,692,672 | ---- | M] () -- \Windows\winsxs\Temp\PendingRenames\99b6aab8f607d101af4c00007004380d.amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.19021_none_b93eb7c983517bf4_winload.efi_75834aa0
[2015/10/16 11:40:41 | 000,616,360 | ---- | M] () -- \Windows\winsxs\Temp\PendingRenames\9bc1bdb8f607d101b14c00007004380d.amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.19021_none_b93eb7c983517bf4_winresume.efi_85cd069f
[2015/10/16 11:20:34 | 000,605,552 | ---- | M] () -- \Windows\winsxs\Temp\PendingRenames\a9b23ee9f307d101852000007004380d.amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.exe_75835076
[2015/10/16 11:40:41 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Temp\PendingRenames\b7cf9eb8f607d101984c00007004380d.amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.19021_en-us_d4b0b79cfaae721f.manifest
[2015/10/16 11:40:41 | 000,033,216 | ---- | M] () -- \Windows\winsxs\Temp\PendingRenames\b7cf9eb8f607d101994c00007004380d.amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.19021_en-us_d4b0b79cfaae721f_winload.efi.mui_35ee487d
[2015/10/16 11:40:41 | 000,033,216 | ---- | M] () -- \Windows\winsxs\Temp\PendingRenames\b7cf9eb8f607d1019a4c00007004380d.amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.19021_en-us_d4b0b79cfaae721f_winload.exe.mui_3bc5b827
[2015/10/16 11:40:41 | 000,029,632 | ---- | M] () -- \Windows\winsxs\Temp\PendingRenames\b7cf9eb8f607d1019b4c00007004380d.amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.19021_en-us_d4b0b79cfaae721f_winresume.efi.mui_f412814e
[2015/10/16 11:40:41 | 000,029,632 | ---- | M] () -- \Windows\winsxs\Temp\PendingRenames\b7cf9eb8f607d1019c4c00007004380d.amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.19021_en-us_d4b0b79cfaae721f_winresume.exe.mui_ff8b5358
[2015/10/16 11:30:21 | 000,000,616 | ---- | M] () -- \Windows\winsxs\Temp\PendingRenames\fb318847f507d1016a3a00007004380d.programdata_microsoft_diagnosis_asimovuploader_0413bca0c3dfdda4.cdf-ms
[2016/02/14 14:46:05 | 000,019,136 | ---- | M] () -- \Windows\winsxs\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.23506.0_none_9c04bbd034ecdf6b\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009/07/14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 18:45:38 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17135_none_0abe3b21dcfb1c4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 06:56:23 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17179_none_0a96fc99dd17f16b\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 18:48:05 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21335_none_0b47d9d2f618b93c\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 06:44:10 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21386_none_0b12ca80f6405e48\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 18:40:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_0c845227da39a5ef\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 06:45:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/02 03:48:15 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/05/25 19:55:18 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18869_none_0c883aa1da3627c5\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/07/15 04:47:54 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18923_none_0cad7a7bda1b1d1e\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/07/15 19:44:18 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18933_none_0ca2aa8fda23390f\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/07/22 19:42:39 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18939_none_0ca8ac4bda1dd119\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/09/29 04:49:51 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.19018_none_0cbd23fbda0eb322\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/10/20 02:35:03 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.19045_none_0c99b359da29baf0\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/12/30 20:37:34 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.19110_none_0cb52391da15e591\api-ms-win-core-libraryloader-l1-1-0.dll
[2016/01/16 20:34:24 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.19131_none_0ca08403da2536ca\api-ms-win-core-libraryloader-l1-1-0.dll
[2016/01/22 07:59:07 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.19135_none_0ca4852bda219c26\api-ms-win-core-libraryloader-l1-1-0.dll
[2016/02/11 20:30:35 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.19160_none_0c7f13f5da3e7146\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 18:29:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_0d3906c4f3370937\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 06:46:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_0d04f7bcf35dc79a\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/04/12 04:03:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_0d169feaf3511c1f\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/05/25 20:00:35 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23072_none_0cffdd9cf3626561\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/07/15 04:51:41 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23126_none_0d39f046f3363c2f\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/07/15 19:40:57 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23136_none_0d2f205af33e5820\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/07/23 01:54:11 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23142_none_0d204f46f34a0eb5\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/09/28 22:07:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23223_none_0d36f14ef338ed51\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/10/20 02:37:58 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23250_none_0d1380acf353f51f\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/12/30 20:48:05 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23313_none_0d41c320f330ce87\api-ms-win-core-libraryloader-l1-1-0.dll
[2016/01/17 02:09:50 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23334_none_0d2d2392f3401fc0\api-ms-win-core-libraryloader-l1-1-0.dll
[2016/01/22 07:58:11 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23338_none_0d3124baf33c851c\api-ms-win-core-libraryloader-l1-1-0.dll
[2016/02/10 20:24:05 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23349_none_0d275518f343ba64\api-ms-win-core-libraryloader-l1-1-0.dll

