Prosím o kontrolu

[Universal]

OTL logfile created on: 26.2.2014 16:39:15 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Davo\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000405 | Country: Czech Republic | Language: CSY | Date Format: d.M.yyyy

7,95 Gb Total Physical Memory | 5,81 Gb Available Physical Memory | 73,09% Memory free
15,89 Gb Paging File | 12,89 Gb Available in Paging File | 81,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 86,02 Gb Total Space | 15,23 Gb Free Space | 17,71% Space Free | Partition Type: NTFS
Drive D: | 627,48 Gb Total Space | 53,87 Gb Free Space | 8,59% Space Free | Partition Type: NTFS
Drive F: | 661,66 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 1,83 Gb Total Space | 1,83 Gb Free Space | 99,99% Space Free | Partition Type: FAT32

Computer Name: VALERIEPC | User Name: Davo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014.02.26 16:37:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Davo\Downloads\OTL.exe
PRC - [2014.02.17 23:08:21 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\ Firefox\firefox.exe
PRC - [2014.02.17 23:08:20 | 000,018,544 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\ Firefox\plugin-container.exe
PRC - [2014.02.13 19:10:12 | 016,978,503 | ---- | M] () -- C:\Program Files (x86)\ownCloud\owncloud.exe
PRC - [2014.02.01 17:46:45 | 001,171,968 | ---- | M] (Spotify Ltd) -- C:\Users\Davo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014.01.11 08:21:52 | 000,258,944 | ---- | M] () -- C:\Program Files (x86)\SnapPea\wandoujia_helper.exe
PRC - [2014.01.03 19:31:00 | 000,347,216 | ---- | M] (Dexpot GbR) -- C:\Program Files (x86)\Dexpot\plugins\SevenDex.exe
PRC - [2014.01.03 19:31:00 | 000,185,424 | ---- | M] (Dexpot GbR) -- C:\Program Files (x86)\Dexpot\plugins\DexControl.exe
PRC - [2014.01.03 19:30:20 | 001,841,232 | ---- | M] (Dexpot GbR) -- C:\Program Files (x86)\Dexpot\dexpot.exe
PRC - [2013.12.18 19:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.12.06 20:10:45 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
PRC - [2013.06.26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013.06.26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013.02.28 19:36:18 | 000,275,544 | ---- | M] (Unified Intents AB) -- C:\Program Files (x86)\Unified Remote\RemoteServer.exe
PRC - [2012.06.13 15:53:48 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\EvernoteClipper.exe
PRC - [2012.06.13 15:44:08 | 011,516,768 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote.exe
PRC - [2012.06.13 15:44:08 | 000,391,008 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\EvernoteTray.exe
PRC - [2012.01.16 01:50:23 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2012.01.16 01:50:00 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
PRC - [2011.11.27 22:32:04 | 000,820,309 | ---- | M] ( ) -- C:\Program Files (x86)\Miranda_Cult_Pack_1.11\miranda32.exe
PRC - [2011.08.11 11:28:10 | 000,862,144 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2011.08.11 11:27:02 | 000,358,336 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2011.07.19 17:59:04 | 000,964,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
PRC - [2011.05.10 05:00:20 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.01.29 00:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2011.01.12 19:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.01.12 19:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.12.21 03:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.21 03:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.05.14 06:50:00 | 003,466,488 | ---- | M] (C. Ghisler & Co.) -- C:\Program Files (x86)\TC PowerPack 2\TOTALCMD.EXE


========== Modules (No Company Name) ==========

MOD - [2014.02.18 20:32:22 | 000,065,776 | ---- | M] () -- C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
MOD - [2014.02.18 20:32:08 | 000,071,920 | ---- | M] () -- C:\Program Files\TortoiseSVN\bin\libsasl32.dll
MOD - [2014.02.17 23:08:21 | 003,578,992 | ---- | M] () -- C:\Program Files (x86)\ Firefox\mozjs.dll
MOD - [2014.02.14 17:14:44 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\a99f3a56bbedaa90734d2132d00016ec\IAStorUtil.ni.dll
MOD - [2014.02.14 17:14:44 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\921a4977671bce1f2f553e9adcdb06ee\IAStorCommon.ni.dll
MOD - [2014.02.14 17:13:05 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll
MOD - [2014.02.14 17:12:47 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014.02.14 17:12:42 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014.02.14 17:12:32 | 003,348,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014.02.14 17:12:28 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d48ae2536cb914a7668e22303d484bf6\System.Xml.ni.dll
MOD - [2014.02.14 17:12:26 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014.02.14 17:12:25 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014.02.14 17:12:21 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014.02.14 16:14:35 | 018,109,440 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\7ad4975504d4b3c77f855526d9e624a7\System.ServiceModel.ni.dll
MOD - [2014.02.14 16:13:02 | 002,658,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8ae53cb34b8952ba73f8aa77f94607cd\System.Runtime.Serialization.ni.dll
MOD - [2014.02.14 16:13:00 | 000,393,216 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\276f5b090ca780d172a041c5b2b1750a\System.Xml.Linq.ni.dll
MOD - [2014.02.13 19:10:12 | 016,978,503 | ---- | M] () -- C:\Program Files (x86)\ownCloud\owncloud.exe
MOD - [2014.02.13 19:09:58 | 013,338,973 | ---- | M] () -- C:\Program Files (x86)\ownCloud\libowncloudsync.dll
MOD - [2014.02.13 19:09:46 | 000,896,403 | ---- | M] () -- C:\Program Files (x86)\ownCloud\libocsync.dll
MOD - [2014.02.13 17:48:26 | 013,199,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6c0a2ddd1714e1862b373b16dff0a0c0\System.Windows.Forms.ni.dll
MOD - [2014.02.13 17:48:24 | 006,813,184 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\ca31a2dfb58dd15feaa15a87d59b1c0f\System.Data.ni.dll
MOD - [2014.02.13 17:48:15 | 007,053,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\173e9f58a2b27b680c5caeed540208ef\System.Core.ni.dll
MOD - [2014.02.13 17:48:11 | 001,667,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\35c1def2cf6f5e3b85f35ca25a8a8162\System.Drawing.ni.dll
MOD - [2014.02.13 17:48:10 | 005,628,928 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\56af718db5fe3b683c0ddc1cb72beadb\System.Xml.ni.dll
MOD - [2014.02.13 17:48:05 | 001,014,272 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bee3a29f77003f92bfc7131e7510e8e5\System.Configuration.ni.dll
MOD - [2014.02.13 17:48:04 | 009,099,776 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\12305e59a4b6cd8e42c690a50e7d71af\System.ni.dll
MOD - [2014.02.13 17:47:58 | 014,418,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\80d081165de90a556f312bde48c1dc48\mscorlib.ni.dll
MOD - [2014.01.11 08:22:12 | 034,663,808 | ---- | M] () -- C:\Program Files (x86)\SnapPea\core.dll
MOD - [2014.01.11 08:21:52 | 000,258,944 | ---- | M] () -- C:\Program Files (x86)\SnapPea\wandoujia_helper.exe
MOD - [2013.12.06 20:10:44 | 016,237,448 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll
MOD - [2013.11.13 20:55:24 | 000,180,055 | ---- | M] () -- C:\Program Files (x86)\ownCloud\libneon-27.dll
MOD - [2013.11.13 00:56:38 | 000,070,251 | ---- | M] () -- C:\Program Files (x86)\ownCloud\libqtkeychain.dll
MOD - [2013.09.25 10:09:14 | 000,190,770 | ---- | M] () -- C:\Program Files (x86)\ownCloud\libproxy.dll
MOD - [2013.09.25 03:40:48 | 000,106,234 | ---- | M] () -- C:\Program Files (x86)\ownCloud\zlib1.dll
MOD - [2013.09.24 21:56:26 | 000,064,659 | ---- | M] () -- C:\Program Files (x86)\ownCloud\libmodman.dll
MOD - [2013.09.24 11:29:10 | 000,117,730 | ---- | M] () -- C:\Program Files (x86)\ownCloud\libgcc_s_sjlj-1.dll
MOD - [2013.09.24 11:29:08 | 000,847,985 | ---- | M] () -- C:\Program Files (x86)\ownCloud\libstdc++-6.dll
MOD - [2013.09.24 06:15:12 | 000,566,268 | ---- | M] () -- C:\Program Files (x86)\ownCloud\libsqlite3-0.dll
MOD - [2013.09.24 06:10:40 | 000,218,650 | ---- | M] () -- C:\Program Files (x86)\ownCloud\libjpeg-8.dll
MOD - [2013.09.24 05:55:54 | 000,173,623 | ---- | M] () -- C:\Program Files (x86)\ownCloud\libpng15-15.dll
MOD - [2013.09.24 05:54:20 | 001,169,897 | ---- | M] () -- C:\Program Files (x86)\ownCloud\libxml2-2.dll
MOD - [2012.05.30 04:17:00 | 017,665,024 | ---- | M] () -- C:\Program Files (x86)\Evernote\libcef.dll
MOD - [2012.03.16 14:42:58 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\libtidy.dll
MOD - [2012.03.16 14:42:56 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\libxml2.dll
MOD - [2012.03.16 14:40:02 | 000,160,782 | ---- | M] () -- C:\Program Files (x86)\Evernote\avformat-52.dll
MOD - [2012.03.16 14:39:42 | 001,305,102 | ---- | M] () -- C:\Program Files (x86)\Evernote\avcodec-52.dll
MOD - [2012.03.16 14:39:42 | 000,096,782 | ---- | M] () -- C:\Program Files (x86)\Evernote\avutil-50.dll
MOD - [2012.02.20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.01.16 01:50:22 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
MOD - [2012.01.16 01:50:00 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
MOD - [2011.11.29 12:52:36 | 000,090,218 | ---- | M] () -- C:\Program Files (x86)\Miranda_Cult_Pack_1.11\Plugins\StartupStatus.dll
MOD - [2011.11.27 22:31:38 | 000,054,361 | ---- | M] () -- C:\Program Files (x86)\Miranda_Cult_Pack_1.11\zlib.dll
MOD - [2011.11.27 22:31:26 | 000,338,527 | ---- | M] () -- C:\Program Files (x86)\Miranda_Cult_Pack_1.11\Plugins\ICQ.dll
MOD - [2011.11.27 22:31:12 | 000,036,962 | ---- | M] () -- C:\Program Files (x86)\Miranda_Cult_Pack_1.11\Plugins\dbx_mmap.dll
MOD - [2011.10.29 11:50:24 | 000,169,984 | ---- | M] () -- C:\Program Files (x86)\Miranda_Cult_Pack_1.11\Plugins\Variables.dll
MOD - [2011.10.29 11:34:42 | 000,104,960 | ---- | M] () -- C:\Program Files (x86)\Miranda_Cult_Pack_1.11\Plugins\KeepStatus.dll
MOD - [2011.02.16 18:53:14 | 000,133,024 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
MOD - [2011.02.16 18:51:10 | 000,161,696 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
MOD - [2010.11.01 19:08:06 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Miranda_Cult_Pack_1.11\Plugins\folders.dll
MOD - [2010.09.20 19:41:34 | 000,498,688 | ---- | M] () -- C:\Program Files (x86)\Miranda_Cult_Pack_1.11\Plugins\Fingerprint.dll
MOD - [2010.08.13 10:43:50 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Miranda_Cult_Pack_1.11\Plugins\MenuEx.dll
MOD - [2009.04.13 03:32:08 | 000,080,384 | ---- | M] () -- C:\Program Files (x86)\Miranda_Cult_Pack_1.11\Plugins\modernopt.dll
MOD - [2008.01.28 20:04:42 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Miranda_Cult_Pack_1.11\Plugins\svc_dbepp.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014.02.06 11:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013.10.23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013.10.23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013.10.03 20:46:59 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2013.05.27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012.12.16 12:25:38 | 000,123,664 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2011.05.12 17:01:46 | 000,970,016 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011.05.02 15:27:50 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011.05.02 15:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011.05.02 15:10:26 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014.02.17 23:08:21 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014.01.07 22:00:22 | 000,569,768 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.12.18 19:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.06.26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013.06.26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013.02.28 17:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.05.10 05:00:20 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.01.12 19:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.12.21 03:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.12.21 03:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.07.26 05:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\games\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.12.03 18:15:08 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2013.11.29 17:43:00 | 000,140,560 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2013.09.27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013.06.26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013.06.26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013.06.26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013.06.26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013.05.13 15:36:06 | 000,050,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2013.02.27 19:04:54 | 000,020,992 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\uvhid.sys -- (uvhid)
DRV:64bit: - [2012.12.16 12:25:34 | 000,202,632 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2012.12.13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.10.27 20:15:21 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012.10.27 20:15:21 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.04.09 15:27:34 | 000,352,144 | ---- | M] (EldoS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cbfs3.sys -- (cbfs3)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.16 02:15:39 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2012.01.16 02:15:37 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2012.01.16 01:48:23 | 000,020,064 | ---- | M] (Ensurebit Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\delayman.sys -- (DelayMan)
DRV:64bit: - [2012.01.16 01:48:23 | 000,015,456 | ---- | M] (Ensurebit Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\winioex.sys -- (winioex)
DRV:64bit: - [2011.11.25 00:25:52 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pneteth.sys -- (pneteth)
DRV:64bit: - [2011.10.28 12:23:56 | 000,398,896 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.09.29 04:23:24 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.09.29 04:23:24 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.08.10 22:20:26 | 000,091,864 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2011.07.27 00:22:48 | 012,288,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.05.13 01:01:36 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN)
DRV:64bit: - [2011.05.13 01:01:34 | 000,437,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011.05.13 01:01:24 | 000,164,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011.05.13 01:01:24 | 000,150,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011.05.13 01:01:24 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011.05.13 01:01:24 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011.05.10 05:00:18 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.05.09 21:42:16 | 000,425,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2011.05.01 15:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011.03.23 15:13:58 | 008,199,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvc.sys -- (rtsuvc)
DRV:64bit: - [2011.01.29 00:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011.01.12 18:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.12.13 04:31:00 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010.12.01 06:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.15 09:28:17 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.03.02 19:50:54 | 000,038,496 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HybridDiskX64.sys -- (HybridDisk)
DRV:64bit: - [2010.03.02 19:50:38 | 000,013,920 | ---- | M] (Lenovo.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\HybridCFileX64.sys -- (hybridcfile)
DRV:64bit: - [2009.07.21 15:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.02.24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008.05.06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.02.24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... -SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2164984403-1494394889-1087947439-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
IE - HKU\S-1-5-21-2164984403-1494394889-1087947439-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com
IE - HKU\S-1-5-21-2164984403-1494394889-1087947439-1000\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2164984403-1494394889-1087947439-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain ... &bmod=LENN
IE - HKU\S-1-5-21-2164984403-1494394889-1087947439-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKU\S-1-5-21-2164984403-1494394889-1087947439-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKU\S-1-5-21-2164984403-1494394889-1087947439-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2164984403-1494394889-1087947439-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... -SearchBox
IE - HKU\S-1-5-21-2164984403-1494394889-1087947439-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2164984403-1494394889-1087947439-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Davo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Davo\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Davo\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Davo\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Davo\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\ Firefox\components [2013.10.02 23:16:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\ Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.3.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.3.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\ Firefox\components [2013.10.02 23:16:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\ Firefox\plugins

