Kontola Logu

Zpráva

georgo22 · #1 Příspěvek od **georgo22** » 06 bře 2014 09:32

Poprosím Vás o kontrolu Logu z programu HiJack:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:13:44, on 6. 3. 2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Eset\ESET Endpoint Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Stardock\ObjectDockFree\ObjectDock.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Microsoft AutoRoute 2010\StreetsOlkShim.exe
C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Opera\opera.exe
C:\Windows\explorer.exe
C:\Program Files\HiJack This\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {32b29df0-2237-4370-9a29-37cebb730e9b} - (no file)
R3 - URLSearchHook: (no name) - {88ac3cb6-596b-4217-964c-b6757ef9602d} - (no file)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Users\Georgo\AppData\Roaming\Microsoft\microsoftwindowsupdate.exe
O2 - BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (file missing)
O2 - BHO: Slick Savings - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - C:\Users\Georgo\AppData\Roaming\Slick Savings\Coupons.dll
O2 - BHO: FaceCons - {B2A44031-7EAD-434C-AC9E-7F1DA176BA8C} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MicrosoftWindowsUpdate] C:\Users\Georgo\AppData\Roaming\Microsoft\microsoftwindowsupdate.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [Slick Savings] "C:\Users\Georgo\AppData\Roaming\Slick Savings\CouponsHelper.exe"
O4 - HKCU\..\Run: [zhuhghdt] regsvr32.exe "C:\ProgramData\zhuhghdt.dat"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDockFree\ObjectDock.exe
O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe
O8 - Extra context menu item: Free YouTube Download - C:\Users\Georgo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {5672DADB-EFBC-4927-B991-55678B70D679} (WebCamX Control) - http://213.160.160.82/WebCamX.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} - http://195.28.70.134/kapor2/lib/mgaxctrl.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{294FC601-668D-4AC5-9367-F3E01C315FD8}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2DD43EE-464B-4D08-8B63-0EA9C6B0B2B4}: NameServer = 195.146.132.58,195.146.128.62
O17 - HKLM\System\CS1\Services\Tcpip\..\{294FC601-668D-4AC5-9367-F3E01C315FD8}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{294FC601-668D-4AC5-9367-F3E01C315FD8}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O22 - SharedTaskScheduler: ObjectDockShellExt - {1984D045-52CF-49cd-DB77-08F378FEA4DB} - C:\Program Files\Stardock\ObjectDockFree\ODMenu.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Endpoint Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Endpoint Antivirus\ekrn.exe
O23 - Service: ESET SHA Service (ESHASRV) - ESET - C:\Program Files\ESET\ESET Endpoint Antivirus\EShaSrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\system32\drivers\pclepci.sys
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 7868 bytes

A kontrolu logu z programu Gmer:

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-03-05 11:42:50
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK2035GSS rev.DK020M 186,31GB
Running: 77g9m6de.exe; Driver: C:\Users\Georgo\AppData\Local\Temp\kwliapob.sys

---- System - GMER 2.1 ----

SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwCreateThread [0x8A7767F0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwLoadDriver [0x8A7768B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetSystemInformation [0x8A776870]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSystemDebugControl [0x8A776830]

---- Kernel code sections - GMER 2.1 ----

.text ntoskrnl.exe!ZwRollbackEnlistment + 1409 838789A5 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 83898512 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 14CB 8389FAC0 4 Bytes [F0, 67, 77, 8A] {JA 0xffffff8e}
.text ntoskrnl.exe!KeRemoveQueueEx + 15DB 8389FBD0 4 Bytes [B0, 68, 77, 8A] {MOV AL, 0x68; JA 0xffffff8e}
.text ntoskrnl.exe!KeRemoveQueueEx + 18E7 8389FEDC 4 Bytes [70, 68, 77, 8A] {JO 0x6a; JA 0xffffff8e}
.text ntoskrnl.exe!KeRemoveQueueEx + 192F 8389FF24 4 Bytes [30, 68, 77, 8A]
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x92021340, 0x3EE217, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text C:\Program Files\ESET\ESET Endpoint Antivirus\ekrn.exe[1924] kernel32.dll!SetUnhandledExceptionFilter 75C4F4EB 4 Bytes [C2, 04, 00, 00]
.text C:\Windows\System32\rundll32.exe[3360] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 00698138
.text C:\Windows\System32\rundll32.exe[3360] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 00698191
.text C:\Windows\System32\rundll32.exe[3360] ADVAPI32.dll!CreateProcessAsUserW 75ACC532 5 Bytes JMP 006981EA
.text C:\Windows\System32\rundll32.exe[3360] ADVAPI32.dll!CreateProcessAsUserA 75B02642 1 Byte [E9]
.text C:\Windows\System32\rundll32.exe[3360] ADVAPI32.dll!CreateProcessAsUserA 75B02642 5 Bytes JMP 00698246
.text C:\Windows\Explorer.EXE[3384] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 05258138
.text C:\Windows\Explorer.EXE[3384] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 05258191
.text C:\Windows\Explorer.EXE[3384] ADVAPI32.dll!CreateProcessAsUserW 75ACC532 5 Bytes JMP 052581EA
.text C:\Windows\Explorer.EXE[3384] ADVAPI32.dll!CreateProcessAsUserA 75B02642 1 Byte [E9]
.text C:\Windows\Explorer.EXE[3384] ADVAPI32.dll!CreateProcessAsUserA 75B02642 5 Bytes JMP 05258246
.text C:\Windows\System32\rundll32.exe[3624] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 00758138
.text C:\Windows\System32\rundll32.exe[3624] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 00758191
.text C:\Windows\System32\rundll32.exe[3624] ADVAPI32.dll!CreateProcessAsUserW 75ACC532 5 Bytes JMP 007581EA
.text C:\Windows\System32\rundll32.exe[3624] ADVAPI32.dll!CreateProcessAsUserA 75B02642 1 Byte [E9]
.text C:\Windows\System32\rundll32.exe[3624] ADVAPI32.dll!CreateProcessAsUserA 75B02642 5 Bytes JMP 00758246
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3660] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 017C8138
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3660] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 017C8191
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3660] ADVAPI32.dll!CreateProcessAsUserW 75ACC532 5 Bytes JMP 017C81EA
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3660] ADVAPI32.dll!CreateProcessAsUserA 75B02642 1 Byte [E9]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3660] ADVAPI32.dll!CreateProcessAsUserA 75B02642 5 Bytes JMP 017C8246
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3684] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 02BD8138
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3684] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 02BD8191
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3684] ADVAPI32.dll!CreateProcessAsUserW 75ACC532 5 Bytes JMP 02BD81EA
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3684] ADVAPI32.dll!CreateProcessAsUserA 75B02642 1 Byte [E9]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3684] ADVAPI32.dll!CreateProcessAsUserA 75B02642 5 Bytes JMP 02BD8246
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[3704] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 01308138
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[3704] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 01308191
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[3704] ADVAPI32.dll!CreateProcessAsUserW 75ACC532 5 Bytes JMP 013081EA
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[3704] ADVAPI32.dll!CreateProcessAsUserA 75B02642 1 Byte [E9]
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[3704] ADVAPI32.dll!CreateProcessAsUserA 75B02642 5 Bytes JMP 01308246
.text C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe[3744] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 01B78138
.text C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe[3744] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 01B78191
.text C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe[3744] ADVAPI32.dll!CreateProcessAsUserW 75ACC532 5 Bytes JMP 01B781EA
.text C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe[3744] ADVAPI32.dll!CreateProcessAsUserA 75B02642 1 Byte [E9]
.text C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe[3744] ADVAPI32.dll!CreateProcessAsUserA 75B02642 5 Bytes JMP 01B78246
.text C:\Program Files\Windows Sidebar\sidebar.exe[3824] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 08028138
.text C:\Program Files\Windows Sidebar\sidebar.exe[3824] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 08028191
.text C:\Program Files\Windows Sidebar\sidebar.exe[3824] ADVAPI32.dll!CreateProcessAsUserW 75ACC532 5 Bytes JMP 080281EA
.text C:\Program Files\Windows Sidebar\sidebar.exe[3824] ADVAPI32.dll!CreateProcessAsUserA 75B02642 1 Byte [E9]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3824] ADVAPI32.dll!CreateProcessAsUserA 75B02642 5 Bytes JMP 08028246
.text C:\Program Files\Stardock\ObjectDockFree\ObjectDock.exe[4080] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 04C38138
.text C:\Program Files\Stardock\ObjectDockFree\ObjectDock.exe[4080] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 04C38191
.text C:\Program Files\Stardock\ObjectDockFree\ObjectDock.exe[4080] ADVAPI32.dll!CreateProcessAsUserW 75ACC532 5 Bytes JMP 04C381EA
.text C:\Program Files\Stardock\ObjectDockFree\ObjectDock.exe[4080] ADVAPI32.dll!CreateProcessAsUserA 75B02642 1 Byte [E9]
.text C:\Program Files\Stardock\ObjectDockFree\ObjectDock.exe[4080] ADVAPI32.dll!CreateProcessAsUserA 75B02642 5 Bytes JMP 04C38246
.text C:\Program Files\Microsoft AutoRoute 2010\StreetsOlkShim.exe[4600] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 01308138
.text C:\Program Files\Microsoft AutoRoute 2010\StreetsOlkShim.exe[4600] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 01308191
.text C:\Program Files\Microsoft AutoRoute 2010\StreetsOlkShim.exe[4600] ADVAPI32.dll!CreateProcessAsUserW 75ACC532 5 Bytes JMP 013081EA
.text C:\Program Files\Microsoft AutoRoute 2010\StreetsOlkShim.exe[4600] ADVAPI32.dll!CreateProcessAsUserA 75B02642 1 Byte [E9]
.text C:\Program Files\Microsoft AutoRoute 2010\StreetsOlkShim.exe[4600] ADVAPI32.dll!CreateProcessAsUserA 75B02642 5 Bytes JMP 01308246
.text C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE[6124] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 08CB8138
.text C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE[6124] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 08CB8191
.text C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE[6124] kernel32.dll!SetUnhandledExceptionFilter 75C4F4EB 5 Bytes JMP 5AC25629 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll
.text C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE[6124] ADVAPI32.dll!CreateProcessAsUserW 75ACC532 5 Bytes JMP 08CB81EA
.text C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE[6124] ADVAPI32.dll!CreateProcessAsUserA 75B02642 1 Byte [E9]
.text C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE[6124] ADVAPI32.dll!CreateProcessAsUserA 75B02642 5 Bytes JMP 08CB8246
.text C:\Program Files\Opera\opera.exe[8132] kernel32.dll!CreateProcessW 75C0204D 5 Bytes JMP 00588138
.text C:\Program Files\Opera\opera.exe[8132] kernel32.dll!CreateProcessA 75C02082 5 Bytes JMP 00588191
.text C:\Program Files\Opera\opera.exe[8132] ADVAPI32.dll!CreateProcessAsUserW 75ACC532 5 Bytes JMP 005881EA
.text C:\Program Files\Opera\opera.exe[8132] ADVAPI32.dll!CreateProcessAsUserA 75B02642 1 Byte [E9]
.text C:\Program Files\Opera\opera.exe[8132] ADVAPI32.dll!CreateProcessAsUserA 75B02642 5 Bytes JMP 00588246

---- User IAT/EAT - GMER 2.1 ----

IAT C:\Windows\Explorer.EXE[3384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73EA24CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73E8562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73E856EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73EA2546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73E985AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73E94D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73E95105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73E951DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73E96707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73E98301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73E98850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73E990B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73E9E254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73E94C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll

---- Devices - GMER 2.1 ----

Device Ntfs.sys

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@Intel(R) PRO/Wireless 3945ABG \x2013 síťové připojení 1?
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00037ad7c67b
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@Intel(R) PRO/Wireless 3945ABG \x2013 síťové připojení 1?
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00037ad7c67b (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Users\Public\Documents\Pinnacle\Content\Sound Effects\UFX \x2013 Dveře\Door Hasp Catching.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Users\Public\Documents\Pinnacle\Content\Sound Effects\UFX \x2013 Gag\Bone Crush.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Users\Public\Documents\Pinnacle\Content\Sound Effects\UFX \x2013 Temné burácení\Alligator Hiss.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Users\Public\Documents\Pinnacle\Content\Sound Effects\UFX \x2013 Různé\Bike Sliding in Sand.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Users\Public\Documents\Pinnacle\Content\Sound Effects\UFX \x2013 Hrající si děti\Bat Crack .wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Users\Public\Documents\Pinnacle\Content\Sound Effects\UFX \x2013 Vesmírná loď\Electronic Motor2.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Users\Public\Documents\Pinnacle\Content\Sound Effects\UFX \x2013 Cestování\Camera Shutter.wav 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Users\Public\Documents\Pinnacle\Content\Sound Effects\UFX \x2013 Zimní radovánky\Baby Cough2.wav 1
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0xAA 0x52 0xC6 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@L:\Zaloha 16.4.2008-Externeho HDD\NET\Convertory\I\xb4M To AVI\ImTOO AVI MPEG Converter 2_1_16_1213b (MPEG,VOB,AVI,DV,MOV,animated GIF,swf,MPEG4,RM,WMV,ASF,WAV,WMA,MP3,3GP,m4a,mp4,h264,MP2,OGG,m4v etc to MPEGeAVI).exe 1

---- EOF - GMER 2.1 ----

Ďakujem Veľmi pekne

#2 Příspěvek od **Márty84** » 06 bře 2014 10:24

Zdravim

HJT je jiz nekolik let nedostacujici. Takze dejte log z RSIT http://forum.viry.cz/viewtopic.php?f=13&t=130786

georgo22 · #3 Příspěvek od **georgo22** » 06 bře 2014 15:32

Prikladam nový LOG:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Georgo at 2014-03-06 15:32:15
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 57 GB (30%) free of 189 GB
Total RAM: 2046 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:32:51, on 6. 3. 2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Eset\ESET Endpoint Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Stardock\ObjectDockFree\ObjectDock.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Microsoft AutoRoute 2010\StreetsOlkShim.exe
C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Windows\system32\conhost.exe
C:\Users\Georgo\Desktop\RSIT.exe
C:\Program Files\trend micro\Georgo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {32b29df0-2237-4370-9a29-37cebb730e9b} - (no file)
R3 - URLSearchHook: (no name) - {88ac3cb6-596b-4217-964c-b6757ef9602d} - (no file)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Users\Georgo\AppData\Roaming\Microsoft\microsoftwindowsupdate.exe
O2 - BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (file missing)
O2 - BHO: Slick Savings - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - C:\Users\Georgo\AppData\Roaming\Slick Savings\Coupons.dll
O2 - BHO: FaceCons - {B2A44031-7EAD-434C-AC9E-7F1DA176BA8C} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MicrosoftWindowsUpdate] C:\Users\Georgo\AppData\Roaming\Microsoft\microsoftwindowsupdate.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [Slick Savings] "C:\Users\Georgo\AppData\Roaming\Slick Savings\CouponsHelper.exe"
O4 - HKCU\..\Run: [zhuhghdt] regsvr32.exe "C:\ProgramData\zhuhghdt.dat"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDockFree\ObjectDock.exe
O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe
O8 - Extra context menu item: Free YouTube Download - C:\Users\Georgo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {5672DADB-EFBC-4927-B991-55678B70D679} (WebCamX Control) - http://213.160.160.82/WebCamX.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} - http://195.28.70.134/kapor2/lib/mgaxctrl.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{294FC601-668D-4AC5-9367-F3E01C315FD8}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2DD43EE-464B-4D08-8B63-0EA9C6B0B2B4}: NameServer = 195.146.132.58,195.146.128.62
O17 - HKLM\System\CS1\Services\Tcpip\..\{294FC601-668D-4AC5-9367-F3E01C315FD8}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{294FC601-668D-4AC5-9367-F3E01C315FD8}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O22 - SharedTaskScheduler: ObjectDockShellExt - {1984D045-52CF-49cd-DB77-08F378FEA4DB} - C:\Program Files\Stardock\ObjectDockFree\ODMenu.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Endpoint Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Endpoint Antivirus\ekrn.exe
O23 - Service: ESET SHA Service (ESHASRV) - ESET - C:\Program Files\ESET\ESET Endpoint Antivirus\EShaSrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\system32\drivers\pclepci.sys
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 8063 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\dsmonitor.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
ExplorerWnd Helper - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}]
Slick Savings - C:\Users\Georgo\AppData\Roaming\Slick Savings\Coupons.dll [2014-02-07 540000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B2A44031-7EAD-434C-AC9E-7F1DA176BA8C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-01-08 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-03-06 13605408]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2009-03-06 92704]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-06-20 1316136]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2010-12-23 9972328]
"egui"=C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe [2013-02-14 3158584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]
"MicrosoftWindowsUpdate"=C:\Users\Georgo\AppData\Roaming\Microsoft\microsoftwindowsupdate.exe [2010-11-05 1169224]
"ccleaner"=C:\Program Files\CCleaner\CCleaner.exe [2013-03-25 3497240]
"Slick Savings"=C:\Users\Georgo\AppData\Roaming\Slick Savings\CouponsHelper.exe [2014-02-07 832864]
"zhuhghdt"=regsvr32.exe C:\ProgramData\zhuhghdt.dat []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleIEDAV]
C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe [2013-11-15 1326408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApplePhotoStreams]
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [2013-11-20 59720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2014-02-06 43848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoShutdownManager]
C:\Program Files\AutoShutdownManager\AutoShutdownManager.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [2013-12-23 450560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2013-11-15 1861968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCloudServices]
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [2013-11-20 59720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2008-12-19 83336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2014-02-06 152392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaGet2]
C:\Users\Georgo\AppData\Local\MediaGet2\mediaget.exe --minimized []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2010-02-22 1226024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe -onlytray []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2013-05-01 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2013-07-25 20684656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2011-06-04 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe [2007-02-20 199752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
C:\PROGRA~1\Toshiba\BLUETO~1\TosBtMng.exe [2009-03-19 2532680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Georgo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Gigaset WLAN Adapter Monitor.lnk - C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe

C:\Users\Georgo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDockFree\ObjectDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
ObjectDockShellExt - {1984D045-52CF-49cd-DB77-08F378FEA4DB} - C:\Program Files\Stardock\ObjectDockFree\ODMenu.dll [2010-10-04 511344]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\43827671.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\43827671.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=28

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.ac3filter"=ac3filter.acm
"midi6"=wdmaud.drv
"midi7"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave6"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave9"=wdmaud.drv
"mixer9"=wdmaud.drv
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-03-06 15:32:22 ----D---- C:\Program Files\trend micro
2014-03-06 15:32:15 ----D---- C:\rsit
2014-03-06 09:11:52 ----D---- C:\Program Files\HiJack This
2014-03-05 11:10:30 ----A---- C:\TDSSKiller.2.8.16.0_05.03.2014_11.10.30_log.txt
2014-03-04 11:26:32 ----A---- C:\ProgramData\zhuhghdt.dat
2014-02-27 15:40:31 ----D---- C:\ProgramData\Garmin
2014-02-26 15:09:06 ----D---- C:\Program Files\HDD Tune
2014-02-26 09:28:12 ----D---- C:\Users\Georgo\AppData\Roaming\DigitalVolcano
2014-02-26 09:26:28 ----D---- C:\Program Files\Duplicate Cleaner
2014-02-25 15:48:32 ----D---- C:\Program Files\BySoft FreeRAM
2014-02-25 13:18:48 ----D---- C:\Program Files\iPod
2014-02-25 13:18:46 ----D---- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-25 13:18:46 ----D---- C:\Program Files\iTunes
2014-02-19 11:32:26 ----A---- C:\Windows\system32\ieui.dll
2014-02-19 11:32:26 ----A---- C:\Windows\system32\ie4uinit.exe
2014-02-19 11:32:25 ----A---- C:\Windows\system32\jsproxy.dll
2014-02-19 11:32:25 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-02-19 11:32:24 ----A---- C:\Windows\system32\msrating.dll
2014-02-19 11:32:24 ----A---- C:\Windows\system32\ieUnatt.exe
2014-02-19 11:32:24 ----A---- C:\Windows\system32\iesetup.dll
2014-02-19 11:32:24 ----A---- C:\Windows\system32\iernonce.dll
2014-02-19 11:32:24 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-02-19 11:32:23 ----A---- C:\Windows\system32\jscript9diag.dll
2014-02-19 11:32:23 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-02-19 11:32:22 ----A---- C:\Windows\system32\msfeeds.dll
2014-02-19 11:32:22 ----A---- C:\Windows\system32\ieapfltr.dll
2014-02-19 11:32:21 ----A---- C:\Windows\system32\wininet.dll
2014-02-19 11:32:21 ----A---- C:\Windows\system32\iertutil.dll
2014-02-19 11:32:20 ----A---- C:\Windows\system32\urlmon.dll
2014-02-19 11:32:18 ----A---- C:\Windows\system32\ieframe.dll
2014-02-19 11:32:17 ----A---- C:\Windows\system32\mshtml.dll
2014-02-19 11:32:17 ----A---- C:\Windows\system32\jscript9.dll
2014-02-19 11:31:56 ----A---- C:\Windows\system32\vbscript.dll
2014-02-19 11:30:08 ----A---- C:\Windows\system32\mstscax.dll
2014-02-19 11:09:46 ----A---- C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-02-19 11:09:45 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-19 11:09:44 ----A---- C:\Windows\system32\drivers\TsUsbFlt.sys
2014-02-19 11:09:42 ----A---- C:\Windows\system32\wksprtPS.dll
2014-02-19 11:09:42 ----A---- C:\Windows\system32\wksprt.exe
2014-02-19 11:09:42 ----A---- C:\Windows\system32\TSWbPrxy.exe
2014-02-19 11:09:42 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-19 11:09:42 ----A---- C:\Windows\system32\tsgqec.dll
2014-02-19 11:09:42 ----A---- C:\Windows\system32\rdvidcrl.dll
2014-02-19 11:09:42 ----A---- C:\Windows\system32\MsRdpWebAccess.dll
2014-02-19 11:09:41 ----A---- C:\Windows\system32\mstsc.exe
2014-02-19 10:59:42 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-02-19 10:59:42 ----A---- C:\Windows\system32\elshyph.dll
2014-02-19 10:59:40 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2014-02-19 10:59:40 ----A---- C:\Windows\system32\msls31.dll
2014-02-19 10:59:40 ----A---- C:\Windows\system32\jsIntl.dll
2014-02-19 10:59:40 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-02-19 10:59:40 ----A---- C:\Windows\system32\ieapfltr.dat
2014-02-19 10:59:40 ----A---- C:\Windows\system32\icardie.dll
2014-02-19 10:59:40 ----A---- C:\Windows\system32\dxtrans.dll
2014-02-19 10:59:40 ----A---- C:\Windows\system32\dxtmsft.dll
2014-02-19 10:59:39 ----A---- C:\Windows\system32\wextract.exe
2014-02-19 10:59:39 ----A---- C:\Windows\system32\webcheck.dll
2014-02-19 10:59:39 ----A---- C:\Windows\system32\url.dll
2014-02-19 10:59:39 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-02-19 10:59:39 ----A---- C:\Windows\system32\mshtmled.dll
2014-02-19 10:59:39 ----A---- C:\Windows\system32\licmgr10.dll
2014-02-19 10:59:39 ----A---- C:\Windows\system32\inseng.dll
2014-02-19 10:59:39 ----A---- C:\Windows\system32\iexpress.exe
2014-02-19 10:59:39 ----A---- C:\Windows\system32\iedkcs32.dll
2014-02-19 10:59:38 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2014-02-19 10:59:38 ----A---- C:\Windows\system32\pngfilt.dll
2014-02-19 10:59:38 ----A---- C:\Windows\system32\occache.dll
2014-02-19 10:59:38 ----A---- C:\Windows\system32\mshtmler.dll
2014-02-19 10:59:38 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-02-19 10:59:38 ----A---- C:\Windows\system32\mshta.exe
2014-02-19 10:59:38 ----A---- C:\Windows\system32\msfeedssync.exe
2014-02-19 10:59:38 ----A---- C:\Windows\system32\msfeedsbs.dll
2014-02-19 10:59:38 ----A---- C:\Windows\system32\jscript.dll
2014-02-19 10:59:38 ----A---- C:\Windows\system32\imgutil.dll
2014-02-19 10:59:38 ----A---- C:\Windows\system32\iesysprep.dll
2014-02-19 10:59:38 ----A---- C:\Windows\system32\iepeers.dll
2014-02-19 10:59:38 ----A---- C:\Windows\system32\IEAdvpack.dll
2014-02-19 10:53:34 ----A---- C:\Windows\system32\TSWorkspace.dll
2014-02-18 14:56:32 ----A---- C:\Windows\system32\msxml3r.dll
2014-02-18 14:56:32 ----A---- C:\Windows\system32\msxml3.dll
2014-02-18 14:56:28 ----A---- C:\Windows\system32\drivers\netio.sys
2014-02-18 14:56:25 ----A---- C:\Windows\system32\drivers\usbuhci.sys
2014-02-18 14:56:25 ----A---- C:\Windows\system32\drivers\usbport.sys
2014-02-18 14:56:25 ----A---- C:\Windows\system32\drivers\usbohci.sys
2014-02-18 14:56:25 ----A---- C:\Windows\system32\drivers\usbhub.sys
2014-02-18 14:56:25 ----A---- C:\Windows\system32\drivers\usbehci.sys
2014-02-18 14:56:25 ----A---- C:\Windows\system32\drivers\usbd.sys
2014-02-18 14:56:25 ----A---- C:\Windows\system32\drivers\usbccgp.sys
2014-02-18 14:56:23 ----A---- C:\Windows\system32\win32k.sys
2014-02-18 14:56:16 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-18 14:56:16 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2014-02-18 14:56:16 ----A---- C:\Windows\system32\RMActivate_isv.exe
2014-02-18 14:56:16 ----A---- C:\Windows\system32\RMActivate.exe
2014-02-18 14:56:15 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2014-02-18 14:56:15 ----A---- C:\Windows\system32\secproc_ssp.dll
2014-02-18 14:56:15 ----A---- C:\Windows\system32\secproc_isv.dll
2014-02-18 14:56:15 ----A---- C:\Windows\system32\secproc.dll
2014-02-18 14:56:15 ----A---- C:\Windows\system32\msdrm.dll
2014-02-18 14:54:31 ----A---- C:\Windows\system32\d3d10warp.dll
2014-02-18 14:54:31 ----A---- C:\Windows\system32\d2d1.dll
2014-02-14 09:27:03 ----D---- C:\ProgramData\ProductData
2014-02-14 09:27:00 ----D---- C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-02-14 09:25:17 ----D---- C:\Users\Georgo\AppData\Roaming\Slick Savings
2014-02-14 09:25:09 ----D---- C:\Program Files\Common Files\Spigot
2014-02-14 09:24:48 ----A---- C:\Windows\system32\SmartDefragBootTime.exe
2014-02-14 09:24:36 ----A---- C:\Windows\system32\IObitSmartDefragExtension.dll
2014-02-14 09:24:28 ----A---- C:\Windows\system32\drivers\SmartDefragDriver.sys
2014-02-11 13:25:46 ----D---- C:\ALL
2014-02-11 13:16:55 ----D---- C:\Users\Georgo\AppData\Roaming\Stardock
2014-02-11 13:16:41 ----HDC---- C:\ProgramData\{5486EA6B-AF91-4B4B-868E-F80AB4BCD83A}
2014-02-11 13:16:28 ----D---- C:\Program Files\Stardock
2014-02-11 09:53:02 ----D---- C:\ProgramData\digiCamControl