========== Files - Unicode (All) ==========
[2015/10/18 12:33:51 | 000,000,000 | ---D | M](C:\Users\Trifon\Documents\Vlastne ?ablony balika Office) -- C:\Users\Trifon\Documents\Vlastné šablóny balíka Office
[2015/10/18 12:33:51 | 000,000,000 | ---D | C](C:\Users\Trifon\Documents\Vlastne ?ablony balika Office) -- C:\Users\Trifon\Documents\Vlastné šablóny balíka Office
[2015/10/17 19:03:20 | 000,023,657 | -HS- | M] ()(C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Vyrovnavacia pama? pre obaly albumov\LocalMLS\{F2AA59DD-E1A6-4C8A-BA46-974E9CE8D78F}.jpg) -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Vyrovnávacia pamäť pre obaly albumov\LocalMLS\{F2AA59DD-E1A6-4C8A-BA46-974E9CE8D78F}.jpg
[2015/10/17 19:03:20 | 000,023,179 | -HS- | M] ()(C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Vyrovnavacia pama? pre obaly albumov\LocalMLS\{B9B67B12-9231-483E-B0CE-9B2F9A49C374}.jpg) -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Vyrovnávacia pamäť pre obaly albumov\LocalMLS\{B9B67B12-9231-483E-B0CE-9B2F9A49C374}.jpg
[2015/10/17 19:03:20 | 000,023,179 | -HS- | M] ()(C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Vyrovnavacia pama? pre obaly albumov\LocalMLS\{1633A749-A7DE-4BE0-B236-E26C59D3135E}.jpg) -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Vyrovnávacia pamäť pre obaly albumov\LocalMLS\{1633A749-A7DE-4BE0-B236-E26C59D3135E}.jpg
[2015/10/17 19:03:20 | 000,000,000 | ---D | M](C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Vyrovnavacia pama? pre obaly albumov\LocalMLS) -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Vyrovnávacia pamäť pre obaly albumov\LocalMLS
[2015/10/17 19:03:18 | 000,000,000 | -H-D | M](C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Vyrovnavacia pama? pre obaly albumov) -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Vyrovnávacia pamäť pre obaly albumov

< End of report >

Re: Potrebujem kontrolu na malware pls!

Napsal: 02 dub 2016 21:41
od Slovak
OTL Extras logfile created on: 2. 4. 2016 22:26:10 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Trifon\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18230)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

7,94 Gb Total Physical Memory | 6,42 Gb Available Physical Memory | 80,90% Memory free
7,94 Gb Paging File | 6,41 Gb Available in Paging File | 80,79% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223,47 Gb Total Space | 161,64 Gb Free Space | 72,33% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 324,54 Gb Free Space | 34,84% Space Free | Partition Type: NTFS
Drive G: | 149,05 Gb Total Space | 148,77 Gb Free Space | 99,81% Space Free | Partition Type: NTFS
Drive H: | 931,28 Gb Total Space | 259,82 Gb Free Space | 27,90% Space Free | Partition Type: FAT32