[2012.08.23 12:03:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davo\AppData\Roaming\Mozilla\Extensions
[2013.11.14 11:39:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\63dvq8h4.xdavewolf\extensions
[2013.11.14 11:39:20 | 000,000,000 | ---D | M] (Pocket) -- C:\Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\63dvq8h4.xdavewolf\extensions\isreaditlater@ideashower.com
[2012.09.12 13:01:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\ke9uiyf1.livecalendar\extensions
[2014.01.14 20:54:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\lhh4mqok.facebook\extensions
[2014.02.15 11:12:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\yj1vuvvm.browsing\extensions
[2014.01.21 18:43:00 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\yj1vuvvm.browsing\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.11.12 22:46:52 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\yj1vuvvm.browsing\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014.02.01 17:48:07 | 000,000,000 | ---D | M] (Pocket) -- C:\Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\yj1vuvvm.browsing\extensions\isreaditlater@ideashower.com
[2013.08.29 11:06:22 | 000,153,445 | ---- | M] () (No name found) -- C:\Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\lhh4mqok.facebook\extensions\betterfacebook@mattkruse.com.xpi
[2014.01.14 20:54:11 | 000,940,775 | ---- | M] () (No name found) -- C:\Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\lhh4mqok.facebook\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014.02.01 17:48:07 | 000,947,506 | ---- | M] () (No name found) -- C:\Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\yj1vuvvm.browsing\extensions\2.0@disconnect.me.xpi
[2014.01.21 22:37:03 | 000,023,913 | ---- | M] () (No name found) -- C:\Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\yj1vuvvm.browsing\extensions\add-to-searchbox@maltekraus.de.xpi
[2014.02.05 17:04:37 | 000,833,621 | ---- | M] () (No name found) -- C:\Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\yj1vuvvm.browsing\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi
[2014.01.21 19:56:28 | 000,368,583 | ---- | M] () (No name found) -- C:\Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\yj1vuvvm.browsing\extensions\jid1-U644kBB2CFa3Ag@jetpack.xpi
[2014.02.17 18:29:01 | 000,017,784 | ---- | M] () (No name found) -- C:\Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\yj1vuvvm.browsing\extensions\jid1-WF1v8esuNM9pRg@jetpack.xpi
[2014.01.21 19:14:14 | 000,017,677 | ---- | M] () (No name found) -- C:\Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\yj1vuvvm.browsing\extensions\john@velvetcache.org.xpi
[2014.02.15 11:12:30 | 000,536,255 | ---- | M] () (No name found) -- C:\Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\yj1vuvvm.browsing\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014.02.01 17:48:07 | 000,022,573 | ---- | M] () (No name found) -- C:\Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\yj1vuvvm.browsing\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi
[2014.01.16 18:38:51 | 000,940,775 | ---- | M] () (No name found) -- C:\Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\yj1vuvvm.browsing\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014.01.21 18:52:13 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\yj1vuvvm.browsing\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Davo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\