======List of files/folders modified in the last 1 month======

2014-03-06 15:32:34 ----D---- C:\Windows\Prefetch
2014-03-06 15:32:22 ----RD---- C:\Program Files
2014-03-06 15:32:12 ----D---- C:\Windows\Temp
2014-03-06 15:29:17 ----RD---- C:\Users
2014-03-06 10:19:37 ----D---- C:\Windows\system32\config
2014-03-05 15:14:55 ----D---- C:\Windows
2014-03-05 11:10:34 ----D---- C:\Windows\system32\drivers
2014-03-05 09:05:58 ----D---- C:\Windows\system32\LogFiles
2014-03-04 15:55:55 ----D---- C:\Windows\inf
2014-03-04 11:26:32 ----HD---- C:\ProgramData
2014-03-04 09:50:15 ----D---- C:\Windows\rescache
2014-03-04 09:36:02 ----SHD---- C:\System Volume Information
2014-03-01 09:47:52 ----SHD---- C:\Windows\Installer
2014-03-01 09:47:51 ----SHD---- C:\Config.Msi
2014-02-28 13:15:03 ----AD---- C:\Windows\System32
2014-02-28 13:15:03 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-02-27 13:34:33 ----D---- C:\Windows\SoftwareDistribution
2014-02-27 13:28:23 ----D---- C:\Windows\pss
2014-02-27 11:24:50 ----D---- C:\Users\Georgo\AppData\Roaming\Skype
2014-02-27 10:28:55 ----D---- C:\Windows\Minidump
2014-02-27 10:19:38 ----D---- C:\Windows\Tasks
2014-02-27 10:19:38 ----D---- C:\Windows\system32\wfp
2014-02-27 10:19:38 ----D---- C:\Windows\system32\wbem
2014-02-27 10:19:38 ----D---- C:\Windows\system32\Tasks
2014-02-27 10:19:38 ----D---- C:\Windows\system32\DriverStore
2014-02-27 10:19:37 ----D---- C:\Windows\system32\CodeIntegrity
2014-02-27 10:19:37 ----D---- C:\Windows\system32\catroot2
2014-02-27 10:19:37 ----D---- C:\Windows\system32\catroot
2014-02-27 10:19:37 ----D---- C:\Windows\AppCompat
2014-02-27 10:19:29 ----D---- C:\Users\Georgo\AppData\Roaming\GHISLER
2014-02-27 10:19:29 ----D---- C:\ProgramData\IObit
2014-02-27 10:19:29 ----D---- C:\Program Files\WinPcap
2014-02-27 10:19:26 ----D---- C:\Program Files\Facicons
2014-02-27 10:19:26 ----D---- C:\Program Files\Eset
2014-02-27 10:19:09 ----D---- C:\Windows\registration
2014-02-27 10:18:16 ----SD---- C:\ProgramData\Microsoft
2014-02-27 10:18:11 ----D---- C:\Program Files\proDAD
2014-02-27 10:18:06 ----D---- C:\Program Files\Pinnacle
2014-02-27 10:18:01 ----D---- C:\Audio
2014-02-25 15:28:27 ----D---- C:\Windows\debug
2014-02-25 15:09:34 ----D---- C:\Users\Georgo\AppData\Roaming\proDAD
2014-02-25 14:04:44 ----D---- C:\Program Files\CommViewWiFi
2014-02-25 14:04:29 ----D---- C:\ProgramData\TamoSoft
2014-02-25 14:01:17 ----HD---- C:\Program Files\InstallShield Installation Information
2014-02-25 13:59:29 ----D---- C:\Users\Georgo\AppData\Roaming\BitTorrent
2014-02-25 13:57:36 ----D---- C:\ProgramData\PY_Software
2014-02-25 13:57:36 ----D---- C:\Program Files\Argus Surveillance DVR
2014-02-25 13:52:25 ----D---- C:\Windows\Panther
2014-02-25 13:18:46 ----D---- C:\Program Files\Common Files\Apple
2014-02-25 13:11:17 ----D---- C:\ProgramData\Apple
2014-02-21 10:28:33 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2014-02-19 15:35:48 ----SHD---- C:\Users\Georgo\AppData\Roaming\Microsoft
2014-02-19 11:41:33 ----D---- C:\Windows\winsxs
2014-02-19 11:39:10 ----D---- C:\Program Files\Internet Explorer
2014-02-19 11:23:20 ----D---- C:\Windows\Logs
2014-02-19 11:16:28 ----D---- C:\Windows\system32\sk-SK
2014-02-19 11:16:28 ----D---- C:\Windows\system32\en-US
2014-02-19 11:16:28 ----D---- C:\Windows\system32\cs-CZ
2014-02-19 11:16:27 ----D---- C:\Windows\system32\drivers\en-US
2014-02-19 11:16:25 ----D---- C:\Windows\system32\migration
2014-02-19 11:16:25 ----D---- C:\Windows\PolicyDefinitions
2014-02-19 10:26:46 ----D---- C:\Windows\Microsoft.NET
2014-02-19 10:25:34 ----RSD---- C:\Windows\assembly
2014-02-18 15:26:58 ----D---- C:\Windows\system32\MRT
2014-02-17 15:46:32 ----D---- C:\Program Files\IObit
2014-02-14 09:27:07 ----D---- C:\Users\Georgo\AppData\Roaming\IObit
2014-02-14 09:25:09 ----D---- C:\Program Files\Common Files
2014-02-12 15:10:53 ----D---- C:\Program Files\HomeKeylogger
2014-02-12 15:10:48 ----A---- C:\ProgramData\KeyLog.txt
2014-02-10 15:57:41 ----RD---- C:\Program Files\Skype
2014-02-10 15:56:00 ----DC---- C:\Windows\system32\DRVSTORE
2014-02-10 15:52:31 ----RSD---- C:\Windows\Fonts
2014-02-10 15:42:58 ----D---- C:\ProgramData\Nokia
2014-02-10 15:42:58 ----D---- C:\Program Files\Nokia
2014-02-10 15:41:46 ----D---- C:\Users\Georgo\AppData\Roaming\Nokia Suite
2014-02-10 15:41:46 ----D---- C:\Users\Georgo\AppData\Roaming\Nokia
2014-02-10 15:28:57 ----D---- C:\Users\Georgo\AppData\Roaming\DVDVideoSoft
2014-02-10 15:28:57 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2014-02-10 15:26:44 ----D---- C:\Program Files\DVDFab 6
2014-02-10 15:26:38 ----D---- C:\Users\Georgo\AppData\Roaming\Vso
2014-02-07 13:39:01 ----D---- C:\Windows\Downloaded Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [2013-12-24 18624]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2007-11-09 23640]
R0 US30Sys;US30Sys; C:\Windows\System32\Drivers\US4Vista.sys [2009-09-24 78336]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2013-02-04 175288]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2013-02-04 124848]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2008-03-14 46652]
R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2009-02-19 63872]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2013-02-04 108344]
R2 RMCAST;@%SystemRoot%\system32\wshrm.dll,-102; C:\Windows\system32\DRIVERS\RMCAST.sys [2010-11-20 117760]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2009-07-13 1035776]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2010-12-30 3351208]
R3 MarvinBus;Pinnacle Marvin Bus; C:\Windows\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520]
R3 NETwLv32; Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETwLv32.sys [2010-10-07 6639616]
R3 odysseyIM4;Odyssey Network Agent Miniport; C:\Windows\system32\DRIVERS\odysseyIM4.sys [2004-09-03 173056]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2010-05-18 47360]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2009-07-14 8192]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
R3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 84992]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-06-20 200112]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2006-07-06 168448]
R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2008-03-25 41472]
R3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2008-10-06 137984]
R3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2009-03-03 36864]
R3 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 9216]
R3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2009-03-05 74368]
R3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2009-03-12 16128]
R3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2009-03-19 43264]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 AR5523;Gigaset USB Adapter 108; C:\Windows\system32\DRIVERS\ar5523.sys [2005-02-24 285568]
S3 ATHFMWDL;GigaSet USB Adapter 108 Bootloader driver; C:\Windows\System32\Drivers\ATHFMWDL.sys [2005-02-24 43392]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 CV2K1;CommView Network Monitor; C:\Windows\system32\DRIVERS\cv2k1.sys []
S3 MHIKEY10;MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10.sys [2010-10-01 52096]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2005-08-03 32512]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RDID1046;UA-25; C:\Windows\system32\Drivers\rdwm1046.sys [2009-09-18 145536]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 14848]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 Ser2pl;Prolific Serial port driver; C:\Windows\system32\DRIVERS\ser2pl.sys [2009-11-19 81920]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TosRfSnd;Bluetooth Audio; C:\Windows\system32\drivers\tosrfsnd.sys [2009-03-23 54272]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2013-10-02 49152]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2012-12-13 45056]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2013-08-29 28160]
S3 UVCFTR;UVCFTR; C:\Windows\system32\DRIVERS\UVCFTR_S.SYS [2007-01-26 17712]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 vhidmini;4 joy Virtual Joystick; C:\Windows\system32\DRIVERS\vhidmini.sys [2012-06-19 8320]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2014-01-07 43336]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Endpoint Antivirus\ekrn.exe [2013-02-14 1020304]
R2 NAUpdate;@C:\Program Files\Nero\Update\NASvc.exe,-200; C:\Program Files\Nero\Update\NASvc.exe [2010-02-18 462632]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-03-06 203296]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2009-03-17 144752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 LiveUpdateSvc;LiveUpdate; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2013-12-03 2151200]
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe []
S2 NetPipeActivator;Net.Pipe Listener Adapter; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S2 NetTcpActivator;Net.Tcp Listener Adapter; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S2 PCLEPCI;PCLEPCI; C:\Windows\system32\drivers\pclepci.sys [2005-02-09 14165]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-07-25 162672]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-05-20 72704]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21 257928]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Endpoint Antivirus\EHttpSrv.exe [2013-02-14 33136]
S3 ESHASRV;ESET SHA Service; C:\Program Files\ESET\ESET Endpoint Antivirus\EShaSrv.exe [2013-02-14 183944]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-02-06 108032]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2014-02-06 553288]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-04-02 1343400]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
S4 ecwxjnodoxqqbg;ecwxjnodoxqqbg; []
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

#4 Příspěvek od **Márty84** » 06 bře 2014 15:34

Nejake brouky tam vidim.

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

georgo22 · #5 Příspěvek od **georgo22** » 07 bře 2014 09:06

Spustil som to ako ste mi napisali a zastavilo ma chybove hlasenie Cannot create file cmd.bat na praconú plochu. Potom to zostalo stáť na mrtvom bode.

#6 Příspěvek od **Márty84** » 07 bře 2014 09:11

Obcas se to stane, ze OTL tuhle chybku vyhodi

Spustte ho podle stejneho navodu jeste jednou, ale s timto upravenym skriptem

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

georgo22 · #7 Příspěvek od **georgo22** » 07 bře 2014 09:14

A ešte dodám nonstop mi eset vyhadzuje trojskeho kona WIN32/Kryptik.BWLZ (vymazaný liečením). Asi každé 4sekundy. CEsta C:\Program data\zhuhghdt.dat. Na tomto bode mi vlastne zostal stat aj ten program. A este sa mi tam obavuje infiltracia v pamati explorer.exe 3384 win32 psw parpas

#8 Příspěvek od **Márty84** » 07 bře 2014 10:02

Dobra, tak jinak.

Nainstalujte a aktualizujte b]MBAM[/b] http://forum.viry.cz/viewtopic.php?f=29&t=115222 a v nouzovem rezimu udelejte !!!kompletni!!! kontrolu a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

georgo22 · #9 Příspěvek od **georgo22** » 07 bře 2014 10:13

Pustil som ten scan znovu v OTL tak počkám na to čo to spraví. Potom sa vrhnem na ten MBAM

georgo22 · #10 Příspěvek od **georgo22** » 07 bře 2014 10:34

Prikladam LOG z OTL

OTL Extras logfile created on: 7.3.2014 9:28:53 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Georgo\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000405 | Country: Slovensko | Language: SKY | Date Format: d. M. yyyy

2,00 Gb Total Physical Memory | 0,71 Gb Available Physical Memory | 35,61% Memory free
4,00 Gb Paging File | 2,39 Gb Available in Paging File | 59,87% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 184,84 Gb Total Space | 54,12 Gb Free Space | 29,28% Space Free | Partition Type: NTFS

