Offers Wizzard

Zpráva

Sonazi · #1 Příspěvek od **Sonazi** » 28 čer 2014 12:27

Dobrý deň, vedeli by ste mi poradiť ako sa zbaviť tejto otravnej reklamy? Našiel som že to tu už bolo riešené, mam postupovať podľa príspevku nižšie alebo ma budeťe navigovať?

Kód: Vybrat vše

Logfile of random's system information tool 1.10 (written by random/random)
Run by Michal at 2014-06-28 13:20:23
Microsoft Windows 7 Ultimate  Service Pack 1
System drive C: has 40 GB (17%) free of 230 GB
Total RAM: 2030 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:20:31, on 28. 6. 2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Michal\Downloads\RSIT.exe
C:\Program Files\trend micro\Michal.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe
O4 - HKLM\..\Run: [ShadowPlay] C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe (User 'Default user')
O4 - Global Startup: Aktualizovat ESET licenci.lnk = C:\Program Files\ESET\MiNODLogin\MiNODLogin.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: Ŕů
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iSafeService - Unknown owner - C:\Program Files\iSafe\iSafeSvc.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Network HTTP Support Service (NetHttpService) - Unknown owner - C:\Windows\system32\nethtsrv.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Network Support Service Updater (ServiceUpdater) - Unknown owner - C:\Windows\system32\netupdsrv.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe

--
End of file - 6376 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe  

=========Mozilla firefox=========

ProfilePath - C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\8aciahx3.default

prefs.js - "browser.search.useDBForOrder" -  true
prefs.js - "browser.startup.homepage" -  "about:blank"
prefs.js - "keyword.URL" -  "http://www.google.com/search?btnG=Google+Search&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.214 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=Doplnok iTunes Detector
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.60.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\8aciahx3.default\searchplugins\
Google.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-05-07 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-09-13 59720]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2011-09-22 3080264]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"snpstd3"=C:\Windows\vsnpstd3.exe [2005-09-05 339968]
"ShadowPlay"=C:\Windows\system32\nvspcap.dll [2014-05-30 1122312]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2013-11-02 152392]
"NvBackend"=C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2014-05-30 2352072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2012-11-09 17878704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2011-03-07 89456]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Aktualizovat ESET licenci.lnk - C:\Program Files\ESET\MiNODLogin\MiNODLogin.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="Ŕů"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=221

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-06-28 13:20:23 ----D---- C:\rsit
2014-06-28 13:11:14 ----D---- C:\Users\Michal\AppData\Roaming\Macromedia
2014-06-28 13:01:29 ----D---- C:\Users\Michal\AppData\Roaming\eCyber
2014-06-28 13:00:52 ----D---- C:\Users\Michal\AppData\Roaming\iSafe
2014-06-28 12:54:45 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-06-28 12:53:29 ----A---- C:\awhE200.tmp
2014-06-28 12:47:01 ----D---- C:\AdwCleaner
2014-06-28 12:36:45 ----A---- C:\awhDD7B.tmp
2014-06-28 12:20:09 ----SHD---- C:\$RECYCLE.BIN
2014-06-28 12:17:39 ----D---- C:\Windows\Temp
2014-06-28 12:17:39 ----A---- C:\Windows\zoek-delete.exe
2014-06-28 11:57:44 ----D---- C:\Program Files\trend micro
2014-06-28 11:07:52 ----D---- C:\zoek_backup
2014-06-28 11:02:42 ----D---- C:\NVIDIA
2014-06-28 11:01:21 ----A---- C:\Windows\system32\sqlite3.dll
2014-06-28 10:54:58 ----D---- C:\Windows\ERUNT
2014-06-24 12:39:02 ----A---- C:\Windows\system32\FNTCACHE.DAT
2014-06-22 12:05:17 ----A---- C:\Windows\system32\nvspbridge.dll
2014-06-22 12:04:11 ----A---- C:\Windows\system32\drivers\nvvad32v.sys
2014-06-22 11:34:15 ----D---- C:\Users\Michal\AppData\Roaming\rightbackup
2014-06-20 16:06:08 ----D---- C:\Program Files\Common Files\Config
2014-06-20 07:38:28 ----D---- C:\Program Files\Common Files\Java
2014-06-20 07:38:22 ----A---- C:\Windows\system32\javaws.exe
2014-06-20 07:38:15 ----A---- C:\Windows\system32\javaw.exe
2014-06-20 07:38:15 ----A---- C:\Windows\system32\java.exe
2014-06-16 09:29:52 ----A---- C:\Windows\system32\drivers\nethfdrv.sys
2014-06-16 09:29:38 ----A---- C:\Windows\system32\netupdsrv.exe
2014-06-16 09:29:28 ----A---- C:\Windows\system32\installd.exe
2014-06-16 09:29:16 ----A---- C:\Windows\system32\nethtsrv.exe
2014-06-16 09:29:06 ----A---- C:\Windows\system32\hfnapi.dll
2014-06-16 09:28:56 ----A---- C:\Windows\system32\hfpapi.dll
2014-06-12 13:02:57 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 13:02:56 ----A---- C:\Windows\system32\urlmon.dll
2014-06-12 13:02:56 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-12 13:02:56 ----A---- C:\Windows\system32\msfeeds.dll
2014-06-12 13:02:56 ----A---- C:\Windows\system32\jsproxy.dll
2014-06-12 13:02:56 ----A---- C:\Windows\system32\ieUnatt.exe
2014-06-12 13:02:56 ----A---- C:\Windows\system32\iernonce.dll
2014-06-12 13:02:56 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-06-12 13:02:56 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-06-12 13:02:56 ----A---- C:\Windows\system32\dxtmsft.dll
2014-06-12 13:02:55 ----A---- C:\Windows\system32\msrating.dll
2014-06-12 13:02:55 ----A---- C:\Windows\system32\iesetup.dll
2014-06-12 13:02:55 ----A---- C:\Windows\system32\ie4uinit.exe
2014-06-12 13:02:54 ----A---- C:\Windows\system32\wininet.dll
2014-06-12 13:02:54 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 13:02:54 ----A---- C:\Windows\system32\ieapfltr.dll
2014-06-12 13:02:53 ----A---- C:\Windows\system32\ieui.dll
2014-06-12 13:02:53 ----A---- C:\Windows\system32\dxtrans.dll
2014-06-12 13:02:52 ----A---- C:\Windows\system32\mshtmled.dll
2014-06-12 13:02:52 ----A---- C:\Windows\system32\ieframe.dll
2014-06-12 13:02:51 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-06-12 13:02:51 ----A---- C:\Windows\system32\iertutil.dll
2014-06-12 13:02:50 ----A---- C:\Windows\system32\mshtml.dll
2014-06-12 13:02:50 ----A---- C:\Windows\system32\jscript9diag.dll
2014-06-12 13:02:49 ----A---- C:\Windows\system32\vbscript.dll
2014-06-12 13:02:49 ----A---- C:\Windows\system32\jscript9.dll
2014-06-12 12:50:34 ----A---- C:\Windows\system32\msxml6r.dll
2014-06-12 12:50:34 ----A---- C:\Windows\system32\msxml6.dll
2014-06-12 12:50:34 ----A---- C:\Windows\system32\msxml3r.dll
2014-06-12 12:50:34 ----A---- C:\Windows\system32\msxml3.dll
2014-06-12 12:50:34 ----A---- C:\Windows\system32\drivers\tcpip.sys
2014-06-12 12:50:34 ----A---- C:\Windows\system32\drivers\netio.sys
2014-06-12 12:50:34 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2014-06-12 12:50:33 ----A---- C:\Windows\system32\usp10.dll
2014-06-12 12:50:33 ----A---- C:\Windows\system32\rdpcorets.dll
2014-06-10 18:31:42 ----D---- C:\Program Files\Mozilla Firefox

======List of files/folders modified in the last 1 month======

2014-06-28 13:20:31 ----D---- C:\Windows\Prefetch
2014-06-28 13:12:48 ----RD---- C:\Program Files
2014-06-28 13:12:45 ----D---- C:\Windows\system32\drivers
2014-06-28 13:02:39 ----D---- C:\Windows\system32\config
2014-06-28 12:48:22 ----D---- C:\ProgramData\NVIDIA
2014-06-28 12:30:22 ----D---- C:\Windows
2014-06-28 12:09:26 ----D---- C:\Windows\system32\drivers\etc
2014-06-28 12:07:32 ----D---- C:\Windows\System32
2014-06-28 11:16:43 ----HD---- C:\ProgramData
2014-06-28 11:09:30 ----SHD---- C:\System Volume Information
2014-06-28 11:01:57 ----D---- C:\Windows\system32\Tasks
2014-06-28 10:48:36 ----SHD---- C:\Windows\Installer
2014-06-28 10:48:36 ----SHD---- C:\Config.Msi
2014-06-28 10:36:16 ----D---- C:\Windows\Tasks
2014-06-28 10:35:48 ----RSD---- C:\Windows\assembly
2014-06-26 22:40:17 ----D---- C:\Users\Michal\AppData\Roaming\vlc
2014-06-24 12:41:52 ----D---- C:\Windows\inf
2014-06-24 12:40:47 ----D---- C:\Windows\system32\catroot2
2014-06-23 18:45:14 ----D---- C:\Windows\system32\LogFiles
2014-06-23 12:35:10 ----D---- C:\Program Files\Need for Speed Most Wanted Modded
2014-06-23 12:33:03 ----D---- C:\Program Files\Google
2014-06-23 12:31:08 ----D---- C:\Users\Michal\AppData\Roaming\uTorrent
2014-06-23 12:30:09 ----D---- C:\Windows\Logs
2014-06-23 12:30:09 ----D---- C:\Windows\debug
2014-06-22 13:03:17 ----RD---- C:\Program Files\Skype
2014-06-22 12:04:53 ----D---- C:\ProgramData\NVIDIA Corporation
2014-06-22 12:04:35 ----D---- C:\Program Files\NVIDIA Corporation
2014-06-22 12:04:25 ----D---- C:\Windows\system32\DriverStore
2014-06-22 12:04:25 ----D---- C:\Windows\system32\catroot
2014-06-20 16:06:08 ----D---- C:\Program Files\Common Files
2014-06-20 07:41:18 ----D---- C:\ProgramData\Oracle
2014-06-20 07:38:15 ----D---- C:\Program Files\Java
2014-06-18 22:09:03 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-06-13 19:36:00 ----D---- C:\Windows\rescache
2014-06-13 18:35:31 ----D---- C:\Windows\winsxs
2014-06-13 18:33:28 ----D---- C:\Windows\system32\en-US
2014-06-13 18:33:28 ----D---- C:\Program Files\Internet Explorer
2014-06-13 14:16:58 ----D---- C:\Windows\system32\MRT
2014-06-13 14:14:07 ----A---- C:\Windows\system32\MRT.exe
2014-05-30 01:07:51 ----A---- C:\Windows\system32\nvspcap.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 50624]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-29 218688]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2010-12-17 31088]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 33656]
R1 iSafeKrnlR3;iSafeKrnl Ring3 Driver; \??\C:\Program Files\iSafe\iSafeKrnlR3.sys []
R1 nethfdrv;nethfdrv; \??\C:\Windows\system32\drivers\nethfdrv.sys [2014-06-16 40528]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2011-08-09 163424]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2011-08-04 147480]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys [2013-04-30 47640]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2009-07-14 211456]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840]
R3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys [2013-04-30 10144]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-05-30 19232]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad32v.sys [2014-03-31 34080]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2011-01-15 30208]
S1 hejmgzlc;hejmgzlc; \??\C:\Windows\system32\drivers\hejmgzlc.sys []
S2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\Windows\system32\DRIVERS\snpstd3.sys [2005-10-13 8701824]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2012-12-13 45056]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\Windows\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-11 65640]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2013-09-07 55624]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 390504]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2011-09-22 974944]
R2 NetHttpService;Network HTTP Support Service; C:\Windows\system32\nethtsrv.exe [2014-06-16 180224]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-05-30 1631008]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-05-30 19741472]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-11-11 664352]
R2 ServiceUpdater;Network Support Service Updater; C:\Windows\system32\netupdsrv.exe [2014-06-16 162304]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-11-11 414496]
R2 TeamViewer8;TeamViewer 8; C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe [2013-03-06 3560288]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2013-11-02 553288]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 iSafeService;iSafeService; C:\Program Files\iSafe\iSafeSvc.exe []
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-11-09 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14 257712]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-05-30 108032]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-06-06 119408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-07-24 1343400]
S4 NetMsmqActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#2 Příspěvek od **Márty84** » 28 čer 2014 12:29

Zdravim

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

Sonazi · #3 Příspěvek od **Sonazi** » 28 čer 2014 13:24

OTL.txt

Kód: Vybrat vše

OTL logfile created on: 6/28/2014 1:33:06 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Michal\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: Slovakia | Language: SKY | Date Format: d. M. yyyy
 
1.98 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 41.80% Memory free
3.96 Gb Paging File | 2.57 Gb Available in Paging File | 64.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.07 Gb Total Space | 38.60 Gb Free Space | 17.15% Space Free | Partition Type: NTFS
Drive D: | 464.82 Gb Total Space | 165.64 Gb Free Space | 35.64% Space Free | Partition Type: FAT32
 
Computer Name: MICHAL-PC | User Name: Michal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2014/06/28 13:31:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michal\Desktop\OTL.exe
PRC - [2014/06/16 09:29:38 | 000,162,304 | ---- | M] () -- C:\Windows\System32\netupdsrv.exe
PRC - [2014/06/16 09:29:16 | 000,180,224 | ---- | M] () -- C:\Windows\System32\nethtsrv.exe
PRC - [2014/06/06 06:38:12 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/05/30 01:35:33 | 002,352,072 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/05/30 01:31:38 | 001,631,008 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014/05/30 01:30:33 | 019,741,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
PRC - [2014/05/14 20:45:37 | 001,863,856 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
PRC - [2013/11/11 16:26:53 | 000,932,640 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013/11/11 16:26:52 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013/11/11 09:59:20 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/08/02 02:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/06 17:30:43 | 003,560,288 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012/11/23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/09/22 13:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2011/09/22 13:03:02 | 003,080,264 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009/07/14 03:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2014/06/06 06:38:45 | 003,852,912 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/05/14 20:45:37 | 016,361,136 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_13_0_0_214.dll
MOD - [2013/03/08 22:56:48 | 000,138,576 | ---- | M] () -- C:\Users\Michal\AppData\Roaming\ICQM\ICQ\dll\mramenu.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\iSafe\iSafeSvc.exe -- (iSafeService)
SRV - [2014/06/16 09:29:38 | 000,162,304 | ---- | M] () [Auto | Running] -- C:\Windows\System32\netupdsrv.exe -- (ServiceUpdater)
SRV - [2014/06/16 09:29:16 | 000,180,224 | ---- | M] () [Auto | Running] -- C:\Windows\System32\nethtsrv.exe -- (NetHttpService)
SRV - [2014/06/06 06:38:37 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/30 10:28:30 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/05/30 01:31:38 | 001,631,008 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014/05/30 01:30:33 | 019,741,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV - [2014/05/14 20:45:37 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/11 09:59:20 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/05/27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/06 17:30:43 | 003,560,288 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012/11/09 13:21:16 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/09/22 13:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2011/07/24 21:08:08 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo)
DRV - File not found [Kernel | System | Running] -- C:\Program Files\iSafe\iSafeKrnlR3.sys -- (iSafeKrnlR3)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\hejmgzlc.sys -- (hejmgzlc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)
DRV - [2014/06/16 09:29:52 | 000,040,528 | ---- | M] (nethfdrv) [Kernel | System | Running] -- C:\Windows\System32\drivers\nethfdrv.sys -- (nethfdrv)
DRV - [2014/05/30 01:30:32 | 000,019,232 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV - [2014/03/31 18:42:44 | 000,034,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvvad32v.sys -- (nvvad_WaveExtensible)
DRV - [2013/11/14 13:55:57 | 010,446,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013/06/07 23:28:24 | 000,086,888 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2013/04/30 10:57:02 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/08/09 15:24:52 | 000,163,424 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2011/08/04 10:20:38 | 000,147,480 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2011/08/04 10:20:38 | 000,050,624 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2011/08/04 10:20:38 | 000,033,656 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV - [2011/08/04 10:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2011/07/29 12:03:27 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/11/20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 00:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2009/03/18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2005/10/13 18:19:12 | 008,701,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0191A6B0-1154-4C22-9182-23A95BBE92D9}
IE - HKLM\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0191A6B0-1154-4C22-9182-23A95BBE92D9}
IE - HKU\.DEFAULT\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0191A6B0-1154-4C22-9182-23A95BBE92D9}
IE - HKU\S-1-5-18\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0191A6B0-1154-4C22-9182-23A95BBE92D9}
IE - HKU\S-1-5-19\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0191A6B0-1154-4C22-9182-23A95BBE92D9}
IE - HKU\S-1-5-20\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}
 
IE - HKU\S-1-5-21-2660650734-4107194658-3983471559-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-21-2660650734-4107194658-3983471559-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2660650734-4107194658-3983471559-1001\..\SearchScopes,DefaultScope = {0191A6B0-1154-4C22-9182-23A95BBE92D9}
IE - HKU\S-1-5-21-2660650734-4107194658-3983471559-1001\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-2660650734-4107194658-3983471559-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-2660650734-4107194658-3983471559-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-2660650734-4107194658-3983471559-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2660650734-4107194658-3983471559-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?btnG=Google+Search&q="
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - prefs.js..keyword.URL: "http://www.google.com/search?btnG=Google+Search&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/11/04 16:52:29 | 000,000,000 | ---D | M]
 
[2014/01/11 23:49:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michal\AppData\Roaming\Mozilla\Extensions
[2014/06/28 11:17:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2014/06/23 22:10:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\8aciahx3.default\extensions
[2014/06/28 13:11:04 | 000,007,911 | ---- | M] () -- C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\8aciahx3.default\searchplugins\Google.xml
[2014/06/28 12:54:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/06/28 12:54:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
CHR - Extension: No name found = C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeihoglbpfedbnjbinigheaelfnlhlni\1.1_0\
CHR - Extension: No name found = C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\
CHR - Extension: No name found = C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.3_0\
CHR - Extension: No name found = C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2014/06/28 12:09:26 | 000,000,840 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost 
O1 - Hosts: ::1             localhost 
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [NvBackend] C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [ShadowPlay] C:\Windows\System32\nvspcap.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKU\.DEFAULT..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-18..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-21-2660650734-4107194658-3983471559-1001..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2660650734-4107194658-3983471559-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-2660650734-4107194658-3983471559-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.60.2)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.60.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{019CD772-D8B2-43F7-B74D-A0915623A958}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (Ŕů) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/05/08 00:00:00 | 000,000,000 | ---D | M] - D:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2014/05/08 00:00:00 | 000,000,059 | ---- | M] () - D:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{6cf22538-b9c1-11e0-8e5b-001cc00961aa}\Shell - "" = AutoRun
O33 - MountPoints2\{6cf22538-b9c1-11e0-8e5b-001cc00961aa}\Shell\AutoRun\command - "" = H:\install.bat
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2014/06/28 13:31:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Michal\Desktop\OTL.exe
[2014/06/28 13:25:30 | 000,000,000 | R--D | C] -- C:\Users\Michal\Searches
[2014/06/28 13:20:23 | 000,000,000 | ---D | C] -- C:\rsit
[2014/06/28 13:11:14 | 000,000,000 | ---D | C] -- C:\Users\Michal\AppData\Roaming\Macromedia
[2014/06/28 13:11:14 | 000,000,000 | ---D | C] -- C:\Users\Michal\AppData\Local\Macromedia
[2014/06/28 13:01:29 | 000,000,000 | ---D | C] -- C:\Users\Michal\AppData\Roaming\eCyber
[2014/06/28 13:00:52 | 000,000,000 | ---D | C] -- C:\Users\Michal\AppData\Roaming\iSafe
[2014/06/28 12:54:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2014/06/28 12:47:01 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/28 12:20:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/06/28 12:17:39 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2014/06/28 12:17:39 | 000,000,000 | ---D | C] -- C:\Users\Michal\AppData\Local\Temp
[2014/06/28 11:57:44 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014/06/28 11:07:52 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2014/06/28 11:02:42 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2014/06/28 11:01:21 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014/06/28 10:54:58 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/06/22 12:05:17 | 001,291,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvspbridge.dll
[2014/06/22 12:04:11 | 000,034,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvvad32v.sys
[2014/06/22 11:34:18 | 000,000,000 | -HSD | C] -- C:\Users\Michal\AppData\Local\EmieUserList
[2014/06/22 11:34:18 | 000,000,000 | -HSD | C] -- C:\Users\Michal\AppData\Local\EmieSiteList
[2014/06/22 11:34:15 | 000,000,000 | ---D | C] -- C:\Users\Michal\AppData\Roaming\rightbackup
[2014/06/20 16:06:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Config
[2014/06/20 07:38:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014/06/20 07:38:22 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2014/06/20 07:38:15 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2014/06/20 07:38:15 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2014/06/16 09:29:52 | 000,040,528 | ---- | C] (nethfdrv) -- C:\Windows\System32\drivers\nethfdrv.sys
[2014/06/12 13:02:57 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2014/06/12 13:02:56 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014/06/12 13:02:56 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/06/12 13:02:56 | 000,368,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/06/12 13:02:56 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/06/12 13:02:56 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014/06/12 13:02:56 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014/06/12 13:02:56 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/06/12 13:02:56 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/06/12 13:02:55 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/06/12 13:02:55 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/06/12 13:02:55 | 000,595,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/06/12 13:02:55 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/06/12 13:02:55 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/06/12 13:02:54 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/06/12 13:02:54 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014/06/12 13:02:53 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/06/12 13:02:53 | 000,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/06/12 13:02:51 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2014/06/12 13:02:50 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014/06/12 13:02:49 | 004,244,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/06/12 12:50:34 | 000,240,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2014/06/12 12:50:34 | 000,187,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2014/06/12 12:50:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2014/06/12 12:50:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2014/06/12 12:50:33 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2014/06/10 18:31:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/06/05 20:57:10 | 000,000,000 | ---D | C] -- C:\Users\Michal\Desktop\Lazarus
[2014/06/05 20:56:45 | 000,000,000 | ---D | C] -- C:\Users\Michal\AppData\Local\lazarus
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2014/06/28 13:34:53 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014/06/28 13:31:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michal\Desktop\OTL.exe
[2014/06/28 12:54:48 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/06/28 12:48:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/28 12:48:18 | 1596,125,184 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/28 12:47:46 | 000,010,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/28 12:47:46 | 000,010,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/28 12:44:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/28 12:09:26 | 000,000,840 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014/06/28 12:07:32 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
[2014/06/28 11:46:46 | 000,015,327 | ---- | M] () -- C:\Users\Michal\Desktop\LM.bat
[2014/06/28 11:07:48 | 001,285,120 | ---- | M] () -- C:\Users\Michal\Desktop\zoek.exe
[2014/06/24 12:41:47 | 000,000,896 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2014/06/24 12:39:14 | 000,316,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/06/23 11:35:23 | 000,001,150 | ---- | M] () -- C:\Users\Michal\Desktop\Live PC Help.lnk
[2014/06/18 22:09:03 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/06/18 22:09:03 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/06/16 09:29:52 | 000,040,528 | ---- | M] (nethfdrv) -- C:\Windows\System32\drivers\nethfdrv.sys
[2014/06/16 09:29:38 | 000,162,304 | ---- | M] () -- C:\Windows\System32\netupdsrv.exe
[2014/06/16 09:29:28 | 000,111,104 | ---- | M] () -- C:\Windows\System32\installd.exe
[2014/06/16 09:29:16 | 000,180,224 | ---- | M] () -- C:\Windows\System32\nethtsrv.exe
[2014/06/16 09:29:06 | 000,108,544 | ---- | M] () -- C:\Windows\System32\hfnapi.dll
[2014/06/16 09:28:56 | 000,249,856 | ---- | M] () -- C:\Windows\System32\hfpapi.dll
[2014/05/30 20:20:16 | 007,171,671 | ---- | M] () -- C:\Users\Michal\Desktop\Ahmed Chawki By RedONE - Time Of Our Lives (Official 2014 F[256].mp3
[2014/05/30 11:02:39 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/05/30 11:02:03 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014/05/30 10:43:06 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/05/30 10:42:16 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014/05/30 10:34:17 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/05/30 10:33:48 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/05/30 10:30:43 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/05/30 10:28:33 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/05/30 10:28:30 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014/05/30 10:27:56 | 000,592,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014/05/30 10:21:36 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014/05/30 10:16:26 | 000,368,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/05/30 10:10:46 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2014/05/30 10:06:06 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/05/30 10:02:32 | 000,242,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/05/30 09:57:16 | 000,595,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/05/30 09:56:50 | 004,244,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/05/30 09:54:14 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/05/30 09:50:09 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2014/05/30 09:49:38 | 001,964,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/05/30 09:13:47 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/05/30 01:07:51 | 001,291,232 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvspbridge.dll
[2014/05/30 01:07:51 | 001,122,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvspcap.dll
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2014/06/28 13:34:53 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014/06/28 12:54:48 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/06/28 12:54:48 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/06/28 12:17:39 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2014/06/28 11:46:46 | 000,015,327 | ---- | C] () -- C:\Users\Michal\Desktop\LM.bat
[2014/06/28 11:07:10 | 001,285,120 | ---- | C] () -- C:\Users\Michal\Desktop\zoek.exe
[2014/06/24 12:39:02 | 000,316,368 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/06/23 11:34:43 | 000,001,150 | ---- | C] () -- C:\Users\Michal\Desktop\Live PC Help.lnk
[2014/06/16 09:29:38 | 000,162,304 | ---- | C] () -- C:\Windows\System32\netupdsrv.exe
[2014/06/16 09:29:28 | 000,111,104 | ---- | C] () -- C:\Windows\System32\installd.exe
[2014/06/16 09:29:16 | 000,180,224 | ---- | C] () -- C:\Windows\System32\nethtsrv.exe
[2014/06/16 09:29:06 | 000,108,544 | ---- | C] () -- C:\Windows\System32\hfnapi.dll
[2014/06/16 09:28:56 | 000,249,856 | ---- | C] () -- C:\Windows\System32\hfpapi.dll
[2014/05/30 20:19:35 | 007,171,671 | ---- | C] () -- C:\Users\Michal\Desktop\Ahmed Chawki By RedONE - Time Of Our Lives (Official 2014 F[256].mp3
[2013/08/24 13:47:01 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2013/08/15 22:55:25 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2011/08/29 21:25:54 | 000,045,270 | ---- | C] () -- C:\Users\Michal\AppData\Roaming\room_v3.dat
[2002/08/29 17:33:56 | 000,319,488 | R--- | C] () -- C:\Users\Michal\AppData\Roaming\MafiaSetup.exe
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 04:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2014/05/25 23:17:24 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\.minecraft
[2012/02/20 20:21:43 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\All Free 3GP Video Converter
[2012/09/13 16:29:23 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\AnvSoft
[2012/08/09 20:36:52 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Canneverbe Limited
[2014/01/06 15:51:25 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\DAEMON Tools Lite
[2011/07/29 12:02:21 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\DAEMON Tools Pro
[2014/06/28 13:01:29 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\eCyber
[2011/07/24 15:56:19 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\ESET
[2012/01/28 18:18:18 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Evolved
[2012/11/17 21:29:04 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\GarenaPlus
[2012/03/29 21:42:31 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\GHISLER
[2013/03/11 20:27:35 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\ICQM
[2014/06/28 13:12:40 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\iSafe
[2011/10/01 16:04:08 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Leawo
[2011/08/01 12:17:52 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\LolClient
[2012/05/25 20:48:45 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\LolClient2
[2013/12/23 23:53:40 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\My Battle for Middle-earth(tm) II Files
[2013/06/05 15:07:51 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Nitro PDF
[2014/06/22 11:34:15 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\rightbackup
[2013/08/18 20:26:21 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Unity
[2014/06/23 12:31:08 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\uTorrent
[2013/12/14 14:01:49 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Wargaming.net
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
[color=#A23BEC]<  >[/color]
[2009/07/14 06:53:46 | 000,032,644 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2013/02/28 13:04:48 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
[color=#A23BEC]<  >[/color]
 
[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
[color=#A23BEC]< MD5 for: AUTOCHK.EXE  >[/color]
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2010/11/20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe
[2010/11/20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe
 
[color=#A23BEC]< MD5 for: CDROM.SYS  >[/color]
[2009/07/14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
[2010/11/20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010/11/20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010/11/20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys
 
[color=#A23BEC]< MD5 for: CNGAUDIT.DLL  >[/color]
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
[color=#A23BEC]< MD5 for: CRYPTSVC.DLL  >[/color]
[2012/06/02 06:52:32 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=063DD65889D21035311463337BD268E7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_788c7cc71232cc19\cryptsvc.dll
[2012/04/24 06:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
[2012/04/24 06:28:22 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=21993009E0CCB9B4FA195F14D3408626 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
[2013/05/13 06:45:55 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=3897DFF247D9ED0006190349DE264E14 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_77d8a461f934afb8\cryptsvc.dll
[2012/04/24 06:47:04 | 000,139,264 | ---- | M] (Microsoft Corporation) MD5=520A108A2657F4BCA7FCED9CA7D885DE -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_762f534bfbdf7203\cryptsvc.dll
[2013/07/09 15:57:37 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=6DB499DEFCC827317C5371164A7CDB27 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_7840d305126b8725\cryptsvc.dll
[2013/07/09 06:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=7CA1BECEA5DE2643ADDAD32670E7A4C9 -- C:\Windows\System32\cryptsvc.dll
[2013/07/09 06:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=7CA1BECEA5DE2643ADDAD32670E7A4C9 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_7812b70bf9088686\cryptsvc.dll
[2012/06/02 06:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=96C0E38905CFD788313BE8E11DAE3F2F -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_77ddc9e5f93000db\cryptsvc.dll
[2009/07/14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2010/11/20 14:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2013/05/11 06:59:05 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=AC04D05309BB2C418D0D80B9FB014642 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_7883b3211239122d\cryptsvc.dll
[2012/06/02 06:41:59 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=EA8C26ECF1656D9647EF044F115EC6DA -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21225_none_76a05147150ffad1\cryptsvc.dll
[2013/10/05 03:52:03 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=F2D9242C3BBD1C36467FCAE1AE01733F -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_784ea5b51260b460\cryptsvc.dll
[2012/06/02 06:45:21 | 000,139,264 | ---- | M] (Microsoft Corporation) MD5=F2FDE6C8DBAAD44CC58D1E07E4AF4EED -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17035_none_760be2a9fbfa79d1\cryptsvc.dll
[2012/04/24 06:33:53 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=F522279B4717E2BFF269C771FAC2B78E -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_7658a1151545269d\cryptsvc.dll
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
[color=#A23BEC]< MD5 for: HAL.DLL  >[/color]
[2010/11/20 14:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\System32\hal.dll
[2010/11/20 14:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll
[2009/07/14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll
 
[color=#A23BEC]< MD5 for: IASTORV.SYS  >[/color]
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\drivers\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
 
[color=#A23BEC]< MD5 for: ISAPNP.SYS  >[/color]
[2009/07/14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\drivers\isapnp.sys
[2009/07/14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\isapnp.sys
[2009/07/14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\isapnp.sys
[2009/07/14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\isapnp.sys
 
[color=#A23BEC]< MD5 for: LSASS.EXE  >[/color]
[2011/11/17 09:09:25 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=05F38CB7CAB3CE8E9A1812D517DA93EF -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_a69c8e86d7476262\lsass.exe
[2013/09/25 02:54:21 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=559C7769B397F07E12725EE55337D4C6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22465_none_a8a66792d452b56a\lsass.exe
[2014/04/12 04:06:16 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=627B40EB2595D8FCF1960F33389EB7D3 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22653_none_a8af3ab6d44c6119\lsass.exe
[2013/09/25 02:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=803B370865D907EA21DC0C2B6A8936B5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18270_none_a80cf783bb41b5b7\lsass.exe
[2011/11/17 07:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=81951F51E318AECC2D68559E47485CC4 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_a84828d7bb1480d7\lsass.exe
[2011/11/17 07:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=81951F51E318AECC2D68559E47485CC4 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_a828bb43bb2beb28\lsass.exe
[2012/06/02 06:40:31 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=A6034689ACF9D14973F8384AD5A5451E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21225_none_a6eb42a4d70be51e\lsass.exe
[2011/11/17 07:36:26 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=C2243FF9E9AAD0C30E8B1A0914DA15B6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_a66c9bbdbde5f8fa\lsass.exe
[2011/11/17 07:36:26 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=C2243FF9E9AAD0C30E8B1A0914DA15B6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.17035_none_a656d407bdf6641e\lsass.exe
[2014/04/12 04:11:22 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=DD17E1573651293D4ED31053795B3471 -- C:\Windows\System32\lsass.exe
[2014/04/12 04:11:22 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=DD17E1573651293D4ED31053795B3471 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18443_none_a8306bf1bb26a837\lsass.exe
[2009/07/14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\lsass.exe
[2009/07/14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\lsass.exe
[2009/07/14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\lsass.exe
[2009/07/14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_a851f4adbb0d5141\lsass.exe
[2012/06/02 06:51:22 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=FA7B950E4CA6AA260C4EABA19E03644D -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_a8d76e24d42eb666\lsass.exe
[2011/11/17 07:24:04 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=FBCB2DFA40862DAA7B1534C9538208A5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_a8a284cad4562b09\lsass.exe
 
[color=#A23BEC]< MD5 for: NDIS.SYS  >[/color]
[2009/07/14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys
[2010/11/20 14:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\System32\drivers\ndis.sys
[2010/11/20 14:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_a9ce95b27a512623\ndis.sys
 
[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
[color=#A23BEC]< MD5 for: NVRAID.SYS  >[/color]
[2009/07/14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvraid.sys
[2010/11/20 14:30:06 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=AF2EEC9580C1D32FB7EAF105D9784061 -- C:\Windows\System32\drivers\nvraid.sys
[2010/11/20 14:30:06 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=AF2EEC9580C1D32FB7EAF105D9784061 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvraid.sys
[2010/11/20 14:30:06 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=AF2EEC9580C1D32FB7EAF105D9784061 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvraid.sys
 
[color=#A23BEC]< MD5 for: NVSTOR.SYS  >[/color]
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\drivers\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
[color=#A23BEC]< MD5 for: SMSS.EXE  >[/color]
[2013/03/19 04:43:41 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=0294CC751D7FAEB13621EEFB8A749429 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22280_none_ae7bdfb790cddbcf\smss.exe
[2009/07/14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_ac10fe207a85352b\smss.exe
[2013/03/19 04:51:05 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=37F4765554F2CD34AAAB616F696E5539 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.21490_none_ac8ab2c593af8bd4\smss.exe
[2013/07/08 05:02:28 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=634E0B45780F502304592C5615A31089 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22379_none_ae8fb42390bda114\smss.exe
[2013/03/19 04:50:03 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=B24BF638652522BB5E14AB7993FD4A5D -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.17273_none_ac19b4ca7a7f0306\smss.exe
[2013/12/10 23:59:13 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=D2A72C71CD6C18A99E920EC5761F0C7D -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22436_none_aeb7f4db909fe272\smss.exe
[2014/04/12 04:06:24 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=D8A5E3B8EB601B897AC78B060177E460 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22653_none_ae9f57f190b2c89d\smss.exe
[2013/03/19 04:49:16 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=DE91DCC7BC55E940979097E98F743205 -- C:\Windows\System32\smss.exe
[2013/03/19 04:49:16 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=DE91DCC7BC55E940979097E98F743205 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18113_none_ae40f33e7774c473\smss.exe
[2013/05/06 05:02:20 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=EC745C0949B101129AB6D39CD63808A6 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22318_none_aecf9361908de017\smss.exe
 
[color=#A23BEC]< MD5 for: SVCHOST.EXE  >[/color]
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
 
[color=#A23BEC]< MD5 for: TCPIP.SYS  >[/color]
[2011/04/25 06:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2011/06/21 07:34:23 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=04E4A7D53A7ACE02E8C55B17A498F631 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_b513df73c4b4f466\tcpip.sys
[2011/09/29 18:02:44 | 001,301,872 | ---- | M] (Microsoft Corporation) MD5=22F7E7CBCA308DEE3428B097D4F8A61C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_b38e8546e0cbe4a1\tcpip.sys
[2012/08/22 19:05:21 | 001,306,992 | ---- | M] (Microsoft Corporation) MD5=23790A44D9A6B67F8690C34D4F516446 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_b55b785ade04500f\tcpip.sys
[2011/04/25 06:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009/07/14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2013/01/03 07:01:49 | 001,303,912 | ---- | M] (Microsoft Corporation) MD5=34AE5CC0C7417AB701C2AA8A7BC75417 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21415_none_b3c99dece09ecc3b\tcpip.sys
[2010/11/20 14:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2011/09/29 18:17:18 | 001,303,920 | ---- | M] (Microsoft Corporation) MD5=3C1C41E317710F74CEC1E7F0D5325993 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_b5a84e10ddca7566\tcpip.sys
[2013/01/04 06:56:23 | 001,308,504 | ---- | M] (Microsoft Corporation) MD5=4A95845C5F33A4DDEB6AEF6367FB6520 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_b5becc06ddb98192\tcpip.sys
[2013/07/06 07:05:35 | 001,293,760 | ---- | M] (Microsoft Corporation) MD5=4E8B9BE71B807B3BAEDB7F4243F85E3C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_b52f2f65c4a146e5\tcpip.sys
[2013/07/06 06:57:37 | 001,309,120 | ---- | M] (Microsoft Corporation) MD5=528F7CC60391DD0FAB0344F32F051FDF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_b5721e2eddf328f9\tcpip.sys
[2014/04/05 04:25:01 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=5579DD18546999F5D0EC39D018726C6B -- C:\Windows\System32\drivers\tcpip.sys
[2014/04/05 04:25:01 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=5579DD18546999F5D0EC39D018726C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18438_none_b513c4dfc4b513b9\tcpip.sys
[2012/03/30 12:29:05 | 001,287,024 | ---- | M] (Microsoft Corporation) MD5=55E9965552741F3850CB22CBBA9671ED -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_b2f57423c7b8dea8\tcpip.sys
[2011/09/29 17:43:37 | 001,285,488 | ---- | M] (Microsoft Corporation) MD5=56C198AC82EFA622DD93E9E43575F79C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_b2f8731bc7b62d86\tcpip.sys
[2013/05/08 08:15:22 | 001,309,032 | ---- | M] (Microsoft Corporation) MD5=6088D01FAD49729EA0A5A3D9B9BA8B84 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22319_none_b5b3fe00ddc19aaa\tcpip.sys
[2011/09/29 18:03:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_b4d1ffa1c4e682b5\tcpip.sys
[2013/12/10 23:59:02 | 001,309,120 | ---- | M] (Microsoft Corporation) MD5=6C4F3D92764FFA22D28061A4D9235446 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_b58e8eb0ddde6cf1\tcpip.sys
[2011/04/25 08:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2013/01/03 07:05:20 | 001,293,672 | ---- | M] (Microsoft Corporation) MD5=7C0507D2391AF5933600CBCED799F277 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_b502eb9fc4c2a304\tcpip.sys
[2012/03/30 12:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_b52e5147c4a202d7\tcpip.sys
[2011/04/25 06:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2012/03/30 11:04:23 | 001,306,480 | ---- | M] (Microsoft Corporation) MD5=88FCDB9923EFECA207B3CEBD24407126 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_b583df0adde66104\tcpip.sys
[2011/06/21 07:30:45 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=93C444D118B184452132357C322124CD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_b3703df4e0e237e0\tcpip.sys
[2012/08/22 19:16:54 | 001,292,144 | ---- | M] (Microsoft Corporation) MD5=A5EBB8F648000E88B7D9390B514976BF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_b514e56fc4b40532\tcpip.sys
[2013/01/04 06:55:21 | 001,287,528 | ---- | M] (Microsoft Corporation) MD5=BBCEAEFF1FD72A026F827CBB2F4AA8AD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.17206_none_b34bcf71c7782cb0\tcpip.sys
[2011/06/21 07:39:53 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=C2DAAEB48F3A47C410B041A0D2382EE1 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_b32e82b7c78da1d1\tcpip.sys
[2013/12/10 23:59:02 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=CA59F7C570AF70BC174F477CFE2D9EE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_b4fa2013c4c8ebf1\tcpip.sys
[2013/05/08 07:38:00 | 001,293,672 | ---- | M] (Microsoft Corporation) MD5=D32FDAC73FCD76B85389C39BC1087F2A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18148_none_b508ef41c4bd3835\tcpip.sys
[2011/06/21 08:54:00 | 001,303,424 | ---- | M] (Microsoft Corporation) MD5=DEC4940487050AE13C60C86F40E07E75 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_b583db3edde666b6\tcpip.sys
[2012/03/30 12:08:19 | 001,303,408 | ---- | M] (Microsoft Corporation) MD5=E47C2844A1605A44178F4281E4D58B3D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_b38bb990e0ccc871\tcpip.sys
[2014/04/05 04:16:21 | 001,310,144 | ---- | M] (Microsoft Corporation) MD5=EA47AB18E289333AB94397D77CA6E3A1 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22648_none_b59293a4dddacc9b\tcpip.sys
 
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2014/03/04 11:17:02 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=998507B046BA314CE8245364C686FA67 -- C:\Windows\System32\winlogon.exe
[2014/03/04 11:17:02 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=998507B046BA314CE8245364C686FA67 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_71da23b23327143c\winlogon.exe
[2014/03/04 12:39:02 | 000,304,640 | ---- | M] (Microsoft Corporation) MD5=D53972F87D850CD2EB4B29B60CAFDD77 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_7255f1994c4f8119\winlogon.exe
 
[color=#A23BEC]< MD5 for: WS2_32.DLL  >[/color]
[2010/11/20 14:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\System32\ws2_32.dll
[2010/11/20 14:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll
[2009/07/14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll
 
[color=#A23BEC]<  >[/color]
 
[color=#A23BEC]< %systemroot%*.* /U /s >[/color]
[11 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[7 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[2014/05/01 13:05:36 | 000,022,528 | -H-- | M] () -- C:\H2o.exe
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]
 
[color=#A23BEC]< %APPDATA%\*. >[/color]
[2014/05/25 23:17:24 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\.minecraft
[2012/12/03 18:17:42 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Adobe
[2012/02/20 20:21:43 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\All Free 3GP Video Converter
[2012/09/13 16:29:23 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\AnvSoft
[2012/10/13 17:33:37 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Apple Computer
[2012/08/09 20:36:52 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Canneverbe Limited
[2014/01/06 15:51:25 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\DAEMON Tools Lite
[2011/07/29 12:02:21 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\DAEMON Tools Pro
[2013/11/23 10:45:06 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\dvdcss
[2014/06/28 13:01:29 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\eCyber
[2011/07/24 15:56:19 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\ESET
[2012/01/28 18:18:18 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Evolved
[2012/11/17 21:29:04 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\GarenaPlus
[2012/03/29 21:42:31 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\GHISLER
[2013/03/11 20:27:35 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\ICQM
[2011/07/24 15:53:19 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Identities
[2014/06/28 13:12:40 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\iSafe
[2011/10/01 16:04:08 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Leawo
[2011/08/01 12:17:52 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\LolClient
[2012/05/25 20:48:45 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\LolClient2
[2014/06/28 13:11:14 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Macromedia
[2013/04/07 18:44:54 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Mathematica
[2009/07/14 09:48:45 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Media Center Programs
[2014/01/27 21:18:53 | 000,000,000 | --SD | M] -- C:\Users\Michal\AppData\Roaming\Microsoft
[2014/01/11 23:49:02 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Mozilla
[2013/12/23 23:53:40 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\My Battle for Middle-earth(tm) II Files
[2012/09/12 13:10:41 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Nero
[2013/06/05 15:07:51 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Nitro PDF
[2012/03/30 18:18:42 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\NVIDIA
[2014/06/22 11:34:15 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\rightbackup
[2011/09/09 13:22:32 | 000,000,000 | RH-D | M] -- C:\Users\Michal\AppData\Roaming\SecuROM
[2014/02/27 21:35:39 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Skype
[2013/08/18 20:26:21 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Unity
[2014/06/23 12:31:08 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\uTorrent
[2014/06/26 22:40:17 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\vlc
[2013/12/14 14:01:49 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\Wargaming.net
[2011/08/03 22:02:32 | 000,000,000 | ---D | M] -- C:\Users\Michal\AppData\Roaming\WinRAR
 
[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2002/08/29 17:33:56 | 000,319,488 | R--- | M] () -- C:\Users\Michal\AppData\Roaming\MafiaSetup.exe
[2013/08/13 19:49:44 | 002,278,469 | ---- | M] () -- C:\Users\Michal\AppData\Roaming\.minecraft\mcpatcher-4.2.1.exe
[2014/05/25 23:00:26 | 000,356,864 | ---- | M] () -- C:\Users\Michal\AppData\Roaming\.minecraft\Minecraft.exe
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /3 >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.* /3 >[/color]
[2014/06/28 13:48:30 | 000,010,240 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/28 13:48:30 | 000,010,240 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[2014/05/01 13:05:36 | 000,022,528 | -H-- | M] () -- C:\H2o.exe
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
[color=#A23BEC]<  >[/color]
 
[color=#A23BEC]< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >[/color]
"DAEMON Tools Lite" = "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun -- [2011/01/20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd)
 
[color=#A23BEC]< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >[/color]
 
[color=#A23BEC]< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >[/color]
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
    IMAGEPATH    REG_EXPAND_SZ    %systemroot%\system32\svchost.exe -k netsvcs
 
[color=#A23BEC]< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >[/color]
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
    IMAGEPATH    REG_EXPAND_SZ    %SystemRoot%\System32\svchost.exe -k netsvcs
 
[color=#A23BEC]<  >[/color]
 
[color=#A23BEC]< type c:\boot.ini >> test.txt /c >[/color]
 
[color=#A23BEC]< %SystemDrive%\PhysicalMBR.bin /md5 >[/color]
[2014/06/28 13:34:53 | 000,000,512 | ---- | M] () MD5=09FFB392B3652B0053A618DAFE5E4F3A -- C:\PhysicalMBR.bin
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
[color=#A23BEC]<  >[/color]
 
[color=#A23BEC]< *crack* /s >[/color]
[2011/08/25 10:21:44 | 000,009,655 | ---- | M] () -- \Riot Games\League of Legends\rads\projects\lol_game_client\filearchives\0.0.0.43\DATA\Particles\cracksmap.dds
[2011/08/25 10:21:44 | 000,003,895 | ---- | M] () -- \Riot Games\League of Legends\rads\projects\lol_game_client\filearchives\0.0.0.43\DATA\Particles\cracksmap32.dds
[2011/09/09 13:12:13 | 000,016,356 | ---- | M] () -- \Users\Michal\AppData\Roaming\uTorrent\Grand.Theft.Auto.IV.Crack.100%.Working.LAWiH.torrent
[2011/09/10 14:15:08 | 000,009,437 | ---- | M] () -- \Users\Michal\AppData\Roaming\uTorrent\GTA.4.REAL.PROPER.Crack.ONLY-FCUKTHESCENE.torrent
[2012/04/10 21:42:07 | 000,002,924 | ---- | M] () -- \Users\Michal\AppData\Roaming\uTorrent\Top.Gun.Hard.Lock.Crack.Only-SKIDROW.torrent
 
[color=#A23BEC]< *keygen* /s >[/color]
[2012/09/12 12:26:59 | 000,012,276 | ---- | M] () -- \Users\Michal\AppData\Roaming\uTorrent\Nero 10.0 + Serials en Keygen - DivXNL-Team.torrent
[2013/04/07 14:31:11 | 000,016,949 | ---- | M] () -- \Users\Michal\AppData\Roaming\uTorrent\Wolfram Mathematica 8.0.1 for Windows + Keygen.torrent
[2013/04/07 18:34:34 | 000,000,236 | ---- | M] () -- \Users\Michal\AppData\Roaming\uTorrent\Wolfram Mathematica v8.0.4 KeyGen Only by AGAiN (For Windows OS).zip.torrent
[2011/01/14 13:12:46 | 000,462,848 | ---- | M] () -- \Users\Michal\Desktop\Programy\AVG Internet Security 9.0 + KeyGen\AVG 9 Keygen.exe
 
[color=#A23BEC]< *AntiWPA* /s >[/color]
 
[color=#A23BEC]< *loader* /s >[/color]
[2012/08/27 21:33:18 | 000,008,827 | ---- | M] () -- \Program Files\Common Files\Apple\Apple Application Support\WebKit.resources\inspector\HeapSnapshotLoader.js
[2013/09/15 15:34:08 | 000,059,720 | ---- | M] () -- \Program Files\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
[2013/09/15 15:34:08 | 001,108,296 | ---- | M] () -- \Program Files\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader_main.dll
[2013/09/14 02:50:46 | 000,008,827 | ---- | M] () -- \Program Files\Common Files\Apple\Internet Services\WebKit.resources\inspector\HeapSnapshotLoader.js
[2006/10/26 14:40:34 | 000,057,344 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006/10/26 14:40:34 | 000,005,120 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2010/03/18 23:21:56 | 000,063,312 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader80.dll
[2010/03/18 00:17:14 | 000,004,096 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader80.tlb
[2004/12/28 18:40:02 | 000,169,384 | ---- | M] () -- \Program Files\Counter Strike 1.6\cstrike\models\qloader.mdl
[2003/09/15 14:55:50 | 000,352,548 | ---- | M] () -- \Program Files\Counter Strike 1.6\valve\models\loader.mdl
[2003/09/15 14:56:04 | 000,012,764 | ---- | M] () -- \Program Files\Counter Strike 1.6\valve\sound\ambience\loader_hydra1.wav
[2003/09/15 14:56:04 | 000,012,164 | ---- | M] () -- \Program Files\Counter Strike 1.6\valve\sound\ambience\loader_step1.wav
[2010/02/06 00:27:16 | 000,000,015 | ---- | M] () -- \Program Files\ESET\Licenses Downloader.bat
[2013/10/24 13:45:58 | 000,071,208 | ---- | M] () -- \Program Files\Games\WOTKo\PhysXLoader.dll
[2013/10/24 13:45:58 | 000,002,221 | ---- | M] () -- \Program Files\Games\WOTKo\res\scripts\client\gui\doc_loaders\graphicspresetsloader.pyc
[2013/10/24 13:45:58 | 000,007,015 | ---- | M] () -- \Program Files\Games\WOTKo\res\scripts\client\gui\doc_loaders\guicolorsloader.pyc
[2013/10/24 13:45:58 | 000,003,974 | ---- | M] () -- \Program Files\Games\WOTKo\res\scripts\client\gui\doc_loaders\guisoundsloader.pyc
[2013/10/24 13:45:58 | 000,006,629 | ---- | M] () -- \Program Files\Games\WOTKo\res\scripts\client\gui\doc_loaders\logindataloader.pyc
[2013/10/24 13:45:58 | 000,002,773 | ---- | M] () -- \Program Files\Games\WOTKo\res\scripts\client\gui\doc_loaders\windowsstoreddataloader.pyc
[2013/10/24 13:45:58 | 000,001,504 | ---- | M] () -- \Program Files\Games\WOTKo\res\scripts\client\gui\scaleform\framework\entities\abstract\loadermanagermeta.pyc
[2013/12/17 16:43:40 | 000,006,542 | ---- | M] () -- \Program Files\Games\WOTKo\res\scripts\client\gui\scaleform\framework\managers\loaders.pyc
[2013/10/24 13:45:58 | 000,003,668 | ---- | M] () -- \Program Files\Games\WOTKo\res\scripts\client\helpers\rssdownloader.pyc
[2013/10/24 13:45:58 | 000,006,907 | ---- | M] () -- \Program Files\Games\WOTKo\res\scripts\client\tutorial\loader.pyc
[2005/09/19 13:30:30 | 000,001,825 | ---- | M] () -- \Program Files\Microsoft Games\Age of Empires III\AI\aiLoaderInactive.xs
[2005/09/19 13:30:30 | 000,001,575 | ---- | M] () -- \Program Files\Microsoft Games\Age of Empires III\AI\aiLoaderStandard.xs
[2006/09/06 18:14:02 | 000,001,825 | ---- | M] () -- \Program Files\Microsoft Games\Age of Empires III\AI2\aiLoaderInactive.xs
[2006/09/06 18:14:02 | 000,001,575 | ---- | M] () -- \Program Files\Microsoft Games\Age of Empires III\AI2\aiLoaderStandard.xs
[2007/08/10 17:52:00 | 000,001,825 | ---- | M] () -- \Program Files\Microsoft Games\Age of Empires III\AI3\aiLoaderInactive.xs
[2007/08/10 17:52:00 | 000,001,575 | ---- | M] () -- \Program Files\Microsoft Games\Age of Empires III\AI3\aiLoaderStandard.xs
[2014/05/30 01:10:11 | 001,170,208 | ---- | M] () -- \Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\ExtensionLoader.dll
[2013/07/25 04:43:28 | 000,065,344 | ---- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2013/07/25 04:43:12 | 000,073,024 | ---- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader.dll
[2013/05/09 13:56:46 | 000,034,304 | ---- | M] () -- \Program Files\Setti\Counter-Strike Source\revLoader.exe
[2012/11/08 16:16:50 | 000,072,638 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.gif
[2012/11/08 16:16:50 | 000,003,032 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.png
[2012/11/08 16:16:50 | 000,009,772 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\retina\loader@2x.png
[2010/11/02 12:36:12 | 000,000,404 | ---- | M] () -- \Riot Games\League of Legends\rads\projects\lol_air_client\releases\0.0.1.98\deploy\assets\storeImages\layout\small_loader.gif
[2012/11/08 16:16:50 | 000,072,638 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.gif
[2012/11/08 16:16:50 | 000,003,032 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.png
[2012/11/08 16:16:50 | 000,009,772 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\retina\loader@2x.png
[2014/06/03 16:26:54 | 000,003,208 | ---- | M] () -- \Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.3_0\skin\ajax-loader.gif
[2011/09/26 17:48:40 | 732,053,504 | ---- | M] () -- \Users\Michal\Desktop\Filmy\Hop.2011.BRRip.SK.by.Colly.of.PowerUploaders.avi
[2012/03/30 18:06:18 | 1963,524,096 | ---- | M] () -- \Users\Michal\Desktop\Filmy\Immortals.2011.BDRip.AC3.cz.by.Delfin.of.PowerUploaders.avi
[2011/12/07 02:31:54 | 888,018,944 | ---- | M] () -- \Users\Michal\Desktop\Filmy\Lincoln.Lawyer.2011.BRRip.cz.by.Delfin.of.PowerUploaders.avi
[2012/03/07 15:21:58 | 735,438,848 | ---- | M] () -- \Users\Michal\Desktop\Filmy\tower.heist.2011.bdrip.cz.by.Delfin.of.PowerUploaders.avi
[2012/03/14 15:20:06 | 730,425,344 | ---- | M] () -- \Users\Michal\Desktop\Filmy\Twilight.saga.Rozbresk.2011.BDRip.CZ.by.Colly.of.PowerUploaders (1).avi
[2013/08/02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2014/06/28 10:39:37 | 000,003,424 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Uploader
[2009/07/14 06:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2009/07/14 06:56:40 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009/07/14 06:56:40 | 000,033,344 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winload.exe.mui_3bc5b827
[2009/07/14 06:56:40 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winresume.exe.mui_ff8b5358
[2011/09/08 13:54:11 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2011/09/08 13:54:11 | 000,508,904 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winload.exe_75835076
[2011/09/08 13:54:11 | 000,442,720 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winresume.exe_85cd1215
[2009/07/14 04:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009/07/14 04:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2009/07/14 04:29:12 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009/07/14 03:47:46 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009/08/19 09:38:48 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2009/08/19 09:21:21 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20509_none_5be12f8ee6d3987e.manifest
[2010/11/20 05:02:40 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2009/07/14 03:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009/07/14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/05/14 08:22:35 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16816_none_0ad4ff55dce9d030\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/06/02 07:45:50 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16823_none_0ac72e8bdcf4a01c\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 06:19:58 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16850_none_0aa3bde9dd0fa7ea\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 18:45:38 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17135_none_0abe3b21dcfb1c4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/04 06:43:53 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17206_none_0adfad15dce1def6\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/06/03 07:50:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.20978_none_0b1fbd2cf6364a4e\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 06:12:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21010_none_0b587286f60d0b32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 18:48:05 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21335_none_0b47d9d2f618b93c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/04 06:39:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21416_none_0b5e7bdaf60797d8\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/05/14 08:13:36 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17617_none_0cbc5ca5da0f5573\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/06/03 07:47:28 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_0caf8c25da193eb6\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 06:15:45 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 18:40:37 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_0c845227da39a5ef\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/05/14 09:15:40 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21728_none_0d3c29cef3342a85\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/06/03 08:56:06 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21738_none_0d3159e2f33c4676\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 06:36:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_0d001876f3621e30\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 18:29:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_0d3906c4f3370937\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/04 06:43:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22209_none_0d52a9aaf32333d8\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/02 07:53:29 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_0d3fdb3af3327f5f\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/03/04 12:35:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22616_none_0d44e078f32df860\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/04/12 04:03:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_0d169feaf3511c1f\api-ms-win-core-libraryloader-l1-1-0.dll
 
[color=#A23BEC]< *minodlogin* /s >[/color]
[2011/12/28 16:13:34 | 000,406,585 | ---- | M] () -- \Program Files\ESET\MiNODLogin 3.9.10.exe
[2011/11/01 14:15:11 | 000,063,667 | ---- | M] () -- \Program Files\ESET\FOTO Návod instalace MiNODLogin\MiNODLogin 001.png
[2011/11/01 14:15:11 | 000,052,772 | ---- | M] () -- \Program Files\ESET\FOTO Návod instalace MiNODLogin\MiNODLogin 002.png
[2011/11/01 14:15:11 | 000,057,010 | ---- | M] () -- \Program Files\ESET\FOTO Návod instalace MiNODLogin\MiNODLogin 003.png
[2011/11/01 14:15:11 | 000,045,736 | ---- | M] () -- \Program Files\ESET\FOTO Návod instalace MiNODLogin\MiNODLogin 004.png
[2011/11/01 14:15:11 | 000,061,423 | ---- | M] () -- \Program Files\ESET\FOTO Návod instalace MiNODLogin\MiNODLogin 005.png
[2011/11/01 14:24:50 | 000,136,455 | ---- | M] () -- \Program Files\ESET\FOTO Návod instalace MiNODLogin\MiNODLogin 006.png
[2012/03/29 19:39:55 | 000,001,098 | ---- | M] () -- \Users\Michal\Desktop\Programy\Prùzkumník licencí MiNODLogin.lnk

Sonazi · #4 Příspěvek od **Sonazi** » 28 čer 2014 13:25

OTL.txt pokračovanie

< *tnod* /s >
[2010/04/02 01:08:00 | 000,097,792 | ---- | M] () -- \Program Files\ESET\tnodicons.icl

< *AutoKMS* /s >

< *activator* /s >

< *serial* /s >
[2013/10/24 13:45:58 | 000,003,176 | ---- | M] () -- \Program Files\Games\WOTKo\res\scripts\client\gui\shared\gui_items\serializers.pyc
[2010/03/18 19:31:26 | 000,370,552 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\.NETFramework\v3.5\Profile\Client\System.Runtime.Serialization.dll
[2010/03/18 19:31:26 | 000,042,904 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\.NETFramework\v3.5\Profile\Client\System.Runtime.Serialization.Formatters.Soap.dll
[2009/08/31 03:48:08 | 000,009,272 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\.NETFramework\v3.5\Profile\Client\System.Runtime.Serialization.Formatters.Soap.xml
[2009/08/31 03:48:08 | 000,285,032 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\.NETFramework\v3.5\Profile\Client\System.Runtime.Serialization.xml
[2010/03/18 19:31:26 | 000,429,432 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.0\System.Runtime.Serialization.dll
[2010/03/18 19:31:26 | 000,032,664 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.0\System.Runtime.Serialization.Formatters.Soap.dll
[2009/10/22 19:47:54 | 000,007,862 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.0\System.Runtime.Serialization.Formatters.Soap.xml
[2010/01/10 22:09:56 | 000,332,539 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.0\System.Runtime.Serialization.xml
[2010/03/18 19:31:26 | 000,429,432 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.0\Profile\Client\System.Runtime.Serialization.dll
[2010/03/18 19:31:26 | 000,032,664 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.0\Profile\Client\System.Runtime.Serialization.Formatters.Soap.dll
[2009/10/22 19:47:54 | 000,007,862 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.0\Profile\Client\System.Runtime.Serialization.Formatters.Soap.xml
[2010/01/10 22:09:56 | 000,332,539 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.0\Profile\Client\System.Runtime.Serialization.xml
[2012/10/05 12:53:23 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2009/08/31 03:48:08 | 000,285,032 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\en\System.Runtime.Serialization.xml
[2013/04/17 15:12:51 | 000,712,704 | ---- | M] () -- \Program Files\Setti\Counter-Strike Source\bin\dmserializers.dll
[2012/09/12 12:26:59 | 000,012,276 | ---- | M] () -- \Users\Michal\AppData\Roaming\uTorrent\Nero 10.0 + Serials en Keygen - DivXNL-Team.torrent
[2008/07/03 15:17:36 | 000,000,030 | ---- | M] () -- \Users\Michal\Desktop\Hry\Hry instal\Command & Conquer Generals Zero Hour\serial.txt
[2014/03/17 22:30:39 | 312,921,284 | ---- | M] () -- \Users\Michal\Downloads\Arrow-(-serial-2013-)-CZ-S01E01.avi
[2014/03/17 23:35:27 | 316,265,398 | ---- | M] () -- \Users\Michal\Downloads\Arrow-(-serial-2013-)-CZ-S01E02.avi
[2009/06/10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2012/10/05 12:53:23 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2014/02/14 01:29:26 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\553e7bfc9cac5e4feaa83d8ee1e187bd\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014/02/14 01:33:17 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f177ea74036d5fdc6c6b9c967dc877cf\System.Runtime.Serialization.ni.dll
[2014/02/14 18:32:42 | 002,658,304 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\63ef9e695c7479c104f18b5e78a8770d\System.Runtime.Serialization.ni.dll
[2014/02/14 18:33:00 | 000,311,296 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\a2f2c4c0abfbc3e4ce9aecbd147b1906\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014/05/15 00:44:06 | 000,122,264 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2014/05/15 00:44:03 | 001,039,040 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2009/06/10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2009/08/31 03:48:08 | 000,009,272 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\en\System.Runtime.Serialization.Formatters.Soap.xml
[2012/10/05 12:53:24 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2013/09/11 06:06:54 | 001,039,040 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2010/03/18 13:16:28 | 000,122,264 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2009/07/14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2009/07/14 01:45:33 | 000,083,456 | ---- | M] () -- \Windows\System32\drivers\serial.sys
[2009/07/14 04:09:30 | 000,010,240 | ---- | M] () -- \Windows\System32\drivers\en-US\serial.sys.mui
[2009/07/14 00:13:45 | 001,068,032 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\mdmmotsm.inf_x86_neutral_c1415d9789c54b89\smserial.sys
[2009/07/14 01:45:33 | 000,083,456 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_x86_neutral_c1a802e06677f73f\serial.sys
[2009/07/14 00:09:18 | 000,031,232 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_x86_neutral_63e72c669d043f14\grserial.sys
[2009/07/14 04:10:04 | 000,005,120 | ---- | M] () -- \Windows\System32\en-US\serialui.dll.mui
[2009/07/14 04:18:03 | 000,002,762 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486.manifest
[2009/07/14 04:18:03 | 000,015,952 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486_kdcom.dll_db5e7744
[2009/07/14 06:56:40 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_en-us_919783112bf8b64b_serialui.dll.mui_7d29d2a3
[2009/07/14 04:18:51 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a_serialui.dll_bea29328
[2009/07/14 03:52:33 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896.manifest
[2010/11/20 05:06:16 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c.manifest
[2012/10/05 19:15:39 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17966_none_a683f56a74d63285.manifest
[2012/10/05 19:17:50 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22126_none_8fb250ac8e81277d.manifest
[2009/07/14 04:28:14 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_en-us_8f71d563bf7aa3c2.manifest
[2012/10/05 19:12:04 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17966_en-us_8f4bb639bfcd9db1.manifest
[2012/10/05 19:12:20 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22126_en-us_787a117bd97892a9.manifest
[2009/07/14 03:51:52 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9.manifest
[2010/11/20 05:05:38 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f.manifest
[2012/10/05 19:15:03 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17966_none_d6c72b049c7d33b8.manifest
[2012/10/05 19:17:15 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22126_none_bff58646b62828b0.manifest
[2009/07/14 03:49:26 | 000,002,762 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486.manifest
[2009/07/14 03:45:27 | 000,000,866 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.1.7600.16385_none_2c93290b67c98d09.manifest
[2009/07/14 03:57:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b.manifest
[2010/11/20 05:10:46 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1.manifest
[2012/10/05 19:19:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_dba1d6d1dd53cdfa.manifest
[2012/10/05 19:22:10 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_c4d03213f6fec2f2.manifest
[2009/06/10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll
[2009/06/10 23:14:06 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896\System.Runtime.Serialization.dll
[2010/11/05 03:52:39 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c\System.Runtime.Serialization.dll
[2012/10/05 12:53:24 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17966_none_a683f56a74d63285\System.Runtime.Serialization.dll
[2012/10/05 12:56:07 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22126_none_8fb250ac8e81277d\System.Runtime.Serialization.dll
[2009/06/10 23:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9\System.Runtime.Serialization.dll
[2010/11/05 03:52:27 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f\System.Runtime.Serialization.dll
[2012/10/05 12:53:23 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17966_none_d6c72b049c7d33b8\System.Runtime.Serialization.dll
[2012/10/05 12:56:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22126_none_bff58646b62828b0\System.Runtime.Serialization.dll
[2009/07/14 00:13:45 | 001,068,032 | ---- | M] () -- \Windows\winsxs\x86_mdmmotsm.inf_31bf3856ad364e35_6.1.7600.16385_none_7a97936f8a972896\smserial.sys
[2009/07/14 04:10:04 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_en-us_919783112bf8b64b\serialui.dll.mui
[2009/07/14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a\serialui.dll
[2009/07/14 04:09:30 | 000,010,240 | ---- | M] () -- \Windows\winsxs\x86_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_07e2c405948a55f4\serial.sys.mui
[2009/07/14 01:45:33 | 000,083,456 | ---- | M] () -- \Windows\winsxs\x86_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_f86e06d519b1d9a4\serial.sys
[2009/07/14 00:09:18 | 000,031,232 | ---- | M] () -- \Windows\winsxs\x86_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_7280378295916274\grserial.sys
[2009/06/10 23:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b\System.Runtime.Serialization.dll
[2010/11/05 03:52:27 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1\System.Runtime.Serialization.dll
[2012/10/05 12:53:23 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_dba1d6d1dd53cdfa\System.Runtime.Serialization.dll
[2012/10/05 12:56:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_c4d03213f6fec2f2\System.Runtime.Serialization.dll

< *w7lxe* /s >

========== Files - Unicode (All) ==========
[2014/02/26 21:59:44 | 004,482,198 | ---- | M] ()(C:\Users\Michal\Desktop\Prezentááácia ?.pptx) -- C:\Users\Michal\Desktop\Prezentááácia .pptx
[2014/02/26 20:50:37 | 004,482,198 | ---- | C] ()(C:\Users\Michal\Desktop\Prezentááácia ?.pptx) -- C:\Users\Michal\Desktop\Prezentááácia .pptx

========== Alternate Data Streams ==========

@Alternate Data Stream - 184 bytes -> C:\ProgramData\TEMP:FB1B13D8

< End of report >

Sonazi · #5 Příspěvek od **Sonazi** » 28 čer 2014 13:26

Extras.txt

Kód: Vybrat vše

OTL Extras logfile created on: 6/28/2014 1:33:06 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Michal\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: Slovakia | Language: SKY | Date Format: d. M. yyyy
 
1.98 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 41.80% Memory free
3.96 Gb Paging File | 2.57 Gb Available in Paging File | 64.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.07 Gb Total Space | 38.60 Gb Free Space | 17.15% Space Free | Partition Type: NTFS
Drive D: | 464.82 Gb Total Space | 165.64 Gb Free Space | 35.64% Space Free | Partition Type: FAT32
 
Computer Name: MICHAL-PC | User Name: Michal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2660650734-4107194658-3983471559-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\Michal\AppData\Roaming\File Scout\filescout.exe" /open "%1"
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003E02F9-DA53-4AB7-9793-06B0A1846906}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{06F8E3DB-3F6D-4B6D-8143-220F5C610C24}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{0B0ACBCF-EB77-4E5C-926E-5A8CDF129975}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{0CB505ED-CAEA-4DFF-9453-14EF09DED139}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe | 
"{0DBDEE4E-E3C5-4D67-8EBE-D65BA0FB46D6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1877D9D7-13DA-4675-A90E-AD176ED1965C}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{18BB5D60-7028-46B7-BCA9-131572F40C59}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1C5A62D5-9907-4B90-9711-64796DBCE190}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{265EA4FE-C86D-47D3-B268-01CB10CE1026}" = rport=445 | protocol=6 | dir=out | app=system | 
"{27DFB0F5-AA47-48AC-8366-90F2A276F916}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{282B2C73-0175-4644-AF72-5223C398D9E1}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=%systemroot%\system32\svchost.exe | 
"{2DE2B26D-76CE-4FDA-B73F-7B5B81E38EEC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3578A4B4-E78F-4496-934D-6A36DB2167FB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{3A94AAA0-E334-4FBE-9237-1F3454EC7B86}" = lport=139 | protocol=6 | dir=in | app=system | 
"{3BE1EBFE-E134-49DA-ABF6-8E9A8A6F580D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{3CFED7CE-BB2D-4D4D-9157-3A111E6FE76B}" = lport=3389 | protocol=6 | dir=in | app=system | 
"{4B4D8A6F-72C8-457B-834D-7E2696E76EE6}" = lport=443 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\netservice\nvnetworkservice.exe | 
"{59FA3856-66C6-4E2C-9FDE-364EFA586C51}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5F108E28-CA05-4D8C-AB12-C0029051E545}" = lport=80 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\netservice\nvnetworkservice.exe | 
"{607B732C-3523-4D08-849D-09E2A040A521}" = rport=139 | protocol=6 | dir=out | app=system | 
"{694AAE08-476B-487E-9D01-D86B1B39B152}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{69ABA175-C993-4342-80AC-34F63B831083}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{7B29DAED-BA43-4F1A-B49D-67CDDC1318C0}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{8E7AB4A6-5F0D-41EE-BB6E-AA987321B4A9}" = rport=137 | protocol=17 | dir=out | app=system | 
"{8E9CF83C-5139-44F2-A213-1B11BA00D3EF}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{9379C2D5-25E7-43E1-80DC-D120598AF4BA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B3278462-70B3-4849-AE4E-001A73D98E9A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{B7585B74-3972-4589-A37A-552B553197C1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C1CC09BD-1CBA-492C-9F05-1E0AB9AF8481}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C23BF125-3454-45B4-A95E-E9E4A81D0060}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{C24F4194-42AB-45F3-B758-9A672442E1E0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C6A321BD-FD21-45DF-8F12-CAA3B899C4E0}" = lport=138 | protocol=17 | dir=in | app=system | 
"{DA190436-2F91-44EF-AC73-7CA1B7ED0A2C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 
"{E4FFB9BA-4153-403D-9700-37C50D8503BC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F00DED57-10F5-4A42-BB64-6E9DD0EC818D}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{F38F36E9-941B-49E3-824F-D6CF9E6D6BBE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F49F8A52-D274-468F-BB50-1E9F5C1B244E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{FC64F884-ACF7-40E2-9BCB-6D840CAAE268}" = lport=445 | protocol=6 | dir=in | app=system | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0746DAED-8359-4054-8FC5-B62DA4487D53}" = protocol=58 | dir=in | app=system | 
"{0F2649A2-40E3-4AA6-B1CF-F15C83241FD0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{102A8B48-1ECB-44D2-9EDE-45D3435D6701}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{10949CB4-3295-4860-9F57-B13AB4499F21}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{1792970A-B62F-4ACE-9EB4-821419984114}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe | 
"{1BA84953-BF4D-4F8E-9F57-77FD94D6E61F}" = protocol=6 | dir=in | app=c:\program files\electronic arts\the battle for middle-earth (tm) ii\game.dat | 
"{2225088E-D23F-4984-A9BC-2947C05AFCC6}" = protocol=17 | dir=in | app=c:\program files\ea games\command and conquer generals\generals.exe | 
"{29F70C21-DEAF-49B3-85CC-AF0B407A3B4B}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe | 
"{3B7EAFDF-C7C3-4A4C-B41C-A003E491045B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{3D61D82C-6991-4AFD-A497-A98DC730EE55}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3F988680-B045-40DB-A2CF-7D80DBC43DFE}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | 
"{412B2F8C-6A2D-4FDF-A108-43D52AFDAF42}" = protocol=6 | dir=in | app=c:\users\michal\appdata\roaming\.minecraft\minecraft.exe | 
"{4160751A-D060-47B7-BA58-5C4748CD4290}" = protocol=17 | dir=in | app=c:\users\michal\appdata\roaming\.minecraft\minecraft.exe | 
"{421A49D7-5036-416A-9861-B0899C417EF3}" = protocol=6 | dir=out | app=system | 
"{43B561C8-3F71-4617-A48C-9888A6231EEC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{44D2F831-12FB-49D8-B36D-C77A49824CC8}" = protocol=6 | dir=in | app=c:\program files\ea games\command and conquer generals\generals.exe | 
"{4B9CEED3-888D-489C-80AB-DE63195F42A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4EB1531C-0FD0-4306-8DC8-8022F6676F74}" = protocol=17 | dir=in | app=c:\program files\ea games\command & conquer generals zero hour\generals.exe | 
"{4FBB1933-8377-44D2-9B1F-F3BC4F49E515}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe | 
"{50740CD4-1641-4DAE-95B8-F20DCD31B581}" = protocol=6 | dir=in | app=c:\program files\ea games\command & conquer generals zero hour\generals.exe | 
"{50F5E332-AD20-4F7A-A061-D59F484A1DBB}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{59C052DA-B5C1-4407-95EF-065AB76A21D2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5B8BE071-EE1F-41D3-B327-7F868B4A1553}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5EB47C25-0FBD-416A-A68C-4B2F97EF4DBE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{63372267-6B4A-4071-A9C8-9E11B48EBBFB}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe | 
"{647059B5-C847-4354-BCF1-276976421329}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | 
"{66E130DD-E86D-4F39-A488-42EE7DF06AAE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{710A17C7-0867-44EE-BD36-BF7BD269295E}" = protocol=6 | dir=in | app=c:\users\michal\appdata\roaming\.minecraft\minecraft.exe | 
"{74B50C9E-35C8-4E14-819D-A2E853A90271}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7AF7BC20-1DFE-4313-A898-B19A63F00AEF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7D2F7D03-393F-455A-850D-1AECA222D394}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7DEF75D4-3A63-4937-A59B-C0B7C2EC0B5C}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{83F4A85E-7419-49B2-9F96-C38D6F4EA6C2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8CBC1568-3120-4E16-8B8A-5592B7DEDB10}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | 
"{8DF84480-E3A2-4DF7-8BCA-45BFF9895974}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe | 
"{933B7AD0-48FE-482A-9D57-483384D5CBFC}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{93749311-83D7-4666-8EE3-022659B02138}" = protocol=17 | dir=in | app=c:\program files\electronic arts\the battle for middle-earth (tm) ii\game.dat | 
"{9AF4538B-473A-43F5-8D06-66D602D7E6C1}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{9DB4E96B-4B77-43C6-8EF5-EF14F42404E1}" = protocol=17 | dir=in | app=c:\users\michal\appdata\roaming\.minecraft\minecraft.exe | 
"{A2A2728D-1B27-432B-BE16-F24928D0F76A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A69353B1-A547-4499-902A-A36EA61C8AD3}" = dir=in | app=%programfiles%\java\jre1.6.0_26\bin\java.exe | 
"{A9234E34-2312-4044-BBA1-D85AE0ABF42D}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | 
"{AE38C74C-D094-43C0-AADD-693949A1693B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B5152AEE-927B-41D4-B417-3FBEBF23B63D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{B8D5737B-C213-4FBD-B501-C8723348AD87}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DCD4D6F2-C713-4A73-8835-EE63B91D154D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EFCE22E8-0BBA-4009-8668-2C2A57E0802C}" = protocol=6 | dir=in | app=c:\program files\setti\counter-strike source\hl2.exe | 
"{F81E0CA2-E53F-4459-94D1-76772FF107D0}" = protocol=17 | dir=in | app=c:\program files\setti\counter-strike source\hl2.exe | 
"{F9747B6D-8C83-4523-BC7A-D038C7F6D552}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FBC3089E-623F-4A88-843E-54ECE60E2788}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe | 
"TCP Query User{0C4F901E-45C6-45A2-B509-E0AEB50FD56F}C:\program files\ea games\command & conquer generals zero hour\game.dat" = protocol=6 | dir=in | app=c:\program files\ea games\command & conquer generals zero hour\game.dat | 
"TCP Query User{0E204E6D-2E44-40A9-A2D1-A8E71116B85D}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"TCP Query User{96874B7F-00EF-495F-B9E1-D97791E8EC82}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{29D0EE35-4384-40E0-8BBD-56F3D50D5DE7}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{62424739-7C0C-40D5-969B-AB2C4DC772D8}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"UDP Query User{F47590D7-C3F1-4958-A776-F66BB04D6F47}C:\program files\ea games\command & conquer generals zero hour\game.dat" = protocol=17 | dir=in | app=c:\program files\ea games\command & conquer generals zero hour\game.dat | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C6FF70-690B-4DF7-8F5D-269DD3A7FD23}" = iCloud
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216026F0}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 60
"{26A24AE4-039D-4CA4-87B4-2F83217045F0}" = Java 7 Update 45
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth (tm) II
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34D9106C-A947-47ED-B4AB-764736350769}" = Minecraft
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{59F24743-2EA1-3A45-B8C2-6E0E1E078FA8}" = Microsoft Visual C# 2010 Express - ENU
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0016-041B-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Slovak) 2007
"{90120000-0018-041B-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Slovak) 2007
"{90120000-001A-041B-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Slovak) 2007
"{90120000-001B-041B-0000-0000000FF1CE}" = Microsoft Office Word MUI (Slovak) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040E-0000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-041B-0000-0000000FF1CE}" = Microsoft Office Proofing (Slovak) 2007
"{90120000-006E-041B-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Slovak) 2007
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{AC76BA86-7AD7-1029-7B44-AB0000000001}" = Adobe Reader XI (11.0.05) - Czech
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 331.82
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 331.82
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 331.82
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 331.82
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0725
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 14.6.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 14.6.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.23
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C197BC08-3D82-4651-8886-E68C21578A38}" = iTunes
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{FB80FA7C-A20D-43EA-A0C3-1E43F210D1A8}" = ESET Smart Security
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"inethnfd" = Network System Driver
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Visual C# 2010 Express - ENU" = Microsoft Visual C# 2010 Express - ENU
"Mozilla Firefox 30.0 (x86 sk)" = Mozilla Firefox 30.0 (x86 sk)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"STANDARD" = Microsoft Office Standard 2007
"TeamViewer 8" = TeamViewer 8
"Totalcmd" = Total Commander (Remove or Repair)
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.2
"WinRAR archiver" = WinRAR 4.01 (32-bit)
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-2660650734-4107194658-3983471559-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Counter Strike 1.6 with FRAGTIME.cz GUI" = Counter Strike 1.6 with FRAGTIME.cz GUI
 
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
 
[ System Events ]
Error - 6/28/2014 6:16:27 AM | Computer Name = Michal-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 6/28/2014 6:16:28 AM | Computer Name = Michal-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 6/28/2014 6:16:28 AM | Computer Name = Michal-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 6/28/2014 6:19:05 AM | Computer Name = Michal-PC | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
 to the following error:   %%3
 
Error - 6/28/2014 6:28:40 AM | Computer Name = Michal-PC | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
 to the following error:   %%3
 
Error - 6/28/2014 6:30:19 AM | Computer Name = Michal-PC | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
  It has done this 1 time(s).
 
Error - 6/28/2014 6:31:43 AM | Computer Name = Michal-PC | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
 to the following error:   %%3
 
Error - 6/28/2014 6:31:44 AM | Computer Name = Michal-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
 the following error:   %%-2147014847
 
Error - 6/28/2014 6:48:26 AM | Computer Name = Michal-PC | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
 to the following error:   %%3
 
Error - 6/28/2014 7:12:39 AM | Computer Name = Michal-PC | Source = Service Control Manager | ID = 7034
Description = The iSafeService service terminated unexpectedly.  It has done this
 1 time(s).
 
 
< End of report >

#6 Příspěvek od **Márty84** » 28 čer 2014 13:43

Nedavejte logy do Code, ani Quete. Spatne se to cte.

Jak je to s legalitou antiviru a taky systemu? Ultimate neni zrovna bezna domaci verze

Udelejte kontrolu s MBAM http://forum.viry.cz/viewtopic.php?f=29&t=137928 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

Sonazi · #7 Příspěvek od **Sonazi** » 28 čer 2014 15:16

Windows aj ESET nie su legálne

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 28. 6. 2014
Scan Time: 15:00:10
Logfile: log.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.28.02
Rootkit Database: v2014.06.23.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Michal

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 420108
Time Elapsed: 1 hr, 11 min, 28 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 2
PUP.Optional.Amonetize, C:\Windows\System32\nethtsrv.exe, 1988, , [f8da235a1269eb4bf6262a682fd246ba]
PUP.Optional.Amonetize, C:\Windows\System32\netupdsrv.exe, 700, , [20b22c51e398ff37ec314e446f92d22e]

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.Amonetize, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NetHttpService, , [f8da235a1269eb4bf6262a682fd246ba],
PUP.Optional.Amonetize, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ServiceUpdater, , [20b22c51e398ff37ec314e446f92d22e],
PUP.Optional.NetFilter, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\nethfdrv, , [eae8205d7efd55e10f3c860caf52a65a],

Registry Values: 3
PUP.Optional.NetworkUpdate.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NETHTTPSERVICE|ImagePath, C:\Windows\system32\nethtsrv.exe, , [a0328df03843e94de4569c6a9b692ed2]
PUP.Optional.NetworkUpdate.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SERVICEUPDATER|ImagePath, C:\Windows\system32\netupdsrv.exe, , [e1f1275694e7e353b08b4fb7b450d22e]
PUP.Optional.ConduitSearchProtect, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SearchProtect, \SearchProtect\bin\cltmng.exe, , [03cfabd2f388e94d3da06e755ca70ff1]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 9
PUP.Optional.Amonetize, C:\Windows\System32\nethtsrv.exe, , [f8da235a1269eb4bf6262a682fd246ba],
PUP.Optional.Amonetize, C:\Windows\System32\netupdsrv.exe, , [20b22c51e398ff37ec314e446f92d22e],
PUP.Optional.NetFilter, C:\Windows\System32\drivers\nethfdrv.sys, , [eae8205d7efd55e10f3c860caf52a65a],
PUP.Optional.Handy.A, C:\Program Files\HandyUpdater\HandyUpdater.exe, , [844e324b1d5e03330adab56b748d619f],
Malware.Packer.Gen, C:\Program Files\Need for Speed Most Wanted Modded\pzn-nfst.exe, , [2ba7aecffe7de056894ab79914ec6b95],
Riskware.KG, C:\Program Files\ESET\MiNODLogin 3.9.10.exe, , [963ce29b7308d85e45f02a3531cfd12f],
Riskware.KG, C:\Program Files\ESET\MiNODLogin\launcher.exe, , [735f295409721224f3435e01fc04bc44],
Riskware.KG, C:\Program Files\ESET\MiNODLogin\uninst.exe, , [c40e96e7df9c2d0978bd60ffef1141bf],
PUP.Optional.OneClickDownloader.A, C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000, , [e4eea9d4aad1d462bb9ce92e5fa2fc04],

Physical Sectors: 0
(No malicious items detected)

(end)

#8 Příspěvek od **Márty84** » 28 čer 2014 20:57

No, ja to vim, logy to ukazuji. Je dobre, ze jste to priznal a nesnazil se vykladat pohadky, jako nekteri.

A pravidla fora jste cetl? Hovori bohuzel jasne http://forum.viry.cz/viewtopic.php?f=12&t=115512

Pomáhat NELZE:
2) Pokud stroj uživatele prokazatelně obsahuje nelegální hostitelský čí ochranný software
(operační systém, antivir, firewall, atd.), je nutné navést uživatele k nápravě, např. skrze neplacený software,
a začít řešit, až v době kdy je PC "v pořádku". V případě že uživatel nechce na pravidla přistoupit,
je nutné jej vyzvat ať fórum opustí, a vrátí se až je splní.

Nalezy MBAM nechte odstranit. Pak provedte novy test a kdyz bude cisto, MBAM odinstalujte.
Odinstalujte ten ESET, stejne nefunguje jak ma. Nahradte ho treba Avastem, ten je zadara a kvalitou bohate staci.

No a vic vam asi neporadim, jelikoz mi to pravidla nedovoluji

14.7.

http://forum.viry.cz/viewtopic.php?f=12&t=123975

VIRY.CZ

Offers Wizzard

Offers Wizzard

Re: Offers Wizzard

Re: Offers Wizzard

Re: Offers Wizzard

Re: Offers Wizzard

Re: Offers Wizzard

Re: Offers Wizzard

Re: Offers Wizzard