Computer Name: TRIFON-PC | User Name: Trifon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1601266965-4254244799-107981220-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1287153D-09DB-4CB0-87E4-D783F5BA1573}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{16BD0B93-6121-410A-9FD5-FB9527F89EF2}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{22492088-43F8-4808-8373-A7A810DF6748}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{331E6E45-13CA-4562-BD73-EA8A5A9A8191}" = rport=137 | protocol=17 | dir=out | app=system |
"{3D39BA02-40FA-40C5-9792-EC1E3329F987}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3D402E16-4B89-43E1-A817-952C6E26DA58}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3D6CA357-B9A8-4F1A-AA26-0AF9D7B41205}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe |
"{3DB7A70C-806C-4061-B682-0ADCFA4A28DC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{54AA90F2-3346-498A-8890-142842E323B3}" = lport=445 | protocol=6 | dir=in | app=system |
"{65E96F38-B98F-44F6-A421-D0C57EE5779A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{70FD0E86-F5F1-4536-B45E-3462ADDC8267}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7A20A6EB-0B61-44F5-97D3-38D948BFF79A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7BF6201F-75AB-4B4E-9869-0B7C725A57E4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{97CF5D35-6D5D-4704-A0B8-5B6E8E7A0884}" = lport=139 | protocol=6 | dir=in | app=system |
"{A8A8B78F-F1D7-40A2-B1DC-408F606D26B2}" = rport=139 | protocol=6 | dir=out | app=system |
"{C14DC876-4C33-46A2-8CA8-D03CDD3216F6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C5171D8D-F78D-4CC7-A800-C80A186D19A5}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{CCB5FB39-F08F-48BA-93E0-05F0150EE8CC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CE97467B-1D71-4631-9777-9509A4F44558}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{CF964E0C-6E98-4B9C-8442-86665DC76953}" = lport=138 | protocol=17 | dir=in | app=system |
"{D167F735-BE43-4791-9CC5-E0B22CFD089E}" = lport=47995 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{D2D9B119-3783-41B9-A97F-E61152CC9B2D}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{D36172F5-BB23-41A0-AE4E-CFB1FD973C73}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D93A4E29-9565-4DF5-B193-68531BFCA196}" = rport=445 | protocol=6 | dir=out | app=system |
"{E246F1D7-979E-45C2-A4F1-1951CC507521}" = lport=137 | protocol=17 | dir=in | app=system |
"{E4023594-6E7F-4F31-8D73-FE7EA401E1E8}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{EAE743F2-8697-4E3B-B2A1-AD65DA25838F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F086433B-4A2E-4DFB-847F-AF5AB5B5C31A}" = rport=138 | protocol=17 | dir=out | app=system |
"{F4CCBA32-76F6-4EFB-9B52-4029AE5756A3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{088145D9-F48B-4418-9729-1282C7F8D440}" = protocol=17 | dir=in | app=d:\steam - games\steamapps\common\soul gambler\nw.exe |
"{08F93F6B-19B0-441C-9673-4DE9402174D6}" = protocol=17 | dir=in | app=d:\steam - games\steamapps\common\the witcher enhanced edition\system\witcher.exe |
"{0C5702FA-E91D-486E-B825-C283E0AB05DA}" = protocol=17 | dir=in | app=d:\steam - games\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
"{0E68B9D7-A73A-4A4F-9C55-783F2D1760E8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{17F3ABB1-07C5-471B-A849-2733F169A831}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{19AAFC65-0F62-403C-9E96-56382DC7144C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1A559CFB-608C-4667-B49E-DDC8544437B6}" = protocol=17 | dir=in | app=c:\users\trifon\appdata\roaming\utorrent\utorrent.exe |
"{1EAE6B85-6898-436B-B0D0-745928A2A721}" = protocol=17 | dir=in | app=d:\steam - games\steamapps\common\the walking dead\walkingdead101.exe |
"{21441AA9-EDC2-4907-883D-F00E87548787}" = protocol=17 | dir=in | app=d:\steam - games\steamapps\common\life is strange\binaries\win32\lifeisstrange.exe |
"{2886AA2B-D58D-4AAC-BE96-B5FFDB1F42C2}" = protocol=6 | dir=in | app=d:\steam - games\steamapps\common\the walking dead season two\thewalkingdead2.exe |
"{2CB05739-336B-454D-9938-1C41DEA3DEEE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2ECB0ED4-2610-46A9-8F1E-8FEC7FAB2458}" = protocol=6 | dir=in | app=d:\steam - games\steamapps\common\crusader kings ii\ck2game.exe |
"{3268138F-9713-4FAC-8E48-28114642ABA7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{335E15BD-5DD2-41C1-8E02-4A220A2F3665}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{35C1D26C-E657-426E-BEC2-0A1CE65F9906}" = protocol=6 | dir=in | app=d:\program files (x86) instal games\star wars\star wars-the old republic\launcher.exe |
"{37A7D8D9-1FB3-46BC-8011-EF6E3B0FEA53}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{38FDF4A1-B608-4BB0-BC39-EDD427B52F1B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{43A92345-01E5-4FD2-A78B-0F9AEA398DFA}" = protocol=6 | dir=in | app=d:\steam - games\steamapps\common\soul gambler\nw.exe |
"{44D1B38B-8A80-40C6-B742-923B8EAC11BE}" = protocol=6 | dir=in | app=d:\steam - games\steamapps\common\frosty kiss\frosty kiss steam build.exe |
"{4A5F8A5F-8958-4512-88B5-5C4A82307473}" = protocol=6 | dir=in | app=d:\steam - games\steamapps\common\everlasting summer\everlasting summer.exe |