Computer Name: GEORGO-PC | User Name: Georgo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00078BCA-3610-4061-AE91-3E95F44511C6}" = rport=138 | protocol=17 | dir=out | app=system |
"{0059D334-9737-4C0C-B4F2-129753723D94}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0121C979-D097-458A-801C-4F800B0520E3}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{0409F1D5-D02E-40DB-973F-403E1432B4E1}" = lport=445 | protocol=6 | dir=in | app=system |
"{04BB1641-54B9-4CAD-800F-4F8F821ACE64}" = rport=2869 | protocol=6 | dir=out | app=system |
"{04D7B6E2-A542-48C7-B270-E329C23AF7C7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0E1D5270-9498-482E-AF06-AC723E0D7EA6}" = rport=137 | protocol=17 | dir=out | app=system |
"{1997FB7A-8C10-408D-9646-7B30A5D6B564}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1D5228B9-0160-4B99-9463-DE32D35B4D2A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1EE688AC-230A-487F-BC05-2DB949882940}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{23D0D5E4-9FAA-4BDF-8B9F-A383C822AB7F}" = rport=2869 | protocol=6 | dir=out | app=system |
"{294BE5FD-63AB-4800-B054-142E5BD61148}" = rport=2869 | protocol=6 | dir=out | app=system |
"{2B582D22-18BD-492F-B33B-327E043CF93A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2FE228BF-E17B-432A-9B9A-C45D17BCE4CA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{329BA42B-A86B-4E4D-9259-81E81CBC30B9}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{45126D3D-ED8F-4369-8139-874562AC06BC}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{4A0F11EF-FDFE-481E-8F6D-02FDCD4495F7}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{4A0F3D4E-85E3-4C8A-9A09-0FF3E2FB6ECA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4D033CFF-6481-4CE4-85AA-99135B0F8C27}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4F124D9F-C2F5-4B6D-AAF6-BF86835863B1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{539D131B-61A4-4F54-BC79-054EDAC4085C}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{55184C94-6469-476F-AC8D-33A49FCE78CE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{641072A5-A059-49C0-B6A6-329DCC77EA6B}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{78352532-CC11-40E6-99BE-C39F02D109F5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7A3DB663-1018-4D9C-9A25-8C5E28E350A8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7CF4EB45-6996-478F-B74C-0FD9A8CFECE6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8243875B-A1DA-4A42-872C-F2DFDD19E471}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8B56D630-8C91-4B7C-806E-9E3BB99D1B5D}" = lport=138 | protocol=17 | dir=in | app=system |
"{8BC6144C-DC9C-4AEE-B5E4-576FA45AED74}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8C79C937-239D-4196-8A5F-37BD2983037B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8D2409AD-64E4-4613-87FF-115566D5ED65}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8F64B877-D74E-4A09-91F3-EFA51C82E342}" = rport=139 | protocol=6 | dir=out | app=system |
"{995D4BA6-33A8-40A2-8B4C-8D0BEB1EFC4F}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{99DD2CEA-15F1-4EDC-991B-B303E7D0D1C4}" = rport=2869 | protocol=6 | dir=out | app=system |
"{9AC5FD50-FFB1-406E-8628-D35B7FF94B61}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A06BE096-772B-4C0F-BDBC-CB3D1A1D83DC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A26E51BD-E29F-4C3E-BF03-F99100E76752}" = lport=137 | protocol=17 | dir=in | app=system |
"{A2E680A7-270F-4855-AE13-D9EB08FC358D}" = rport=2869 | protocol=6 | dir=out | app=system |
"{A30523BE-EF2B-4D9F-8206-BE404157F307}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A58176FF-1331-46F3-A663-250E92D3234D}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A62E3CE4-BA7E-4DBE-99B9-60C695EDF961}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A7F00735-2624-4F52-86D4-E9D700035CE9}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A8686C60-B398-4C37-B651-CA550E4894B1}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A88AF820-0B48-49DE-BD62-B053548C9333}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AD3591B2-439E-4795-B801-2CB118390296}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{B575D038-D396-4F2B-813B-7CE6F449A249}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BA8522BB-1303-4BE1-AB23-A144E5C729C3}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{BFFBE190-7C63-4CA6-ABC6-914EED7E97E7}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C4F4622A-BCFA-40E8-88B1-440ECC02B0BA}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C7F7774B-CB6C-4C8E-B507-7C63359D4903}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CBE0B79D-17F4-42FD-A5A3-3C14C0C36356}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{CCFD15E4-7609-4578-ABFC-B99A2339175E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D0F9E28D-DC2F-47E5-8873-B0537D99E04A}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D62D80A8-2437-408E-B00C-24964EC655E6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D8EC4E51-622C-45E9-AB35-2CD530E21EFE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D94AA1E5-4796-4C2B-A1E5-0613D4B7ECDE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E815A665-8C4B-477E-975E-822CE0839B24}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E83E629E-B0CF-43E2-A533-016A090D7A84}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E84F4F12-8811-40A3-AF2D-81EC7E18FE53}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E903241C-544E-4B35-A60C-039A5D18382B}" = lport=139 | protocol=6 | dir=in | app=system |
"{F4A3FE9F-A8F5-4929-AB66-B4F675FE5EFD}" = rport=445 | protocol=6 | dir=out | app=system |
"{F7300AEE-AEE7-4F3E-AB7B-F4C31F09BBCE}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{FC16764C-5BEF-49F9-91EE-CA8E6559E093}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FC187671-610A-4686-B757-E9AD164D31FB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00569516-4449-466E-99D5-9D647FC0875A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{018C81F0-667A-4CC9-9DB1-6BC05AFDF13F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{01C75528-456A-414E-B46B-6C98C42DBE15}" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{030AAFEC-32F3-4F54-B86A-29D952249085}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{03788115-4EA9-436E-86D5-47D8E61ECF0E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{050140F0-B98B-4AC4-8E94-D1697CE8F1C8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{05031A0B-D79D-4DB8-9E5F-BE60572F2E54}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{05B72E43-6947-4ECE-B2D0-09364A44BB0D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0653EEDB-5B54-4342-86DF-1372EF4E730D}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressdl.exe |
"{06D698C0-FDA6-441D-ABB3-CC35DE757E96}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{072165F7-D5EA-4501-9950-7FE38D2B5F71}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{09A3E0F6-0396-4AAB-B70D-6858DB2811B8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0A3FB338-7C3B-4534-B0F8-61D079C0DC5F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0A5E356D-5792-42F0-9483-5344D30392E2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0AE4F3A6-3DAE-4A34-A73C-DD3CC99CE4A9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0BB6A96D-53B9-4885-8BC8-7AACED61E580}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0D82637C-7373-4C2A-8C8D-7A6501567489}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0D91BEC4-2005-47FD-8D70-C698B4813949}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0E581FB3-F365-4D0F-A4E7-60CE51D2E32D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0F053DEA-8DDC-4AC4-B14E-2620B68E616C}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\pmsregisterfile.exe |
"{0F7D01EA-C183-431F-BC73-3B8A91195D43}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0FAD0F95-3BDF-45EF-90A5-78ED1B48DD0B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{113D09B4-D1CF-449B-A7D0-3A3AFE12D217}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{11A7F1B5-A2C9-4568-8056-030CAC6EA2E8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{15104150-83B6-41F5-91EF-B346ADCA2BFF}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{161E73B4-EEC5-4F37-BCF0-3C1C384902C0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{177287E8-5548-412A-83E5-A01631C660AE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{17D4993E-346F-4971-B71E-20A622AFE480}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{18AD05D6-E93D-4E4C-967E-8B606AC9858D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1927BD6A-0E8E-4171-A5AF-6BD5C69AE15B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{194D04D5-7E12-4F90-BF29-5FD731F34980}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1971D853-626C-4FF1-89EB-7959EC57A4D5}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{19C00D95-BA4E-4DA8-9952-856D2632F639}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{19E66E7C-1971-4B3F-BF21-B9F7B16FA3F1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1A5BFF8A-C14E-432E-929E-3F2EB1542297}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1B100C5A-06BA-4378-A96B-8E8A3252952F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1C23265F-005B-4F1A-91C2-09F36605611A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1C7F501E-7FC1-4819-9074-708D0F0062EC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1CBD286E-F025-4CCE-ABC3-F1E33A278CF6}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{1F6B7E46-67D2-40B4-97BD-7FF469BDB258}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1F771B81-449B-4772-9036-9AD3344C8E87}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1F7BC665-4C91-4708-BB6E-9CEC96E77233}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 15\programs\umi.exe |
"{20A55CE4-CAA8-4312-88F3-4BAE3217B5C0}" = dir=in | app=c:\windows\system32\mpk\mpkview.exe |
"{213D15D9-3A9B-4B9E-B66B-2E072254584A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{215B002A-6A73-427A-B910-0A3DF02BA1F2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2271D0C9-A722-4721-944B-9CBEA739EF2A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{23136B1E-321F-4570-9DCA-B53083AE5AF8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{24FC423B-CC99-403B-B258-1A4B2D6BF7AD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{25444516-EC77-47D3-8618-B3565916FA2E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{26011E70-1A5E-4F4B-A0FC-BB8CC7FA9223}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2610FC29-C027-4675-BCA2-E3DE6726A91D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{26AFC3A6-1F54-47C5-8D8A-E23E69201A9D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2731D00F-C95C-492F-965A-29D895D5A1C7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2778DB49-8F04-4CCE-805A-F1D528ACAD0B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2808D0E3-EC17-4B16-B1F4-2739591ABAEA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{284CD852-F9F0-4DF3-9E04-C7385C4965C5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{28F78CD5-13E9-40C5-9310-6F5D4CA6C74F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2914C046-4AF9-4533-82FC-DBF053764838}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{29638A29-CB23-41E9-B11E-54B277AA153A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{297BAB23-8170-4D44-8738-099030D1B4CF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2BF2E10B-35A2-442E-B154-900B7880DACD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2CAD4850-5914-4B97-9C2C-7D234A6296E3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2D1DA1EE-19F5-474C-A316-357A970A7F5D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2ED9631F-5661-4A6C-B4EF-F083F7B3CAA1}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{2EE38BA9-BFAC-483F-AFC0-E55E543ED671}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2F49C840-B8E4-4817-96B8-3B60CDF56F41}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressfiles.exe |
"{31166372-2DE8-432B-9FE9-21E2F2A72E65}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3151BD63-3ACD-4684-AB02-F1E62019063F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{328B6E9A-0D4F-4939-9B80-58EF87561199}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{32CF20F2-89CC-4685-8295-D2AF113C00CA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{34007ABC-0A7B-483B-8E7A-C1B209E7679B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{348C1BAC-71B2-4258-ABDF-F9831F40683C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{34AAC626-DAD5-48EF-819F-8A91266EA6F7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3565A1DD-4858-4D36-B2E2-7204208A269D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3767C4C2-6D8D-4A5B-8205-7A323687115A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{37BD90C6-531F-4554-8324-6616BA362316}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{387DADED-EADC-4071-980D-2BFB8D622A47}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{38B17848-B328-4EE8-90B1-B343FBC859FC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{38D9955A-CD98-4641-AC9B-2D292FD9C46A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{39F992AE-14C0-4E6C-893C-C3CAD8119E6D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3AD2CAA7-A22D-4F46-822B-51775ADD7DB8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3C708093-ED12-4ED8-9551-BF5E77330A0E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3E5CC1E4-350D-4052-8D44-9EE2B6D5ED9B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3EC50FFC-4D32-49F3-8D50-FDAB8D227A54}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3EDE426F-9FBE-4200-83E8-BA4094C35301}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3FB64F00-1DE8-4B38-AA64-7F25BCFFC91A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3FD4C812-860F-4E4B-9C6D-B30962007C24}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{40990B95-C625-4E1D-BE4D-244286846E98}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{422D8E9F-8D62-4907-B5E6-1B548C96C047}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{44D7611E-0D50-4845-977E-27EDF70F285B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{44FD4A50-ADD4-4361-BC43-27B7E89288D8}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{4572C728-9D3A-45B9-81D0-7EF325873AE3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{45A7C6C8-6A9A-4162-BF9A-604D5CDB673B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{45EB8E48-7C43-4DB6-BB07-E4AEC207C248}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{46251B39-E72E-4059-BE38-FE9257E0AC8F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{46939CC3-4511-4CB3-978E-D5B32EDAD7C2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{472725AC-AA97-4EFA-BE52-8FC6CD1A5AE2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{47DF287F-13E6-4305-BCCF-970D2B6A0098}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4845AD15-7038-4EF0-8B03-EBA8965A9909}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{48CD1F08-FE11-4B9C-90FF-D4E33BACD504}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{49624695-28CE-4F94-A7F1-C66B96224C27}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4975F829-41D3-416C-B0BD-B9E8FD2E7BCD}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 15\programs\rm.exe |
"{4A009D7A-259B-4AE8-B4B3-B95D4698F7AD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4A393EDA-CE97-4C87-B777-B3855A749EF3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4A843B5C-6F23-4CA4-80EB-75043CA739BD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4B966E0D-7441-40DB-A243-FC57024E7A1A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4C277928-3136-4101-A5DA-3DD6C40CADF1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4DA6428F-4877-47A7-B3BB-942D4F2FBE32}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4DABEA4C-F99A-4AC7-A21A-B5B5D9D39EDD}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\studio.exe |
"{4E6E45CC-D534-4685-A215-5FD65BC9C866}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4E9B5D53-D06B-42CB-9A59-F88C1B8E5DAF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{50B080DF-2F17-4807-9F05-90A3516159CA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{514E2E25-4A03-40DA-A642-F9B6F1512A49}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{516E107D-A788-4336-A74B-07E2AD63CCB4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{51F844E6-82F5-4A27-818E-2127B2B4EE40}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{52EB52F6-3C3C-42C5-92F5-EE81FCCFEDA9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5335C1E7-78C8-45B3-AFAA-243D80B7D122}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{53930E3D-1C55-4269-9FAF-40D8D3096AD3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{53E7A065-1F13-4396-9E4E-7A1F89565019}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{55642CB0-2CCD-47B9-BCA8-32D832900570}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{557F3178-DEF9-4779-BA5A-11151F4C0769}" = protocol=6 | dir=in | app=c:\users\georgo\desktop\sweetimsetup.exe |
"{55BECAA9-5364-40D9-8631-84B4B787FED0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{55D16776-584E-404C-A3A8-3F391F436F69}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{55E2C68E-1E49-467B-B743-8368C2389B5F}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{562AFF93-F823-46AC-8F52-E0C4D0176E4D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{566BA172-67B9-4B70-9F74-EA3FAC12E611}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5681AD6A-D384-4B34-A2B6-D94405DB5F7A}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5691C287-7CDD-4831-BF5A-CBAB43910258}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{569E37B7-FAC7-4956-AD94-1310441677BD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{56CE6B0F-281F-45D9-BC1C-8C780EFD1FAC}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\rm.exe |
"{56ECD624-ABA2-40DC-95C0-E77BF74BDE7C}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\umi.exe |
"{57DAB1BA-1102-499D-9760-1CCDF5EAB4CC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5809C9FC-95F3-43AD-AFDC-D88DAC5A7DE4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5810B003-A646-44E9-BF07-E3CC6A157110}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{58400671-B267-4DF3-9D16-79E9D0663A98}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{587B305B-D373-446B-B653-13442A66034A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{58DA0951-1FB8-4C39-B520-787A55A6F8DB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{59ADFB58-1E07-475E-BD1C-7DCD627A0930}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{59BC763C-3F4F-403F-91F1-96DC800F2F92}" = protocol=17 | dir=in | app=c:\users\georgo\desktop\sweetimsetup.exe |
"{59CF3C55-48B1-41F1-B5E4-E167BBDDA05D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5A403025-61EC-4BEC-A200-D3E4453071FB}" = dir=in | app=c:\windows\system32\mpk\mpk.exe |
"{5AAD30BA-8132-433D-ADBC-127ECCA3F74D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5AD85AD3-8425-455F-BFC9-4D61D9ADFBE5}" = protocol=17 | dir=in | app=c:\program files\acspmonitor\asmonitor.exe |
"{5CF1B59B-8D66-4E36-8700-56D56B258625}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5EB812C2-BFBB-40BB-9921-46211FA64E7A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5EC89DC6-3DA0-4101-AB99-A614A8F5C569}" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{5F1ADC1D-73A7-4E2F-B9E9-79FBCA63C77D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5F91A79C-8A88-4982-A87F-15EF1114BA9D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{62FC54FF-6185-4B92-ACAE-0F517DFFEE6D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6737A75A-007A-44CD-8D6D-D2694AD3C0F0}" = protocol=6 | dir=out | app=system |
"{674093BD-FAE0-4BAE-B0F5-0939F5DCC7B0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{691ED4B6-1623-4C3C-BA4F-68B716CDC2A8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6A6DD5DF-E896-4052-8BAE-49B63D98F638}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6A9C43FA-24A4-42C6-BBAB-E57CC38139AA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6B080AFB-9BC9-443D-8605-36FCAE5F94A3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6B580C77-961E-4697-842C-21D06ECC6E1C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6B607BB4-5FA0-4C7B-9850-5E60AF09BC1A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6C004330-593A-4F97-AB85-12B8993EFCB5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6C522754-087A-4A17-9592-BA346905991C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6CDD7276-75EF-4564-BBE3-09866E2B126D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6D9A3955-1391-452A-B75D-A63DF1CB5D67}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6E829203-7406-4288-B531-75D4C9523792}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6ED3A843-C432-4EC9-9C06-CBC9B1D7EF47}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\rm.exe |
"{6F9284B5-796F-45FA-B489-8CF4CC979A4E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6FAC8234-DB8E-4D5A-8DB2-EEDB9AC8BE41}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{70ECF29F-0845-4285-BEBE-174EAC90C081}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7166CB1C-59F4-4207-BCF8-F4BC40313464}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{724DD01E-C58F-48C0-A99A-49A9DF5A9997}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{72F484DB-195D-4274-8CB1-F3A9FC771252}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{73011C85-8742-4808-8B38-74453E94F6F5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{731C53DA-E8CB-4BBE-BB04-E62EED4228D7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{738ADCFA-733B-45A5-BAD3-338192E940FF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{74B40B87-A8E9-4F33-9879-8805643E9A4C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{758813C0-808D-4B37-BAF4-3839AA4E7E27}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{76681167-6A29-43E8-BE06-6264A7AE19EA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{77A92D02-AC8E-452D-A62A-F9DA452F0FD0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{79E508D9-399A-4544-9D87-BFC4F9DF931D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7AF72520-88D4-49B6-A068-567C1C1AB3FE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7B26A01F-7D5D-4BFB-809F-7D1D309AA558}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7C863934-E726-40B5-AA32-A498EA3B0E9C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7D633830-C634-48F5-AB4F-F80D353C7F0B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7D82999B-A6FE-41BD-A47C-64E66ECCCC90}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7D8A880E-BD4E-40D3-B907-6D9A6C6EF5E9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7DF51087-F20A-423E-BCFB-D95421270165}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7E41D389-903D-4495-9DD5-33DB784FE492}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7EE20B05-D060-4DD9-BAA1-78D2AD1112C1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7F87B7FB-2937-4754-B9AB-7CEF2B21EA3D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7FD08DEB-26FB-4113-A62F-7304D45FEDF9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{80481C9D-A244-428C-8582-5AAB536E0D8F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{807B8ACA-650E-4771-8426-89642363BA6C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{810FCC6F-7F75-42FD-ADD3-105F8AD065F2}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{8194794C-E1D0-4868-A998-0D75C07C5BE6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{824F52C6-F6C8-4F9E-9F7A-384A030B39FF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{82AB51A0-9C9A-420D-B6F4-25BBACEEB0BF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{82FEF1A6-8212-46C6-9CFF-6B3D43582255}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{838C6DE6-621F-4C01-96CF-B0A0A977D7AC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8400ED2C-0EAA-44FC-A102-BA51F1649072}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{85ECECEF-9CC2-4E9E-9E6B-D4D1C5467E35}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{86F63854-EC3A-4D0E-AEFE-97C573E9EAEA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{871FC733-060D-4D31-90C3-FB41B9CA9B4A}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{888E9DD8-A35F-4053-B3B9-EAB509D729B2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8ABA031E-CC53-4DDC-ABFF-607A9CD2F178}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8B171C56-9047-4736-AE8C-D59532EDD4F6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8C854141-EDD5-4E1B-A946-8A4C681FB992}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 15\programs\studio.exe |
"{8C9E7DEF-1C99-4256-9297-E37A9C147FC6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8D3C218F-F2A2-4C2E-A00A-5FDD8D0F2EB0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8D54BE59-15B8-483F-ACB9-CD04C42F56D2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8DB167EE-186C-443B-B4CA-66CE95B80DFF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8E2E641D-5F73-4243-9695-EFDC5CA7D18E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8ED7C461-266F-4B2F-938B-531BA57434F9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8EEA344E-376E-49B2-BFA4-47127B644AE4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8F06AE97-EF3A-43B1-B694-EEFF19C84723}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{909BFEF4-3F78-4066-8858-15B68E8FABBB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{90CBB4F8-532E-4ADD-B0D0-4F740AF8C11C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{914C010A-8BD1-4927-892D-90DF1A3C254D}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\studio.exe |
"{920B961A-7DD0-43BB-B205-4FF7C4676FF2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{92772B3F-17EC-4B28-84C7-95FA3B974CE8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9296B892-404F-4D85-9FDA-7D3D47D7FB0C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{92D034DC-18C0-49D1-8DB8-E674622B25E4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{92D23C12-5178-4316-AB7D-1EE4702E0DD2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{93342F00-12C3-420D-B5B9-D3DC63E83AB6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9337C6D1-FD03-4E97-A33D-614EADFA29E2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{93CD92C5-F282-47A5-B958-DE430D993B34}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{947D7FE8-8E04-4156-9D23-A4689A43DC7E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{953C2874-3A50-4993-A963-FAD40FE7F7B8}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{95A783F4-CA57-4486-86B7-9937A235B46A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{971FD2C7-CB75-45A9-860E-D19BFC72F36F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{97B3DD68-31A8-47CF-99E3-1ADA38B066DC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{97E8AF54-45FA-4B62-BBBF-45276D8A32D1}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 15\programs\studio.exe |
"{9802C3AA-7272-4A19-82E9-3D1922C39357}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9851A34F-725F-46FE-BDED-1C7FC984F9A5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{98604BB0-FA1B-4AF2-88B2-0DF79138F866}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{98C0ECE8-34D0-4CC2-8901-0FD429914CA7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9933F5A1-E104-473C-96A1-53785F26DB12}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9B0A0221-8A6A-4433-888A-3999A4650A9F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9B40F538-D21E-4AA4-A968-C5E243679573}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9DB1F35A-FFB0-4B49-BAB1-FA2D14BF43F0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9DEC1C89-FF21-4F89-B252-9CBF7E4CF88D}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressdl.exe |
"{9F468ECA-1512-4DA5-8F77-93D2EE5DEF8E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9F4B1005-CCEB-416F-BF32-D42F5B7099FA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9FE87CC1-248B-46B7-9DE9-472D062B6148}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A024A6DC-AF14-4306-9B44-964762C49F73}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A1F4A39D-3A20-43FC-91CD-257E1C5F978D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A1F6D8C8-119D-49AC-B897-8DE90D45B854}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A1F90FAE-4342-4419-9B1F-D5FFD5EF220F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A26CB188-64ED-41C9-84CF-066A8DFCE14E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A2967754-76ED-4273-8666-CA7D503EB9D5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A2971538-DA78-4261-94EB-661076BC4934}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A4D5A2F3-8C5D-40BD-B32B-4FF98018D2E7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A572CCC1-024C-43B3-A538-BFDFF9A87F23}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A7CF00C7-3C2E-40CD-89E3-C129A4265DC2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A8D4AA2C-AC4C-4D48-953F-AEA9C66C06E6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A9038C05-2F7C-4E6A-9BB4-71E7B5543CE9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A99B342E-A42D-4FB3-BFE9-42210F4EF39C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AA1D8512-5ACE-42A4-8BDF-B76E6EE65F40}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AC0D0863-9BA4-44F1-9C74-7994DD69AF08}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AC7CE289-00CD-417C-974D-46CA0B8CFFED}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ACFE5D5F-AF31-4C1B-A3D1-4D476D99A4D7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{AD1CD746-78E0-477E-965D-DFBDDBA21B35}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AD2E94F7-2DD9-43F2-A6DB-B2B865293167}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AE9DCB64-4D2B-4CB5-8233-5E024BCA48A9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AF1A45CD-8E3D-407F-BD0D-6AF04F0B397D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B0789CFF-E652-48E4-9C8D-2748B733F5B6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B0A6C9BE-763F-4F1D-AD1E-236ECFAE82DF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B0EBCBA0-CBEF-46B9-B91F-B1BDAE268D52}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B2E29D3C-F5EC-4A41-9EAA-4D8064BE55C6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B2E6FD8E-B0DD-438A-BA15-F132305EB816}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B3CB70DC-3013-4D46-86B1-0C01221A590F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B487A722-CEBD-4CF1-86AA-14E2D129A323}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B4B9163E-6423-49D4-A18F-2F3AD2BDA5FB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B502C0FF-5300-478D-AB52-FF3C4274A67A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B6D91C88-46C7-4144-9423-D8C1F696B20F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B767A566-0170-402F-9EEA-A0385DF252B4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B77339C2-E29C-4D87-8EC0-407A2FF4E17C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B7D31AC2-C00A-46AC-A99F-FA4CE5249DD4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B850AC51-0B06-4E3B-A4E0-F0441D891A67}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{B8B428D3-E466-40F1-B5D7-FFC26408F4ED}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B9096474-D000-4217-9516-72DDFB063268}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B9857C56-F6CD-40AA-B6DB-CBC0D727C7B4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B989F152-C5EB-49F2-9FD0-2E0D8528CAFE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BBB1A3B6-4409-44EA-9DCA-6245B8BC5A7F}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{BBF8655F-B76E-441E-AD31-70911B85451A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BC87FDA5-7C83-441C-9A73-FD2C43402BEF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BD133F1B-4895-43B5-8667-B5294090D1ED}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BD93B007-3B26-44BE-8A4A-86360E624079}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BE8D5F0B-2EB6-4A79-8EC7-3E3B22BCDCA3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BFCF0FF3-3AD1-4FC1-B8F2-6330284D9445}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C2B77CA5-5FF1-4ED6-88B4-C8F81B950DE4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C372657F-BBC9-4513-AE6D-623C1A9AD80D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C3C5DDF0-908E-486F-B4D7-15E2EEC21C0B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C45271D7-C458-41EB-9C25-03929BECF230}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C5223C3F-7D8F-4682-902A-E4BD40B22E21}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C5428E50-F351-48C0-9317-D2DCFAFA010E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C55BAD2B-160A-46BF-897E-5B456E20F782}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C68588D3-80F6-4B0E-8E2F-29950EBCB424}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C6A8542D-EA7F-4BE9-A517-6CA20F1FE900}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C6FC4C1D-1814-437A-A923-6767C55973AE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C7C13920-98F7-4D97-9467-79DE875CBF05}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C7CF2406-AF05-4F67-A0BB-9DFC9B521B4D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C85BA86A-FCFB-49C7-863E-1E962B99FB53}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C91E70C5-6AAB-492E-A141-49298050EBCB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C984EF3B-4840-4EC8-BBF0-6BA23A86CFEF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CA9C0E1E-5A9C-43E7-95CD-E3D3F26E1414}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CC820C4E-F840-4BBA-9444-994504264AA1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CDD51F63-3EFA-4394-8566-3902EA3CCCEA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CDF5668D-30CC-4F07-A161-727D8FD915E0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CE8237A9-3C79-44C5-AC15-A1504377A05D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CF2531A9-9497-4A95-81ED-0585E15BE3E4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CF7EEB09-0F8A-4A7B-90C9-20B368461D0D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CFFF1CC2-53D6-44FF-A0FE-B7E50A3DBDE1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D0779AF0-17B5-486F-839E-0B5416FFA566}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D10F5259-1434-45B3-8E03-8AC15F701F29}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D1DF8BDB-2994-4988-9106-FE6B5248A470}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D1F257CB-71BD-47E8-95EB-AB22586ED7EE}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 15\programs\umi.exe |
"{D28DB8B5-9B7F-4C98-B356-5648492F50ED}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D34CA381-5790-4AFC-B401-DD3470F384F4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D395E5CD-2396-468F-BE87-2D5F39964A1C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D41C715B-C8EF-4F2B-9FBC-BDD040D29C3B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D4375E35-5F1B-452E-ADAB-51AF989D126B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D459DF1D-DDDA-4D95-8A00-2D735B7A83C5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D4752231-9319-40A4-A53C-F180C074978B}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D483C00C-B1F6-44AA-A43E-B9277C0A6A7A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D4F2AEF4-7682-421D-A7D0-DDF2EF506FF5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D52E1D67-0E1F-43EA-98A9-A5B3A5808B95}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D62547A7-3B5C-4370-B3A6-FEBF4B064C7A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D6669B64-9B6C-4062-BECA-3D3510D4D1EE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D6F61F49-F082-4ACE-9B5C-619A6065E1FA}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D8156958-B545-40EF-86C6-7132387C8661}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D8970532-A086-444E-9540-3B4090B83E5D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D8F2A191-943B-41F5-8A1C-2B1B09AAF6C1}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{D9D2AB72-3567-42A8-846C-26D53CCFEDE3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DA1C4107-7DF1-4839-BE28-D086CABC012A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DA821690-AA40-4554-8286-E0F77DC0237A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DAAA7DEB-4C8F-46C6-966A-360FE2F2EA4C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DB0856CA-F743-49DD-A810-BDCBE3C990AE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DB1B1C2C-33A3-4833-9AA2-28B3AB467D1F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DB2DE8E8-388A-4D8D-87B0-5A14D6A0D291}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DB58AE25-E8EF-4DDA-8D47-5F360943A377}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DB8D7AA2-56D0-4322-AF40-0E0483478931}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{DCAD01F2-84EE-44ED-9FB0-6A658A0B2069}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DD1E2732-7E5F-463E-8532-6A5A1E219503}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DE26D29C-03E9-4896-810D-4B7C36F89562}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DE8EF7F0-FB08-4B16-92B7-529A2A9497FE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E08AA844-24CC-4397-9A17-F6866387241D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E0909031-575E-4E96-9049-797CD0D35AC4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E0BF821E-8571-443C-AF98-BEA31B1B512E}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{E1A46379-4D37-4CB0-9A95-4080117BB510}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E2BDD69C-D25A-418E-B02F-86FA05D7A5B9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E310348F-B3C2-438C-8075-0EEB767B80FE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E5CF3601-4BD8-4535-82F1-12D680E2198B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E5D7EE1C-0B2A-433F-AE60-01FE0A7F8314}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E61666B0-A96E-4391-9780-1379A6B223DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E719ADC4-3485-4B1E-98DF-418831CDB9DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E73B5666-0F41-42B9-B846-F4C900B0F3F1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E749DA8B-893B-4F66-A7CE-15F21AAD5AA4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E751202E-851C-4039-8210-11745BFBA11E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8927ECD-2736-4BFC-AB1B-7472C2816275}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E9250F07-872E-4AD6-81C3-68AC151D51D4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E9AF6969-E492-473B-82B4-FF05CC229333}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EA320DAE-9E2D-4BA5-B41C-CA2ECF0C0A78}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EA8AF8BB-E049-44B7-876B-953A5C290241}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressfiles.exe |
"{EAA4437C-F021-4025-A1B4-69F6627A1A7C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EAA5D31F-7714-4514-9329-7512CF827F4A}" = protocol=6 | dir=in | app=c:\program files\acspmonitor\asmonitor.exe |
"{EBC62A26-29A9-47C1-9042-F9328DC48253}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ECAEAF83-A93B-42D8-B298-AA772142F3F9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ED6B5C11-367B-4324-B0C6-99C456765084}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\umi.exe |
"{EE968263-4404-464C-B016-6DB334206252}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EF73E00B-1993-412C-AAA2-3594F007F2A3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EF9E75D5-64E1-40BF-98A0-4715551EFE5A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EFF0A060-E1D7-420A-B760-0A035D6DFE35}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F0512B7D-A299-4F7B-B6BF-EDE46C2A183F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F05A635D-4FA8-4592-A529-74CBFCED0190}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F0A71243-584E-4948-90BA-95651271D5D0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F2ACB2CE-104B-4AC5-8F8C-C7F4336DA484}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F314EE43-63EC-4BE1-A622-2A8498ED661D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F3F0DADC-E0A8-4BC4-91A5-8FB32D9F05CC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F48F4B9E-6539-4B33-8A27-7110688076CD}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\pmsregisterfile.exe |
"{F50F04F0-636E-4C98-ABEF-112C04E9FF2E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F5E248CF-A160-4746-A1FE-1FF385FB8DAA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F664D665-1DF5-40FE-BB74-D5C2B26CF15F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F6A5A831-4969-420E-A826-17B5CC3D219A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F7CF7D3B-20A1-48F6-B051-C65B7B1AABE2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F8851D65-7BDA-4BB2-A513-4B5583147672}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F8C70EA1-0193-48AF-9FB2-10227B444B14}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F8FB5D14-CB1D-4366-89EA-8B31CD946C69}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F92ADE1C-5DED-48C6-9E20-18153614D215}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FA1ED187-E4FC-4579-B62C-DD469965F009}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FA4B71FC-022A-4220-991C-BD2568A4BF78}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FBBC4FC4-F3B0-4C32-B28A-1D81CFFF3073}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FBC8D788-AAB6-4E50-BDC4-2E0A8C737797}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FCDE932E-8814-497E-A16E-F93BE2C3B129}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FD94FD4D-0E50-4637-81E9-22233822AF3A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FDAE0771-DE77-454F-8F70-AB4F7834E959}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FE8FF638-DCB7-4570-8027-18FAB02C182B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FF7C8452-E857-47C0-AFE1-EAFB9B79DDC2}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 15\programs\rm.exe |
"TCP Query User{0333529F-0206-4306-A999-BF3F19185E51}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{91CD0CCB-5EF6-4570-9BA0-37821329EF93}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{9AB8D3E5-9637-457B-9432-F86E1DDB6282}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{9D6A745C-B118-4C52-81CD-B86370B621F7}C:\program files\air keyboard\airkeyboard.exe" = protocol=6 | dir=in | app=c:\program files\air keyboard\airkeyboard.exe |
"TCP Query User{C4FF454B-D34F-4DEB-90CD-3B7DE77F5F25}C:\program files\pinnacle\studio 15\programs\studio.exe" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 15\programs\studio.exe |
"TCP Query User{F47F7845-B196-4F4B-9B20-3BCE1F0D472F}C:\program files\relevantknowledge\rlvknlg.exe" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"UDP Query User{15F35229-7A07-46A1-8EC6-1A213F781F3F}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{4949AF3F-A72F-4707-B9FA-857DFC3C7E65}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{77E12FA0-D6C3-4B85-8056-F185EB241F76}C:\program files\air keyboard\airkeyboard.exe" = protocol=17 | dir=in | app=c:\program files\air keyboard\airkeyboard.exe |
"UDP Query User{989F44B0-FB28-43B0-9241-BD558291151B}C:\program files\pinnacle\studio 15\programs\studio.exe" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 15\programs\studio.exe |
"UDP Query User{B318E6F3-1AD7-4D07-B745-8865D1607FB4}C:\program files\relevantknowledge\rlvknlg.exe" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"UDP Query User{DE105835-4540-4724-99E0-E65D2A0798E7}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00A61104-74B5-4056-AD00-4397EF4FB141}" = iCloud
"{031BDDC8-B6CD-4074-9D50-F92B648E7B92}" = Gigaset USB Adapter 108
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08F32589-5E39-42B8-8BC5-6A8126ED2A70}" = Microsoft Visual C++ 2008 Redistributable Package
"{0D1B3B8F-5540-41A2-B719-6DFEE8FD64A3}" = YAMAHA 01V96 Editor
"{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}" = Apple Mobile Device Support
"{123F4E9B-80E6-3A84-BDD4-3CB3AC59ABF0}" = Microsoft .NET Framework 4.5.1 (CSY)
"{1362E602-9625-42D3-B57F-CDA9D26F9DA8}" = Pinnacle Studio 15
"{1669F2CD-E15C-4F53-A1F0-FBFC37B391D5}" = Yamaha USB-MIDI Driver
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}" = Apple Application Support
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{250A72DB-E96E-4697-A1BA-16E7C6BD0EE8}_is1" = Karaoke Sound Tools
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{2C13F8C1-570B-42A9-87B4-8C7903ECD602}" = ObjectDock Free
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3A787631-66A2-4634-B928-A37E73B58FB6}" = Slick Savings
"{41E0A8DD-4343-4B33-95C3-272A99F18984}" = Steinberg Nuendo 4
"{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1
"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Movie ThemePack 1
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.7
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57CDBAE6-0896-4E78-88F0-C673E4BB44FE}" = Universal Shield
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B7FB6C2-B673-474E-8B68-00A0BF8652DB}" = Waves Masters 3.6
"{6C3BEF70-5411-11E1-AED6-F04DA23A5C58}" = MSVCRT Redists
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Ovladače videa společnosti Pinnacle
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Movie ThemePack 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.5.3.139
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{898386DF-CE1A-464B-929C-578A827FA817}" = Yamaha Studio Manager
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-041B-0000-0000000FF1CE}" = Microsoft Office Access MUI (Slovak) 2007
"{90120000-0016-041B-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Slovak) 2007
"{90120000-0018-041B-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Slovak) 2007
"{90120000-0019-041B-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Slovak) 2007
"{90120000-001A-041B-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Slovak) 2007
"{90120000-001B-041B-0000-0000000FF1CE}" = Microsoft Office Word MUI (Slovak) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040E-0000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-041B-0000-0000000FF1CE}" = Microsoft Office Proofing (Slovak) 2007
"{90120000-0044-041B-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Slovak) 2007
"{90120000-006E-041B-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Slovak) 2007
"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
"{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3
"{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029" = Microsoft .NET Framework 4.5.1 (čeština)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{96ED4B78-300E-4033-AE6C-C115CEB4DF07}" = Nero 10 ClipartPack
"{98641303-64CD-478C-B642-5686F98E0556}" = ESET Endpoint Antivirus
"{99D42EC7-652B-4819-B3E6-6450C815E03F}" = Odyssey Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1E50F2C-F6CA-4C27-AEA7-819B2A486223}" = Steinberg Nuendo Expansion Kit
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = DriverScanner
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C4780F70-8F21-4F0C-95FE-32FF3E2F9247}" = iTunes
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C82185E8-C27B-4EF4-2010-3333BC2C2B6D}" = Microsoft AutoRoute 2010
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EB5DF19E-75D5-4FF1-AE23-2A9A2E0F2BDD}" = Pinnacle Studio 15 Ultimate Plugins
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F06AB18D-6F98-48E8-9441-E3290244143D}" = inSSIDer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = TIPCI
"{FC030CB5-46A6-4229-AD6E-0AC869F509C8}" = Pinnacle Studio Bonus Content
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Alcatech BPM Studio Professional v4.9.1" = Alcatech BPM Studio Professional v4.9.1
"Amazing Slow Downer" = Amazing Slow Downer (remove only)
"Antares Auto-Tune v4.39" = Antares Auto-Tune v4.39
"Any DVD Shrink_is1" = Any DVD Shrink 1.2.6
"Audio Conversion Wizard_is1" = Audio Conversion Wizard 1.4
"Audio Meter" = Pinguin Audio Meter v2.1
"BSPlayer1" = BSPlayer
"CCleaner" = CCleaner
"Conexant ADSL USB Modem" = Conexant AccessRunner ADSL
"DivX Setup" = DivX Setup
"Euro2A" = Euro2A 5.21
"Euro-50 PLU Editor" = Euro-50 PLU Editor 2.5
"Free YouTube Download_is1" = Free YouTube Download version 3.0.16.923
"HomeKeyLogger" = Home Keylogger Free Edition v2.00 (remove only)
"InstallShield_{0D1B3B8F-5540-41A2-B719-6DFEE8FD64A3}" = YAMAHA 01V96 Editor
"InstallShield_{1669F2CD-E15C-4F53-A1F0-FBFC37B391D5}" = Yamaha USB-MIDI Driver
"InstallShield_{898386DF-CE1A-464B-929C-578A827FA817}" = Yamaha Studio Manager
"InstallShield_{99D42EC7-652B-4819-B3E6-6450C815E03F}" = Odyssey Client
"InstallShield_{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.2.0 (Standard)
"Knoll Light Factory EZ Studio 15" = Knoll Light Factory EZ Studio 15
"MV2Player" = MV2Player (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"ObjectDock Free" = ObjectDock Free
"Opera 12.16.1860" = Opera 12.16
"Phoenix Service Software 2008.04.007.32837" = Phoenix Service Software 2008.04.007.32837
"PluConv" = PluConv 2.3
"PowerISO" = PowerISO
"proDAD-Heroglyph-2.5" = proDAD Heroglyph 2.5
"proDAD-Vitascene-1.0" = proDAD Vitascene 1.0
"PROPLUS" = Microsoft Office Professional Plus 2007
"RealPlayer 6.0" = RealPlayer
"Red Giant ToonIt Studio 15" = Red Giant ToonIt Studio 15
"RolandRDID0046" = UA-25 Driver
"Smart Defrag 3_is1" = Smart Defrag 3
"Steinberg Mastering Edition Enhanced 2002" = Steinberg Mastering Edition Enhanced 2002
"Steinberg VoiceMachine v1.0" = Steinberg VoiceMachine v1.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TC.Works.Native.Bundle.v3.0.VST.WinAll.Repack-cRime" = TC.Works.Native.Bundle.v3.0.VST.WinAll.Repack-cRime
"Total Audio Converter_is1" = TotalAudioConverter
"Totalcmd" = Total Commander (Remove or Repair)
"Uninstall_is1" = Uninstall 1.0.0.1
"VMidi" = vanBasco's Karaoke Player
"WinPcapInst" = WinPcap 3.1
"WinRAR archiver" = WinRAR 4.10 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1431208578-2096341629-236523054-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"airView - 192.168.1.20" = airView - 192.168.1.20
"airView - 192.168.10.1" = airView - 192.168.10.1