O1 HOSTS File: ([2014.02.24 22:36:59 | 000,000,741 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2164984403-1494394889-1087947439-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [TC PowerPack 2] C:\Program Files (x86)\TC PowerPack 2\TCPowerPack.exe (BuKoX)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2164984403-1494394889-1087947439-1000..\Run: [Power2GoExpress] NA File not found
O4 - HKU\S-1-5-21-2164984403-1494394889-1087947439-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2164984403-1494394889-1087947439-1001..\Run: [ownCloud] C:\Program Files (x86)\ownCloud\owncloud.exe ()
O4 - HKU\S-1-5-21-2164984403-1494394889-1087947439-1001..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-2164984403-1494394889-1087947439-1001..\Run: [Spotify] C:\Users\Davo\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-2164984403-1494394889-1087947439-1001..\Run: [Spotify Web Helper] C:\Users\Davo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-2164984403-1494394889-1087947439-1001..\Run: [Unified Remote v2] C:\Program Files (x86)\Unified Remote\RemoteServer.exe (Unified Intents AB)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2164984403-1494394889-1087947439-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Davo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Users\Davo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wandoujia_helper.lnk = C:\Program Files (x86)\SnapPea\wandoujia_helper.exe ()
O4 - Startup: C:\Users\Yaya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2164984403-1494394889-1087947439-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4DC52F45-F02D-4762-985B-B03EA69A7D8E}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.10.03 20:36:15 | 000,000,000 | ---D | M] - D:\AUTODESK.REVIT.ARCHITECTURE.V2013-ISO -- [ NTFS ]
O33 - MountPoints2\{78df7cec-a440-11e1-8e2f-642737caef34}\Shell - "" = AutoRun
O33 - MountPoints2\{78df7cec-a440-11e1-8e2f-642737caef34}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.clmp3enc - C:\Program Files (x86)\Lenovo\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2014.02.24 20:05:52 | 000,000,000 | ---D | C] -- C:\Users\Davo\Desktop\RK_Quarantine
[2014.02.23 17:15:59 | 000,000,000 | ---D | C] -- C:\Users\Davo\AppData\Roaming\TortoiseSVN
[2014.02.23 17:11:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN
[2014.02.23 17:11:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TortoiseOverlays
[2014.02.23 17:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseSVN
[2014.02.23 17:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2014.02.23 17:11:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014.02.23 13:52:49 | 000,000,000 | ---D | C] -- C:\Users\Davo\AppData\Roaming\Thunderbird
[2014.02.23 13:52:49 | 000,000,000 | ---D | C] -- C:\Users\Davo\AppData\Local\Thunderbird
[2014.02.23 13:50:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2014.02.23 10:46:14 | 000,000,000 | ---D | C] -- C:\Users\Davo\AppData\Roaming\Malwarebytes
[2014.02.23 10:46:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014.02.23 10:46:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014.02.23 10:46:03 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2014.02.23 10:46:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014.02.23 10:44:57 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2014.02.23 09:03:31 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.02.22 19:34:13 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014.02.22 19:34:13 | 000,000,000 | ---D | C] -- C:\rsit
[2014.02.19 18:19:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2014.02.19 18:19:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2014.02.17 23:24:37 | 000,000,000 | ---D | C] -- C:\Users\Davo\AppData\Roaming\avidemux
[2014.02.17 23:24:29 | 000,000,000 | ---D | C] -- C:\Program Files\Avidemux 2.6 - 64bits
[2014.02.17 20:33:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeVideoCutter
[2014.02.17 20:23:13 | 000,000,000 | ---D | C] -- C:\Users\Davo\AppData\Roaming\MOVAVI
[2014.02.17 20:23:13 | 000,000,000 | ---D | C] -- C:\Users\Davo\AppData\Local\Movavi
[2014.02.17 20:09:52 | 000,000,000 | ---D | C] -- C:\Users\Davo\AppData\Local\{6DAEE7E8-8C5D-4C4E-AA5F-0596625A4469}
[2014.02.13 17:44:18 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2014.02.13 17:43:30 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2014.02.13 17:43:30 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2014.02.13 17:43:29 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2014.02.13 17:43:29 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2014.02.13 17:43:29 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2014.02.13 17:43:29 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2014.02.13 17:43:29 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2014.02.13 17:43:28 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2014.02.13 17:43:28 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2014.02.13 17:43:28 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2014.02.13 17:43:28 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2014.02.13 17:43:28 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2014.02.13 17:43:28 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2014.02.13 17:43:28 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2014.02.13 17:43:28 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2014.02.13 17:43:28 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2014.02.13 17:43:27 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2014.02.13 17:43:27 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2014.02.13 17:43:27 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2014.02.13 17:43:27 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2014.02.13 17:43:25 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2014.02.13 17:43:25 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2014.02.13 17:43:23 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2014.02.12 20:54:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml3r.dll
[2014.02.12 20:54:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml3r.dll
[2014.02.12 20:53:51 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d2d1.dll
[2014.02.12 20:53:51 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10warp.dll
[2014.02.07 19:57:29 | 000,000,000 | ---D | C] -- C:\Users\Davo\AppData\Local\Blizzard
[2014.02.07 19:30:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
[2014.02.07 19:21:34 | 000,000,000 | ---D | C] -- C:\Users\Davo\AppData\Local\Blizzard Entertainment
[2014.02.07 19:21:22 | 000,000,000 | ---D | C] -- C:\Users\Davo\AppData\Roaming\Battle.net
[2014.02.07 19:21:22 | 000,000,000 | ---D | C] -- C:\Users\Davo\AppData\Local\Battle.net
[2014.02.07 19:21:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
[2014.02.07 19:21:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battle.net
[2014.01.27 21:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cygwin
[2014.01.27 21:48:59 | 000,000,000 | ---D | C] -- C:\cygwin64

========== Files - Modified Within 30 Days ==========

[2014.02.26 16:47:40 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014.02.26 16:37:38 | 000,000,966 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.02.26 16:37:02 | 000,000,958 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2164984403-1494394889-1087947439-1001UA.job
[2014.02.26 16:36:45 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014.02.25 20:56:00 | 000,000,962 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.02.25 19:30:45 | 000,000,906 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2164984403-1494394889-1087947439-1001Core.job
[2014.02.24 19:00:26 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.02.24 19:00:26 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.02.24 18:57:32 | 000,779,724 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014.02.24 18:57:32 | 000,652,600 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014.02.24 18:57:32 | 000,121,274 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014.02.24 18:53:07 | 2103,332,863 | -HS- | M] () -- C:\hiberfil.sys
[2014.02.23 23:13:12 | 000,000,600 | ---- | M] () -- C:\Users\Davo\AppData\Local\PUTTY.RND
[2014.02.23 14:28:47 | 000,001,011 | ---- | M] () -- C:\Users\Davo\Desktop\ownCloud.lnk
[2014.02.23 13:50:12 | 000,002,090 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2014.02.23 10:46:06 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014.02.21 22:46:11 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014.02.19 18:20:22 | 000,002,418 | ---- | M] () -- C:\windows\Sandboxie.ini
[2014.02.19 18:19:58 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2014.02.17 23:24:30 | 000,000,907 | ---- | M] () -- C:\Users\Public\Desktop\Avidemux 2.6 - 64bits.lnk
[2014.02.17 20:23:11 | 000,004,922 | ---- | M] () -- C:\ProgramData\uxxadbmu.rlu
[2014.02.13 17:51:54 | 000,765,636 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2014.02.07 19:30:13 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Hearthstone.lnk
[2014.02.07 19:21:09 | 000,001,150 | ---- | M] () -- C:\Users\Public\Desktop\Battle.net.lnk
[2014.02.06 12:30:12 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2014.02.06 12:07:39 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2014.02.06 12:06:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2014.02.06 11:56:03 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2014.02.06 11:52:11 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2014.02.06 11:49:03 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2014.02.06 11:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2014.02.06 11:48:11 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2014.02.06 11:32:49 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2014.02.06 11:17:15 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2014.02.06 11:11:37 | 005,768,704 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2014.02.06 11:01:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2014.02.06 11:00:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2014.02.06 10:57:13 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2014.02.06 10:52:21 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2014.02.06 10:50:32 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2014.02.06 10:49:22 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2014.02.06 10:47:22 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2014.02.06 10:46:27 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2014.02.06 10:25:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2014.02.06 10:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2014.02.06 09:40:06 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2014.02.06 09:34:31 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2014.01.27 21:56:49 | 000,000,593 | ---- | M] () -- C:\Users\Public\Desktop\Cygwin64 Terminal.lnk

========== Files Created - No Company Name ==========

[2014.02.26 16:47:40 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014.02.23 14:28:47 | 000,001,023 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ownCloud.lnk
[2014.02.23 13:50:12 | 000,002,090 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2014.02.23 13:50:11 | 000,002,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2014.02.23 10:46:06 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014.02.19 18:19:58 | 000,001,945 | ---- | C] () -- C:\windows\epplauncher.mif
[2014.02.19 18:19:51 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2014.02.17 23:24:30 | 000,000,907 | ---- | C] () -- C:\Users\Public\Desktop\Avidemux 2.6 - 64bits.lnk
[2014.02.17 20:23:11 | 000,004,922 | ---- | C] () -- C:\ProgramData\uxxadbmu.rlu
[2014.02.07 19:30:13 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Hearthstone.lnk
[2014.02.07 19:21:09 | 000,001,150 | ---- | C] () -- C:\Users\Public\Desktop\Battle.net.lnk
[2014.01.27 21:56:49 | 000,000,593 | ---- | C] () -- C:\Users\Public\Desktop\Cygwin64 Terminal.lnk
[2013.04.15 20:18:46 | 000,002,418 | ---- | C] () -- C:\windows\Sandboxie.ini
[2013.04.06 15:28:42 | 000,000,600 | ---- | C] () -- C:\Users\Davo\AppData\Local\PUTTY.RND
[2012.05.22 20:03:30 | 000,000,160 | ---- | C] () -- C:\Users\Davo\AppData\Roaming\addDefaultValueForDevicePathKey.reg

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014.02.17 23:34:41 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\avidemux
[2012.10.14 11:36:17 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1
[2014.02.17 22:10:39 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\Battle.net
[2014.02.23 17:12:39 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\Dexpot
[2012.10.29 18:34:28 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\Dropbox
[2012.05.19 14:47:54 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\GHISLER
[2012.08.23 15:44:29 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\ICAClient
[2014.02.14 17:07:40 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\KeePass
[2012.10.28 12:26:56 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\KompoZer
[2012.12.09 17:18:07 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\Launchy
[2013.12.28 17:07:51 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\LibreOffice
[2013.05.23 10:34:25 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\Local Sync
[2014.02.17 20:23:14 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\MOVAVI
[2012.12.15 12:05:58 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\MusicBee
[2014.02.26 16:52:54 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\NetSpeedMonitor
[2012.05.19 12:30:26 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\Opera
[2012.09.09 13:21:15 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\runic games
[2013.12.10 00:45:31 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\SoftGrid Client
[2014.02.24 18:55:25 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\Spotify
[2013.05.19 17:14:46 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\Subversion
[2014.02.23 13:52:49 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\Thunderbird
[2012.08.07 19:56:18 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\TP
[2013.12.09 20:15:49 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\TrueCrypt
[2014.02.25 20:41:06 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\TS3Client
[2012.06.17 17:13:27 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\Unified Remote
[2014.02.19 18:03:03 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\uTorrent
[2014.02.17 22:10:40 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\Wandoujia2
[2014.01.26 18:17:03 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\WandoujiaUsbDriver
[2012.08.23 10:47:11 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\Windows Live Writer
[2013.12.31 17:10:14 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\XnView
[2013.10.03 20:53:16 | 000,000,000 | ---D | M] -- C:\Users\Yaya\AppData\Roaming\Autodesk
[2013.10.03 19:59:03 | 000,000,000 | ---D | M] -- C:\Users\Yaya\AppData\Roaming\ICAClient
[2013.10.03 19:58:54 | 000,000,000 | ---D | M] -- C:\Users\Yaya\AppData\Roaming\Subversion