"{4B5085C9-16E5-49EC-ADCC-185CE3C41815}" = protocol=6 | dir=in | app=d:\steam - games\steamapps\common\the walking dead\walkingdead101.exe |
"{4B53E00E-166A-40A9-B368-038ABA52CAAF}" = protocol=17 | dir=in | app=d:\program files (x86) instal games\star wars\star wars-the old republic\launcher.exe |
"{4B552FDA-4905-4D13-A5FE-A974187E559C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4CA0F572-6B1B-4D94-8E43-723C76826240}" = protocol=6 | dir=in | app=d:\steam - games\steamapps\common\tales from the borderlands\borderlands.exe |
"{4DBCF966-BCC0-472F-BB86-05AA6B82E88A}" = protocol=6 | dir=in | app=d:\program files (x86) instal games\star wars\star wars-the old republic\launcher.exe |
"{4DBF69A9-73EF-4284-98BC-89976F50EB10}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{507F1405-2DF5-4F17-B8B6-72E9E9F50ED4}" = protocol=6 | dir=in | app=d:\steam - games\steamapps\common\the witcher enhanced edition\digital comic\digitalcomic.exe |
"{52EF7E53-0D84-4AE3-AF43-73B574D8DE57}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{539CC58B-8744-4BDB-87B7-3A0EA30AFC77}" = protocol=17 | dir=in | app=d:\steam - games\steamapps\common\the witcher enhanced edition\digital comic\digitalcomic.exe |
"{57DCE6FD-E0CF-4818-A71D-ABC99ABF8ACF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6604C3D6-D38E-44CF-A387-F0D7DDA05193}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{6A602CA1-767D-4739-98E7-752D64D085EB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{6CC14C0A-7367-426E-B004-8776DC8DA736}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6EA6E843-F08E-42D1-828B-1C853CEF3DF0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{70340229-F3BD-4466-8A2E-61D602675450}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{71957CDE-FCA4-4157-AA4D-D4A26B604CA3}" = protocol=17 | dir=in | app=d:\steam - games\steamapps\common\frosty kiss\frosty kiss steam build.exe |
"{82405AA8-2F0B-4E2D-9CFF-2EC9AD92FBDC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{83CD6235-C70A-42F8-ABDD-A13CC53C4256}" = protocol=6 | dir=in | app=d:\steam - games\steamapps\common\the witcher enhanced edition\system\witcher.exe |
"{84AFA459-92E4-4AE7-AF0E-7CB7031E869D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{84B7BB18-367E-4E4C-88A5-7780BF037E67}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{86137082-B2F6-4901-8E95-9254FD00F754}" = protocol=17 | dir=in | app=d:\steam - games\steamapps\common\crusader kings ii\ck2game.exe |
"{86526ACC-20E7-44F7-BD46-908B90BFF34E}" = protocol=17 | dir=in | app=d:\steam - games\steamapps\common\everlasting summer\everlasting summer.exe |
"{985C0AA7-A370-4F7E-BCF1-3CDED481E8C6}" = protocol=6 | dir=in | app=d:\steam - games\steamapps\common\the witcher 2\launcher.exe |
"{987DC8D2-C96F-4E0E-B40D-62E393A281DF}" = protocol=17 | dir=in | app=d:\steam - games\steamapps\common\the walking dead season two\thewalkingdead2.exe |
"{989D0FCD-8ADC-4EB4-9FF4-D54FE57BDA59}" = protocol=17 | dir=in | app=d:\program files (x86) instal games\star wars\star wars-the old republic\launcher.exe |
"{9D6F8C32-2CE9-403E-A15B-7AF5C83D6DC6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{A3E38900-0374-4D10-9B17-3F9C6AAAB418}" = protocol=17 | dir=in | app=d:\steam - games\steamapps\common\the wolf among us\thewolfamongus.exe |
"{A611279B-8FD0-4A7F-99B7-2C76AA40D5ED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A8846615-3F80-4CDF-8BAC-5BF04C086FA3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{AB23FEB9-2F12-45EB-B725-BBEDF206EC18}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{AE84C771-3F25-4F35-8C14-EE3D344CCEDA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B22AA8AB-2C31-4E1D-AA8A-A4016B1E55E5}" = protocol=6 | dir=in | app=d:\steam - games\steamapps\common\life is strange\binaries\win32\lifeisstrange.exe |
"{B6CA1D62-88CF-4C44-9272-0AAAD9399D4A}" = protocol=17 | dir=in | app=d:\steam - games\steamapps\common\tales from the borderlands\borderlands.exe |
"{B85A73F4-DB0A-46C8-AFEF-928F19BAFCB2}" = protocol=6 | dir=in | app=d:\steam - games\steamapps\common\game of thrones\thrones.exe |
"{B9B592B3-6C38-4DEE-AC3C-1310DD4D42B4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe |
"{BA3C29B0-D907-4396-9FD5-2C4A4294CCEE}" = protocol=6 | dir=in | app=d:\steam - games\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
"{C1B77212-5BAE-4AA4-B4C2-85A26194A34E}" = protocol=17 | dir=in | app=d:\steam - games\steamapps\common\the witcher 2\launcher.exe |
"{C5A9B363-8667-464F-A45A-FB143980A0E1}" = protocol=6 | dir=in | app=c:\users\trifon\appdata\roaming\utorrent\utorrent.exe |
"{C7227D57-33F8-45BB-B243-9CBEF00F0F0C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{CB275BE8-AB72-493F-8F44-63EF2795AE72}" = protocol=17 | dir=in | app=d:\steam - games\steamapps\common\game of thrones\thrones.exe |
"{CE77FD76-C76E-428A-AD6B-1809D208C965}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D3475DD7-3593-423A-BE8F-C1B1A7A1B754}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{D43ED52E-5166-4DBB-BEA0-A0D697B64553}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{DEEFED16-7B1D-41C3-9126-343C800C3D6B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe |
"{E168BA11-0526-4061-9863-52F298D09A49}" = protocol=6 | dir=out | app=system |
"{EA5A8FF6-4A98-453D-A9AE-B6ADC35BCCC3}" = protocol=6 | dir=in | app=d:\steam - games\steamapps\common\the wolf among us\thewolfamongus.exe |