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 26.2.2014 4:09:12 | Computer Name = Georgo-PC | Source = ESENT | ID = 215
Description = WinMail (4952) WindowsMail0: The backup has been stopped because it
was halted by the client or the connection with the client failed.

Error - 26.2.2014 4:11:24 | Computer Name = Georgo-PC | Source = Application Error | ID = 1000
Description = Názov chybovej aplikácie: Updater.exe, verzia: 6.7.1.56732, časová
značka: 0x51f0d94c Názov chybového modulu: unknown, verzia: 0.0.0.0, časová značka:
0x00000000 Kód výnimky: 0xc0000005 Odstup chyby: 0x006200c4 Identifikácia chybného
procesu: 0xc5c Čas spustenia chybnej aplikácie: 0x01cf32ca1225eb07 Cesta chybnej
aplikácie: C:\Program Files\Skype\Updater\Updater.exe Cesta chybného modulu: unknown
Identifikácia
hlásenia: 94d3f1d0-9ebd-11e3-af6d-00037ad7c67b

Error - 26.2.2014 4:16:42 | Computer Name = Georgo-PC | Source = ESENT | ID = 215
Description = WinMail (5276) WindowsMail0: The backup has been stopped because it
was halted by the client or the connection with the client failed.

Error - 26.2.2014 10:31:40 | Computer Name = Georgo-PC | Source = Application Hang | ID = 1002
Description = The program DuplicateCleaner.exe version 3.2.0.3 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1058 Start
Time: 01cf32fd18d62bb3 Termination Time: 32 Application Path: C:\Program Files\Duplicate
Cleaner\DuplicateCleaner.exe Report Id: b1cd0889-9ef2-11e3-af6d-00037ad7c67b

Error - 5.3.2014 9:48:47 | Computer Name = Georgo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5.3.2014 9:48:48 | Computer Name = Georgo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8252

Error - 5.3.2014 9:48:48 | Computer Name = Georgo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8252

Error - 5.3.2014 9:48:56 | Computer Name = Georgo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5.3.2014 9:48:56 | Computer Name = Georgo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 17160

Error - 5.3.2014 9:48:56 | Computer Name = Georgo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 17160

Error - 7.3.2014 4:28:19 | Computer Name = Georgo-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 29ec Start Time:
01cf39dd1cf1566a Termination Time: 16 Application Path: C:\Users\Georgo\Desktop\OTL.exe

Report
Id:

[ Media Center Events ]
Error - 4.6.2011 5:34:49 | Computer Name = Georgo-PC | Source = MCUpdate | ID = 0
Description = 11:34:49 - Chyba při připojování k Internetu 11:34:49 - Nelze kontaktovat
server..

Error - 18.9.2011 5:29:12 | Computer Name = Georgo-PC | Source = MCUpdate | ID = 0
Description = 11:28:50 - Chyba při připojování k Internetu 11:28:50 - Nelze kontaktovat
server..

[ OSession Events ]
Error - 13.7.2010 16:43:01 | Computer Name = Georgo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 322
seconds with 60 seconds of active time. This session ended with a crash.

Error - 4.10.2010 13:21:17 | Computer Name = Georgo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1031. This session lasted 117
seconds with 60 seconds of active time. This session ended with a crash.

Error - 5.12.2010 9:49:02 | Computer Name = Georgo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1031. This session lasted 26
seconds with 0 seconds of active time. This session ended with a crash.

Error - 18.12.2010 15:33:42 | Computer Name = Georgo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1031. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11.3.2011 15:42:52 | Computer Name = Georgo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1031. This session lasted 429845
seconds with 300 seconds of active time. This session ended with a crash.

Error - 25.9.2011 4:36:24 | Computer Name = Georgo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1031. This session lasted 94689
seconds with 60 seconds of active time. This session ended with a crash.

Error - 24.10.2011 5:49:57 | Computer Name = Georgo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1031. This session lasted 669900
seconds with 1740 seconds of active time. This session ended with a crash.

Error - 14.2.2012 4:20:24 | Computer Name = Georgo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1031. This session lasted 43886
seconds with 60 seconds of active time. This session ended with a crash.

Error - 26.6.2013 16:32:40 | Computer Name = Georgo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1031. This session lasted 455246
seconds with 420 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 27.2.2014 10:50:32 | Computer Name = Georgo-PC | Source = Service Control Manager | ID = 7001
Description = Spustenie služby Služba sdílení portů Net.Tcp, od ktorej závisí služba
Net.Tcp Listener Adapter, zlyhalo kvôli nasledujúcej chybe: %%1058

Error - 27.2.2014 10:56:07 | Computer Name = Georgo-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

Error - 28.2.2014 9:01:02 | Computer Name = Georgo-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

Error - 28.2.2014 10:56:30 | Computer Name = Georgo-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

Error - 1.3.2014 4:47:34 | Computer Name = Georgo-PC | Source = Service Control Manager | ID = 7031
Description = Služba Garmin Core Update Service sa neočakávane ukončila. Služba
sa týmto spôsobom ukončila už 1 krát. O 60000 ms bude vykonaná nasledujúca opravná
akcia: Restartovat službu.

Error - 1.3.2014 6:52:43 | Computer Name = Georgo-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

Error - 3.3.2014 10:14:08 | Computer Name = Georgo-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

Error - 4.3.2014 10:55:57 | Computer Name = Georgo-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

Error - 5.3.2014 10:55:30 | Computer Name = Georgo-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

Error - 6.3.2014 6:39:05 | Computer Name = Georgo-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

< End of report >

#11 Příspěvek od **Márty84** » 07 bře 2014 11:37

Log z OTL je sice fajn, ale OTL vytvari dva a ja bych potreboval hlavne ten druhy

georgo22 · #12 Příspěvek od **georgo22** » 07 bře 2014 13:18

Prikladam LOGi

OTL logfile created on: 7.3.2014 9:28:53 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Georgo\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000405 | Country: Slovensko | Language: SKY | Date Format: d. M. yyyy

2,00 Gb Total Physical Memory | 0,71 Gb Available Physical Memory | 35,61% Memory free
4,00 Gb Paging File | 2,39 Gb Available in Paging File | 59,87% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 184,84 Gb Total Space | 54,12 Gb Free Space | 29,28% Space Free | Partition Type: NTFS

Computer Name: GEORGO-PC | User Name: Georgo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014.03.06 16:00:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Georgo\Desktop\OTL.exe
PRC - [2013.12.21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.11.20 15:43:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2013.09.14 02:27:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
PRC - [2013.07.05 22:40:03 | 000,879,456 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2013.02.14 12:42:46 | 001,020,304 | ---- | M] (ESET) -- C:\Program Files\Eset\ESET Endpoint Antivirus\ekrn.exe
PRC - [2013.02.14 12:42:40 | 003,158,584 | ---- | M] (ESET) -- C:\Program Files\Eset\ESET Endpoint Antivirus\egui.exe
PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.10.06 21:28:12 | 003,768,176 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDockFree\ObjectDock.exe
PRC - [2010.02.18 13:01:06 | 000,462,632 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2009.10.20 15:12:40 | 000,039,240 | ---- | M] (Microsoft) -- C:\Program Files\Microsoft AutoRoute 2010\StreetsOlkShim.exe
PRC - [2009.03.17 13:36:12 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2008.06.20 06:14:00 | 000,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe

========== Modules (No Company Name) ==========

MOD - [2013.09.14 00:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
MOD - [2013.09.14 00:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
MOD - [2012.01.09 18:44:22 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010.10.20 14:14:54 | 000,039,552 | ---- | M] () -- C:\Program Files\Universal Shield\US40Context.dll
MOD - [2010.10.04 18:54:31 | 000,053,760 | ---- | M] () -- C:\Program Files\Stardock\ObjectDockFree\zlib.dll
MOD - [2010.10.04 18:54:29 | 000,807,936 | ---- | M] () -- C:\Program Files\Stardock\ObjectDockFree\CrashRpt.dll
MOD - [2010.10.04 18:54:29 | 000,675,840 | ---- | M] () -- C:\Program Files\Stardock\ObjectDockFree\DockShellHook.dll
MOD - [2010.10.04 18:54:22 | 000,094,208 | ---- | M] () -- C:\Program Files\Stardock\ObjectDockFree\Docklets\Clock\Clock.dll
MOD - [2006.11.30 16:03:46 | 000,434,688 | ---- | M] () -- C:\Program Files\TotalAudioConverter\axTotalConverter.dll
MOD - [2006.10.27 14:35:18 | 000,436,512 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2006.10.27 14:16:40 | 000,138,512 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\OUTLCTL.DLL
MOD - [2006.10.26 20:30:42 | 000,065,312 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2006.10.26 12:56:46 | 000,757,008 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - File not found [Disabled | Stopped] -- -- (ecwxjnodoxqqbg)
SRV - [2014.02.21 10:28:34 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.02.06 10:47:18 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013.12.21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.12.03 16:10:24 | 002,151,200 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2013.07.25 07:52:52 | 000,162,672 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.05.27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013.02.14 12:43:42 | 000,183,944 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\Eset\ESET Endpoint Antivirus\EShaSrv.exe -- (ESHASRV)
SRV - [2013.02.14 12:43:30 | 000,033,136 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\Eset\ESET Endpoint Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2013.02.14 12:42:46 | 001,020,304 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\Eset\ESET Endpoint Antivirus\ekrn.exe -- (ekrn)
SRV - [2011.04.02 12:18:23 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.02.18 13:01:06 | 000,462,632 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.03.17 13:36:12 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2005.08.02 13:18:50 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2005.02.09 12:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Auto | Stopped] -- C:\Windows\System32\drivers\Pclepci.sys -- (PCLEPCI)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Georgo\AppData\Local\Temp\kwliapob.sys -- (kwliapob)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\cv2k1.sys -- (CV2K1)
DRV - [2013.12.24 10:40:32 | 000,018,624 | ---- | M] (IObit) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2013.10.02 01:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2013.02.04 14:48:58 | 000,124,848 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2013.02.04 14:48:58 | 000,108,344 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2013.02.04 14:48:56 | 000,175,288 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2012.08.23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.06.19 13:37:20 | 000,008,320 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vhidmini.sys -- (vhidmini)
DRV - [2011.05.10 15:27:52 | 000,034,280 | ---- | M] (Yamaha Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ymidusbw.sys -- (YMIDUSBW)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:06:36 | 000,117,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.10.07 13:11:37 | 006,639,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwLv32.sys -- (NETwLv32)
DRV - [2010.10.01 01:07:44 | 000,052,096 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MHIKEY10.sys -- (MHIKEY10)
DRV - [2009.11.19 13:32:02 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2009.09.24 22:03:06 | 000,078,336 | ---- | M] (© Everstrike Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\US4Vista.sys -- (US30Sys)
DRV - [2009.09.18 01:14:00 | 000,145,536 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rdwm1046.sys -- (RDID1046)
DRV - [2009.07.13 23:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009.03.23 16:28:24 | 000,054,272 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2009.03.19 13:07:32 | 000,043,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2009.03.12 10:33:08 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2009.03.06 10:52:00 | 007,545,088 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.03.05 10:03:16 | 000,074,368 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2009.03.03 14:42:56 | 000,036,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2009.02.19 15:20:10 | 000,063,872 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2008.10.06 16:56:38 | 000,137,984 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2008.03.25 12:54:02 | 000,041,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2008.03.14 07:04:29 | 000,046,652 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007.11.09 04:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007.01.26 16:13:40 | 000,017,712 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007.01.04 10:07:00 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2006.10.23 15:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006.07.06 12:44:00 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2005.08.03 06:10:12 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2005.02.24 05:42:26 | 000,043,392 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Athfmwdl.sys -- (ATHFMWDL)
DRV - [2005.02.24 05:38:30 | 000,285,568 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ar5523.sys -- (AR5523)
DRV - [2004.09.03 14:38:16 | 000,173,056 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\odysseyIM4.sys -- (odysseyIM4)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1431208578-2096341629-236523054-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-1431208578-2096341629-236523054-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1431208578-2096341629-236523054-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
IE - HKU\S-1-5-21-1431208578-2096341629-236523054-1001\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - No CLSID value found
IE - HKU\S-1-5-21-1431208578-2096341629-236523054-1001\..\URLSearchHook: {88ac3cb6-596b-4217-964c-b6757ef9602d} - No CLSID value found
IE - HKU\S-1-5-21-1431208578-2096341629-236523054-1001\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKU\S-1-5-21-1431208578-2096341629-236523054-1001\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.conduit.com/Results.aspx? ... earchTerms}
IE - HKU\S-1-5-21-1431208578-2096341629-236523054-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE11SR
IE - HKU\S-1-5-21-1431208578-2096341629-236523054-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1431208578-2096341629-236523054-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2105: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2163: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1212: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird [2013.05.21 17:16:21 | 000,000,000 | ---D | M]

[2010.10.31 11:46:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Georgo\AppData\Roaming\mozilla\Extensions
[2010.10.31 11:46:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Georgo\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.11.22 19:45:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Georgo\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2014.02.17 15:47:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Georgo\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions
[2012.10.03 09:37:44 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\Georgo\AppData\Roaming\mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com
[2012.07.31 12:59:18 | 000,221,380 | ---- | M] () (No name found) -- C:\Users\Georgo\AppData\Roaming\mozilla\firefox\profiles\extensions\gophoto@gophoto.it.xpi

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll File not found
O2 - BHO: (Slick Savings) - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - C:\Users\Georgo\AppData\Roaming\Slick Savings\Coupons.dll (Spigot, Inc.)
O2 - BHO: (no name) - {B2A44031-7EAD-434C-AC9E-7F1DA176BA8C} - No CLSID value found.
O3 - HKU\S-1-5-21-1431208578-2096341629-236523054-1001\..\Toolbar\WebBrowser: (no name) - {32B29DF0-2237-4370-9A29-37CEBB730E9B} - No CLSID value found.
O3 - HKU\S-1-5-21-1431208578-2096341629-236523054-1001\..\Toolbar\WebBrowser: (no name) - {88AC3CB6-596B-4217-964C-B6757EF9602D} - No CLSID value found.
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-1431208578-2096341629-236523054-1001..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-1431208578-2096341629-236523054-1001..\Run: [MicrosoftWindowsUpdate] C:\Users\Georgo\AppData\Roaming\Microsoft\microsoftwindowsupdate.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1431208578-2096341629-236523054-1001..\Run: [Slick Savings] C:\Users\Georgo\AppData\Roaming\Slick Savings\CouponsHelper.exe (Spigot, Inc.)
O4 - HKU\S-1-5-21-1431208578-2096341629-236523054-1001..\Run: [zhuhghdt] C:\Windows\System32\regsvr32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Georgo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDockFree\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-1431208578-2096341629-236523054-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Users\Georgo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {5672DADB-EFBC-4927-B991-55678B70D679} http://213.160.160.82/WebCamX.cab (WebCamX Control)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://195.28.70.134/kapor2/lib/mgaxctrl.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{294FC601-668D-4AC5-9367-F3E01C315FD8}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3DE6347-EF98-4FCF-8449-C2A0A1467A9C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F2DD43EE-464B-4D08-8B63-0EA9C6B0B2B4}: NameServer = 195.146.132.58,195.146.128.62
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Users\Georgo\AppData\Roaming\Microsoft\microsoftwindowsupdate.exe) - C:\Users\Georgo\AppData\Roaming\Microsoft\microsoftwindowsupdate.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1431208578-2096341629-236523054-1001 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - C:\Program Files\Stardock\ObjectDockFree\ODMenu.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.10.31 17:35:27 | 000,000,121 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4279d789-f9fe-11e1-ba8f-00037ad7c67b}\Shell - "" = AutoRun
O33 - MountPoints2\{4279d789-f9fe-11e1-ba8f-00037ad7c67b}\Shell\AutoRun\command - "" = D:\NokiaPCIA_Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2014.03.07 03:00:25 | 000,316,320 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\zhuhghdt.dat
[2014.03.06 16:00:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Georgo\Desktop\OTL.exe
[2014.03.06 15:32:22 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014.03.06 15:32:15 | 000,000,000 | ---D | C] -- C:\rsit
[2014.03.06 09:11:52 | 000,000,000 | ---D | C] -- C:\Program Files\HiJack This
[2014.02.27 15:41:41 | 000,000,000 | ---D | C] -- C:\Users\Georgo\AppData\Local\Garmin
[2014.02.27 15:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Garmin
[2014.02.26 15:09:06 | 000,000,000 | ---D | C] -- C:\Program Files\HDD Tune
[2014.02.26 09:28:12 | 000,000,000 | ---D | C] -- C:\Users\Georgo\AppData\Roaming\DigitalVolcano
[2014.02.26 09:26:28 | 000,000,000 | ---D | C] -- C:\Program Files\Duplicate Cleaner
[2014.02.25 15:50:40 | 000,000,000 | ---D | C] -- C:\Users\Georgo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BySoft FreeRAM
[2014.02.25 15:48:32 | 000,000,000 | ---D | C] -- C:\Program Files\BySoft FreeRAM
[2014.02.25 13:20:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014.02.25 13:18:48 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014.02.25 13:18:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014.02.25 13:18:46 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2014.02.19 11:32:26 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014.02.19 11:32:26 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014.02.19 11:32:25 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014.02.19 11:32:25 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014.02.19 11:32:25 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014.02.19 11:32:24 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014.02.19 11:32:24 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014.02.19 11:32:24 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014.02.19 11:32:24 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014.02.19 11:32:24 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014.02.19 11:32:23 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014.02.19 11:32:23 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014.02.19 11:32:22 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014.02.19 11:32:22 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014.02.19 11:32:20 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014.02.19 11:32:17 | 004,244,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014.02.19 11:09:46 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2014.02.19 11:09:45 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2014.02.19 11:09:44 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2014.02.19 11:09:42 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdvidcrl.dll
[2014.02.19 11:09:42 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2014.02.19 11:09:42 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe
[2014.02.19 11:09:42 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2014.02.19 11:09:42 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll
[2014.02.19 11:09:42 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll
[2014.02.19 11:09:42 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2014.02.19 10:59:42 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014.02.19 10:59:42 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2014.02.19 10:59:40 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsIntl.dll
[2014.02.19 10:59:40 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2014.02.19 10:59:40 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014.02.19 10:59:40 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2014.02.19 10:59:40 | 000,244,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014.02.19 10:59:40 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2014.02.19 10:59:40 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2014.02.19 10:59:40 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2014.02.19 10:59:39 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2014.02.19 10:59:39 | 000,238,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2014.02.19 10:59:39 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014.02.19 10:59:39 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2014.02.19 10:59:39 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2014.02.19 10:59:39 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2014.02.19 10:59:39 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2014.02.19 10:59:38 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2014.02.19 10:59:38 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2014.02.19 10:59:38 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2014.02.19 10:59:38 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2014.02.19 10:59:38 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2014.02.19 10:59:38 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2014.02.19 10:59:38 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2014.02.19 10:59:38 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2014.02.19 10:59:38 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2014.02.19 10:59:38 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2014.02.19 10:53:34 | 000,792,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWorkspace.dll
[2014.02.18 14:56:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2014.02.18 14:56:28 | 000,240,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2014.02.18 14:56:25 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2014.02.18 14:56:25 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2014.02.18 14:56:23 | 002,349,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014.02.18 14:56:16 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2014.02.18 14:56:16 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2014.02.18 14:56:16 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2014.02.18 14:56:16 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2014.02.18 14:56:15 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2014.02.18 14:56:15 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2014.02.18 14:56:15 | 000,390,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2014.02.18 14:56:15 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2014.02.18 14:56:15 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2014.02.18 14:54:31 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2014.02.18 14:54:31 | 001,987,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2014.02.17 15:46:24 | 000,000,000 | ---D | C] -- C:\Windows\tasks\ImCleanDisabled
[2014.02.14 09:27:03 | 000,000,000 | ---D | C] -- C:\ProgramData\ProductData
[2014.02.14 09:27:00 | 000,000,000 | ---D | C] -- C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
[2014.02.14 09:25:17 | 000,000,000 | ---D | C] -- C:\Users\Georgo\AppData\Roaming\Slick Savings
[2014.02.14 09:25:17 | 000,000,000 | ---D | C] -- C:\Users\Georgo\AppData\Local\Slick Savings
[2014.02.14 09:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2014.02.14 09:24:48 | 000,031,008 | ---- | C] (IObit) -- C:\Windows\System32\SmartDefragBootTime.exe
[2014.02.14 09:24:36 | 000,109,888 | ---- | C] (IObit) -- C:\Windows\System32\IObitSmartDefragExtension.dll
[2014.02.14 09:24:28 | 000,018,624 | ---- | C] (IObit) -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2014.02.14 09:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3
[2014.02.11 13:25:46 | 000,000,000 | ---D | C] -- C:\ALL
[2014.02.11 13:17:16 | 000,000,000 | ---D | C] -- C:\Users\Georgo\AppData\Local\ODUI
[2014.02.11 13:16:55 | 000,000,000 | ---D | C] -- C:\Users\Georgo\AppData\Roaming\Stardock
[2014.02.11 13:16:48 | 000,000,000 | ---D | C] -- C:\Users\Georgo\Documents\Stardock
[2014.02.11 13:16:48 | 000,000,000 | ---D | C] -- C:\Users\Georgo\AppData\Local\Stardock
[2014.02.11 13:16:41 | 000,000,000 | -H-D | C] -- C:\ProgramData\{5486EA6B-AF91-4B4B-868E-F80AB4BCD83A}
[2014.02.11 13:16:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
[2014.02.11 13:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\Stardock
[2014.02.11 13:16:00 | 000,000,000 | ---D | C] -- C:\Users\Georgo\AppData\Local\PackageAware
[2014.02.11 09:53:02 | 000,000,000 | ---D | C] -- C:\ProgramData\digiCamControl
[2010.07.18 15:31:04 | 005,461,360 | ---- | C] (Opera Software) -- C:\Program Files\opera.dll
[2010.05.18 17:50:53 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Georgo\AppData\Roaming\pcouffin.sys
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Users\Georgo\Desktop\*.tmp files -> C:\Users\Georgo\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014.03.07 09:33:09 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014.03.07 09:26:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.03.06 16:00:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Georgo\Desktop\OTL.exe
[2014.03.06 15:31:51 | 000,781,383 | ---- | M] () -- C:\Users\Georgo\Desktop\RSIT.exe
[2014.03.06 13:06:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.03.05 11:11:42 | 000,380,416 | ---- | M] () -- C:\Users\Georgo\Desktop\77g9m6de.exe
[2014.03.05 10:21:24 | 000,032,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.03.05 10:21:24 | 000,032,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.03.03 13:12:42 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\dsmonitor.job
[2014.02.28 13:15:03 | 000,663,516 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2014.02.28 13:15:03 | 000,657,012 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014.02.28 13:15:03 | 000,142,106 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2014.02.28 13:15:03 | 000,122,824 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014.02.27 13:30:02 | 1609,129,984 | -HS- | M] () -- C:\hiberfil.sys
[2014.02.27 13:15:43 | 000,002,047 | ---- | M] () -- C:\Users\Georgo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
[2014.02.21 10:28:33 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014.02.21 10:28:33 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014.02.19 10:59:42 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014.02.19 10:59:42 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2014.02.19 10:59:40 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsIntl.dll
[2014.02.19 10:59:40 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2014.02.19 10:59:40 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014.02.19 10:59:40 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2014.02.19 10:59:40 | 000,244,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014.02.19 10:59:40 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2014.02.19 10:59:40 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2014.02.19 10:59:40 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2014.02.19 10:59:39 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2014.02.19 10:59:39 | 000,238,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2014.02.19 10:59:39 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014.02.19 10:59:39 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2014.02.19 10:59:39 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2014.02.19 10:59:39 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2014.02.19 10:59:39 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2014.02.19 10:59:39 | 000,016,284 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2014.02.19 10:59:38 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2014.02.19 10:59:38 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2014.02.19 10:59:38 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2014.02.19 10:59:38 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2014.02.19 10:59:38 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2014.02.19 10:59:38 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2014.02.19 10:59:38 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2014.02.19 10:59:38 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2014.02.19 10:59:38 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2014.02.19 10:59:38 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2014.02.18 09:56:09 | 000,007,601 | ---- | M] () -- C:\Users\Georgo\AppData\Local\Resmon.ResmonCfg
[2014.02.13 19:01:44 | 000,109,888 | ---- | M] (IObit) -- C:\Windows\System32\IObitSmartDefragExtension.dll
[2014.02.06 11:20:26 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014.02.06 11:19:55 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014.02.06 11:01:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014.02.06 11:00:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014.02.06 10:52:56 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014.02.06 10:52:21 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014.02.06 10:49:22 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014.02.06 10:47:22 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014.02.06 10:47:18 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014.02.06 10:46:27 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014.02.06 10:34:32 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014.02.06 10:25:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014.02.06 10:25:36 | 004,244,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014.02.06 10:13:13 | 000,524,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014.02.06 10:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014.02.06 09:34:31 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Users\Georgo\Desktop\*.tmp files -> C:\Users\Georgo\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014.03.06 16:08:19 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014.03.06 15:31:51 | 000,781,383 | ---- | C] () -- C:\Users\Georgo\Desktop\RSIT.exe
[2014.03.05 11:11:42 | 000,380,416 | ---- | C] () -- C:\Users\Georgo\Desktop\77g9m6de.exe
[2014.02.27 13:15:43 | 000,002,047 | ---- | C] () -- C:\Users\Georgo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
[2014.02.19 10:59:39 | 000,016,284 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.10.16 09:55:02 | 000,113,152 | ---- | C] () -- C:\Users\Georgo\AppData\Roaming\Facebook Account Hacker v.5.2.exe
[2013.03.09 20:28:11 | 000,159,744 | ---- | C] () -- C:\Windows\System32\foigpjhq.dat
[2012.12.03 18:04:11 | 000,022,655 | ---- | C] () -- C:\Windows\System32\mswrnoope.dll
[2012.10.03 12:53:42 | 002,325,304 | ---- | C] () -- C:\Windows\System32\DK2INST.DLL
[2012.10.03 09:46:54 | 000,001,474 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.01.04 21:21:22 | 000,017,408 | ---- | C] () -- C:\Users\Georgo\AppData\Local\WebpageIcons.db
[2011.01.08 19:46:03 | 000,053,248 | ---- | C] () -- C:\Users\Georgo\lametritonus_en.dll
[2011.01.08 19:46:00 | 000,162,304 | ---- | C] () -- C:\Users\Georgo\lame_enc_en.dll
[2011.01.08 18:12:46 | 000,093,198 | ---- | C] () -- C:\Users\Georgo\AppData\Local\SRDownloader.err
[2011.01.08 18:09:21 | 000,003,368 | ---- | C] () -- C:\Users\Georgo\AppData\Local\SRDownloader.nast
[2010.11.01 12:54:06 | 000,013,312 | ---- | C] () -- C:\Users\Georgo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.21 16:40:18 | 000,000,000 | ---- | C] () -- C:\Users\Georgo\AppData\Roaming\chrtmp
[2010.05.18 17:53:09 | 000,000,668 | ---- | C] () -- C:\Users\Georgo\AppData\Roaming\vso_ts_preview.xml
[2010.05.18 17:50:53 | 000,087,608 | ---- | C] () -- C:\Users\Georgo\AppData\Roaming\inst.exe
[2010.05.18 17:50:53 | 000,007,887 | ---- | C] () -- C:\Users\Georgo\AppData\Roaming\pcouffin.cat
[2010.05.18 17:50:53 | 000,001,144 | ---- | C] () -- C:\Users\Georgo\AppData\Roaming\pcouffin.inf
[2010.05.12 20:52:24 | 000,266,256 | ---- | C] () -- C:\ProgramData\hold joy joy.ksyynp6
[2010.05.12 20:30:37 | 000,188,432 | ---- | C] () -- C:\ProgramData\BARB REGS KNOB.q2gkn0
[2010.05.12 20:30:20 | 000,360,464 | ---- | C] () -- C:\ProgramData\hold joy joy.ygmuu8c
[2010.05.12 20:30:20 | 000,290,832 | ---- | C] () -- C:\ProgramData\hold joy joy.cqegvq
[2010.05.05 20:39:36 | 000,007,601 | ---- | C] () -- C:\Users\Georgo\AppData\Local\Resmon.ResmonCfg
[2005.04.08 03:16:43 | 000,004,752 | -H-- | C] () -- C:\Users\Georgo\AppData\Roaming\Georgov1.18.0 - Trial versionlog.dat

========== ZeroAccess Check ==========

[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.08.24 17:31:27 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Any DVD Shrink
[2013.11.29 13:58:43 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Audacity
[2011.09.28 15:38:56 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Autodesk
[2014.02.25 13:59:29 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\BitTorrent
[2013.10.16 10:44:47 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\dclogs
[2012.10.03 09:57:01 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Dekart
[2014.02.26 09:28:12 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\DigitalVolcano
[2013.11.29 13:55:48 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\dvdae
[2014.02.10 15:28:57 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\DVDVideoSoft
[2012.02.03 10:49:23 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\ESET
[2011.11.13 13:46:46 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Free Audio Editor
[2011.11.16 14:32:23 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Free Sound Recorder
[2012.10.03 09:34:45 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\GetRightToGo
[2014.02.27 10:19:29 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\GHISLER
[2014.02.14 09:27:07 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\IObit
[2012.02.27 18:25:53 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\iZotope
[2011.08.14 13:06:50 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Leawo
[2013.10.16 11:48:25 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\MANG
[2011.10.30 22:18:29 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Mipony
[2014.02.10 15:41:46 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Nokia
[2014.02.10 15:41:46 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Nokia Suite
[2013.10.17 09:32:18 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\OpenCandy
[2013.06.19 17:41:36 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\OpenOffice.org
[2011.06.02 18:05:17 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Opera
[2013.05.19 12:03:35 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\PC Suite
[2011.11.25 09:31:59 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\PCFix
[2014.02.25 15:09:34 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\proDAD
[2012.02.27 20:49:42 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Publish Providers
[2010.09.17 14:05:26 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Roni Music
[2014.02.27 10:19:29 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Slick Savings
[2011.01.11 12:35:03 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Softplicity
[2012.02.27 20:50:44 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Sony
[2014.02.11 13:16:55 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Stardock
[2011.11.19 13:23:38 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Steinberg
[2010.10.31 11:46:47 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Thunderbird
[2011.12.11 14:38:34 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\tiger-k
[2013.10.17 09:35:51 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\TuneUp Software
[2014.01.13 21:50:47 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Uniblue
[2014.02.10 15:26:38 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Vso
[2011.12.03 16:58:56 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\VST3 Presets
[2010.05.02 15:57:16 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\WinBatch

georgo22 · #13 Příspěvek od **georgo22** » 07 bře 2014 13:19

========== Purity Check ==========

========== Custom Scans ==========

< >
[2009.07.14 05:53:46 | 000,032,546 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2013.04.18 23:42:45 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2014.01.13 21:50:57 | 000,000,330 | ---- | C] () -- C:\Windows\Tasks\dsmonitor.job

< >

< MD5 for: ATAPI.SYS >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_a5025d31bee4647c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_df26d4d57fdef5b0\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_dfc9143c98e9a6c4\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.07.14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2010.11.20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe
[2010.11.20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2009.07.14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
[2010.11.20 09:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010.11.20 09:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010.11.20 09:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: HAL.DLL >
[2010.11.20 13:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\System32\hal.dll
[2010.11.20 13:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll
[2009.07.14 02:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll

< MD5 for: SCECLI.DLL >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

< MD5 for: SVCHOST.EXE >
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013.04.04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: TCPIP.SYS >
[2011.04.25 05:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2011.06.21 06:34:23 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=04E4A7D53A7ACE02E8C55B17A498F631 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_b513df73c4b4f466\tcpip.sys
[2011.09.29 17:02:44 | 001,301,872 | ---- | M] (Microsoft Corporation) MD5=22F7E7CBCA308DEE3428B097D4F8A61C -- C:\Windows\SoftwareDistribution\Download\9276e2262e1abebb53ac9ff6635dbc66\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_b38e8546e0cbe4a1\tcpip.sys
[2012.08.22 18:05:21 | 001,306,992 | ---- | M] (Microsoft Corporation) MD5=23790A44D9A6B67F8690C34D4F516446 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_b55b785ade04500f\tcpip.sys
[2011.04.25 05:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009.07.14 02:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2013.01.03 06:01:49 | 001,303,912 | ---- | M] (Microsoft Corporation) MD5=34AE5CC0C7417AB701C2AA8A7BC75417 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21415_none_b3c99dece09ecc3b\tcpip.sys
[2010.11.20 13:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2011.09.29 17:17:18 | 001,303,920 | ---- | M] (Microsoft Corporation) MD5=3C1C41E317710F74CEC1E7F0D5325993 -- C:\Windows\SoftwareDistribution\Download\9276e2262e1abebb53ac9ff6635dbc66\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_b5a84e10ddca7566\tcpip.sys
[2013.01.04 05:56:23 | 001,308,504 | ---- | M] (Microsoft Corporation) MD5=4A95845C5F33A4DDEB6AEF6367FB6520 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_b5becc06ddb98192\tcpip.sys
[2013.07.06 06:05:35 | 001,293,760 | ---- | M] (Microsoft Corporation) MD5=4E8B9BE71B807B3BAEDB7F4243F85E3C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_b52f2f65c4a146e5\tcpip.sys
[2013.07.06 05:57:37 | 001,309,120 | ---- | M] (Microsoft Corporation) MD5=528F7CC60391DD0FAB0344F32F051FDF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_b5721e2eddf328f9\tcpip.sys
[2012.03.30 11:29:05 | 001,287,024 | ---- | M] (Microsoft Corporation) MD5=55E9965552741F3850CB22CBBA9671ED -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_b2f57423c7b8dea8\tcpip.sys
[2011.09.29 16:43:37 | 001,285,488 | ---- | M] (Microsoft Corporation) MD5=56C198AC82EFA622DD93E9E43575F79C -- C:\Windows\SoftwareDistribution\Download\9276e2262e1abebb53ac9ff6635dbc66\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_b2f8731bc7b62d86\tcpip.sys
[2011.09.29 17:03:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\SoftwareDistribution\Download\9276e2262e1abebb53ac9ff6635dbc66\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_b4d1ffa1c4e682b5\tcpip.sys
[2013.09.07 03:06:48 | 001,309,120 | ---- | M] (Microsoft Corporation) MD5=6C4F3D92764FFA22D28061A4D9235446 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_b58e8eb0ddde6cf1\tcpip.sys
[2011.04.25 07:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2013.01.03 06:05:20 | 001,293,672 | ---- | M] (Microsoft Corporation) MD5=7C0507D2391AF5933600CBCED799F277 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_b502eb9fc4c2a304\tcpip.sys
[2012.03.30 11:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_b52e5147c4a202d7\tcpip.sys
[2011.04.25 05:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2012.03.30 10:04:23 | 001,306,480 | ---- | M] (Microsoft Corporation) MD5=88FCDB9923EFECA207B3CEBD24407126 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_b583df0adde66104\tcpip.sys
[2011.06.21 06:30:45 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=93C444D118B184452132357C322124CD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_b3703df4e0e237e0\tcpip.sys
[2010.06.14 07:06:58 | 001,288,576 | ---- | M] (Microsoft Corporation) MD5=A39EA325C081AD27461F630C8E3E56E0 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys
[2012.08.22 18:16:54 | 001,292,144 | ---- | M] (Microsoft Corporation) MD5=A5EBB8F648000E88B7D9390B514976BF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_b514e56fc4b40532\tcpip.sys
[2010.06.14 07:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys
[2013.01.04 05:55:21 | 001,287,528 | ---- | M] (Microsoft Corporation) MD5=BBCEAEFF1FD72A026F827CBB2F4AA8AD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.17206_none_b34bcf71c7782cb0\tcpip.sys
[2011.06.21 06:39:53 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=C2DAAEB48F3A47C410B041A0D2382EE1 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_b32e82b7c78da1d1\tcpip.sys
[2013.09.08 03:07:12 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=CA59F7C570AF70BC174F477CFE2D9EE3 -- C:\Windows\System32\drivers\tcpip.sys
[2013.09.08 03:07:12 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=CA59F7C570AF70BC174F477CFE2D9EE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_b4fa2013c4c8ebf1\tcpip.sys
[2012.10.03 17:44:01 | 001,308,040 | ---- | M] (Microsoft Corporation) MD5=D490DD0A91B4EAC3B4EE08D11EE37C31 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_b5a428d6ddce3d9a\tcpip.sys
[2013.11.26 12:07:37 | 001,309,632 | ---- | M] (Microsoft Corporation) MD5=DC08335B30D83FB61E9EFE6FDD09D40D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22525_none_b5a530b8ddcd4b8d\tcpip.sys
[2011.06.21 07:54:00 | 001,303,424 | ---- | M] (Microsoft Corporation) MD5=DEC4940487050AE13C60C86F40E07E75 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_b583db3edde666b6\tcpip.sys
[2012.10.03 17:58:30 | 001,293,680 | ---- | M] (Microsoft Corporation) MD5=E23A56F843E2AEBBB209D0ACCA73C640 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_b4ef7439c4d0da52\tcpip.sys
[2012.03.30 11:08:19 | 001,303,408 | ---- | M] (Microsoft Corporation) MD5=E47C2844A1605A44178F4281E4D58B3D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_b38bb990e0ccc871\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2013.04.04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< >

< %systemroot%*.* /U /s >
[10 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[7 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[14 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\*.tmp files -> C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\*.tmp -> ]
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2013.10.24 10:16:28 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Adobe
[2012.08.24 17:31:27 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Any DVD Shrink
[2013.11.12 13:42:23 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Apple Computer
[2013.11.29 13:58:43 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Audacity
[2011.09.28 15:38:56 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Autodesk
[2014.02.25 13:59:29 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\BitTorrent
[2013.10.16 10:44:47 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\dclogs
[2012.10.03 09:57:01 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Dekart
[2014.02.26 09:28:12 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\DigitalVolcano
[2013.11.21 13:04:33 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\DivX
[2013.11.29 13:55:48 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\dvdae
[2013.11.29 13:20:05 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\dvdcss
[2014.02.10 15:28:57 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\DVDVideoSoft
[2012.02.03 10:49:23 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\ESET
[2011.11.13 13:46:46 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Free Audio Editor
[2011.11.16 14:32:23 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Free Sound Recorder
[2012.10.03 09:34:45 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\GetRightToGo
[2014.02.27 10:19:29 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\GHISLER
[2010.05.02 12:45:50 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Identities
[2012.05.31 22:24:20 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\InstallShield
[2014.02.14 09:27:07 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\IObit
[2012.02.27 18:25:53 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\iZotope
[2011.08.14 13:06:50 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Leawo
[2010.05.02 15:29:11 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Macromedia
[2013.08.08 14:26:13 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Malwarebytes
[2013.10.16 11:48:25 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\MANG
[2009.07.14 10:20:06 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Media Center Programs
[2014.02.19 15:35:48 | 000,000,000 | -HSD | M] -- C:\Users\Georgo\AppData\Roaming\Microsoft
[2011.10.30 22:18:29 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Mipony
[2012.10.03 09:37:44 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Mozilla
[2010.06.06 21:56:54 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Nero
[2014.02.10 15:41:46 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Nokia
[2014.02.10 15:41:46 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Nokia Suite
[2013.10.17 09:32:18 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\OpenCandy
[2013.06.19 17:41:36 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\OpenOffice.org
[2011.06.02 18:05:17 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Opera
[2013.05.19 12:03:35 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\PC Suite
[2011.11.25 09:31:59 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\PCFix
[2014.02.25 15:09:34 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\proDAD
[2012.02.27 20:49:42 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Publish Providers
[2011.06.04 10:47:07 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Real
[2010.09.17 14:05:26 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Roni Music
[2014.02.27 11:24:50 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Skype
[2011.08.19 08:47:36 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\skypePM
[2014.02.27 10:19:29 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Slick Savings
[2011.01.11 12:35:03 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Softplicity
[2012.02.27 20:50:44 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Sony
[2014.02.11 13:16:55 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Stardock
[2011.11.19 13:23:38 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Steinberg
[2010.10.31 11:46:47 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Thunderbird
[2011.12.11 14:38:34 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\tiger-k
[2013.07.09 10:42:08 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\tor
[2013.10.17 09:35:51 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\TuneUp Software
[2014.01.13 21:50:47 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Uniblue
[2014.02.10 15:26:38 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\Vso
[2011.12.03 16:58:56 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\VST3 Presets
[2010.05.02 15:57:16 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\WinBatch
[2010.06.21 16:13:06 | 000,000,000 | ---D | M] -- C:\Users\Georgo\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2013.10.16 09:55:02 | 000,113,152 | ---- | M] () -- C:\Users\Georgo\AppData\Roaming\Facebook Account Hacker v.5.2.exe
[2010.05.18 17:50:53 | 000,087,608 | ---- | M] () -- C:\Users\Georgo\AppData\Roaming\inst.exe
[2014.02.14 09:27:03 | 000,588,608 | ---- | M] () -- C:\Users\Georgo\AppData\Roaming\IObit\IObit Uninstaller\Install_PintoStartMenutemp.exe
[2014.02.14 09:27:04 | 000,626,496 | ---- | M] () -- C:\Users\Georgo\AppData\Roaming\IObit\IObit Uninstaller\UninstallDisplaytemp.exe
[2013.11.11 15:42:10 | 002,126,112 | ---- | M] (IObit) -- C:\Users\Georgo\AppData\Roaming\IObit\IObit Uninstaller\UninstallPromotetemp.exe
[2010.11.05 02:58:15 | 001,169,224 | -HS- | M] (Microsoft Corporation) -- C:\Users\Georgo\AppData\Roaming\Microsoft\microsoftwindowsupdate.exe
[2012.05.31 16:13:45 | 000,029,926 | R--- | M] () -- C:\Users\Georgo\AppData\Roaming\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe
[2010.08.06 08:47:31 | 000,119,808 | R--- | M] () -- C:\Users\Georgo\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
[2012.06.21 16:19:17 | 000,045,126 | R--- | M] () -- C:\Users\Georgo\AppData\Roaming\Microsoft\Installer\{F06AB18D-6F98-48E8-9441-E3290244143D}\_7E1F434A9999C9E2F00693.exe
[2012.06.21 16:19:17 | 000,045,126 | R--- | M] () -- C:\Users\Georgo\AppData\Roaming\Microsoft\Installer\{F06AB18D-6F98-48E8-9441-E3290244143D}\_853F67D554F05449430E7E.exe
[2012.06.21 16:19:17 | 000,045,126 | R--- | M] () -- C:\Users\Georgo\AppData\Roaming\Microsoft\Installer\{F06AB18D-6F98-48E8-9441-E3290244143D}\_E8BD89D60479BE20F67EDF.exe
[2013.09.17 18:29:00 | 032,773,544 | ---- | M] (TuneUp Software) -- C:\Users\Georgo\AppData\Roaming\OpenCandy\24554AF3D4754444876D596FCDCD75D5\Trial-14.0.1000.88_en-US_1004739_ROW-EN.exe
[2014.02.07 13:09:48 | 000,832,864 | ---- | M] (Spigot, Inc.) -- C:\Users\Georgo\AppData\Roaming\Slick Savings\CouponsHelper.exe
[2014.02.14 09:25:17 | 000,188,216 | ---- | M] (Spigot, Inc.) -- C:\Users\Georgo\AppData\Roaming\Slick Savings\Uninstall.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2014.02.19 10:59:40 | 000,367,104 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2014.02.19 10:59:40 | 000,244,736 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2009.07.14 02:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll
[6 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job >
[2014.03.07 09:26:01 | 000,000,830 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2014.03.03 13:12:42 | 000,000,330 | ---- | M] () -- C:\Windows\Tasks\dsmonitor.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >
[2014.02.19 10:59:40 | 000,367,104 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2014.02.19 10:59:40 | 000,244,736 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2009.07.14 02:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll
[6 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2014.03.05 10:21:24 | 000,032,752 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.03.05 10:21:24 | 000,032,752 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[6 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< >

< *crack* /s >
[2013.12.27 17:26:44 | 004,671,146 | ---- | M] () -- \ALL\Priečinky\Priečinky\Ardamax-Keylogger_V4.0.3_Full_Cracked_by_iraq_att.rar
[2009.09.06 17:38:10 | 000,045,056 | ---- | M] () -- \ALL\Priečinky\Priečinky\Wifi Hack chodi\aircrack-ng-1.1-win\aircrack-ng-1.1-win\bin\Aircrack-ng GUI.exe
[2010.04.25 00:26:38 | 001,758,258 | ---- | M] () -- \ALL\Priečinky\Priečinky\Wifi Hack chodi\aircrack-ng-1.1-win\aircrack-ng-1.1-win\bin\aircrack-ng.exe
[2010.04.24 20:06:16 | 000,004,934 | ---- | M] () -- \ALL\Priečinky\Priečinky\Wifi Hack chodi\aircrack-ng-1.1-win\aircrack-ng-1.1-win\manpages\aircrack-ng.1
[2010.04.09 14:50:14 | 000,123,048 | ---- | M] () -- \ALL\Priečinky\Priečinky\Wifi Hack chodi\aircrack-ng-1.1-win\aircrack-ng-1.1-win\src\aircrack-ng.c
[2009.06.13 22:49:08 | 000,007,537 | ---- | M] () -- \ALL\Priečinky\Priečinky\Wifi Hack chodi\aircrack-ng-1.1-win\aircrack-ng-1.1-win\src\aircrack-ng.h
[2009.05.02 23:43:50 | 000,017,975 | ---- | M] () -- \ALL\Priečinky\Priečinky\Wifi Hack chodi\aircrack-ng-1.1-win\aircrack-ng-1.1-win\src\aircrack-ptw-lib.c
[2009.01.22 22:18:02 | 000,002,219 | ---- | M] () -- \ALL\Priečinky\Priečinky\Wifi Hack chodi\aircrack-ng-1.1-win\aircrack-ng-1.1-win\src\aircrack-ptw-lib.h
[2008.12.06 18:53:26 | 000,000,922 | ---- | M] () -- \ALL\Priečinky\Priečinky\Wifi Hack chodi\aircrack-ng-1.1-win\aircrack-ng-1.1-win\src\GUI\Aircrack-ng.sln
[2008.12.06 18:53:26 | 000,003,341 | ---- | M] () -- \ALL\Priečinky\Priečinky\Wifi Hack chodi\aircrack-ng-1.1-win\aircrack-ng-1.1-win\src\GUI\Aircrack-ng\Aircrack-ng.csproj
[2008.12.06 18:53:26 | 000,000,538 | ---- | M] () -- \ALL\Priečinky\Priečinky\Wifi Hack chodi\aircrack-ng-1.1-win\aircrack-ng-1.1-win\src\GUI\Aircrack-ng\Aircrack-ng.csproj.user
[2007.04.12 15:34:32 | 004,440,620 | ---- | M] () -- \Program Files\Pinnacle\Studio 11\Sound Effects\UFX Explosions and Fires\Fire Crackle.wav
[2007.04.12 15:36:14 | 000,843,284 | ---- | M] () -- \Program Files\Pinnacle\Studio 11\Sound Effects\UFX Gag\Whip Crack Vx.wav
[2007.04.12 15:36:14 | 000,843,284 | ---- | M] () -- \Program Files\Pinnacle\Studio 11\Sound Effects\UFX Gag\Whip Crack.wav
[2007.04.12 15:36:16 | 000,597,884 | ---- | M] () -- \Program Files\Pinnacle\Studio 11\Sound Effects\UFX Performing Kids\Bat Crack .wav
[2007.04.12 15:34:46 | 000,391,360 | ---- | M] () -- \Program Files\Pinnacle\Studio 11\Sound Effects\UFX Sports\Baseball - Bat Cracking.wav
[2007.04.12 15:36:22 | 016,633,220 | ---- | M] () -- \Program Files\Pinnacle\Studio 11\Sound Effects\UFX Winter Fun\Crackling Hearth.wav
[2006.09.13 08:08:58 | 000,000,721 | ---- | M] () -- \Program Files\Pinnacle\Studio 15\Plugins\RTFx\HfxXML\Crackers.xml
[2006.09.13 08:08:56 | 000,000,738 | ---- | M] () -- \Program Files\Pinnacle\Studio 15\Plugins\RTFx\HfxXML\FireCracker.xml
[2006.08.11 14:52:46 | 000,068,698 | R--- | M] () -- \Program Files\Steinberg\Nuendo 4\Track Presets\Audio\Nutcracker Synth Brass.trackpreset
[2006.08.03 13:42:44 | 000,000,799 | R--- | M] () -- \Program Files\Steinberg\Nuendo 4\VST3 Presets\Steinberg Media Technologies\Grungelizer\Vinyl Crackles.vstpreset
[2006.08.03 13:49:42 | 000,003,755 | R--- | M] () -- \Program Files\Steinberg\Nuendo 4\VST3 Presets\Steinberg Media Technologies\StudioChorus\Chipmunks On Crack.vstpreset
[2014.01.02 20:51:22 | 000,000,319 | ---- | M] () -- \Users\Georgo\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fi.crackedcdn.com%2Ffavicon.png
[2010.03.04 20:37:46 | 000,010,179 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\HollywoodFX\Effects\65 - Patriotic\FireCracker.hfx
[2010.03.04 20:37:46 | 000,008,201 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\HollywoodFX\Effects\70 - Foods\Crackers.hfx
[2010.03.04 20:45:04 | 001,543,882 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\HollywoodFX\Objects\Food\Cracker.hfo
[2010.03.04 20:45:06 | 000,026,143 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\HollywoodFX\Objects\Patriotic\Firecracker BAM.hfo
[2010.03.04 20:45:06 | 000,027,267 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\HollywoodFX\Objects\Patriotic\Firecracker bottom.hfo
[2010.03.04 20:45:06 | 000,080,879 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\HollywoodFX\Objects\Patriotic\Firecracker top.hfo
[2010.10.19 12:32:04 | 000,843,284 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\Sound Effects\UFX – Gag\Whip Crack Vx.wav
[2010.10.19 12:32:04 | 000,843,284 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\Sound Effects\UFX – Gag\Whip Crack.wav
[2010.10.19 12:32:06 | 000,597,884 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\Sound Effects\UFX – Hrající si děti\Bat Crack .wav
[2010.10.19 12:32:08 | 016,633,220 | ---- | M] () -- \Users\Public\Documents\Pinnacle\Content\Sound Effects\UFX – Zimní radovánky\Crackling Hearth.wav

< *keygen* /s >
[2010.03.27 14:59:19 | 000,154,112 | ---- | M] () -- \ALL\Priečinky\Priečinky\Ecodsoft.Keylogger.v3.5.8\Ecodsoft.Keylogger.v3.5.8\Ecodsoft Keylogger v3.5.8\keygen.exe
[2012.02.18 22:47:52 | 002,000,896 | ---- | M] () -- \Program Files\Sony\Vegas Movie Studio HD 11.0\Keygen.exe