========== Purity Check ==========



========== Custom Scans ==========

< >
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,632 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2012.01.16 01:45:30 | 000,000,962 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.01.16 01:45:30 | 000,000,966 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.09.06 19:11:26 | 000,000,906 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2164984403-1494394889-1087947439-1001Core.job
[2012.09.06 19:11:26 | 000,000,958 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2164984403-1494394889-1087947439-1001UA.job

< >

< MD5 for: AGP440.SYS >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010.11.21 04:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\windows\SysNative\autochk.exe
[2010.11.21 04:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2010.11.21 04:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010.11.21 04:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2010.11.21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\windows\SysNative\drivers\cdrom.sys
[2010.11.21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010.11.21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2012.06.02 05:52:32 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=063DD65889D21035311463337BD268E7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_788c7cc71232cc19\cryptsvc.dll
[2012.04.24 05:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
[2010.11.21 04:24:16 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[2012.04.24 05:28:22 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=21993009E0CCB9B4FA195F14D3408626 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
[2013.05.13 05:45:55 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=3897DFF247D9ED0006190349DE264E14 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_77d8a461f934afb8\cryptsvc.dll
[2013.07.09 15:47:30 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=434CCE8E7150CD1324C5FAA088D1D061 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_d45f6e88cac8f85b\cryptsvc.dll
[2012.04.24 06:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=4F5414602E2544A4554D95517948B705 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_d41dd577b1743795\cryptsvc.dll
[2013.10.05 03:25:30 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=509D31797A4B8A3D6ED78A330B19A919 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_d46d4138cabe2596\cryptsvc.dll
[2013.07.09 06:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=6B400F211BEE880A37A1ED0368776BF4 -- C:\windows\SysNative\cryptsvc.dll
[2013.07.09 06:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=6B400F211BEE880A37A1ED0368776BF4 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_d431528fb165f7bc\cryptsvc.dll
[2013.07.09 14:57:37 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=6DB499DEFCC827317C5371164A7CDB27 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_7840d305126b8725\cryptsvc.dll
[2013.07.09 05:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=7CA1BECEA5DE2643ADDAD32670E7A4C9 -- C:\Windows\SysWOW64\cryptsvc.dll
[2013.07.09 05:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=7CA1BECEA5DE2643ADDAD32670E7A4C9 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_7812b70bf9088686\cryptsvc.dll
[2012.06.04 08:52:35 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=7E7D2DACF65D750D466F36BD3D09AE20 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_d4ab184aca903d4f\cryptsvc.dll
[2013.05.11 06:18:23 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=8122252F0A4ACFA92FA0C1D50D18493B -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_d4a24ea4ca968363\cryptsvc.dll
[2012.06.02 05:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=96C0E38905CFD788313BE8E11DAE3F2F -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_77ddc9e5f93000db\cryptsvc.dll
[2012.06.02 06:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=9C01375BE382E834CC26D1B7EAF2C4FE -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_d3fc6569b18d7211\cryptsvc.dll
[2010.11.21 04:24:32 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2013.05.11 05:59:05 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=AC04D05309BB2C418D0D80B9FB014642 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_7883b3211239122d\cryptsvc.dll
[2012.04.24 06:22:32 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=B7337E9C9E5936355BB700AA33E0936E -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_d473633acab895c2\cryptsvc.dll
[2013.05.13 06:51:01 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=D8129C49798CBBFB2E4351D4B7B8EF9C -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_d3f73fe5b19220ee\cryptsvc.dll
[2013.10.05 02:52:03 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=F2D9242C3BBD1C36467FCAE1AE01733F -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_784ea5b51260b460\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2011.09.29 04:19:34 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.09.29 04:19:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.09.29 04:19:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.09.29 04:19:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.09.29 04:19:34 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.09.29 04:19:34 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: HAL.DLL >
[2010.11.21 04:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\windows\SysNative\hal.dll
[2010.11.21 04:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll

< MD5 for: IASTOR.SYS >
[2011.01.12 18:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\windows\SysNative\drivers\iaStor.sys
[2011.01.12 18:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys

< MD5 for: IASTORV.SYS >
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.09.29 04:23:24 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.09.29 04:23:24 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys
[2011.09.29 04:23:24 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.09.29 04:23:24 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009.07.14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\windows\SysNative\drivers\isapnp.sys
[2009.07.14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\isapnp.sys
[2009.07.14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\isapnp.sys

[Universal]

< MD5 for: LSASS.EXE >
[2009.07.14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
[2011.11.17 07:20:34 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0A10B74FBB437FF9A23F1D5DE4446A83 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe
[2013.09.25 02:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=4D71227301DD8D09097B9E4CC6527E5A -- C:\windows\SysNative\lsass.exe
[2013.09.25 02:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=4D71227301DD8D09097B9E4CC6527E5A -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18270_none_042b9307739f26ed\lsass.exe
[2012.06.04 08:51:10 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=79C908CAA6F43021EB05F4C733A927D1 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_04f609a88c8c279c\lsass.exe
[2011.11.17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe
[2011.11.17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_044756c773895c5e\lsass.exe
[2013.09.25 02:08:17 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=F021DAFB1F87616FCEBA159C2ED7042F -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22465_none_04c503168cb026a0\lsass.exe

< MD5 for: NDIS.SYS >
[2012.01.15 16:53:44 | 000,950,656 | ---- | M] (Microsoft Corporation) MD5=303310C91F8C0740ED1C76851C759874 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.21628_none_066fff3d4bd0b870\ndis.sys
[2010.11.21 04:23:55 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys
[2012.01.15 16:53:44 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=C38B8AE57F78915905064A9A24DC1586 -- C:\windows\SysNative\drivers\ndis.sys
[2012.01.15 16:53:44 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=C38B8AE57F78915905064A9A24DC1586 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17530_none_05d3903632c269df\ndis.sys

< MD5 for: NETLOGON.DLL >
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

< MD5 for: NVRAID.SYS >
[2011.09.29 04:23:24 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\windows\SysNative\drivers\nvraid.sys
[2011.09.29 04:23:24 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvraid.sys
[2011.09.29 04:23:24 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvraid.sys
[2010.11.21 04:23:47 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=5D9FD91F3D38DC9DA01E3CB5FA89CD48 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvraid.sys
[2010.11.21 04:23:47 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=5D9FD91F3D38DC9DA01E3CB5FA89CD48 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvraid.sys
[2011.09.29 04:23:24 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=666CA16F17914C1CD3616CF16DE0A6EA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2011.09.29 04:23:24 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.09.29 04:23:24 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys
[2011.09.29 04:23:24 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.09.29 04:23:24 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SMSS.EXE >
[2009.07.14 02:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe
[2013.03.19 03:57:17 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=498E2A20E145199709CD100CDBA8603D -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22280_none_0a9a7b3b492b4d05\smss.exe
[2013.11.13 20:32:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=B2B31D4C79EFD883097FA24D02E79C12 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22436_none_0ad6905f48fd53a8\smss.exe
[2013.08.02 06:06:34 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=CB5DA3E44456D1084BCD87F5B1B3152B -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22411_none_0ae72ec548f19d13\smss.exe
[2013.03.19 04:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=F0371DE302FFFF8F086661611BE60848 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18113_none_0a5f8ec22fd235a9\smss.exe
[2013.08.02 01:59:09 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=F0970A4BC8395659C22BF53D0FADF16F -- C:\windows\SysNative\smss.exe
[2013.08.02 01:59:09 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=F0970A4BC8395659C22BF53D0FADF16F -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18229_none_0a5ac2782fd4e6cb\smss.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2013.05.08 07:14:42 | 001,900,392 | ---- | M] (Microsoft Corporation) MD5=3E94650745D4DAB67E161F5F32CEA597 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22319_none_11d29984961f0be0\tcpip.sys
[2013.11.13 20:32:32 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\windows\SysNative\drivers\tcpip.sys
[2013.11.13 20:32:32 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_1118bb977d265d27\tcpip.sys
[2010.11.21 04:24:08 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2013.11.13 20:32:32 | 001,896,896 | ---- | M] (Microsoft Corporation) MD5=75F9106B74585D38C8FF6BB5CAD262D7 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_11ad2a34963bde27\tcpip.sys
[2012.08.22 19:06:13 | 001,901,936 | ---- | M] (Microsoft Corporation) MD5=7880A26B7D3B96FDA8EFD9F985036B1D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_117a13de9661c145\tcpip.sys
[2012.03.30 11:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2011.09.29 04:18:24 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2013.05.08 07:39:01 | 001,910,632 | ---- | M] (Microsoft Corporation) MD5=9849EA3843A2ADBDD1497E97A85D8CAE -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18148_none_11278ac57d1aa96b\tcpip.sys
[2011.09.29 04:22:53 | 001,914,752 | ---- | M] (Microsoft Corporation) MD5=A0EB71E0DC047C7CC95CD6AB4036296E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a276c29643d7ec\tcpip.sys
[2012.03.30 12:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2013.07.06 06:20:38 | 001,900,992 | ---- | M] (Microsoft Corporation) MD5=B27F13153343BC37A27EAE01634D94E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_1190b9b296509a2f\tcpip.sys
[2013.01.03 07:00:54 | 001,913,192 | ---- | M] (Microsoft Corporation) MD5=B62A953F2BF3922C8764A29C34A22899 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_112187237d20143a\tcpip.sys
[2011.09.29 04:18:24 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2013.01.04 06:47:43 | 001,901,416 | ---- | M] (Microsoft Corporation) MD5=B8C1AAC0523E1C33AEB0EF7572144BA2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_11dd678a9616f2c8\tcpip.sys
[2011.09.29 04:19:45 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=CB6A53EF141CC3DA32DA54F7E75D301B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21687_none_118505f696597a9d\tcpip.sys
[2013.07.06 07:03:53 | 001,910,208 | ---- | M] (Microsoft Corporation) MD5=DB74544B75566C974815E79A62433F29 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_114dcae97cfeb81b\tcpip.sys
[2011.09.29 04:19:45 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=DC08410DB2D0CC542DACAC7A90E6CB7A -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17582_none_10f667b97d405c20\tcpip.sys
[2011.09.29 04:22:53 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=F0E98C00A09FDF791525829A1D14240F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_11327af77d12659c\tcpip.sys
[2012.08.22 19:12:50 | 001,913,200 | ---- | M] (Microsoft Corporation) MD5=F782CAD3CEDBB3F9FFE3BF2775D92DDC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_113380f37d117668\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< MD5 for: WS2_32.DLL >
[2010.11.21 04:24:28 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- C:\windows\SysNative\ws2_32.dll
[2010.11.21 04:24:28 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_50ddb631e4f59005\ws2_32.dll
[2010.11.21 04:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\SysWOW64\ws2_32.dll
[2010.11.21 04:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[6 C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[10 C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[46 C:\windows\Temp\*.tmp files -> C:\windows\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2012.10.14 11:35:26 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\Adobe
[2013.11.30 19:35:48 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\Apple Computer
[2014.02.17 23:34:41 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\avidemux
[2012.10.14 11:36:17 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1
[2014.02.17 22:10:39 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\Battle.net
[2012.05.19 23:03:32 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\CyberLink
[2014.02.23 17:12:39 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\Dexpot
[2012.10.29 18:34:28 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\Dropbox
[2013.12.01 18:53:47 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\dvdcss
[2012.05.19 14:47:54 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\GHISLER
[2012.08.23 15:44:29 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\ICAClient
[2012.05.18 15:53:45 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\Identities
[2012.05.18 15:53:42 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\Intel
[2012.05.18 15:54:00 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\Intel Corporation
[2014.02.14 17:07:40 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\KeePass
[2012.10.28 12:26:56 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\KompoZer
[2012.12.09 17:18:07 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\Launchy
[2013.12.28 17:07:51 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\LibreOffice
[2013.05.23 10:34:25 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\Local Sync
[2012.05.28 20:08:15 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\Macromedia
[2014.02.23 10:46:14 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\Malwarebytes
[2011.09.29 04:37:14 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\Media Center Programs
[2013.12.30 17:38:18 | 000,000,000 | --SD | M] -- C:\Users\Davo\AppData\Roaming\Microsoft
[2014.02.17 20:23:14 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\MOVAVI
[2014.02.09 18:14:19 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\Mozilla
[2012.12.15 12:05:58 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\MusicBee
[2014.02.26 17:13:11 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\NetSpeedMonitor
[2012.07.01 09:30:14 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\NVIDIA
[2012.05.19 12:30:26 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\Opera
[2012.09.09 13:21:15 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\runic games
[2013.10.25 18:03:09 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\Skype
[2013.12.10 00:45:31 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\SoftGrid Client
[2014.02.24 18:55:25 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\Spotify
[2013.05.19 17:14:46 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\Subversion
[2012.05.24 21:23:19 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\teamspeak2
[2014.02.23 13:52:49 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\Thunderbird
[2014.02.23 20:31:50 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\TortoiseSVN
[2012.08.07 19:56:18 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\TP
[2013.12.09 20:15:49 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\TrueCrypt
[2014.02.25 20:41:06 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\TS3Client
[2012.06.17 17:13:27 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\Unified Remote
[2014.02.19 18:03:03 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\uTorrent
[2014.02.24 21:09:59 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\vlc
[2014.02.17 22:10:40 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\Wandoujia2
[2014.01.26 18:17:03 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\WandoujiaUsbDriver
[2012.08.23 10:47:11 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\Windows Live Writer
[2013.12.31 17:10:14 | 000,000,000 | ---D | M] -- C:\Users\Davo\AppData\Roaming\XnView

< %APPDATA%\*.exe /s >
[2012.10.14 11:35:11 | 000,053,664 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Davo\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.10.14 11:35:09 | 015,449,216 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Davo\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller3x0\airinstaller3x0.exe
[2014.02.01 17:46:46 | 006,118,400 | ---- | M] (Spotify Ltd) -- C:\Users\Davo\AppData\Roaming\Spotify\spotify.exe
[2014.02.01 17:46:46 | 000,062,464 | ---- | M] (Spotify Ltd) -- C:\Users\Davo\AppData\Roaming\Spotify\SpotifyLauncher.exe
[2014.02.01 17:46:45 | 000,603,648 | ---- | M] () -- C:\Users\Davo\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
[2014.02.01 17:46:45 | 001,171,968 | ---- | M] (Spotify Ltd) -- C:\Users\Davo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2014.02.24 18:55:20 | 000,000,018 | ---- | M] () -- C:\windows\system32\log.txt

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Unified Remote v2" = C:\Program Files (x86)\Unified Remote\RemoteServer.exe -- [2013.02.28 19:36:18 | 000,275,544 | ---- | M] (Unified Intents AB)
"Google Update" = "C:\Users\Davo\AppData\Local\Google\Update\GoogleUpdate.exe" /c -- [2012.07.21 13:51:10 | 000,116,648 | ---- | M] (Google Inc.)
"Spotify Web Helper" = "C:\Users\Davo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" -- [2014.02.01 17:46:45 | 001,171,968 | ---- | M] (Spotify Ltd)
"SandboxieControl" = "C:\Program Files\Sandboxie\SbieCtrl.exe" -- [2012.12.16 12:25:38 | 000,765,200 | ---- | M] (SANDBOXIE L.T.D)
"Spotify" = "C:\Users\Davo\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart -- [2014.02.01 17:46:46 | 006,118,400 | ---- | M] (Spotify Ltd)
"ownCloud" = C:\Program Files (x86)\ownCloud\owncloud.exe -- [2014.02.13 19:10:12 | 016,978,503 | ---- | M] ()

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< >

< type c:\boot.ini >> test.txt /c >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014.02.26 16:47:40 | 000,000,512 | ---- | M] () MD5=4500BEF21518F39553B78330E24BAA2F -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2001.07.13 06:04:00 | 000,120,054 | ---- | M] () -- \Program Files (x86)\Paint Shop Pro 7\Patterns\Cracked Emerald.bmp
[2001.07.13 06:04:00 | 000,000,736 | ---- | M] () -- \Program Files (x86)\Paint Shop Pro 7\Presets\More Cracks.pfl
[2001.07.13 06:04:00 | 000,000,736 | ---- | M] () -- \Program Files (x86)\Paint Shop Pro 7\Presets\Small Cracks.pfl
[2001.07.13 06:04:00 | 000,011,486 | ---- | M] () -- \Program Files (x86)\Paint Shop Pro 7\Textures\Cracked Cement.bmp
[2013.10.26 15:16:32 | 000,000,646 | ---- | M] () -- \Program Files (x86)\Plex Media Server\Resources\Plug-ins\SiteConfigurations.bundle\Contents\Resources\crackle.xml
[2013.12.04 12:24:35 | 000,000,156 | ---- | M] () -- \Users\Davo\AppData\Local\Opera\Opera\icons\cdn-www.cracked.com.idx
[2013.12.04 12:24:35 | 000,000,805 | ---- | M] () -- \Users\Davo\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fcdn-www.cracked.com%2Farticleimages%2Fob%2Fspiderthatcouldprobably.png
[2013.10.03 20:11:54 | 000,000,315 | ---- | M] () -- \Users\Yaya\AppData\Roaming\Microsoft\Windows\Recent\Crack.lnk

< *keygen* /s >

< *AntiWPA* /s >

< *loader* /s >
[2012.09.27 22:46:08 | 000,044,032 | ---- | M] () -- \Program Files (x86)\Calibre Portable\Calibre\DLLs\PyISAPI_loader.dll
[2013.04.21 20:44:16 | 000,008,827 | ---- | M] () -- \Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit.resources\inspector\HeapSnapshotLoader.js
[2011.01.29 00:30:38 | 000,056,416 | ---- | M] () -- \Program Files (x86)\Lenovo\YouCam\Koan\pyloader.dll
[2011.01.29 00:29:20 | 000,015,969 | ---- | M] () -- \Program Files (x86)\Lenovo\YouCam\subsys\Uploader\PyUploader.kc
[2011.01.29 00:29:20 | 000,179,296 | ---- | M] () -- \Program Files (x86)\Lenovo\YouCam\subsys\Uploader\_PyUploader.pyd
[2011.01.29 00:29:20 | 002,475,304 | ---- | M] () -- \Program Files (x86)\Lenovo\YouCam\subsys\YouCam\CES_3DLoaderFBX.dll
[2013.10.21 16:10:22 | 000,006,852 | ---- | M] () -- \Program Files (x86)\LibreOffice 4\program\pythonloader.py
[2013.12.11 11:48:20 | 000,000,171 | ---- | M] () -- \Program Files (x86)\LibreOffice 4\program\pythonloader.uno.ini
[2013.12.11 11:44:24 | 000,034,320 | ---- | M] () -- \Program Files (x86)\LibreOffice 4\program\pythonloaderlo.dll
[2014.01.11 16:58:01 | 000,007,243 | ---- | M] () -- \Program Files (x86)\LibreOffice 4\program\__pycache__\pythonloader.cpython-33.pyc
[2013.12.10 18:35:40 | 000,124,248 | ---- | M] () -- \Program Files (x86)\LibreOffice 4\program\classes\libloader-1.1.6.jar
[2013.12.10 19:22:24 | 000,013,850 | ---- | M] () -- \Program Files (x86)\LibreOffice 4\program\python-core-3.3.0\lib\unittest\loader.py
[2013.12.10 19:22:26 | 000,049,593 | ---- | M] () -- \Program Files (x86)\LibreOffice 4\program\python-core-3.3.0\lib\unittest\test\test_loader.py
[2013.12.11 11:43:00 | 000,063,504 | ---- | M] () -- \Program Files (x86)\LibreOffice 4\URE\bin\javaloaderlo.dll
[2013.12.10 18:28:14 | 000,004,759 | ---- | M] () -- \Program Files (x86)\LibreOffice 4\URE\java\unoloader.jar
[2013.10.26 15:16:12 | 000,001,712 | ---- | M] () -- \Program Files (x86)\Plex Media Server\Resources\Plug-ins\Framework.bundle\Contents\Resources\Versions\2\Python\Framework\code\loader.py
[2014.01.11 08:21:12 | 000,000,075 | ---- | M] () -- \Program Files (x86)\SnapPea\templates\app\javascripts\GuideLoader.js
[2014.01.11 08:21:24 | 000,000,071 | ---- | M] () -- \Program Files (x86)\SnapPea\templates\app\javascripts\PhotoModuleLoader.js
[2014.01.11 08:21:40 | 000,000,073 | ---- | M] () -- \Program Files (x86)\SnapPea\templates\app\javascripts\SnapPeaLoader.js
[2014.01.11 08:21:36 | 000,000,334 | ---- | M] () -- \Program Files (x86)\SnapPea\templates\app\javascripts\ui\ImageLoader.js
[2012.10.27 20:13:45 | 000,001,702 | ---- | M] () -- \Program Files (x86)\Sony Ericsson\Update Service\licenses\loaderbinarylegal.txt
[2013.12.06 07:46:12 | 000,046,080 | ---- | M] () -- \Program Files\Avidemux 2.6 - 64bits\libADM_coreImageLoader6.dll
[2012.01.30 19:24:26 | 000,041,472 | ---- | M] () -- \Program Files\Common Files\Autodesk Shared\Extensions 2013\Loader\Autodesk.REX.Loader.dll
[2012.01.30 19:24:26 | 000,012,604 | ---- | M] () -- \Program Files\Common Files\Autodesk Shared\Extensions 2013\Loader\Autodesk.REX.Loader.tlb
[2013.02.20 15:28:38 | 000,072,638 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.gif
[2013.02.20 15:28:38 | 000,003,032 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.png
[2013.02.20 15:28:38 | 000,009,772 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\retina\loader@2x.png
[2013.02.20 15:28:38 | 000,072,638 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.gif
[2013.02.20 15:28:38 | 000,003,032 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.png
[2013.02.20 15:28:38 | 000,009,772 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\retina\loader@2x.png
[2013.01.20 16:08:05 | 000,105,903 | ---- | M] () -- \Users\Davo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6G98PRN1\AdLoader-427d9fd2a91e2f2c023aefe9f69a01d0.min[1].js
[2012.08.31 06:58:06 | 000,003,784 | ---- | M] () -- \Users\Davo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6G98PRN1\bundleloader[1].js
[2013.01.20 16:08:04 | 000,000,753 | ---- | M] () -- \Users\Davo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DI403DPR\AdLoader[1].htm
[2012.08.31 06:58:07 | 000,000,723 | ---- | M] () -- \Users\Davo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DI403DPR\downloaderror[1].js
[2012.08.31 06:58:07 | 000,001,174 | ---- | M] () -- \Users\Davo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DI403DPR\downloader[1].js
[2013.06.11 19:30:03 | 000,109,448 | ---- | M] () -- \Users\Davo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L4JRTZJT\AdLoader-b3e321cab5fbc3c4ed10b513bb467bae.min[1].js
[2012.11.25 09:24:00 | 000,003,784 | ---- | M] () -- \Users\Davo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LKFL4ZFN\bundleloader[1].js
[2013.06.11 19:29:52 | 000,001,511 | ---- | M] () -- \Users\Davo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NIX0SAOQ\AdLoader[1].htm
[2013.12.06 20:10:21 | 000,000,723 | ---- | M] () -- \Users\Davo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NIX0SAOQ\downloaderror[1].js
[2013.12.06 20:09:02 | 000,001,174 | ---- | M] () -- \Users\Davo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NIX0SAOQ\downloader[1].js
[2013.12.06 20:10:21 | 000,001,174 | ---- | M] () -- \Users\Davo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NIX0SAOQ\downloader[2].js
[2012.08.31 06:53:07 | 000,003,784 | ---- | M] () -- \Users\Davo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RXTJX0OO\bundleloader[1].js
[2012.08.31 06:53:12 | 000,000,723 | ---- | M] () -- \Users\Davo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RXTJX0OO\downloaderror[1].js
[2012.11.25 09:24:01 | 000,000,723 | ---- | M] () -- \Users\Davo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RXTJX0OO\downloaderror[2].js
[2012.08.31 06:53:12 | 000,001,174 | ---- | M] () -- \Users\Davo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RXTJX0OO\downloader[1].js
[2012.11.25 09:24:01 | 000,001,174 | ---- | M] () -- \Users\Davo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RXTJX0OO\downloader[2].js
[2013.12.06 20:09:02 | 000,000,723 | ---- | M] () -- \Users\Davo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WZQEU7VE\downloaderror[1].js
[2014.02.10 00:57:44 | 000,002,942 | ---- | M] () -- \Users\Davo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2XYVJO6G\rmsloaderdelayed[1].js
[2014.02.14 17:24:40 | 000,002,942 | ---- | M] () -- \Users\Davo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2XYVJO6G\rmsloaderdelayed[2].js
[2013.11.14 19:57:09 | 000,002,942 | ---- | M] () -- \Users\Davo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\72IWUP96\rmsloaderdelayed[1].js
[2013.11.15 15:01:35 | 000,002,942 | ---- | M] () -- \Users\Davo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A9APH6H9\rmsloaderdelayed[1].js
[2012.10.21 12:12:36 | 000,000,695 | ---- | M] () -- \Users\Davo\AppData\Local\Opera\Opera\icons\http%3A%2F%2Funlockbootloader.sonymobile.com%2Fprofiles%2Funlockbootloader%2Fthemes%2Funlockbootloader%2Ffavicon.png
[2012.10.27 15:37:19 | 000,000,157 | ---- | M] () -- \Users\Davo\AppData\Local\Opera\Opera\icons\unlockbootloader.sonymobile.com.idx
[2014.01.31 18:41:14 | 000,001,712 | ---- | M] () -- \Users\Davo\AppData\Local\Plex Media Server\Plug-ins\Framework.bundle\Contents\Resources\Versions\2\Python\Framework\code\loader.py
[2014.01.31 18:41:26 | 000,002,800 | ---- | M] () -- \Users\Davo\AppData\Local\Plex Media Server\Plug-ins\Framework.bundle\Contents\Resources\Versions\2\Python\Framework\code\loader.pyc
[2013.05.28 00:45:29 | 000,004,186 | ---- | M] () -- \Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\63dvq8h4.xdavewolf\extensions\isreaditlater@ideashower.com\components\RILtextDownloader.js
[2013.05.28 00:45:29 | 000,000,493 | ---- | M] () -- \Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\63dvq8h4.xdavewolf\extensions\isreaditlater@ideashower.com\components\RILtextDownloader.xpt
[2013.05.28 00:45:29 | 000,017,865 | ---- | M] () -- \Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\63dvq8h4.xdavewolf\extensions\isreaditlater@ideashower.com\components\RILwebDownloader.js
[2013.05.28 00:45:29 | 000,000,411 | ---- | M] () -- \Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\63dvq8h4.xdavewolf\extensions\isreaditlater@ideashower.com\components\RILwebDownloader.xpt
[2013.05.28 00:45:29 | 000,004,186 | ---- | M] () -- \Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\yj1vuvvm.browsing\extensions\isreaditlater@ideashower.com\components\RILtextDownloader.js
[2013.05.28 00:45:29 | 000,000,493 | ---- | M] () -- \Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\yj1vuvvm.browsing\extensions\isreaditlater@ideashower.com\components\RILtextDownloader.xpt
[2013.05.28 00:45:29 | 000,017,865 | ---- | M] () -- \Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\yj1vuvvm.browsing\extensions\isreaditlater@ideashower.com\components\RILwebDownloader.js
[2013.05.28 00:45:29 | 000,000,411 | ---- | M] () -- \Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\yj1vuvvm.browsing\extensions\isreaditlater@ideashower.com\components\RILwebDownloader.xpt
[2014.02.18 18:22:56 | 000,010,819 | ---- | M] () -- \Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\yj1vuvvm.browsing\ReadItLater\RIL_assets\c.kinja-static.com\assets\images\ajax-loader.gif
[2014.02.18 18:22:56 | 000,003,208 | ---- | M] () -- \Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\yj1vuvvm.browsing\ReadItLater\RIL_assets\kinja.com\assets\images\ajax-loader-bg-transparent94ab170bf80d01c3a2a5f9c1
[2014.02.07 18:23:10 | 000,010,819 | ---- | M] () -- \Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\yj1vuvvm.browsing\ReadItLater\RIL_assets\kinja.com\assets\images\ajax-loader.gif
[2014.02.18 18:22:49 | 000,009,427 | ---- | M] () -- \Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\yj1vuvvm.browsing\ReadItLater\RIL_assets\www.instructables.com\static\drag_editor\img\ajax-loader.gif
[2014.02.18 18:22:49 | 000,009,793 | ---- | M] () -- \Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\yj1vuvvm.browsing\ReadItLater\RIL_assets\www.instructables.com\static\drag_editor\img\ajax_loader_large.gif
[2014.02.22 18:56:40 | 000,002,545 | ---- | M] () -- \Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\yj1vuvvm.browsing\ReadItLater\RIL_assets\www.mimoskolu.cz\wp-content\themes\metro\img\prettyPhoto\dark_rounded\loader.gif
[2014.02.22 18:56:40 | 000,002,545 | ---- | M] () -- \Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\yj1vuvvm.browsing\ReadItLater\RIL_assets\www.mimoskolu.cz\wp-content\themes\metro\img\prettyPhoto\dark_square\loader.gif
[2014.02.22 18:56:39 | 000,006,331 | ---- | M] () -- \Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\yj1vuvvm.browsing\ReadItLater\RIL_assets\www.mimoskolu.cz\wp-content\themes\metro\img\prettyPhoto\default\loader.gif
[2014.02.22 18:56:40 | 000,002,545 | ---- | M] () -- \Users\Davo\AppData\Roaming\Mozilla\Firefox\Profiles\yj1vuvvm.browsing\ReadItLater\RIL_assets\www.mimoskolu.cz\wp-content\themes\metro\img\prettyPhoto\facebook\loader.gif
[2013.08.02 02:48:15 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009.04.03 11:39:20 | 000,070,936 | ---- | M] () -- \Windows\System32\PhysXLoader.dll
[2013.08.02 02:48:15 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2009.04.03 11:39:20 | 000,070,936 | ---- | M] () -- \Windows\SysWOW64\PhysXLoader.dll
[2009.07.14 02:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009.07.14 02:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.09.29 04:23:06 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:38:48 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_68a2edab92971725\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.11.13 20:32:41 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 03:12:19 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.09.29 04:23:06 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_691eb3faabbf8f66\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:35:00 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_6957a248ab947a6d\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 06:32:07 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22209_none_6971452eab80a50e\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 07:20:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_695e76beab8ff095\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.11.13 20:32:41 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22436_none_694dd858ab9ba72a\api-ms-win-core-libraryloader-l1-1-0.dll
[2010.11.21 08:06:45 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a.manifest
[2010.11.21 08:06:45 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winload.efi.mui_35ee487d
[2010.11.21 08:06:45 | 000,033,344 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winload.exe.mui_3bc5b827
[2010.11.21 08:06:45 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winresume.efi.mui_f412814e
[2010.11.21 08:06:45 | 000,029,760 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winresume.exe.mui_ff8b5358
[2011.09.29 04:18:36 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2011.09.29 04:18:36 | 000,642,944 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.efi_75834aa0
[2011.09.29 04:18:36 | 000,605,552 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.exe_75835076
[2011.09.29 04:18:36 | 000,566,208 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.efi_85cd069f
[2011.09.29 04:18:36 | 000,518,672 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.exe_85cd1215
[2009.07.14 03:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 03:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2010.11.21 08:05:43 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a.manifest
[2010.11.21 04:16:35 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89.manifest
[2011.09.29 04:18:34 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2011.09.29 04:18:34 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e.manifest
[2009.07.14 03:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.09.29 04:23:06 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 17:40:37 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_0c845227da39a5ef\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.11.13 20:32:41 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 02:48:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.09.29 04:23:06 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_0d001876f3621e30\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 17:29:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_0d3906c4f3370937\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 05:43:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22209_none_0d52a9aaf32333d8\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 06:53:29 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_0d3fdb3af3327f5f\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.11.13 20:32:41 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22436_none_0d2f3cd4f33e35f4\api-ms-win-core-libraryloader-l1-1-0.dll

< *minodlogin* /s >

< *tnod* /s >

< *AutoKMS* /s >

< *activator* /s >

< *serial* /s >
[2010.11.08 17:49:36 | 000,701,440 | ---- | M] () -- \Program Files (x86)\Common Files\Intel Corporation\WiDiAgent\serializer.dll
[2013.11.03 10:50:04 | 000,368,640 | ---- | M] () -- \Program Files (x86)\KeePass Password Safe 2\KeePass.XmlSerializers.dll
[2013.12.10 18:35:40 | 000,021,754 | ---- | M] () -- \Program Files (x86)\LibreOffice 4\program\classes\libserializer-1.1.6.jar
[2013.09.13 01:53:56 | 000,434,368 | ---- | M] () -- \Program Files (x86)\Microsoft Silverlight\5.1.20913.0\System.Runtime.Serialization.dll
[2013.11.16 18:10:34 | 001,164,288 | ---- | M] () -- \Program Files (x86)\Microsoft Silverlight\5.1.20913.0\System.Runtime.Serialization.ni.dll
[2013.10.26 15:16:12 | 000,001,008 | ---- | M] () -- \Program Files (x86)\Plex Media Server\Resources\Plug-ins\Framework.bundle\Contents\Resources\Versions\2\Python\Framework\modelling\serialization.py
[2012.10.05 11:53:23 | 000,970,752 | ---- | M] () -- \Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2012.10.27 20:13:47 | 000,026,802 | ---- | M] () -- \Program Files (x86)\Sony Ericsson\Update Service\plugins\com.serialio.win32.x86_2.12.12.1.jar
[2012.10.27 20:13:47 | 000,049,527 | ---- | M] () -- \Program Files (x86)\Sony Ericsson\Update Service\plugins\com.serialio_2.12.12.41.jar
[2012.10.27 20:14:38 | 000,006,298 | ---- | M] () -- \Program Files (x86)\Sony Ericsson\Update Service\plugins\com.sonyericsson.cs.serialcommunication_2.12.12.41.jar
[2010.04.14 19:20:46 | 000,415,592 | ---- | M] () -- \Program Files (x86)\Windows Live\Mesh\System.Runtime.Serialization.dll
[2010.04.14 19:20:46 | 000,141,168 | ---- | M] () -- \Program Files (x86)\Windows Live\Mesh\System.Runtime.Serialization.Json.dll
[2010.04.14 19:20:46 | 000,321,376 | ---- | M] () -- \Program Files (x86)\Windows Live\Mesh\System.Xml.Serialization.dll
[2011.09.13 19:45:38 | 000,002,594 | ---- | M] () -- \Program Files\Common Files\Autodesk Shared\AdLM\R5\en-US\Webdepot\RTSerialNumberHelp.html
[2013.09.13 02:23:44 | 000,434,368 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.1.20913.0\System.Runtime.Serialization.dll
[2013.11.16 18:10:59 | 001,546,240 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.1.20913.0\System.Runtime.Serialization.ni.dll
[2012.10.05 11:52:37 | 000,847,872 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2014.01.31 18:41:15 | 000,001,008 | ---- | M] () -- \Users\Davo\AppData\Local\Plex Media Server\Plug-ins\Framework.bundle\Contents\Resources\Versions\2\Python\Framework\modelling\serialization.py
[2014.01.31 18:41:26 | 000,002,375 | ---- | M] () -- \Users\Davo\AppData\Local\Plex Media Server\Plug-ins\Framework.bundle\Contents\Resources\Versions\2\Python\Framework\modelling\serialization.pyc
[2009.06.10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2012.10.05 11:53:23 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2014.02.14 17:12:47 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\553e7bfc9cac5e4feaa83d8ee1e187bd\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2013.08.30 21:11:46 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\d462f459c4353e2c628e6def1430aed7\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2013.08.30 21:12:23 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e043ad64456256a8ee5b934e227d9782\System.Runtime.Serialization.ni.dll
[2014.02.14 17:15:11 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f177ea74036d5fdc6c6b9c967dc877cf\System.Runtime.Serialization.ni.dll
[2014.02.14 17:10:42 | 000,396,288 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\8653acb87b4a219a84e4ce58df35e62a\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.02.14 17:17:30 | 003,073,536 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\b73fbf8a2db2192752ad2b13744a393b\System.Runtime.Serialization.ni.dll
[2014.02.14 16:13:02 | 002,658,304 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8ae53cb34b8952ba73f8aa77f94607cd\System.Runtime.Serialization.ni.dll
[2013.10.12 13:07:28 | 002,658,304 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8bbe54cb01b70a59c08c3207feef2c5c\System.Runtime.Serialization.ni.dll
[2014.02.14 16:12:34 | 000,311,296 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\a2f2c4c0abfbc3e4ce9aecbd147b1906\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2013.08.31 18:56:54 | 000,311,296 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\b76a18847d4b4b5955455db8c387ec3b\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2013.10.03 21:16:47 | 000,009,728 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\19cb8dbcbc5b0f37a4a70f6c29c208bb\System.Xml.Serialization.ni.dll
[2014.02.14 16:15:16 | 000,009,728 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\489b62a4a8a973e419d56ba25274ca93\System.Xml.Serialization.ni.dll
[2014.02.14 16:15:39 | 003,424,768 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\50cdbcad07869da7f4bdfce91a040dae\System.Runtime.Serialization.ni.dll
[2013.10.12 18:00:06 | 003,424,768 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\a4abc7282a04cec626f90c1ec3687b55\System.Runtime.Serialization.ni.dll
[2014.02.14 16:48:58 | 000,376,832 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\a6d5113221e92b37937dfa2725f37bf4\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2013.08.31 19:00:01 | 000,376,832 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\cd2da26160fba6400b0353e558e35da6\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.02.14 16:52:27 | 000,010,752 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Serializ#\1cb9bae02ade0f3574995232a79ab650\System.Xml.Serialization.ni.dll
[2013.10.03 21:21:21 | 000,010,752 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Serializ#\6452974e97dcd811c518a45b128055b8\System.Xml.Serialization.ni.dll
[2010.03.18 14:16:28 | 001,026,936 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.Runtime.Serialization.dll.amd64
[2010.03.18 14:16:28 | 001,026,936 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.Runtime.Serialization.dll.x86
[2014.02.13 17:50:48 | 000,122,264 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2014.02.13 17:50:47 | 001,039,040 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2014.02.13 17:50:51 | 000,011,632 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
[2009.06.10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2012.10.05 11:53:24 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2013.09.11 06:06:54 | 001,039,040 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2010.03.18 13:16:28 | 000,122,264 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2011.02.10 04:10:40 | 000,011,632 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll
[2009.06.10 21:40:06 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2012.10.05 11:52:38 | 000,847,872 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2013.09.11 06:06:54 | 001,039,040 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.dll
[2010.03.18 13:16:28 | 000,122,264 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2011.02.10 04:10:40 | 000,011,632 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.Serialization.dll
[2009.07.14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2009.07.14 01:00:40 | 000,094,208 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_amd64_neutral_fdcfb86ce78678d1\serial.sys
[2009.06.10 21:37:50 | 000,038,400 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_amd64_neutral_6fb75ea318f84fe5\grserial.sys
[2010.11.21 08:06:15 | 000,005,120 | ---- | M] () -- \Windows\System32\en-US\serialui.dll.mui
[2009.07.14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\SysWOW64\serialui.dll
[2010.11.21 08:06:15 | 000,005,120 | ---- | M] () -- \Windows\SysWOW64\en-US\serialui.dll.mui
[2010.11.21 08:06:20 | 000,005,120 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_en-us_edb61e94e4562781\serialui.dll.mui
[2009.07.14 02:41:54 | 000,017,920 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360\serialui.dll
[2010.11.21 08:06:21 | 000,010,240 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_64015f894ce7c72a\serial.sys.mui
[2009.07.14 01:00:40 | 000,094,208 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_548ca258d20f4ada\serial.sys
[2009.06.10 21:40:06 | 000,131,072 | ---- | M] () -- \Windows\winsxs\amd64_netfx-system.runtim..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_a9d1bee515273f56\System.Runtime.Serialization.Formatters.Soap.dll
[2009.06.10 21:37:50 | 000,038,400 | ---- | M] () -- \Windows\winsxs\amd64_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_ce9ed3064deed3aa\grserial.sys
[2010.11.21 04:24:53 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17514_none_5918bfde74e3f722\System.Runtime.Serialization.dll
[2012.10.05 11:52:38 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17966_none_591d933074dfaa5b\System.Runtime.Serialization.dll
[2012.10.05 11:56:11 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.22126_none_424bee728e8a9f53\System.Runtime.Serialization.dll
[2010.11.21 04:24:53 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_93efcca8c8dbf1bb\System.Runtime.Serialization.dll
[2012.10.05 11:52:37 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_93f49ffac8d7a4f4\System.Runtime.Serialization.dll
[2012.10.05 11:56:11 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_7d22fb3ce28299ec\System.Runtime.Serialization.dll
[2011.09.29 04:18:36 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8.manifest
[2011.09.29 04:18:36 | 000,017,792 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8_kdcom.dll_db5e7744
[2010.11.21 08:06:44 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_en-us_edb61e94e4562781_serialui.dll.mui_7d29d2a3
[2009.07.14 03:57:29 | 000,017,920 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360_serialui.dll_bea29328
[2010.11.21 08:06:45 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_en-us_919783112bf8b64b_serialui.dll.mui_7d29d2a3
[2009.07.14 03:58:37 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a_serialui.dll_bea29328
[2009.07.14 03:15:17 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_6daa7ec5c65bf5bc.manifest
[2011.09.29 04:18:34 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8.manifest
[2011.09.29 04:18:34 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.21655_none_703aeff2dc87a23b.manifest
[2009.07.14 03:11:30 | 000,000,868 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.1.7600.16385_none_88b1c48f2026fe3f.manifest
[2010.11.21 04:17:50 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17514_none_5918bfde74e3f722.manifest
[2012.10.05 19:18:30 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17966_none_591d933074dfaa5b.manifest
[2012.10.05 19:10:31 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.22126_none_424bee728e8a9f53.manifest
[2010.11.21 04:17:50 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_93efcca8c8dbf1bb.manifest
[2012.10.05 19:19:07 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_93f49ffac8d7a4f4.manifest
[2012.10.05 19:11:10 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_7d22fb3ce28299ec.manifest
[2010.11.21 04:17:50 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c.manifest
[2012.10.05 18:15:39 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17966_none_a683f56a74d63285.manifest
[2012.10.05 18:17:50 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22126_none_8fb250ac8e81277d.manifest
[2010.11.21 08:05:51 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_en-us_8f71d563bf7aa3c2.manifest
[2012.10.05 19:09:41 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17966_en-us_8f4bb639bfcd9db1.manifest
[2012.10.05 18:57:17 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22126_en-us_787a117bd97892a9.manifest
[2010.11.21 04:17:50 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f.manifest
[2012.10.05 18:15:03 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17966_none_d6c72b049c7d33b8.manifest
[2012.10.05 18:17:15 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22126_none_bff58646b62828b0.manifest
[2010.11.21 04:18:20 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1.manifest
[2012.10.05 18:19:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_dba1d6d1dd53cdfa.manifest
[2012.10.05 18:22:10 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_c4d03213f6fec2f2.manifest
[2009.06.10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll
[2010.11.21 04:24:53 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c\System.Runtime.Serialization.dll
[2012.10.05 11:53:24 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17966_none_a683f56a74d63285\System.Runtime.Serialization.dll
[2012.10.05 11:56:07 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22126_none_8fb250ac8e81277d\System.Runtime.Serialization.dll
[2010.11.21 04:24:53 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f\System.Runtime.Serialization.dll
[2012.10.05 11:53:23 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17966_none_d6c72b049c7d33b8\System.Runtime.Serialization.dll
[2012.10.05 11:56:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22126_none_bff58646b62828b0\System.Runtime.Serialization.dll
[2010.11.21 08:06:15 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_en-us_919783112bf8b64b\serialui.dll.mui
[2009.07.14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a\serialui.dll
[2010.11.21 04:25:11 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1\System.Runtime.Serialization.dll
[2012.10.05 11:53:23 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_dba1d6d1dd53cdfa\System.Runtime.Serialization.dll
[2012.10.05 11:56:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_c4d03213f6fec2f2\System.Runtime.Serialization.dll

< *w7lxe* /s >

< End of report >

[Márty84]

Vypnete antivir, at nebrani programu v praci.
Znovu spustte OTL jako spravce
Do spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[Purity]
[CreateRestorePoint]

:services
AdobeARMservice
gupdate
SkypeUpdate
gupdatem

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2164984403-1494394889-1087947439-1001Core.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2164984403-1494394889-1087947439-1001UA.job

:otl
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2164984403-1494394889-1087947439-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKU\S-1-5-21-2164984403-1494394889-1087947439-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2164984403-1494394889-1087947439-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2164984403-1494394889-1087947439-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2164984403-1494394889-1087947439-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[6 C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[10 C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[46 C:\windows\Temp\*.tmp files -> C:\windows\Temp\*.tmp -> ]

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=-
"ownCloud"=-
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=-
"QuickTime Task"=-

Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

[Universal]

na chvili jsem se lekl, kdyz me to hodilo do safe modu

--- LOG ---

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Davo
->Temp folder emptied: 462715014 bytes
->Temporary Internet Files folder emptied: 357228073 bytes
->FireFox cache emptied: 622500323 bytes
->Google Chrome cache emptied: 8240766 bytes
->Opera cache emptied: 61120972 bytes
->Flash cache emptied: 15509519 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Yaya
->Temp folder emptied: 149754379 bytes
->Temporary Internet Files folder emptied: 68740425 bytes
->FireFox cache emptied: 111601078 bytes
->Flash cache emptied: 57106 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 375881853 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42287446 bytes
RecycleBin emptied: 3063946588 bytes

Total Files Cleaned = 5 092,00 mb


[EMPTYFLASH]

User: All Users

User: Davo
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

User: Yaya
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

========== SERVICES/DRIVERS ==========
Service AdobeARMservice stopped successfully!
Service AdobeARMservice deleted successfully!
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service SkypeUpdate stopped successfully!
Service SkypeUpdate deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
========== FILES ==========
File/Folder C:\windows\system32\*.tmp.dll not found.
File/Folder C:\windows\system32\SET*.tmp not found.
File/Folder C:\windows\*.tmp not found.
C:\windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2164984403-1494394889-1087947439-1001Core.job moved successfully.
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2164984403-1494394889-1087947439-1001UA.job moved successfully.
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-2164984403-1494394889-1087947439-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-2164984403-1494394889-1087947439-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2164984403-1494394889-1087947439-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2164984403-1494394889-1087947439-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2164984403-1494394889-1087947439-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1687.tmp\System.ServiceModel.dll deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1687.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8EB8.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE375.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE7CC.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF5C3.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP5B04.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B6A.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP74D2.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP8658.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPB135.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPD27A.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPF038.tmp folder deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ownCloud deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 02262014_221337

Files\Folders moved on Reboot...
C:\Users\Davo\AppData\Local\Temp\BITAD4C.tmp moved successfully.
C:\Users\Davo\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Davo\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


--- EOF ---

[Márty84]

Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

T-Cleaner http://tharifas.sweb.cz/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry mohou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

Stahnete OTC http://oldtimer.geekstogo.com/OTC.exe , ulozte a spustte.
Kliknete na napis CleanUp a pote OK - Po uklidu dojde k restartu pc.

Stahnete TFC http://oldtimer.geekstogo.com/TFC.exe , ulozte a spustte
Kliknete na START a pote OK - Po uklidu dojde k restartu pc.
Po pouziti muzete programek smazat

Stahnete Ccleaner http://www.piriform.com/ccleaner/download/slim a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!

Defragmentujte disk(y)
Stahnete program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




Pak napiste, jak je na tom pc.

[Universal]

Done, Done, Done and Done. And Done.

Jak na tom PC je. Tezka otazka, nevim presne, na co se ptas Ale predpokladam, ze je na tom lepe po tom, co jsem odstranil vsechen ten crap. Esi neco nefunguje nebo neco zmizelo pravdepodobne zjistim az casem.

Jedine, co jeste vidim je to, ze Firefox pri bootnuti na sekundu zobrazi toolbar se vsemi tlacitky. Nejsou tam zadne, ktere bych neznal, ale nevim, proc se to objevi a zmizi. Pred tim, nez jsem nainstalovat ten zpropadeny conduit search to urcite nedelal a nedela to na zadnem jinem PC. Predpokladam, ze proste jenom doslo ke zmene nejakeho nastaveni (ale nevim jakeho) (prikladam screenshot - nahore toolbar, ktery se objevi na sekundu, dole jak to vypada po zbytek casu).

Kdyz se vydam cestou, ze chci toolbar upravit, uz se tam nic neobjevi. V nastaveni firefoxu jsem nenasel zadne toolbary navic, ani zadne podezrele addony, ktere jsem ja nenainstaloval.

Nevim, jestli to neco znamena, jestli se toho da zbavit a jestli si na to nebudu muset zvyknout. Kazdopadne prijde mi to divne, tak to zminuji Treba vis, co to

[Márty84]

Nejlepsi by bylo firefox preinstalovat. Tim by se zbavil veskereho smeti. Nektere veci se zazerou a nejde to odstranit skriptem.

Profil (zalozky atd.) se da pripadne zazalohovat pomoci mozbackup http://www.stahuj.centrum.cz/utility_a_ ... mozbackup/


Otazkou jak je na tom pc jsem myslel, jestli je nejaky problem a budem patrat dale, nebo jede vsechno jak ma a muzem tema uzavrit

[Universal]

Nechtelo se mi, ale presvedcil jsi me preinstaluju teda FF.

A jinak verim, ze me mas uz dost PC beha, takze se zase ozvu, pokud spatrim neco podezreleho.

Jsem velmi vdecny za tvoji pomoc. Dekuji!

[Márty84]

Tak jeste pockam, jestli ta preinstalace zabrala, a pak to muzem uzavrit

A jinak verim, ze me mas uz dost

To neni pravda


Neni vubec zac!


14.3. http://forum.viry.cz/viewtopic.php?f=12&t=123975