"{EBF5BB3D-8E6D-4253-82CA-D61110C77034}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ED880DD7-8A66-492F-B7C5-CCF7E01BAA1E}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{F72F351F-C523-4BA8-B154-F9E29E854CA5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{628B0641-27BF-41DD-B059-3F15939BD6F9}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"TCP Query User{6E6A7638-8A7B-48A1-B0FF-2498F85AAC32}D:\program files (x86) instal games\total war - rome ii\rome2.exe" = protocol=6 | dir=in | app=d:\program files (x86) instal games\total war - rome ii\rome2.exe |
"TCP Query User{8E0505DF-C797-4D7F-AF50-CE01E1EE46E5}D:\program files (x86) instal games\total war - rome ii\rome2.exe" = protocol=6 | dir=in | app=d:\program files (x86) instal games\total war - rome ii\rome2.exe |
"TCP Query User{929F30D3-29AA-4A09-A31C-9A4160548320}D:\program files (x86) instal games\total war - attila\attila.exe" = protocol=6 | dir=in | app=d:\program files (x86) instal games\total war - attila\attila.exe |
"TCP Query User{9D8EF86B-D889-4638-8E74-8039C38A698C}D:\program files (x86) instal games\total war - attila\attila.exe" = protocol=6 | dir=in | app=d:\program files (x86) instal games\total war - attila\attila.exe |
"UDP Query User{BCD41BAC-48DE-45AB-8271-B3870A3889DD}D:\program files (x86) instal games\total war - rome ii\rome2.exe" = protocol=17 | dir=in | app=d:\program files (x86) instal games\total war - rome ii\rome2.exe |
"UDP Query User{BF29248B-B6DB-47F7-B2D1-E7FB05183CE5}D:\program files (x86) instal games\total war - attila\attila.exe" = protocol=17 | dir=in | app=d:\program files (x86) instal games\total war - attila\attila.exe |
"UDP Query User{CB9A2F80-E166-43B4-B100-25B77AD63693}D:\program files (x86) instal games\total war - attila\attila.exe" = protocol=17 | dir=in | app=d:\program files (x86) instal games\total war - attila\attila.exe |
"UDP Query User{F08C12D7-2971-4138-93AB-42BDAC506066}D:\program files (x86) instal games\total war - rome ii\rome2.exe" = protocol=17 | dir=in | app=d:\program files (x86) instal games\total war - rome ii\rome2.exe |
"UDP Query User{F69D36C8-0C0C-474E-96F4-0AB99DBC95B6}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{90150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{90150000-0015-041B-1000-0000000FF1CE}" = Microsoft Access MUI (Slovak) 2013
"{90150000-0016-041B-1000-0000000FF1CE}" = Microsoft Excel MUI (Slovak) 2013
"{90150000-0018-041B-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (Slovak) 2013
"{90150000-0019-041B-1000-0000000FF1CE}" = Microsoft Publisher MUI (Slovak) 2013
"{90150000-001A-041B-1000-0000000FF1CE}" = Microsoft Outlook MUI (Slovak) 2013
"{90150000-001B-041B-1000-0000000FF1CE}" = Microsoft Word MUI (Slovak) 2013
"{90150000-001F-0405-1000-0000000FF1CE}" = Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština
"{90150000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040E-1000-0000000FF1CE}" = Microsoft Office Nyelvi ellenőrző eszközök 2013 – magyar
"{90150000-001F-041B-1000-0000000FF1CE}" = Nástroje korektúry balíka Microsoft Office 2013 - slovenčina
"{90150000-002C-041B-1000-0000000FF1CE}" = Microsoft Office Proofing (Slovak) 2013
"{90150000-0044-041B-1000-0000000FF1CE}" = Microsoft InfoPath MUI (Slovak) 2013
"{90150000-006E-041B-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Slovak) 2013
"{90150000-0090-041B-1000-0000000FF1CE}" = Microsoft DCF MUI (Slovak) 2013
"{90150000-00A1-041B-1000-0000000FF1CE}" = Microsoft OneNote MUI (Slovak) 2013
"{90150000-00BA-041B-1000-0000000FF1CE}" = Microsoft Groove MUI (Slovak) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-041B-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Slovak) 2013
"{90150000-00E1-041B-1000-0000000FF1CE}" = Microsoft Office OSM MUI (Slovak) 2013
"{90150000-00E2-041B-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (Slovak) 2013
"{90150000-012B-041B-1000-0000000FF1CE}" = Microsoft Lync MUI (Slovak) 2013
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.6.1
"{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Ovládač 3D Vision 341.81
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 341.81
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafický ovládač 341.81
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.2.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision radič ovládača 340.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizácie NVIDIA 17.12.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService" = NVIDIA GeForce Experience Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 17.12.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.27
"{B5E06417-A4AC-4225-B36E-7E34C91616E7}" = Intel® Trusted Connect Service Client
"{BD6F5371-DAC1-30F0-9DDE-CAC6791E28C3}" = Microsoft .NET Framework 4.6.1
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"bWluZWNyYWZ0c3Rvcnltb2RlYXRlbGx0YWxlZ2FtZXNzZXJpZXM_is1" = Minecraft: Story Mode - A Telltale Games Series
"CCleaner" = CCleaner
"CDisplayEx_is1" = CDisplayEx 1.10.29
"Defraggler" = Defraggler
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Office15.PROPLUS" = Microsoft Office 2013 Professional Plus
"Steam App 431540" = Frosty Kiss
"VLC media player" = VLC media player