< *AntiWPA* /s >

< *loader* /s >
[2011.02.20 06:11:58 | 000,050,771 | ---- | M] () -- \ALL\Priečinky\Priečinky\Karaoke ceske+zahranicni+program\Karaoke\Cizí karaoke\Toploader\Toploader - Dancing In The Moonlight.mid
[2009.04.03 11:55:36 | 000,530,432 | ---- | M] () -- \ALL\Priečinky\Priečinky\USDownloader135\USDownloader.exe
[2010.05.16 09:26:25 | 000,000,506 | -HS- | M] () -- \ALL\Priečinky\Priečinky\USDownloader135\USDownloader.exe.manifest
[2010.05.18 17:32:34 | 000,002,608 | ---- | M] () -- \ALL\Priečinky\Priečinky\USDownloader135\USDownloader.ini
[2010.05.18 17:30:48 | 000,083,256 | ---- | M] () -- \ALL\Priečinky\Priečinky\USDownloader135\USDownloader.log
[2010.05.18 17:32:34 | 000,008,856 | ---- | M] () -- \ALL\Priečinky\Priečinky\USDownloader135\USDownloader.lst
[2010.05.18 17:30:49 | 000,008,856 | ---- | M] () -- \ALL\Priečinky\Priečinky\USDownloader135\USDownloader.lst1.bak
[2010.05.18 17:00:04 | 000,008,856 | ---- | M] () -- \ALL\Priečinky\Priečinky\USDownloader135\USDownloader.lst2.bak
[2010.05.18 16:43:34 | 000,008,848 | ---- | M] () -- \ALL\Priečinky\Priečinky\USDownloader135\USDownloader.lst3.bak
[2010.05.17 21:00:28 | 000,008,806 | ---- | M] () -- \ALL\Priečinky\Priečinky\USDownloader135\USDownloader.lst4.bak
[2010.05.17 20:24:38 | 000,008,806 | ---- | M] () -- \ALL\Priečinky\Priečinky\USDownloader135\USDownloader.lst5.bak
[2010.05.17 20:06:51 | 000,008,737 | ---- | M] () -- \ALL\Priečinky\Priečinky\USDownloader135\USDownloader.lst6.bak
[2010.05.17 19:24:41 | 000,008,667 | ---- | M] () -- \ALL\Priečinky\Priečinky\USDownloader135\USDownloader.lst7.bak
[2010.05.17 18:42:01 | 000,008,597 | ---- | M] () -- \ALL\Priečinky\Priečinky\USDownloader135\USDownloader.lst8.bak
[2010.05.17 17:59:15 | 000,008,527 | ---- | M] () -- \ALL\Priečinky\Priečinky\USDownloader135\USDownloader.lst9.bak
[2009.03.27 17:20:48 | 000,015,737 | ---- | M] () -- \ALL\Priečinky\Priečinky\USDownloader135\Langs\USDownloader.ara.lng
[2008.11.25 08:29:58 | 000,017,652 | ---- | M] () -- \ALL\Priečinky\Priečinky\USDownloader135\Langs\USDownloader.bul.lng
[2007.06.14 13:02:10 | 000,018,268 | ---- | M] () -- \ALL\Priečinky\Priečinky\USDownloader135\Langs\USDownloader.cat.lng
[2008.09.10 21:55:24 | 000,013,529 | ---- | M] () -- \ALL\Priečinky\Priečinky\USDownloader135\Langs\USDownloader.chs.lng
[2010.05.18 17:30:58 | 000,016,996 | ---- | M] () -- \ALL\Priečinky\Priečinky\USDownloader135\Langs\USDownloader.cze.lng
[2008.08.07 16:54:58 | 000,017,527 | ---- | M] () -- \ALL\Priečinky\Priečinky\USDownloader135\Langs\USDownloader.de.lng
[2008.06.27 14:06:52 | 000,017,786 | ---- | M] () -- \ALL\Priečinky\Priečinky\USDownloader135\Langs\USDownloader.du.lng
[2007.06.14 13:03:14 | 000,017,427 | ---- | M] () -- \ALL\Priečinky\Priečinky\USDownloader135\Langs\USDownloader.ell.lng
[2008.06.24 22:56:06 | 000,016,557 | ---- | M] () -- \ALL\Priečinky\Priečinky\USDownloader135\Langs\USDownloader.eng.lng
[2009.02.02 13:30:30 | 000,016,371 | ---- | M] () -- \ALL\Priečinky\Priečinky\USDownloader135\Langs\USDownloader.est.lng
[2008.04.20 00:05:08 | 000,019,089 | ---- | M] () -- \ALL\Priečinky\Priečinky\USDownloader135\Langs\USDownloader.fre.lng
[2008.10.23 10:12:58 | 000,017,548 | ---- | M] () -- \ALL\Priečinky\Priečinky\USDownloader135\Langs\USDownloader.gal.lng
[2008.11.22 15:49:18 | 000,019,443 | ---- | M] () -- \ALL\Priečinky\Priečinky\USDownloader135\Langs\USDownloader.hu.lng
[2007.06.19 12:48:14 | 000,017,335 | ---- | M] () -- \ALL\Priečinky\Priečinky\USDownloader135\Langs\USDownloader.it.lng
[2008.07.02 12:35:08 | 000,016,525 | ---- | M] () -- \ALL\Priečinky\Priečinky\USDownloader135\Langs\USDownloader.lit.lng
[2007.12.16 03:50:52 | 000,016,839 | ---- | M] () -- \ALL\Priečinky\Priečinky\USDownloader135\Langs\USDownloader.nor.lng
[2008.03.13 14:46:26 | 000,016,695 | ---- | M] () -- \ALL\Priečinky\Priečinky\USDownloader135\Langs\USDownloader.pl.lng
[2007.06.18 21:11:58 | 000,017,909 | ---- | M] () -- \ALL\Priečinky\Priečinky\USDownloader135\Langs\USDownloader.ptbr.lng
[2008.11.19 16:13:38 | 000,017,758 | ---- | M] () -- \ALL\Priečinky\Priečinky\USDownloader135\Langs\USDownloader.ro.lng
[2007.07.26 11:58:28 | 000,013,780 | ---- | M] () -- \ALL\Priečinky\Priečinky\USDownloader135\Langs\USDownloader.rus.lng
[2008.06.27 22:56:08 | 000,016,918 | ---- | M] () -- \ALL\Priečinky\Priečinky\USDownloader135\Langs\USDownloader.ser.lng
[2007.11.20 10:44:34 | 000,016,760 | ---- | M] () -- \ALL\Priečinky\Priečinky\USDownloader135\Langs\USDownloader.sk.lng
[2008.12.22 11:21:12 | 000,018,346 | ---- | M] () -- \ALL\Priečinky\Priečinky\USDownloader135\Langs\USDownloader.spa.lng
[2007.07.09 16:41:56 | 000,016,202 | ---- | M] () -- \ALL\Priečinky\Priečinky\USDownloader135\Langs\USDownloader.swe.lng
[2008.07.04 09:59:50 | 000,017,726 | ---- | M] () -- \ALL\Priečinky\Priečinky\USDownloader135\Langs\USDownloader.tr.lng
[2008.05.06 00:41:22 | 000,013,624 | ---- | M] () -- \ALL\Priečinky\Priečinky\USDownloader135\Langs\USDownloader.tw.lng
[2007.06.14 13:05:38 | 000,017,043 | ---- | M] () -- \ALL\Priečinky\Priečinky\USDownloader135\Langs\USDownloader.ukr.lng
[2009.03.20 17:41:36 | 000,034,304 | ---- | M] () -- \ALL\Priečinky\Priečinky\USDownloader135\Plugins\SexUploader.plg
[2005.03.24 12:51:08 | 000,002,090 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge\Resources\en\_media\rssloader.swf
[2005.03.16 18:16:50 | 000,113,664 | ---- | M] () -- \Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[2014.02.06 00:52:40 | 000,007,281 | ---- | M] () -- \Program Files\Common Files\Apple\Apple Application Support\WebKit.resources\inspector\HeapSnapshotLoader.js
[2013.11.20 15:43:14 | 000,059,720 | ---- | M] () -- \Program Files\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
[2013.11.20 15:43:14 | 001,116,488 | ---- | M] () -- \Program Files\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader_main.dll
[2013.09.14 00:50:46 | 000,008,827 | ---- | M] () -- \Program Files\Common Files\Apple\Internet Services\WebKit.resources\inspector\HeapSnapshotLoader.js
[2006.10.26 12:40:34 | 000,057,344 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006.10.26 12:40:34 | 000,005,120 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2014.02.13 19:01:18 | 001,756,480 | ---- | M] () -- \Program Files\IObit\Smart Defrag 3\ActionCenterDownloader.exe
[2007.03.09 11:57:00 | 000,486,216 | ---- | M] () -- \Program Files\proDAD\Heroglyph-2.5\imageloader1exp.dll
[2007.03.07 18:12:42 | 000,486,216 | ---- | M] () -- \Program Files\proDAD\Vitascene-1.0\imageloader10x1.dll
[2010.12.16 16:43:00 | 000,000,024 | ---- | M] () -- \ProgramData\__FileUploader.log
[2014.02.27 13:32:48 | 000,037,189 | ---- | M] () -- \ProgramData\IObit\ASCDownloader\Downloader.log
[2010.02.05 13:22:02 | 000,000,232 | ---- | M] () -- \ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\MySpace\uploadError.xml
[2012.12.04 17:00:50 | 000,072,638 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.gif
[2012.12.04 17:00:50 | 000,003,032 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.png
[2012.12.04 17:00:50 | 000,009,772 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\retina\loader@2x.png
[2010.12.16 16:43:00 | 000,000,024 | ---- | M] () -- \Users\All Users\__FileUploader.log
[2014.02.27 13:32:48 | 000,037,189 | ---- | M] () -- \Users\All Users\IObit\ASCDownloader\Downloader.log
[2010.02.05 13:22:02 | 000,000,232 | ---- | M] () -- \Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\MySpace\uploadError.xml
[2012.12.04 17:00:50 | 000,072,638 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.gif
[2012.12.04 17:00:50 | 000,003,032 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.png
[2012.12.04 17:00:50 | 000,009,772 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\retina\loader@2x.png
[2011.01.09 11:48:10 | 000,093,198 | ---- | M] () -- \Users\Georgo\AppData\Local\SRDownloader.err
[2011.01.09 11:47:52 | 000,003,368 | ---- | M] () -- \Users\Georgo\AppData\Local\SRDownloader.nast
[2012.05.30 21:17:48 | 000,000,024 | ---- | M] () -- \Users\Georgo\AppData\Local\VirtualStore\ProgramData\__FileUploader.log
[2013.07.02 15:33:25 | 000,140,351 | ---- | M] () -- \Users\Georgo\AppData\Roaming\DVDVideoSoft\logs\YTVDownloader_extra1.log
[2013.02.08 14:15:22 | 000,000,003 | ---- | M] () -- \Users\Georgo\AppData\Roaming\DVDVideoSoft\logs\YTVDownloader_extra2.log
[2012.05.08 08:18:02 | 000,005,469 | ---- | M] () -- \Users\Georgo\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\content\loader.js
[2012.05.08 08:18:02 | 000,004,163 | ---- | M] () -- \Users\Georgo\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com\resources\api-utils\lib\windows\loader.js
[2010.05.16 19:56:38 | 000,000,506 | -HS- | M] () -- \Users\Georgo\Desktop\USDownloader.exe.manifest
[1 \Users\Georgo\Desktop\*.tmp files -> \Users\Georgo\Desktop\*.tmp -> ]
[2010.01.28 21:52:11 | 010,750,324 | ---- | M] () -- \Users\Georgo\Downloads\New Windows 7 Activator [2010] [blaze69]\New Windows 7 Activator [2010]\New Windows 7 Activator [2010]\7Loader Release 5.exe
[2011.05.14 07:22:35 | 000,003,584 | ---- | M] () -- \Windows\SoftwareDistribution\Download\788eedced9cfc84fccce5b1e461f84da\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16816_none_0ad4ff55dce9d030\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.03 06:50:16 | 000,003,584 | ---- | M] () -- \Windows\SoftwareDistribution\Download\788eedced9cfc84fccce5b1e461f84da\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.20978_none_0b1fbd2cf6364a4e\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.05.14 07:13:36 | 000,003,584 | ---- | M] () -- \Windows\SoftwareDistribution\Download\788eedced9cfc84fccce5b1e461f84da\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17617_none_0cbc5ca5da0f5573\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.05.14 08:15:40 | 000,003,584 | ---- | M] () -- \Windows\SoftwareDistribution\Download\788eedced9cfc84fccce5b1e461f84da\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21728_none_0d3c29cef3342a85\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.02 06:45:50 | 000,003,584 | ---- | M] () -- \Windows\SoftwareDistribution\Download\a761b4972c9a24b897517ef05212a73f\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16823_none_0ac72e8bdcf4a01c\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.03 06:50:16 | 000,003,584 | ---- | M] () -- \Windows\SoftwareDistribution\Download\a761b4972c9a24b897517ef05212a73f\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.20978_none_0b1fbd2cf6364a4e\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.03 06:47:28 | 000,003,584 | ---- | M] () -- \Windows\SoftwareDistribution\Download\a761b4972c9a24b897517ef05212a73f\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_0caf8c25da193eb6\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.06.03 07:56:06 | 000,003,584 | ---- | M] () -- \Windows\SoftwareDistribution\Download\a761b4972c9a24b897517ef05212a73f\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21738_none_0d3159e2f33c4676\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 02:48:15 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[6 \Windows\System32\*.tmp files -> \Windows\System32\*.tmp -> ]
[2011.07.15 12:32:40 | 000,012,532 | ---- | M] () -- \Windows\System32\Adobe\Shockwave 11\shockwave_Projector_Loader.dcr
[2010.04.29 11:11:00 | 000,009,622 | ---- | M] () -- \Windows\System32\Macromed\Shockwave 10\shockwave_Projector_Loader.dcr
[2009.07.14 05:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2009.07.14 09:43:57 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2009.07.14 09:43:57 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winload.exe.mui_3bc5b827
[2009.07.14 09:43:57 | 000,030,272 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winresume.exe.mui_ff8b5358
[2010.05.02 13:19:56 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2010.05.02 13:19:56 | 000,033,344 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winload.exe.mui_3bc5b827
[2010.05.02 13:19:56 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winresume.exe.mui_ff8b5358
[2012.10.01 18:16:23 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2012.10.01 18:16:24 | 000,508,904 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winload.exe_75835076
[2012.10.01 18:16:24 | 000,442,720 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winresume.exe_85cd1215
[2009.07.14 03:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 03:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2009.07.14 09:42:11 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2009.07.13 17:29:12 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009.07.14 02:47:46 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009.08.19 08:38:48 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2009.08.19 08:21:21 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20509_none_5be12f8ee6d3987e.manifest
[2010.11.20 04:02:40 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2009.07.14 02:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 05:19:58 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16850_none_0aa3bde9dd0fa7ea\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.18 12:09:17 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17107_none_0ae0ab79dce0fb26\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 17:45:38 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17135_none_0abe3b21dcfb1c4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 05:56:23 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17179_none_0a96fc99dd17f16b\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 05:43:53 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17206_none_0adfad15dce1def6\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 05:12:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21010_none_0b587286f60d0b32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.20 18:42:56 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21306_none_0b6949e0f5ff7ec0\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 17:48:05 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21335_none_0b47d9d2f618b93c\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 05:44:10 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21386_none_0b12ca80f6405e48\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 05:39:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21416_none_0b5e7bdaf60797d8\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 05:15:45 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.20 18:32:13 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17932_none_0ca1c10dda240617\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 17:40:37 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_0c845227da39a5ef\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 05:45:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 02:48:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.16 05:36:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_0d001876f3621e30\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.20 18:23:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22091_none_0ce95442f3736a4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 17:29:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_0d3906c4f3370937\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 05:46:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_0d04f7bcf35dc79a\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 05:43:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22209_none_0d52a9aaf32333d8\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 06:53:29 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_0d3fdb3af3327f5f\api-ms-win-core-libraryloader-l1-1-0.dll

< *minodlogin* /s >

< *tnod* /s >

< *AutoKMS* /s >

< *activator* /s >
[2011.04.02 10:05:52 | 010,319,536 | ---- | M] () -- \Downloads\New Windows 7 Activator [2010] [blaze69]\New Windows 7 Activator [2010].rar
[2011.03.30 20:35:16 | 000,000,634 | ---- | M] () -- \Users\Georgo\AppData\Local\Opera\Opera\bt_metadata\New Windows 7 Activator [2010] [blaze69].dat
[2010.07.11 11:37:47 | 000,002,797 | ---- | M] () -- \Users\Georgo\AppData\Local\Opera\Opera\bt_metadata\New Windows 7 Ultimate Activator [2010].rar.dat
[2010.07.11 10:35:04 | 000,003,809 | ---- | M] () -- \Users\Georgo\Downloads\New Windows 7 Activator [2010] [blaze69].torrent
[2010.07.11 11:29:50 | 000,004,165 | ---- | M] () -- \Users\Georgo\Downloads\New Windows 7 Ultimate Activator [2010].rar.torrent
[2010.07.11 10:36:36 | 010,319,536 | ---- | M] () -- \Users\Georgo\Downloads\New Windows 7 Activator [2010] [blaze69]\New Windows 7 Activator [2010].rar

< *serial* /s >
[2009.12.15 08:23:23 | 000,000,015 | ---- | M] () -- \ALL\Priečinky\Priečinky\Amazing Slow Downer 3.2.6 FULL\Serial.txt
[2007.08.22 20:34:58 | 000,000,013 | ---- | M] () -- \ALL\Priečinky\Priečinky\Amazing Slow Downer 3.2.6 FULL\amazing_ax-Slow Downer-chodi\serial.txt
[2007.08.22 20:32:41 | 000,003,691 | ---- | M] () -- \ALL\Priečinky\Priečinky\Amazing Slow Downer 3.2.6 FULL\amazing_ax-Slow Downer-chodi\amazslow_ax\amazing.slow.downer.v3.1.7.serial.and.dll-icu.zip
[2011.10.16 07:29:35 | 000,003,292 | ---- | M] () -- \cygwin\usr\share\doc\gettext\javadoc2\serialized-form.html
[2012.10.03 10:44:32 | 000,000,205 | ---- | M] () -- \Downloads\DATA RECOVERY SOFTWARE - SIM Card Data Recovery 4.0 Full + SERIAL [h33t] [maxuploader]\SIM_Card_Data_Recovery_Software\SIM Card Data Recovery Software\serial.txt
[2010.02.22 15:18:02 | 000,775,464 | ---- | M] () -- \Program Files\Nero\Nero 10\Nero BackItUp\SetSerial.exe
[2008.09.04 08:06:40 | 000,079,120 | ---- | M] () -- \Program Files\Pinnacle\Hollywood Fx For Studio\6.0\HfxSerial.exe
[2008.09.04 08:07:02 | 000,010,512 | ---- | M] () -- \Program Files\Pinnacle\Hollywood Fx For Studio\6.0\Languages\HfxSerial-CHS.dll
[2008.09.04 08:07:04 | 000,011,024 | ---- | M] () -- \Program Files\Pinnacle\Hollywood Fx For Studio\6.0\Languages\HfxSerial-DEU.dll
[2008.09.04 08:07:04 | 000,011,024 | ---- | M] () -- \Program Files\Pinnacle\Hollywood Fx For Studio\6.0\Languages\HfxSerial-ESP.dll
[2008.09.04 08:07:06 | 000,011,024 | ---- | M] () -- \Program Files\Pinnacle\Hollywood Fx For Studio\6.0\Languages\HfxSerial-FRA.dll
[2008.09.04 08:07:10 | 000,011,024 | ---- | M] () -- \Program Files\Pinnacle\Hollywood Fx For Studio\6.0\Languages\HfxSerial-ITA.dll
[2008.09.04 08:07:14 | 000,010,512 | ---- | M] () -- \Program Files\Pinnacle\Hollywood Fx For Studio\6.0\Languages\HfxSerial-JPN.dll
[2008.09.04 08:07:14 | 000,010,512 | ---- | M] () -- \Program Files\Pinnacle\Hollywood Fx For Studio\6.0\Languages\HfxSerial-KOR.dll
[2008.09.04 08:07:16 | 000,011,024 | ---- | M] () -- \Program Files\Pinnacle\Hollywood Fx For Studio\6.0\Languages\HfxSerial-NLD.dll
[2012.10.05 11:53:23 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2010.11.05 02:53:39 | 000,090,112 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[2013.01.16 14:47:30 | 000,026,464 | ---- | M] () -- \Program Files\Uniblue\DriverScanner\ds_move_serial.exe
[2013.11.21 14:08:42 | 000,000,000 | ---- | M] () -- \Users\Georgo\AppData\LocalLow\boost_interprocess\DDM0serviceCmdSerializeLock
[2009.07.14 09:43:23 | 000,011,776 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.06.10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2010.11.13 02:55:26 | 000,090,112 | ---- | M] () -- \Windows\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
[2012.10.05 11:53:23 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2014.02.19 10:13:30 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\553e7bfc9cac5e4feaa83d8ee1e187bd\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.02.19 10:19:08 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f177ea74036d5fdc6c6b9c967dc877cf\System.Runtime.Serialization.ni.dll
[2014.02.18 15:17:20 | 000,309,760 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#\abb3fbf787b74b7d2513a8c409b5ef74\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.02.18 15:17:20 | 000,000,580 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#\abb3fbf787b74b7d2513a8c409b5ef74\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux
[2014.02.18 15:18:21 | 002,825,216 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
[2014.02.18 15:18:21 | 000,001,308 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll.aux
[2014.02.19 09:42:22 | 000,026,624 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.84e525b7#\94ce7a3b39b335283a0087f9964e9099\System.Xml.Serialization.ni.dll
[2014.02.19 09:42:22 | 000,000,376 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.84e525b7#\94ce7a3b39b335283a0087f9964e9099\System.Xml.Serialization.ni.dll.aux
[2013.09.11 22:33:38 | 000,027,920 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\v4.0_4.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2013.09.11 22:33:38 | 000,133,344 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2013.09.11 21:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Json\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Json.dll
[2013.09.11 21:21:54 | 000,022,208 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Primitives.dll
[2013.09.11 22:33:38 | 000,113,864 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.RunTime.Serialization.resources\v4.0_4.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.resources.dll
[2013.09.11 21:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Xml\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Xml.dll
[2013.09.11 22:33:38 | 001,052,320 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2013.09.11 21:21:54 | 000,036,480 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
[2013.09.11 21:21:54 | 000,022,656 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.XmlSerializer\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Xml.XmlSerializer.dll
[2009.06.10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2010.11.05 02:53:33 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2012.10.05 11:53:24 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2013.09.11 22:33:38 | 001,052,320 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2013.09.11 22:33:38 | 000,133,344 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2013.09.11 21:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Json.dll
[2013.09.11 21:21:54 | 000,022,208 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Primitives.dll
[2013.09.11 21:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Xml.dll
[2013.09.11 21:21:54 | 000,036,480 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll
[2013.09.11 21:21:54 | 000,022,656 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.XmlSerializer.dll
[2013.09.11 22:33:38 | 000,027,920 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2013.09.11 22:33:38 | 000,113,864 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\cs\System.RunTime.Serialization.resources.dll
[2009.07.14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[6 \Windows\System32\*.tmp files -> \Windows\System32\*.tmp -> ]
[2009.07.14 09:43:17 | 000,005,120 | ---- | M] () -- \Windows\System32\cs-CZ\serialui.dll.mui
[2009.07.14 00:45:33 | 000,083,456 | ---- | M] () -- \Windows\System32\drivers\serial.sys
[2009.07.14 09:43:30 | 000,009,728 | ---- | M] () -- \Windows\System32\drivers\cs-CZ\serial.sys.mui
[2009.07.13 17:09:30 | 000,010,240 | ---- | M] () -- \Windows\System32\drivers\en-US\serial.sys.mui
[2009.07.13 23:13:45 | 001,068,032 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\mdmmotsm.inf_x86_neutral_c1415d9789c54b89\smserial.sys
[2009.07.14 00:45:33 | 000,083,456 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_x86_neutral_c1a802e06677f73f\serial.sys
[2009.07.13 23:09:18 | 000,031,232 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_x86_neutral_63e72c669d043f14\grserial.sys
[2009.07.13 17:29:14 | 000,005,120 | ---- | M] () -- \Windows\System32\sk-SK\serialui.dll.mui
[2009.07.14 03:18:03 | 000,002,762 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486.manifest
[2009.07.14 03:18:03 | 000,015,952 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486_kdcom.dll_db5e7744
[2009.07.14 09:43:55 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed_serialui.dll.mui_7d29d2a3
[2010.05.02 13:19:57 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_sk-sk_79d39f727217a41c_serialui.dll.mui_7d29d2a3
[2009.07.14 03:18:51 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a_serialui.dll_bea29328
[2009.07.14 02:52:33 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896.manifest
[2010.11.20 04:06:16 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c.manifest
[2012.10.05 18:15:39 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17966_none_a683f56a74d63285.manifest
[2012.10.05 18:17:50 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22126_none_8fb250ac8e81277d.manifest
[2009.07.14 09:42:43 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0.manifest
[2009.07.13 17:28:14 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_en-us_8f71d563bf7aa3c2.manifest
[2012.10.05 20:04:43 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17966_cs-cz_342f3c238422529f.manifest
[2012.10.05 18:12:04 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17966_en-us_8f4bb639bfcd9db1.manifest
[2012.10.05 20:02:24 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22126_cs-cz_1d5d97659dcd4797.manifest
[2012.10.05 18:12:20 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22126_en-us_787a117bd97892a9.manifest
[2009.07.14 02:51:52 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9.manifest
[2010.11.20 04:05:38 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f.manifest
[2012.10.05 18:15:03 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17966_none_d6c72b049c7d33b8.manifest
[2012.10.05 18:17:15 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22126_none_bff58646b62828b0.manifest
[2009.07.14 02:49:26 | 000,002,762 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486.manifest
[2009.07.14 02:45:27 | 000,000,866 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.1.7600.16385_none_2c93290b67c98d09.manifest
[2009.07.14 02:57:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b.manifest
[2010.11.20 04:10:46 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1.manifest
[2012.10.05 18:19:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_dba1d6d1dd53cdfa.manifest
[2012.10.05 18:22:10 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_c4d03213f6fec2f2.manifest
[2009.06.10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll
[2009.07.14 09:43:23 | 000,011,776 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.1.7600.16385_cs-cz_d5c3552dd9b47144\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.06.10 22:14:06 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896\System.Runtime.Serialization.dll
[2010.11.05 02:52:39 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c\System.Runtime.Serialization.dll
[2012.10.05 11:53:24 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17966_none_a683f56a74d63285\System.Runtime.Serialization.dll
[2012.10.05 11:56:07 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22126_none_8fb250ac8e81277d\System.Runtime.Serialization.dll
[2009.07.14 09:43:37 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0\System.RunTime.Serialization.Resources.dll
[2010.11.13 02:55:26 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17966_cs-cz_342f3c238422529f\System.RunTime.Serialization.Resources.dll
[2010.11.13 03:37:50 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22126_cs-cz_1d5d97659dcd4797\System.RunTime.Serialization.Resources.dll
[2009.06.10 22:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9\System.Runtime.Serialization.dll
[2010.11.05 02:52:27 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f\System.Runtime.Serialization.dll
[2012.10.05 11:53:23 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17966_none_d6c72b049c7d33b8\System.Runtime.Serialization.dll
[2012.10.05 11:56:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22126_none_bff58646b62828b0\System.Runtime.Serialization.dll
[2009.07.13 23:13:45 | 001,068,032 | ---- | M] () -- \Windows\winsxs\x86_mdmmotsm.inf_31bf3856ad364e35_6.1.7600.16385_none_7a97936f8a972896\smserial.sys
[2009.07.14 09:43:15 | 000,011,776 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_c002c1170ca9a88f\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010.11.05 02:53:33 | 000,011,776 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_c233d4df09982c29\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.07.14 09:43:17 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed\serialui.dll.mui
[2009.07.13 17:29:14 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_sk-sk_79d39f727217a41c\serialui.dll.mui
[2009.07.14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a\serialui.dll
[2009.07.14 09:43:37 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_5d4a68b4b3d26ecc\System.RunTime.Serialization.Resources.dll
[2010.11.05 02:53:39 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_5f7b7c7cb0c0f266\System.RunTime.Serialization.Resources.dll
[2009.07.14 09:43:30 | 000,009,728 | ---- | M] () -- \Windows\winsxs\x86_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_c48c78a9ad8ff996\serial.sys.mui
[2009.07.13 17:09:30 | 000,010,240 | ---- | M] () -- \Windows\winsxs\x86_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_07e2c405948a55f4\serial.sys.mui
[2009.07.14 00:45:33 | 000,083,456 | ---- | M] () -- \Windows\winsxs\x86_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_f86e06d519b1d9a4\serial.sys
[2009.07.13 23:09:18 | 000,031,232 | ---- | M] () -- \Windows\winsxs\x86_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_7280378295916274\grserial.sys
[2009.06.10 22:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b\System.Runtime.Serialization.dll
[2010.11.05 02:52:27 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1\System.Runtime.Serialization.dll
[2012.10.05 11:53:23 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_dba1d6d1dd53cdfa\System.Runtime.Serialization.dll
[2012.10.05 11:56:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_c4d03213f6fec2f2\System.Runtime.Serialization.dll

< *w7lxe* /s >

========== Files - Unicode (All) ==========
[2011.12.30 22:47:54 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵矑
[2011.12.30 22:47:54 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵矑
[2011.12.30 22:47:54 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵矑
[2011.12.22 15:05:13 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵睴
[2011.12.22 15:05:13 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵睴
[2011.12.22 15:05:13 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵睴
[2011.12.15 15:07:52 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵睾
[2011.12.15 15:07:52 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵睾
[2011.12.15 15:07:52 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵睾
[2011.12.07 19:10:35 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵眣
[2011.12.07 19:10:35 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵眣
[2011.12.07 19:10:35 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵眣
[2011.12.07 15:49:03 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵直
[2011.12.07 15:49:03 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵直
[2011.12.07 15:49:03 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵直
[2011.12.05 15:08:30 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵瞝
[2011.12.05 15:08:30 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵瞝
[2011.12.05 15:08:30 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵瞝
[2011.12.05 14:59:52 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵眗
[2011.12.05 14:59:52 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵眗
[2011.12.05 14:59:52 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵眗
[2011.12.05 14:13:44 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵眱
[2011.12.05 14:13:44 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵眱
[2011.12.05 14:13:44 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵眱
[2011.12.04 11:50:36 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵督
[2011.12.04 11:50:36 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵督
[2011.12.04 11:50:36 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵督
[2011.11.30 16:23:02 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵睛
[2011.11.30 16:23:02 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵睛
[2011.11.30 16:23:02 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵睛
[2011.11.28 10:29:41 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵盬
[2011.11.28 10:29:41 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵盬
[2011.11.28 10:29:41 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵盬
[2011.11.26 14:49:42 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵瞀
[2011.11.26 14:49:42 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵瞀
[2011.11.26 14:49:42 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵瞀
[2011.11.26 10:18:53 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵睓
[2011.11.26 10:18:53 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵睓
[2011.11.26 10:18:53 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵睓
[2011.11.26 10:06:55 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵睫
[2011.11.26 10:06:55 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵睫
[2011.11.26 10:06:55 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵睫
[2011.11.25 20:00:29 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵眿
[2011.11.25 20:00:29 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵眿
[2011.11.25 20:00:29 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵眿
[2011.11.25 19:19:08 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵監
[2011.11.25 19:19:08 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵監
[2011.11.25 19:19:08 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵監
[2011.11.25 19:13:02 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵瞆
[2011.11.25 19:13:02 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵瞆
[2011.11.25 19:13:02 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵瞆
[2011.11.25 19:07:17 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵睡
[2011.11.25 19:07:17 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵睡
[2011.11.25 19:07:17 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵睡
[2011.11.25 18:42:36 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵盧
[2011.11.25 18:42:36 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵盧
[2011.11.25 18:42:36 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵盧
[2011.11.25 12:06:49 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵眂
[2011.11.25 12:06:49 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵眂
[2011.11.25 12:06:49 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵眂
[2011.11.24 18:30:35 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵矔
[2011.11.24 18:30:35 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵矔
[2011.11.24 18:30:35 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵矔
[2011.11.24 15:43:57 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵睱
[2011.11.24 15:43:57 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵睱
[2011.11.24 15:43:57 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵睱
[2011.11.19 18:43:16 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵瞣
[2011.11.19 18:43:16 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵瞣
[2011.11.19 18:43:16 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵瞣
[2011.11.19 12:27:30 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵睃
[2011.11.19 12:27:30 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵睃
[2011.11.19 12:27:30 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵睃
[2011.11.18 13:51:43 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵矌
[2011.11.18 13:51:43 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵矌
[2011.11.18 13:51:43 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵矌
[2011.11.18 10:26:44 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵眥
[2011.11.18 10:26:44 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵眥
[2011.11.18 10:26:44 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵眥
[2011.11.18 10:21:27 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵瞑
[2011.11.18 10:21:27 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵瞑
[2011.11.18 10:21:27 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵瞑
[2011.11.16 18:30:36 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵睲
[2011.11.16 18:30:36 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵睲
[2011.11.16 18:30:36 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵睲
[2011.11.16 14:16:04 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵盤
[2011.11.16 14:16:04 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵盤
[2011.11.16 14:16:04 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵盤
[2011.11.15 18:41:31 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵盹
[2011.11.15 18:41:31 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵盹
[2011.11.15 18:41:31 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵盹
[2011.11.15 18:21:51 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵睒
[2011.11.15 18:21:51 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵睒
[2011.11.15 18:21:51 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵睒
[2011.11.15 15:41:14 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵睑
[2011.11.15 15:41:14 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵睑
[2011.11.15 15:41:14 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵睑
[2011.11.15 12:30:37 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵眚
[2011.11.15 12:30:37 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵眚
[2011.11.15 12:30:37 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵眚
[2011.11.15 12:23:48 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵盨
[2011.11.15 12:23:48 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵盨
[2011.11.15 12:23:48 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵盨
[2011.11.07 16:59:57 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵盻
[2011.11.07 16:59:57 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵盻
[2011.11.07 16:59:57 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵盻
[2011.11.01 10:52:31 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵瞺
[2011.11.01 10:52:31 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵瞺
[2011.11.01 10:52:31 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵瞺
[2011.10.31 21:53:59 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵瞰
[2011.10.31 21:53:59 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵瞰
[2011.10.31 21:53:59 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵瞰
[2011.10.28 19:17:09 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵瞨
[2011.10.28 19:17:09 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵瞨
[2011.10.28 19:17:09 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵瞨
[2011.10.15 19:15:53 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵矃
[2011.10.15 19:15:53 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵矃
[2011.10.15 19:15:53 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵矃
[2011.10.06 17:16:42 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵眃
[2011.10.06 17:16:42 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵眃
[2011.10.06 17:16:42 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵眃
[2011.10.02 10:03:13 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵眺
[2011.10.02 10:03:13 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵眺
[2011.10.02 10:03:13 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵眺
[2011.09.10 17:38:13 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵睢
[2011.09.10 17:38:13 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵睢
[2011.09.10 17:38:13 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵睢
[2011.09.01 13:30:23 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵瞪
[2011.09.01 13:30:23 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵瞪
[2011.09.01 13:30:23 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵瞪
[2011.08.28 15:34:14 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵瞹
[2011.08.28 15:34:14 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵瞹
[2011.08.28 15:34:14 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵瞹
[2011.08.25 12:59:09 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵矗
[2011.08.25 12:59:09 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵矗
[2011.08.25 12:59:09 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵矗
[2011.08.22 07:26:02 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵睷
[2011.08.22 07:26:02 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵睷
[2011.08.22 07:26:02 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵睷
[2011.08.04 10:22:32 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵瞘
[2011.08.04 10:22:32 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵瞘
[2011.08.04 10:22:32 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵瞘
[2011.07.31 20:11:44 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵盞
[2011.07.31 20:11:44 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵盞
[2011.07.31 20:11:44 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵盞
[2005.01.01 00:03:09 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵瞃
[2005.01.01 00:03:09 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\₵瞃
[2005.01.01 00:03:09 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\₵瞃
(C:\Windows\system32\??) -- C:\Windows\system32\₵矗
(C:\Windows\system32\??) -- C:\Windows\system32\₵矔
(C:\Windows\system32\??) -- C:\Windows\system32\₵矑
(C:\Windows\system32\??) -- C:\Windows\system32\₵矌
(C:\Windows\system32\??) -- C:\Windows\system32\₵矃
(C:\Windows\system32\??) -- C:\Windows\system32\₵瞺
(C:\Windows\system32\??) -- C:\Windows\system32\₵瞹
(C:\Windows\system32\??) -- C:\Windows\system32\₵瞰
(C:\Windows\system32\??) -- C:\Windows\system32\₵瞪
(C:\Windows\system32\??) -- C:\Windows\system32\₵瞨
(C:\Windows\system32\??) -- C:\Windows\system32\₵瞣
(C:\Windows\system32\??) -- C:\Windows\system32\₵瞝
(C:\Windows\system32\??) -- C:\Windows\system32\₵瞘
(C:\Windows\system32\??) -- C:\Windows\system32\₵瞑
(C:\Windows\system32\??) -- C:\Windows\system32\₵瞆
(C:\Windows\system32\??) -- C:\Windows\system32\₵瞃
(C:\Windows\system32\??) -- C:\Windows\system32\₵瞀
(C:\Windows\system32\??) -- C:\Windows\system32\₵睾
(C:\Windows\system32\??) -- C:\Windows\system32\₵睷
(C:\Windows\system32\??) -- C:\Windows\system32\₵睴
(C:\Windows\system32\??) -- C:\Windows\system32\₵睲
(C:\Windows\system32\??) -- C:\Windows\system32\₵睱
(C:\Windows\system32\??) -- C:\Windows\system32\₵睫
(C:\Windows\system32\??) -- C:\Windows\system32\₵督
(C:\Windows\system32\??) -- C:\Windows\system32\₵睢
(C:\Windows\system32\??) -- C:\Windows\system32\₵睡
(C:\Windows\system32\??) -- C:\Windows\system32\₵睛
(C:\Windows\system32\??) -- C:\Windows\system32\₵睓
(C:\Windows\system32\??) -- C:\Windows\system32\₵睒
(C:\Windows\system32\??) -- C:\Windows\system32\₵睑
(C:\Windows\system32\??) -- C:\Windows\system32\₵睃
(C:\Windows\system32\??) -- C:\Windows\system32\₵眿
(C:\Windows\system32\??) -- C:\Windows\system32\₵眺
(C:\Windows\system32\??) -- C:\Windows\system32\₵眱
(C:\Windows\system32\??) -- C:\Windows\system32\₵眥
(C:\Windows\system32\??) -- C:\Windows\system32\₵眣
(C:\Windows\system32\??) -- C:\Windows\system32\₵眚
(C:\Windows\system32\??) -- C:\Windows\system32\₵眗
(C:\Windows\system32\??) -- C:\Windows\system32\₵眃
(C:\Windows\system32\??) -- C:\Windows\system32\₵眂
(C:\Windows\system32\??) -- C:\Windows\system32\₵盻
(C:\Windows\system32\??) -- C:\Windows\system32\₵盹
(C:\Windows\system32\??) -- C:\Windows\system32\₵直
(C:\Windows\system32\??) -- C:\Windows\system32\₵盬
(C:\Windows\system32\??) -- C:\Windows\system32\₵盨
(C:\Windows\system32\??) -- C:\Windows\system32\₵盧
(C:\Windows\system32\??) -- C:\Windows\system32\₵盤
(C:\Windows\system32\??) -- C:\Windows\system32\₵監
(C:\Windows\system32\??) -- C:\Windows\system32\₵盞

========== Alternate Data Streams ==========

@Alternate Data Stream - 221 bytes -> C:\ProgramData\TEMP:8927A071
@Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:264B2CC4
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:E36FE0BB
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:B468194E
@Alternate Data Stream - 12 bytes -> C:\Windows\System32:{DA6227CB-326B-4B4D-9A81-04B61F1538DD}
@Alternate Data Stream - 12 bytes -> C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}
@Alternate Data Stream - 12 bytes -> C:\Users\Georgo\Documents:{2C848322-7882-41E2-AFF6-B060B946FEE9}3

< End of report >

georgo22 · #14 Příspěvek od **georgo22** » 07 bře 2014 13:19

A tiež LOG MBAM

Malwarebytes Anti-Malware (Skúšobná verzia) 1.75.0.1300
www.malwarebytes.org

Verzia databázy: v2014.03.07.04

Windows 7 Service Pack 1 x86 NTFS (Núdzový režim)
Internet Explorer 11.0.9600.16518
Georgo :: GEORGO-PC [administrátor]

Ochrana: Vypnuté

7. 3. 2014 11:03:06
MBAM-log-2014-03-07 (13-07-15).txt

Typ kontroly: Úplná kontrola (C:\|)
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 397270
Uplynutý čas: 1 hod, 38 min, 24 sek

Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)

Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)

Detegované registračné kľúče: 8
HKCR\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} (PUP.Optional.Spigot) -> Žiadna úloha nevykonaná.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} (PUP.Optional.Spigot) -> Žiadna úloha nevykonaná.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} (PUP.Optional.Spigot) -> Žiadna úloha nevykonaná.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} (PUP.Optional.Spigot) -> Žiadna úloha nevykonaná.
HKCU\Software\DC3_FEXEC (Malware.Trace) -> Žiadna úloha nevykonaná.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Žiadna úloha nevykonaná.
HKLM\SOFTWARE\Refog Software (Refog.Keylogger) -> Žiadna úloha nevykonaná.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Žiadna úloha nevykonaná.

Detegované registračné hodnoty: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MicrosoftWindowsUpdate (Backdoor.Agent.DCE) -> Dáta: C:\Users\Georgo\AppData\Roaming\Microsoft\microsoftwindowsupdate.exe -> Žiadna úloha nevykonaná.
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Dáta: {F4626748-E91D-11E0-9328-00037AD7C67B} -> Žiadna úloha nevykonaná.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Dáta: {F4626748-E91D-11E0-9328-00037AD7C67B} -> Žiadna úloha nevykonaná.

Detegované položky registračných dát: 2
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Backdoor.Agent.DCE) -> Škodlivý: (C:\Users\Georgo\AppData\Roaming\Microsoft\microsoftwindowsupdate.exe) Dobrý: () -> Žiadna úloha nevykonaná.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Hijack.UserInit) -> Škodlivý: (C:\Windows\system32\userinit.exe,C:\Users\Georgo\AppData\Roaming\Microsoft\microsoftwindowsupdate.exe) Dobrý: (userinit.exe) -> Žiadna úloha nevykonaná.

Detegované priečinky: 7
C:\Users\Georgo\AppData\Roaming\dclogs (Stolen.Data) -> Žiadna úloha nevykonaná.
C:\Users\Georgo\AppData\Local\Slick Savings (PUP.Optional.Spigot.A) -> Žiadna úloha nevykonaná.
C:\directory\CyberGate (Trojan.PWS) -> Žiadna úloha nevykonaná.
C:\directory\CyberGate\install (Trojan.PWS) -> Žiadna úloha nevykonaná.
C:\Users\Georgo\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Žiadna úloha nevykonaná.
C:\Users\Georgo\AppData\Roaming\OpenCandy\24554AF3D4754444876D596FCDCD75D5 (PUP.Optional.OpenCandy) -> Žiadna úloha nevykonaná.
C:\Users\Georgo\AppData\Local\jUEkC9hLgPU (Backdoor.Agent.DC) -> Žiadna úloha nevykonaná.

Detegované súbory: 35
C:\Users\Georgo\AppData\Roaming\Slick Savings\Coupons.dll (PUP.Optional.Spigot) -> Žiadna úloha nevykonaná.
C:\ALL\Priečinky\iepv.zip (PUP.PSW.Passview) -> Žiadna úloha nevykonaná.
C:\ALL\Priečinky\iepv\iepv.exe (PUP.PSW.Passview) -> Žiadna úloha nevykonaná.
C:\ALL\Priečinky\Priečinky\Ardamax-Keylogger_V4.0.3_Full_Cracked_by_iraq_att.rar (Trojan.Agent.PB) -> Žiadna úloha nevykonaná.
C:\ALL\Priečinky\Priečinky\Kaspersky 2011 + PAtch\Kaspersky 2011 + PAtch\Patch\Bonus\Universal Shield v4.4\FIX\universal.shield.4.4-patch.rar (PUP.Hacktool.Patcher) -> Žiadna úloha nevykonaná.
C:\ALL\Priečinky\Priečinky\Kaspersky 2011 + PAtch\Kaspersky 2011 + PAtch\Patch\Bonus\Universal Shield v4.4\FIX\universal.shield.4.4-patch\universal.shield.4.4-patch.exe (PUP.Hacktool.Patcher) -> Žiadna úloha nevykonaná.
C:\backup\dat10\btdevices.exe (BitcoinMiner) -> Žiadna úloha nevykonaná.
C:\backup\dat10\dat101.exe (BitcoinMiner) -> Žiadna úloha nevykonaná.
C:\backup\dat11\brtorrent.exe (BitcoinMiner) -> Žiadna úloha nevykonaná.
C:\backup\dat11\dat111.exe (BitcoinMiner) -> Žiadna úloha nevykonaná.
C:\backup\dat15\dat152.exe (BitcoinMiner) -> Žiadna úloha nevykonaná.
C:\backup\dat15\dxaudio.exe (BitcoinMiner) -> Žiadna úloha nevykonaná.
C:\backup\dat3\dat32.exe (PUP.BitCoinMiner) -> Žiadna úloha nevykonaná.
C:\backup\dat3\dwmm.exe (PUP.BitCoinMiner) -> Žiadna úloha nevykonaná.
C:\backup\dat4\dat42.exe (PUP.BitCoinMiner) -> Žiadna úloha nevykonaná.
C:\backup\dat4\taskc.exe (PUP.BitCoinMiner) -> Žiadna úloha nevykonaná.
C:\backup\dat5\dat51.exe (PUP.BitCoinMiner) -> Žiadna úloha nevykonaná.
C:\backup\dat5\element.exe (PUP.BitCoinMiner) -> Žiadna úloha nevykonaná.
C:\backup\dat8\dat81.exe (PUP.BitCoinMiner) -> Žiadna úloha nevykonaná.
C:\backup\dat8\extension.exe (PUP.BitCoinMiner) -> Žiadna úloha nevykonaná.
C:\Downloads\New Windows 7 Activator [2010] [blaze69]\New Windows 7 Activator [2010].rar (Trojan.Agent) -> Žiadna úloha nevykonaná.
C:\Program Files\4Videosoft Studio\4Videosoft DVD to MP3 Converter\4videosoft.dvd.to.mp3.converter.v3.3.22-patch.exe (PUP.Hacktool.Patcher) -> Žiadna úloha nevykonaná.
C:\Program Files\Driver Magician\driver.magician.3.x-patch.exe (PUP.Hacktool.Patcher) -> Žiadna úloha nevykonaná.
C:\Program Files\Sony\Vegas Movie Studio HD 11.0\Keygen.exe (RiskWare.Tool.HCK) -> Žiadna úloha nevykonaná.
C:\Users\Georgo\AppData\Roaming\Facebook Account Hacker v.5.2.exe (Spyware.Password) -> Žiadna úloha nevykonaná.
C:\Users\Georgo\Downloads\New Windows 7 Activator [2010] [blaze69]\New Windows 7 Activator [2010].rar (Trojan.Agent) -> Žiadna úloha nevykonaná.
C:\Users\Georgo\Downloads\New Windows 7 Activator [2010] [blaze69]\New Windows 7 Activator [2010]\New Windows 7 Activator [2010]\7Loader Release 5.exe (Trojan.Agent) -> Žiadna úloha nevykonaná.
C:\Users\Georgo\Downloads\New Windows 7 Activator [2010] [blaze69]\New Windows 7 Activator [2010]\New Windows 7 Activator [2010]\RemoveWAT.exe (HackTool.Wpakill) -> Žiadna úloha nevykonaná.
C:\Windows\System32\xa259534074.exe (PUP.Optional.DealioTB.A) -> Žiadna úloha nevykonaná.
C:\Windows\System32\xa259534448.exe (PUP.Optional.DealioTB.A) -> Žiadna úloha nevykonaná.
C:\Users\Georgo\AppData\Roaming\Microsoft\microsoftwindowsupdate.exe (Backdoor.Agent.DCE) -> Žiadna úloha nevykonaná.
C:\ProgramData\KeyLog.txt (Stolen.Data) -> Žiadna úloha nevykonaná.
C:\Users\Georgo\AppData\Roaming\dclogs\2013-10-16-4.dc (Stolen.Data) -> Žiadna úloha nevykonaná.
C:\Users\Georgo\AppData\Local\Slick Savings\coupons.crx (PUP.Optional.Spigot.A) -> Žiadna úloha nevykonaná.
C:\Users\Georgo\AppData\Roaming\OpenCandy\24554AF3D4754444876D596FCDCD75D5\Trial-14.0.1000.88_en-US_1004739_ROW-EN.exe (PUP.Optional.OpenCandy) -> Žiadna úloha nevykonaná.

(koniec)

#15 Příspěvek od **Márty84** » 07 bře 2014 18:59

Ten windows asi legalni nebude, je to tak?

VIRY.CZ

Kontola Logu

Kontola Logu

Re: Kontola Logu

Re: Kontola Logu

Re: Kontola Logu

Re: Kontola Logu

Re: Kontola Logu

Re: Kontola Logu

Re: Kontola Logu

Re: Kontola Logu

Re: Kontola Logu

Re: Kontola Logu

Re: Kontola Logu

Re: Kontola Logu

Re: Kontola Logu

Re: Kontola Logu