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}" = Microsoft ASP.NET MVC 4 Runtime
"{4EA72038-4DE2-4E41-B062-7A2640F18F35}" = IF MY HEART HAD WINGS
"{57BB4801-61C8-4E74-9672-2160728A461E}" = Google Earth Plug-in
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C20787A-7402-4FA7-BF25-6E5750930FDC}" = PowerDVD
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1051-7B44-A93000000001}" = Adobe Reader 9.3 - Slovak
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B455E95A-B804-439F-B533-336B1635AE97}" = NVIDIA PhysX
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avast" = Avast Internet Security
"Bass Audio Decoder" = Bass Audio Decoder (remove only)
"BitRaider Streaming Client" = BitRaider Streaming Client
"DCoder Image Source" = DCoder Image Source (remove only)
"DirectVobSub" = DirectVobSub (remove only)
"ffdshow_is1" = ffdshow v1.2.4453 [2012-05-21]
"FFMPEG Core Files" = FFMPEG Core Files (remove only)
"Google Chrome" = Google Chrome
"HaaliMkx" = Haali Media Splitter
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"lavfilters_is1" = LAV Filters 0.62.0
"MadVR" = MadVR (remove only)
"Mass Effect_R.G. Mechanics_is1" = Mass Effect
"Mozilla Firefox 43.0.4 (x86 sk)" = Mozilla Firefox 43.0.4 (x86 sk)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nero8Lite_is1" = Nero 8 Lite 8.2.8.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"SafeZone 1.48.2066.44" = SafeZone Stable 1.48.2066.44
"Steam" = Steam
"Steam App 203770" = Crusader Kings II
"Steam App 207610" = The Walking Dead
"Steam App 20900" = The Witcher: Enhanced Edition
"Steam App 20920" = The Witcher 2: Assassins of Kings Enhanced Edition
"Steam App 250320" = The Wolf Among Us
"Steam App 261030" = The Walking Dead: Season Two
"Steam App 313020" = Soul Gambler
"Steam App 319630" = Life Is Strange™
"Steam App 330830" = Tales from the Borderlands
"Steam App 330840" = Game of Thrones - A Telltale Games Series
"Steam App 331470" = Everlasting Summer
"swtor_swtor" = Star Wars The Old Republic
"The Walking Dead Michonne Episode 1_is1" = The Walking Dead Michonne Episode 1
"The Walking Dead Michonne Episode 2_is1" = The Walking Dead Michonne Episode 2
"Total War - Rome II_is1" = Total War - Rome II
"Total War ATTILA - Empires of Sand Culture Pack_is1" = Total War ATTILA - Empires of Sand Culture Pack
"U2lkTWVpZXJzQ2l2aWxpemF0aW9uVg==_is1" = Sid Meier's Civilization V Brave New World
"UltraISO_is1" = UltraISO Premium V9.65
"uTorrent" = µTorrent
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archivátor
"ZoomPlayer" = Zoom Player (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1601266965-4254244799-107981220-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{5A0D1CE9-01BE-47E7-A019-45D5970AC1DA}" = IF MY HEART HAD WINGS
"{7C82709E-75FE-4C3A-976A-8C97908DDD7B}_is1" = A Game of Thrones version 1.0
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 31. 3. 2016 5:25:14 | Computer Name = Trifon-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 31. 3. 2016 5:25:14 | Computer Name = Trifon-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 1. 4. 2016 1:16:45 | Computer Name = Trifon-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 1. 4. 2016 1:16:45 | Computer Name = Trifon-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 1. 4. 2016 7:13:32 | Computer Name = Trifon-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 1. 4. 2016 7:13:33 | Computer Name = Trifon-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 2. 4. 2016 3:04:07 | Computer Name = Trifon-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 2. 4. 2016 3:04:07 | Computer Name = Trifon-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 2. 4. 2016 6:17:45 | Computer Name = Trifon-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 2. 4. 2016 6:17:45 | Computer Name = Trifon-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.

[ System Events ]
Error - 9. 3. 2016 1:28:18 | Computer Name = Trifon-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 9. 3. 2016 1:28:25 | Computer Name = Trifon-PC | Source = Service Control Manager | ID = 7026
Description = Nasledujuce ovlada?e pre spustenie zavedenia alebo spustenie systemu
zlyhali pri na?itani: aswNetSec

Error - 9. 3. 2016 11:22:24 | Computer Name = Trifon-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 9. 3. 2016 11:22:30 | Computer Name = Trifon-PC | Source = Service Control Manager | ID = 7026
Description = Nasledujuce ovlada?e pre spustenie zavedenia alebo spustenie systemu
zlyhali pri na?itani: aswNetSec

Error - 9. 3. 2016 16:56:39 | Computer Name = Trifon-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort3.

Error - 10. 3. 2016 6:08:01 | Computer Name = Trifon-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 10. 3. 2016 6:08:08 | Computer Name = Trifon-PC | Source = Service Control Manager | ID = 7026
Description = Nasledujuce ovlada?e pre spustenie zavedenia alebo spustenie systemu
zlyhali pri na?itani: aswNetSec

Error - 10. 3. 2016 6:08:52 | Computer Name = Trifon-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 10. 3. 2016 6:09:07 | Computer Name = Trifon-PC | Source = Service Control Manager | ID = 7026
Description = Nasledujuce ovlada?e pre spustenie zavedenia alebo spustenie systemu
zlyhali pri na?itani: aswNetSec

Error - 11. 3. 2016 5:25:32 | Computer Name = Trifon-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!


< End of report >

Re: Potrebujem kontrolu na malware pls!

Napsal: 03 dub 2016 10:31
od Rudy
Znovu spustte OTL jako spravce
Do spodniho okna vlozte nasledujici text:
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKU\S-1-5-21-1601266965-4254244799-107981220-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IESR02
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
[2015/10/10 21:41:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Trifon\AppData\Roaming\mozilla\Extensions
[2016/01/16 14:27:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Trifon\AppData\Roaming\mozilla\Firefox\Profiles\rk8vrt1e.default\extensions
[2016/01/16 14:27:03 | 000,989,188 | ---- | M] () (No name found) -- C:\Users\Trifon\AppData\Roaming\mozilla\firefox\profiles\rk8vrt1e.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2016/01/17 10:41:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\3.0.1_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck\11.1.0.221_1\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\11.1.0.221_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpcdepnceibhgcfmkehlleemiejahmbp\1.2_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdeoflfbkpmebldjfkemfhjomgjipgn\0.1_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmlmehpiikmcdamekkndkbkcefnfefai\1.1.0.0_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O18 - Protocol\Handler\ms-help - No CLSID value found
O33 - MountPoints2\{6ba8e36e-6f74-11e5-9acc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6ba8e36e-6f74-11e5-9acc-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Bin\ASSETUP.exe
O33 - MountPoints2\{f01fa5cc-6f79-11e5-bb95-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f01fa5cc-6f79-11e5-bb95-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Bin\ASSETUP.exe


:files
C:\Program Files (x86)\Google\Google Toolbar
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[Purity]
[CreateRestorePoint]
Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

Re: Potrebujem kontrolu na malware pls!

Napsal: 03 dub 2016 10:50
od Slovak
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1601266965-4254244799-107981220-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
C:\Users\Trifon\AppData\Roaming\mozilla\Extensions folder moved successfully.
C:\Users\Trifon\AppData\Roaming\mozilla\Firefox\Profiles\rk8vrt1e.default\extensions folder moved successfully.
File C:\Users\Trifon\AppData\Roaming\mozilla\firefox\profiles\rk8vrt1e.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi not found.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\3.0.1_0\_metadata folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\3.0.1_0\_locales\zh_TW folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\3.0.1_0\_locales\zh_CN folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\3.0.1_0\_locales\uk folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\3.0.1_0\_locales\tr folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\3.0.1_0\_locales\sv folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\3.0.1_0\_locales\ru folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\3.0.1_0\_locales\pt_BR folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\3.0.1_0\_locales\pl folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\3.0.1_0\_locales\ko folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\3.0.1_0\_locales\ja folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\3.0.1_0\_locales\it folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\3.0.1_0\_locales\hi folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\3.0.1_0\_locales\fr folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\3.0.1_0\_locales\fi folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\3.0.1_0\_locales\es folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\3.0.1_0\_locales\en folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\3.0.1_0\_locales\de folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\3.0.1_0\_locales\cs folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\3.0.1_0\_locales folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\3.0.1_0\widgets folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\3.0.1_0\skin\include folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\3.0.1_0\skin\fusion\icons folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\3.0.1_0\skin\fusion\accessible\19_19 folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\3.0.1_0\skin\fusion\accessible\16_16\plain folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\3.0.1_0\skin\fusion\accessible\16_16 folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\3.0.1_0\skin\fusion\accessible folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\3.0.1_0\skin\fusion\19_19 folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\3.0.1_0\skin\fusion\16_16\plain folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\3.0.1_0\skin\fusion\16_16 folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\3.0.1_0\skin\fusion folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\3.0.1_0\skin\fonts\Open Sans folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\3.0.1_0\skin\fonts folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\3.0.1_0\skin\c\accessible folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\3.0.1_0\skin\c folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\3.0.1_0\skin\b\ws folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\3.0.1_0\skin\b\welcometips folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\3.0.1_0\skin\b\surveys folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\3.0.1_0\skin\b\accessible folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\3.0.1_0\skin\b folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\3.0.1_0\skin folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\3.0.1_0\libs folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\3.0.1_0\content folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\3.0.1_0 folder moved successfully.
File C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0 not found.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_metadata folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\zh_TW folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\zh_CN folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\vi folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\uk folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\tr folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\th folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\te folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\ta folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\sw folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\sv folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\sr folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\sl folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\sk folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\ru folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\ro folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\pt_PT folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\pt_BR folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\pl folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\nl folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\nb folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\ms folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\ml folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\lv folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\lt folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\ko folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\ja folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\it folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\id folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\hu folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\hr folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\hi folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\he folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\gu folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\fr folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\fil folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\fi folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\fa folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\et folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\es_419 folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\es folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\en_US folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\en_GB folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\el folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\de folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\da folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\cs folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\ca folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\bn folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\bg folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\ar folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales\am folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\_locales folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\skin\social folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\skin\fonts folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\skin\features folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\skin folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\qunit folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\lib\polyfills folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\lib folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\jquery-ui\js folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\jquery-ui\css\smoothness\images folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\jquery-ui\css\smoothness folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\jquery-ui\css folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\jquery-ui folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\icons\detailed folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\icons folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\ext folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0 folder moved successfully.
File C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0 not found.
File C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck\11.1.0.221_1 not found.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_metadata folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\zh_TW folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\zh_CN folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\vi folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\uk folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\tr folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\sv folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\sr folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\sl folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\sk folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\ru folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\ro folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\pt_PT folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\pt_BR folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\pl folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\nl folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\nb folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\ko folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\ja folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\it folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\id folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\hu folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\hr folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\he folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\gu folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\fr folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\fi folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\es folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\en folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\el folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\de folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\da folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\cs folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\ca folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\bg folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales\ar folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\_locales folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\uiscripts\blacklisting folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\uiscripts folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\pages folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\options folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\jquery\css\images folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\jquery\css folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\jquery folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img\search folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\img folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\filtering folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\button folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0 folder moved successfully.
File C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\11.1.0.221_0 not found.
File C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpcdepnceibhgcfmkehlleemiejahmbp\1.2_0 not found.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdeoflfbkpmebldjfkemfhjomgjipgn\0.1_0\_metadata folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdeoflfbkpmebldjfkemfhjomgjipgn\0.1_0 folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmlmehpiikmcdamekkndkbkcefnfefai\1.1.0.0_0\_metadata folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmlmehpiikmcdamekkndkbkcefnfefai\1.1.0.0_0 folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_metadata folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\zh_TW folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\zh_CN folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\vi folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\uk folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\tr folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\th folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sv folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sr folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sl folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sk folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ru folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ro folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\pt_PT folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\pt_BR folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\pl folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\nl folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\nb folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\lv folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\lt folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ko folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ja folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\it folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\id folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\hu folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\hr folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\hi folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\fr folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\fil folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\fi folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\et folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\es_419 folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\es folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\en_GB folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\en folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\el folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\de folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\da folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\cs folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ca folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\bg folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\html folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\css folder moved successfully.
C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0 folder moved successfully.
File C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0 not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.
File C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ba8e36e-6f74-11e5-9acc-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ba8e36e-6f74-11e5-9acc-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ba8e36e-6f74-11e5-9acc-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ba8e36e-6f74-11e5-9acc-806e6f6e6963}\ not found.
File D:\Bin\ASSETUP.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f01fa5cc-6f79-11e5-bb95-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f01fa5cc-6f79-11e5-bb95-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f01fa5cc-6f79-11e5-bb95-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f01fa5cc-6f79-11e5-bb95-806e6f6e6963}\ not found.
File D:\Bin\ASSETUP.exe not found.
========== FILES ==========
C:\Program Files (x86)\Google\Google Toolbar\Component folder moved successfully.
C:\Program Files (x86)\Google\Google Toolbar folder moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Trifon
->Temp folder emptied: 21251310 bytes
->Temporary Internet Files folder emptied: 128 bytes
->FireFox cache emptied: 8688278 bytes
->Google Chrome cache emptied: 215894232 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 351024 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 235,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Trifon
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 04032016_114633

Files\Folders moved on Reboot...
File move failed. C:\Users\Trifon\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\52fb2f4815a91ce6db078c0fe4315a94_fce8394c8fd8a80f_6229ccd76215aea1_0_0.bin scheduled to be moved on reboot.
File move failed. C:\Users\Trifon\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\52fb2f4815a91ce6db078c0fe4315a94_fce8394c8fd8a80f_6229ccd76215aea1_0_0.toc scheduled to be moved on reboot.
C:\Users\Trifon\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Trifon\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\opera_installer_20151218085442.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\opera_installer_20151218085446.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\opera_installer_20160215110325.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\SafeZone Installer\opera_installer_20160215110328.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Re: Potrebujem kontrolu na malware pls!

Napsal: 03 dub 2016 11:36
od Rudy
Smazáno, log je již OK.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz