Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o kontrolu LOGU

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
jibo
Návštěvník
Návštěvník
Příspěvky: 29
Registrován: 11 srp 2009 20:06

Prosím o kontrolu LOGU

#1 Příspěvek od jibo »

Dobrý den poprosil bych o kontrolu logu z mého netbooku systém W7 ultimate 32 bit. Od včera se chová nějak podivně, nešel upgrade avast a byl i problém s operou, také nešlo stáhnout soubory s novým upgrade softem.


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-05-2014 01
Ran by Bork (administrator) on BORK-NETBOOK on 13-05-2014 18:33:12
Running from C:\Users\Bork\Desktop
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
(PS Media s.r.o.) C:\Windows\System32\ssins.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(forum.viry.cz) C:\Users\Bork\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [6475264 2013-02-13] (Broadcom Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1934632 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-05-13] (AVAST Software)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10082920 2011-05-18] (Realtek Semiconductor)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [3257640 2013-11-21] (O&O Software GmbH)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/search?q={searchT ... d=ie7&rlz=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
SearchScopes: HKLM - {75b4241f-171e-44a3-bf44-23613b6e3e03} URL = http://search.tb.ask.com/search/GGmain. ... earchTerms}
SearchScopes: HKCU - {75b4241f-171e-44a3-bf44-23613b6e3e03} URL = http://search.tb.ask.com/search/GGmain. ... earchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/s ... wflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.70.100.1 77.48.233.12 208.67.222.222

FireFox:
========
FF ProfilePath: C:\Users\Bork\AppData\Roaming\Mozilla\Firefox\Profiles\m2p99x90.default
FF user.js: detected! => C:\Users\Bork\AppData\Roaming\Mozilla\Firefox\Profiles\m2p99x90.default\user.js
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF Homepage: http://www.seznam.cz
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Bork\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF SearchPlugin: C:\Users\Bork\AppData\Roaming\Mozilla\Firefox\Profiles\m2p99x90.default\searchplugins\seznam.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-02-13]

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-13] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109048 2014-05-13] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1755136 2011-03-07] (Realsil Microelectronics Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [1381672 2013-11-21] (O&O Software GmbH)
R2 ssinstall; C:\Windows\System32\ssins.exe [2324216 2013-12-16] (PS Media s.r.o.)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [5186048 2013-02-13] (Broadcom Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-05-13] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26136 2014-05-13] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-05-13] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [270240 2014-05-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-05-13] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-05-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-05-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-05-13] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [68312 2014-05-13] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-05-13] ()
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18496 2013-02-13] (Broadcom Corporation)
R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [25248 2011-09-16] (Atheros)
S3 btwampfl; C:\Windows\system32\drivers\btwampfl.sys [525352 2011-08-30] (Broadcom Corporation.)
S3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [268176 2012-07-27] (ELAN Microelectronics Corp.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-05-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation)
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [254056 2011-05-30] (Realtek Semiconductor Corp.)
S3 RTL2832UBDA; C:\Windows\System32\drivers\RTL2832UBDA.sys [188520 2011-05-17] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\Windows\System32\Drivers\RTL2832UUSB.sys [32872 2011-05-17] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832U_IRHID; C:\Windows\System32\DRIVERS\RTL2832U_IRHID.sys [42728 2011-06-13] (Realtek)
R1 wStLibG; C:\Windows\System32\drivers\wStLibG.sys [52920 2014-05-08] (StdLib)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-13 18:33 - 2014-05-13 18:33 - 00012268 _____ () C:\Users\Bork\Desktop\FRST.txt
2014-05-13 18:29 - 2014-05-13 18:29 - 00112640 _____ (forum.viry.cz) C:\Users\Bork\Desktop\FRSTLauncher.exe
2014-05-13 17:27 - 2014-05-13 18:33 - 00000000 ____D () C:\FRST
2014-05-13 17:22 - 2014-05-13 17:21 - 01056256 _____ (Farbar) C:\Users\Bork\Desktop\FRST.exe
2014-05-13 17:21 - 2014-05-13 17:21 - 01056256 _____ (Farbar) C:\Users\Bork\Downloads\FRST.exe
2014-05-13 17:19 - 2014-05-13 17:19 - 00112107 _____ (forum.viry.cz) C:\Users\Bork\Downloads\VerzeOS.exe
2014-05-13 16:46 - 2014-05-13 16:46 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Bork\Downloads\spybot-2.3 (2).exe
2014-05-13 16:41 - 2014-05-13 16:54 - 00000000 ____D () C:\Program Files\trend micro
2014-05-13 16:40 - 2014-05-13 16:41 - 00000000 ____D () C:\rsit
2014-05-13 16:39 - 2014-05-13 16:40 - 00781383 _____ () C:\Users\Bork\Downloads\RSIT.exe
2014-05-13 16:38 - 2014-05-13 16:38 - 00111504 _____ () C:\Users\Bork\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-13 11:03 - 2014-05-13 18:06 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-13 11:01 - 2014-05-13 11:01 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-13 11:01 - 2014-05-13 11:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-13 11:01 - 2014-05-13 11:01 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-13 11:01 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-13 11:01 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-13 09:04 - 2014-05-13 09:04 - 00001091 _____ () C:\Users\Public\Desktop\Opera 21.lnk
2014-05-13 09:04 - 2014-05-13 09:04 - 00001091 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 21.lnk
2014-05-13 08:48 - 2014-05-13 08:48 - 00002053 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-05-13 08:45 - 2014-05-13 08:45 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-13 08:45 - 2014-05-13 08:45 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-13 08:44 - 2014-05-13 08:45 - 00270240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-05-13 08:42 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-13 08:42 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-12 20:12 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-12 20:11 - 2014-05-12 20:11 - 00004088 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-05-12 20:11 - 2014-05-12 20:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-12 20:11 - 2014-04-14 20:13 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-05-12 20:11 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-12 20:11 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-12 19:54 - 2014-05-12 19:54 - 00000000 ____D () C:\Users\Jitka\AppData\Roaming\Macromedia
2014-05-12 19:54 - 2014-05-12 19:54 - 00000000 ____D () C:\Users\Jitka\AppData\Local\Macromedia
2014-05-12 19:46 - 2014-05-13 13:21 - 00131748 _____ () C:\Windows\PFRO.log
2014-05-12 19:46 - 2014-05-13 13:21 - 00000224 _____ () C:\Windows\setupact.log
2014-05-12 19:46 - 2014-05-12 19:46 - 00419472 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-12 19:46 - 2014-05-12 19:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-12 00:32 - 2014-05-12 00:32 - 00283096 _____ (Mozilla) C:\Users\Bork\Downloads\Firefox Setup Stub 29.0.1.exe
2014-05-09 23:01 - 2014-05-10 10:10 - 00000044 _____ () C:\Users\Bork\Desktop\Nový textový dokument.txt
2014-05-08 23:56 - 2014-05-08 23:56 - 00001691 _____ () C:\Users\Bork\Documents\Setup.cfg.txt
2014-05-08 23:25 - 2014-05-08 23:25 - 00067374 _____ () C:\Users\Bork\Downloads\help.csy.zip
2014-05-08 22:05 - 2014-05-08 22:05 - 00052920 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG.sys
2014-05-08 20:24 - 2014-05-08 20:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMR Player
2014-05-08 20:24 - 2014-05-08 20:24 - 00000000 ____D () C:\Program Files\AMR Player
2014-05-08 20:22 - 2014-05-08 20:23 - 02529450 _____ (http://www.amrplayer.com ) C:\Users\Bork\Downloads\amrplayer_setup.exe
2014-05-06 08:10 - 2014-05-05 20:07 - 03113272 _____ (MetaQuotes Software Corp.) C:\Windows\system32\MetaViewer.dll.new
2014-05-02 18:38 - 2014-05-02 18:39 - 28862184 _____ (Mozilla) C:\Users\Bork\Downloads\Firefox Setup 29.0 (1).exe
2014-05-01 11:10 - 2014-05-02 17:13 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-24 17:17 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-24 17:17 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-24 17:16 - 2014-03-06 10:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-24 17:16 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-24 17:16 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-24 17:16 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-24 17:16 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-24 17:16 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-24 17:16 - 2014-03-06 09:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-24 17:16 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-24 17:16 - 2014-03-06 09:28 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-24 17:16 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-24 17:16 - 2014-03-06 09:18 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-24 17:16 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-24 17:16 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-24 17:16 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-24 17:16 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-24 17:16 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-24 17:15 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-24 17:15 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-24 17:15 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-24 17:15 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-24 17:15 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-24 17:15 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-16 19:09 - 2014-04-16 19:09 - 00001963 _____ () C:\Users\Public\Desktop\Trade.com MetaTrader 4.lnk
2014-04-16 19:09 - 2014-04-16 19:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trade.com MetaTrader 4
2014-04-16 19:09 - 2014-04-16 19:09 - 00000000 ____D () C:\Program Files\Trade.com MetaTrader 4

==================== One Month Modified Files and Folders =======

2014-05-13 18:33 - 2014-05-13 18:33 - 00012268 _____ () C:\Users\Bork\Desktop\FRST.txt
2014-05-13 18:33 - 2014-05-13 17:27 - 00000000 ____D () C:\FRST
2014-05-13 18:29 - 2014-05-13 18:29 - 00112640 _____ (forum.viry.cz) C:\Users\Bork\Desktop\FRSTLauncher.exe
2014-05-13 18:26 - 2013-02-12 22:38 - 01694462 _____ () C:\Windows\WindowsUpdate.log
2014-05-13 18:25 - 2013-02-13 09:51 - 00000000 ____D () C:\Users\Bork\AppData\Roaming\Skype
2014-05-13 18:10 - 2013-03-04 22:13 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-13 18:06 - 2014-05-13 11:03 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-13 17:53 - 2013-02-13 00:46 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-13 17:21 - 2014-05-13 17:22 - 01056256 _____ (Farbar) C:\Users\Bork\Desktop\FRST.exe
2014-05-13 17:21 - 2014-05-13 17:21 - 01056256 _____ (Farbar) C:\Users\Bork\Downloads\FRST.exe
2014-05-13 17:19 - 2014-05-13 17:19 - 00112107 _____ (forum.viry.cz) C:\Users\Bork\Downloads\VerzeOS.exe
2014-05-13 16:54 - 2014-05-13 16:41 - 00000000 ____D () C:\Program Files\trend micro
2014-05-13 16:46 - 2014-05-13 16:46 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Bork\Downloads\spybot-2.3 (2).exe
2014-05-13 16:44 - 2009-07-14 06:34 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-13 16:44 - 2009-07-14 06:34 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-13 16:41 - 2014-05-13 16:40 - 00000000 ____D () C:\rsit
2014-05-13 16:40 - 2014-05-13 16:39 - 00781383 _____ () C:\Users\Bork\Downloads\RSIT.exe
2014-05-13 16:38 - 2014-05-13 16:38 - 00111504 _____ () C:\Users\Bork\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-13 13:24 - 2013-02-20 17:02 - 00000000 ____D () C:\Program Files\MetaTrader-Admiral Markets
2014-05-13 13:21 - 2014-05-12 19:46 - 00131748 _____ () C:\Windows\PFRO.log
2014-05-13 13:21 - 2014-05-12 19:46 - 00000224 _____ () C:\Windows\setupact.log
2014-05-13 13:21 - 2013-12-16 18:27 - 00000000 _____ () C:\Windows\system32\sinstall.log
2014-05-13 13:21 - 2013-02-13 00:46 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-13 13:21 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-13 13:21 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Speech
2014-05-13 11:33 - 2009-07-14 04:04 - 00000580 _____ () C:\Windows\win.ini
2014-05-13 11:01 - 2014-05-13 11:01 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-13 11:01 - 2014-05-13 11:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-13 11:01 - 2014-05-13 11:01 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-13 11:01 - 2013-03-13 12:20 - 00000000 ____D () C:\Users\Bork\AppData\Roaming\Malwarebytes
2014-05-13 11:01 - 2013-03-13 12:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-13 10:23 - 2013-10-19 15:14 - 00000000 ____D () C:\Program Files (x86)
2014-05-13 09:43 - 2013-03-13 23:05 - 00002117 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-13 09:08 - 2013-12-20 16:39 - 00000000 ____D () C:\Users\Bork\AppData\Local\Opera Software
2014-05-13 09:04 - 2014-05-13 09:04 - 00001091 _____ () C:\Users\Public\Desktop\Opera 21.lnk
2014-05-13 09:04 - 2014-05-13 09:04 - 00001091 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 21.lnk
2014-05-13 09:04 - 2013-12-20 16:38 - 00000000 ____D () C:\Program Files\Opera
2014-05-13 08:51 - 2013-08-15 23:18 - 00000410 __RSH () C:\ProgramData\ntuser.pol
2014-05-13 08:48 - 2014-05-13 08:48 - 00002053 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-05-13 08:48 - 2013-10-24 08:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-05-13 08:45 - 2014-05-13 08:45 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-13 08:45 - 2014-05-13 08:45 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-13 08:45 - 2014-05-13 08:44 - 00270240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-05-13 08:45 - 2014-01-04 20:53 - 00068312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-13 08:45 - 2013-03-08 23:24 - 00180632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-13 08:45 - 2013-03-08 23:24 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-13 08:45 - 2013-02-13 01:07 - 00777488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-13 08:45 - 2013-02-13 01:07 - 00411680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-13 08:45 - 2013-02-13 01:07 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-05-13 08:45 - 2013-02-13 01:07 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-13 08:45 - 2013-02-13 01:06 - 00271264 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-05-13 08:44 - 2013-03-08 23:24 - 00026136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-05-12 20:12 - 2013-10-07 14:12 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-12 20:11 - 2014-05-12 20:11 - 00004088 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-05-12 20:11 - 2014-05-12 20:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-12 20:11 - 2013-10-07 14:11 - 00000000 ____D () C:\Program Files\Java
2014-05-12 19:54 - 2014-05-12 19:54 - 00000000 ____D () C:\Users\Jitka\AppData\Roaming\Macromedia
2014-05-12 19:54 - 2014-05-12 19:54 - 00000000 ____D () C:\Users\Jitka\AppData\Local\Macromedia
2014-05-12 19:52 - 2013-02-15 20:59 - 00000000 ____D () C:\Users\Jitka\AppData\Local\Mozilla
2014-05-12 19:51 - 2013-02-13 22:59 - 00000000 ____D () C:\Users\Jitka\AppData\Roaming\Seznam.cz
2014-05-12 19:46 - 2014-05-12 19:46 - 00419472 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-12 19:46 - 2014-05-12 19:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-12 19:38 - 2013-02-13 13:36 - 00000000 ____D () C:\Users\Bork\AppData\Local\CrashDumps
2014-05-12 00:38 - 2014-02-15 11:41 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-12 00:32 - 2014-05-12 00:32 - 00283096 _____ (Mozilla) C:\Users\Bork\Downloads\Firefox Setup Stub 29.0.1.exe
2014-05-12 00:17 - 2013-02-13 11:13 - 00000000 ____D () C:\Users\Bork\AppData\Roaming\Seznam.cz
2014-05-12 00:11 - 2013-02-12 22:48 - 00000000 ____D () C:\Users\Bork
2014-05-12 00:11 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-05-12 00:10 - 2013-10-20 07:55 - 00000000 ____D () C:\Windows\pss
2014-05-12 00:10 - 2013-02-13 22:59 - 00000000 ____D () C:\Users\Jitka
2014-05-12 00:09 - 2013-12-20 16:39 - 00000000 ____D () C:\Users\Bork\AppData\Roaming\Opera Software
2014-05-12 00:09 - 2013-10-31 23:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\xOption
2014-05-12 00:09 - 2013-10-31 23:48 - 00000000 ____D () C:\Program Files\xOption
2014-05-12 00:09 - 2013-10-19 15:13 - 00000000 ____D () C:\Users\Bork\AppData\Local\MoboGenie
2014-05-12 00:09 - 2013-07-29 14:07 - 00000000 ____D () C:\Users\Bork\AppData\Local\Newsoft
2014-05-12 00:09 - 2013-07-29 13:56 - 00000000 ____D () C:\Program Files\Blaze Video Magic
2014-05-12 00:09 - 2013-02-13 18:32 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-12 00:09 - 2013-02-13 11:14 - 00000000 ____D () C:\Program Files\Seznam.cz
2014-05-12 00:09 - 2013-02-13 10:53 - 00000000 ____D () C:\Users\Bork\AppData\Roaming\GHISLER
2014-05-12 00:09 - 2013-02-13 01:16 - 00000000 ____D () C:\ProgramData\Atheros
2014-05-12 00:09 - 2009-07-14 11:20 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-05-12 00:09 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-05-10 10:10 - 2014-05-09 23:01 - 00000044 _____ () C:\Users\Bork\Desktop\Nový textový dokument.txt
2014-05-08 23:56 - 2014-05-08 23:56 - 00001691 _____ () C:\Users\Bork\Documents\Setup.cfg.txt
2014-05-08 23:35 - 2013-03-07 15:39 - 00000000 ____D () C:\Users\Bork\AppData\Local\GHISLER
2014-05-08 23:34 - 2013-07-21 09:42 - 00000000 ____D () C:\Program Files\Orbitron
2014-05-08 23:25 - 2014-05-08 23:25 - 00067374 _____ () C:\Users\Bork\Downloads\help.csy.zip
2014-05-08 22:05 - 2014-05-08 22:05 - 00052920 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG.sys
2014-05-08 20:29 - 2013-12-03 11:24 - 00000000 ___RD () C:\Users\Bork\Dropbox
2014-05-08 20:29 - 2013-12-03 11:17 - 00000000 ____D () C:\Users\Bork\AppData\Roaming\Dropbox
2014-05-08 20:24 - 2014-05-08 20:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMR Player
2014-05-08 20:24 - 2014-05-08 20:24 - 00000000 ____D () C:\Program Files\AMR Player
2014-05-08 20:23 - 2014-05-08 20:22 - 02529450 _____ (http://www.amrplayer.com ) C:\Users\Bork\Downloads\amrplayer_setup.exe
2014-05-07 07:46 - 2013-02-13 01:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-05-06 08:11 - 2014-03-17 22:05 - 00000000 ____D () C:\Program Files\MetaTrader - Alpari UK
2014-05-05 20:07 - 2014-05-06 08:10 - 03113272 _____ (MetaQuotes Software Corp.) C:\Windows\system32\MetaViewer.dll.new
2014-05-03 14:17 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-02 18:40 - 2013-02-13 18:32 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-02 18:40 - 2013-02-13 18:32 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-02 18:39 - 2014-05-02 18:38 - 28862184 _____ (Mozilla) C:\Users\Bork\Downloads\Firefox Setup 29.0 (1).exe
2014-05-02 17:13 - 2014-05-01 11:10 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-29 21:15 - 2013-03-04 22:13 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-04-29 21:15 - 2013-03-04 22:13 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-04-29 14:48 - 2014-05-13 08:42 - 17384448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 14:34 - 2014-05-13 08:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-28 19:30 - 2013-08-28 10:58 - 00000000 ____D () C:\Windows\Minidump
2014-04-24 17:37 - 2013-02-13 09:51 - 00000000 ___RD () C:\Program Files\Skype
2014-04-21 09:21 - 2013-02-13 11:13 - 00000000 ____D () C:\Users\Bork\AppData\Local\Adobe
2014-04-16 19:09 - 2014-04-16 19:09 - 00001963 _____ () C:\Users\Public\Desktop\Trade.com MetaTrader 4.lnk
2014-04-16 19:09 - 2014-04-16 19:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trade.com MetaTrader 4
2014-04-16 19:09 - 2014-04-16 19:09 - 00000000 ____D () C:\Program Files\Trade.com MetaTrader 4
2014-04-14 20:13 - 2014-05-12 20:11 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-14 20:05 - 2014-05-12 20:12 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-14 20:05 - 2014-05-12 20:11 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-14 20:04 - 2014-05-12 20:11 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-13 10:04 - 2013-02-13 12:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-13 10:00 - 2013-08-02 16:51 - 00000000 ____D () C:\Windows\system32\MRT

Files to move or delete:
====================
C:\Users\Bork\teletradecy4setup.exe


Some content of TEMP:
====================
C:\Users\Bork\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Bork\AppData\Local\Temp\{A5150BA3-E211-4FF2-86DA-471CE44895A4}-GoogleUpdateSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Bork\Desktop" je 3 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Allin1Convert EPM Support
"C:\PROGRA~1\ALLIN1~1\bar\2.bin\8hmedint.exe" T8EPMSUP.DLL,S [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AthBtTray
"C:\Program Files\Bluetooth Suite\AthBtTray.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtherosBtStack
"C:\Program Files\Bluetooth Suite\BtvStack.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate
"C:\Users\Bork\AppData\Roaming\Seznam.cz\szninstall.exe" -c [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop
"C:\Users\Bork\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GfxServiceInstall
C:\Windows\system32\GfxCUIServiceInstall.vbs

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msapxwdSrv
C:\Windows\inf\msapxwd.vbe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msoewbtySrv
C:\Windows\inf\msoewbty.vbe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray
C:\Program Files\OO Software\Defrag\oodtray.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence
C:\Windows\system32\igfxpers.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce
"C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Autoupdate
"C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Service 16
"C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXEC:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^O&O Defrag Tray.lnk
C:\Windows\INSTAL~1\{59C75~1\app_icon.ico

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Bork^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^V��ezy obrazovky a spu�t�n� aplikace OneNote 2007.lnk
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE /tsr [x]


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================




Za vyhodnocení předem děkuji Jibo. Hezký den!
JiBo

jibo
Návštěvník
Návštěvník
Příspěvky: 29
Registrován: 11 srp 2009 20:06

Re: Prosím o kontrolu LOGU

#2 Příspěvek od jibo »

Přidávám soubor Addition v RaR
Přílohy
Addition.rar
(5.83 KiB) Staženo 56 x
JiBo

Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Prosím o kontrolu LOGU

#3 Příspěvek od Márty84 »

Zdravim :)

:!: Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne
:arrow: Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s
Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).

jibo
Návštěvník
Návštěvník
Příspěvky: 29
Registrován: 11 srp 2009 20:06

Re: Prosím o kontrolu LOGU

#4 Příspěvek od jibo »

Ahoj, až napočtvrté vytvořil log.

OTL logfile created on: 15.5.2014 13:28:49 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bork\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,99 Gb Total Physical Memory | 0,82 Gb Available Physical Memory | 41,12% Memory free
3,98 Gb Paging File | 2,35 Gb Available in Paging File | 59,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 405,98 Gb Free Space | 87,18% Space Free | Partition Type: NTFS
Drive D: | 14,62 Gb Total Space | 13,66 Gb Free Space | 93,41% Space Free | Partition Type: FAT32

Computer Name: BORK-NETBOOK | User Name: Bork | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014.05.14 20:59:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bork\Desktop\OTL.exe
PRC - [2014.05.13 08:44:49 | 003,873,704 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014.05.13 08:44:48 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014.05.13 08:44:08 | 000,109,048 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2014.04.25 00:37:50 | 003,592,120 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2014.04.25 00:35:12 | 000,137,352 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2014.04.11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014.04.11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014.04.09 17:26:10 | 000,092,176 | ---- | M] (Check Point Software Technologies, Ltd.) -- C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
PRC - [2014.04.03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014.04.03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014.04.03 09:49:06 | 006,963,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
PRC - [2013.12.21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.12.16 18:27:42 | 002,324,216 | ---- | M] (PS Media s.r.o.) -- C:\Windows\System32\ssins.exe
PRC - [2013.11.21 15:21:20 | 001,381,672 | ---- | M] (O&O Software GmbH) -- C:\Program Files\OO Software\Defrag\oodag.exe
PRC - [2013.08.02 02:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013.02.13 00:37:05 | 006,475,264 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
PRC - [2013.02.13 00:37:05 | 000,040,960 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
PRC - [2013.02.13 00:37:03 | 005,186,048 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011.09.16 16:33:36 | 000,084,640 | ---- | M] (Atheros Commnucations) -- C:\Program Files\Bluetooth Suite\AdminService.exe
PRC - [2011.08.30 15:22:50 | 000,742,688 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2011.03.07 17:45:22 | 001,755,136 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
PRC - [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.06 01:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe


========== Modules (No Company Name) ==========

MOD - [2014.02.15 23:45:22 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\4b1795df6372b251625f958595e08d3d\System.Web.ni.dll
MOD - [2014.02.15 23:45:05 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll
MOD - [2014.02.15 23:42:11 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014.02.15 23:41:55 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2013.10.24 08:26:20 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013.02.13 00:40:39 | 000,064,000 | ---- | M] () -- C:\Windows\assembly\GAC_32\bcmwlrmt\5.100.196.0__6d6a20262490fcdc\bcmwlrmt.dll
MOD - [2010.11.13 04:37:03 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_cs_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.03.15 12:28:24 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - [2014.05.14 21:11:02 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.05.13 08:44:48 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014.05.13 08:44:08 | 000,109,048 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2014.04.25 00:37:50 | 003,592,120 | ---- | M] (Check Point Software Technologies Ltd.) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2014.04.22 11:25:14 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014.04.11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014.04.11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014.04.09 17:26:10 | 000,092,176 | ---- | M] (Check Point Software Technologies, Ltd.) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe -- (ZAPrivacyService)
SRV - [2014.04.03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014.04.03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014.03.06 09:38:10 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013.12.21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.12.16 18:27:42 | 002,324,216 | ---- | M] (PS Media s.r.o.) [Auto | Running] -- C:\Windows\System32\ssins.exe -- (ssinstall)
SRV - [2013.11.21 15:21:20 | 001,381,672 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent)
SRV - [2013.10.23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.05.27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013.02.15 17:35:08 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013.02.13 00:37:05 | 000,040,960 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2011.09.16 16:33:36 | 000,084,640 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011.08.30 15:22:50 | 000,742,688 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2011.07.01 11:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) [On_Demand | Stopped] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011.03.07 17:45:22 | 001,755,136 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010.11.06 01:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - [2014.05.15 12:03:27 | 000,107,736 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014.05.13 08:45:52 | 000,777,488 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsnx.sys -- (aswSnx)
DRV - [2014.05.13 08:45:52 | 000,411,680 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsp.sys -- (aswSP)
DRV - [2014.05.13 08:45:52 | 000,270,240 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdisFlt.sys -- (aswNdisFlt)
DRV - [2014.05.13 08:45:52 | 000,068,312 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswstm.sys -- (aswStm)
DRV - [2014.05.13 08:45:03 | 000,180,632 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014.05.13 08:45:03 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014.05.13 08:45:02 | 000,081,768 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2014.05.13 08:45:02 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014.05.13 08:45:02 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2014.05.13 08:44:25 | 000,026,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2014.05.08 22:05:41 | 000,052,920 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\System32\drivers\wStLibG.sys -- (wStLibG)
DRV - [2014.04.24 23:03:34 | 000,456,088 | ---- | M] (Check Point Software Technologies Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2014.04.03 09:51:14 | 000,051,416 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2014.04.03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013.06.21 02:07:34 | 000,153,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2013.06.21 02:07:34 | 000,136,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2013.06.21 02:07:34 | 000,130,248 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2013.06.21 02:07:34 | 000,032,064 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2013.06.21 02:07:34 | 000,017,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2013.03.06 09:19:51 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2013.02.13 00:37:02 | 000,018,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2012.02.27 05:04:44 | 001,344,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igddim32.sys -- (igddim32)
DRV - [2011.09.16 16:41:02 | 000,025,248 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_bus.sys -- (BTATH_BUS)
DRV - [2011.06.13 13:06:10 | 000,042,728 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID)
DRV - [2011.06.09 08:37:54 | 000,278,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2011.05.30 17:03:34 | 000,254,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV - [2011.05.17 14:48:22 | 000,188,520 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)
DRV - [2011.05.17 14:48:22 | 000,032,872 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... d=ie7&rlz=
IE - HKLM\..\SearchScopes\{75b4241f-171e-44a3-bf44-23613b6e3e03}: "URL" = http://search.tb.ask.com/search/GGmain. ... earchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2893531606-1056930838-4152591115-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
IE - HKU\S-1-5-21-2893531606-1056930838-4152591115-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/search?q={searchT ... d=ie7&rlz=
IE - HKU\S-1-5-21-2893531606-1056930838-4152591115-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKU\S-1-5-21-2893531606-1056930838-4152591115-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2893531606-1056930838-4152591115-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE11SR
IE - HKU\S-1-5-21-2893531606-1056930838-4152591115-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... d=ie7&rlz=
IE - HKU\S-1-5-21-2893531606-1056930838-4152591115-1000\..\SearchScopes\{75b4241f-171e-44a3-bf44-23613b6e3e03}: "URL" = http://search.tb.ask.com/search/GGmain. ... earchTerms}
IE - HKU\S-1-5-21-2893531606-1056930838-4152591115-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2893531606-1056930838-4152591115-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.seznam.cz"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2018.95
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0
FF - prefs.js..keyword.URL: ""


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Bork\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014.05.13 08:45:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.24\extensions\\Components: C:\Program Files\SeaMonkey\components [2014.03.11 21:49:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.24\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2013.02.13 18:34:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bork\AppData\Roaming\Mozilla\Extensions
[2014.05.12 00:31:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bork\AppData\Roaming\Mozilla\Firefox\Profiles\m2p99x90.default\extensions
[2013.12.15 09:12:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bork\AppData\Roaming\Mozilla\SeaMonkey\Profiles\1apfhzqb.default\extensions
[2013.07.17 18:04:51 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Bork\AppData\Roaming\Mozilla\SeaMonkey\Profiles\1apfhzqb.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2014.02.21 16:24:27 | 000,002,202 | ---- | M] () -- C:\Users\Bork\AppData\Roaming\Mozilla\Firefox\Profiles\m2p99x90.default\searchplugins\seznam.xml
[2014.05.02 18:40:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014.05.02 18:40:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014.05.13 08:45:11 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE (Broadcom Corporation)
O4 - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: localhost ([]http in Internet)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.70.100.1 77.48.233.12 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55F22103-410B-4E74-B7B2-5D20468877AA}: DhcpNameServer = 10.70.100.1 77.48.233.12 208.67.222.222
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2014.05.14 21:00:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Bork\Desktop\OTL.exe
[2014.05.13 22:14:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
[2014.05.13 22:12:29 | 000,000,000 | ---D | C] -- C:\Program Files\Check Point Software Technologies LTD
[2014.05.13 22:12:27 | 000,000,000 | ---D | C] -- C:\Users\Bork\AppData\Roaming\Check Point Software Technologies LTD
[2014.05.13 22:12:17 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2014.05.13 22:11:33 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2014.05.13 22:05:27 | 000,000,000 | ---D | C] -- C:\Users\Bork\AppData\Roaming\KeePass
[2014.05.13 21:33:51 | 000,000,000 | ---D | C] -- C:\Program Files\KeePass Password Safe
[2014.05.13 18:29:27 | 000,112,640 | ---- | C] (forum.viry.cz) -- C:\Users\Bork\Desktop\FRSTLauncher.exe
[2014.05.13 17:27:30 | 000,000,000 | ---D | C] -- C:\FRST
[2014.05.13 17:22:05 | 001,056,256 | ---- | C] (Farbar) -- C:\Users\Bork\Desktop\FRST.exe
[2014.05.13 16:41:00 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014.05.13 16:40:57 | 000,000,000 | ---D | C] -- C:\rsit
[2014.05.13 11:03:11 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014.05.13 11:01:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014.05.13 11:01:39 | 000,073,432 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014.05.13 11:01:39 | 000,051,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014.05.13 11:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014.05.13 08:45:01 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014.05.13 08:44:09 | 000,270,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdisFlt.sys
[2014.05.13 08:42:32 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014.05.12 20:12:12 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2014.05.12 20:11:51 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2014.05.12 20:11:51 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2014.05.12 20:11:51 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2014.05.12 20:11:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014.05.08 22:05:41 | 000,052,920 | ---- | C] (StdLib) -- C:\Windows\System32\drivers\wStLibG.sys
[2014.05.08 20:24:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMR Player
[2014.05.08 20:24:09 | 000,000,000 | ---D | C] -- C:\Program Files\AMR Player
[2014.05.06 08:10:23 | 003,113,272 | ---- | C] (MetaQuotes Software Corp.) -- C:\Windows\System32\MetaViewer.dll.new
[2014.05.01 11:10:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2014.04.24 23:03:34 | 000,456,088 | ---- | C] (Check Point Software Technologies Ltd.) -- C:\Windows\System32\drivers\vsdatant.sys
[2014.04.24 17:17:29 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014.04.24 17:16:49 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014.04.24 17:16:49 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014.04.24 17:16:38 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014.04.24 17:16:37 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014.04.24 17:16:37 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014.04.24 17:16:33 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014.04.24 17:16:32 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014.04.24 17:16:30 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014.04.24 17:16:29 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014.04.24 17:16:29 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014.04.24 17:16:28 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014.04.24 17:16:23 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2014.04.24 17:16:22 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014.04.24 17:16:22 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014.04.24 17:16:22 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014.04.24 17:16:20 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014.04.24 17:15:43 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014.04.24 17:15:34 | 004,254,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014.04.16 19:09:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trade.com MetaTrader 4
[2014.04.16 19:09:42 | 000,000,000 | ---D | C] -- C:\Program Files\Trade.com MetaTrader 4
[2014.01.31 21:44:24 | 000,426,808 | ---- | C] (MetaQuotes Software Corp.) -- C:\Users\Bork\teletradecy4setup.exe
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014.05.15 13:33:25 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014.05.15 13:10:01 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.05.15 12:53:38 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.05.15 12:03:27 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014.05.15 12:02:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.05.14 21:10:36 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014.05.14 21:10:36 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014.05.14 20:59:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bork\Desktop\OTL.exe
[2014.05.14 20:59:23 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.05.13 22:29:22 | 000,014,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.05.13 22:29:22 | 000,014,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.05.13 22:21:38 | 1601,409,024 | -HS- | M] () -- C:\hiberfil.sys
[2014.05.13 22:16:35 | 000,431,135 | ---- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2014.05.13 22:14:50 | 000,000,732 | ---- | M] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk
[2014.05.13 21:33:53 | 000,001,053 | ---- | M] () -- C:\Users\Bork\Desktop\KeePass.lnk
[2014.05.13 19:44:14 | 000,007,602 | ---- | M] () -- C:\Users\Bork\AppData\Local\Resmon.ResmonCfg
[2014.05.13 18:29:32 | 000,112,640 | ---- | M] (forum.viry.cz) -- C:\Users\Bork\Desktop\FRSTLauncher.exe
[2014.05.13 17:21:32 | 001,056,256 | ---- | M] (Farbar) -- C:\Users\Bork\Desktop\FRST.exe
[2014.05.13 11:01:51 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014.05.13 09:43:38 | 000,002,117 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014.05.13 09:04:07 | 000,001,091 | ---- | M] () -- C:\Users\Public\Desktop\Opera 21.lnk
[2014.05.13 08:51:08 | 000,000,410 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014.05.13 08:48:14 | 000,002,053 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2014.05.13 08:45:52 | 000,777,488 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswsnx.sys
[2014.05.13 08:45:52 | 000,411,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswsp.sys
[2014.05.13 08:45:52 | 000,270,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswNdisFlt.sys
[2014.05.13 08:45:52 | 000,068,312 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswstm.sys
[2014.05.13 08:45:03 | 000,180,632 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014.05.13 08:45:03 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2014.05.13 08:45:02 | 000,081,768 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2014.05.13 08:45:02 | 000,067,824 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2014.05.13 08:45:02 | 000,024,184 | ---- | M] () -- C:\Windows\System32\drivers\aswHwid.sys
[2014.05.13 08:45:01 | 000,271,264 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2014.05.13 08:45:01 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014.05.13 08:44:25 | 000,026,136 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2014.05.12 19:46:14 | 000,419,472 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014.05.09 22:50:35 | 001,040,370 | ---- | M] () -- C:\Users\Bork\Desktop\foto.jpg
[2014.05.08 22:05:41 | 000,052,920 | ---- | M] (StdLib) -- C:\Windows\System32\drivers\wStLibG.sys
[2014.05.08 20:27:49 | 003,368,448 | ---- | M] () -- C:\Users\Bork\rec8-5-2014.mp3
[2014.05.05 20:07:12 | 003,113,272 | ---- | M] (MetaQuotes Software Corp.) -- C:\Windows\System32\MetaViewer.dll.new
[2014.05.02 18:40:19 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014.04.29 14:34:22 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014.04.24 23:03:34 | 000,456,088 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Windows\System32\drivers\vsdatant.sys
[2014.04.16 19:09:46 | 000,001,963 | ---- | M] () -- C:\Users\Public\Desktop\Trade.com MetaTrader 4.lnk
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014.05.14 21:12:06 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014.05.13 22:15:18 | 000,431,135 | ---- | C] () -- C:\Windows\System32\drivers\vsconfig.xml
[2014.05.13 22:14:50 | 000,000,732 | ---- | C] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk
[2014.05.13 21:33:53 | 000,001,065 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass.lnk
[2014.05.13 21:33:53 | 000,001,053 | ---- | C] () -- C:\Users\Bork\Desktop\KeePass.lnk
[2014.05.13 19:44:14 | 000,007,602 | ---- | C] () -- C:\Users\Bork\AppData\Local\Resmon.ResmonCfg
[2014.05.13 11:01:51 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014.05.13 09:04:15 | 000,001,091 | ---- | C] () -- C:\Users\Public\Desktop\Opera 21.lnk
[2014.05.13 09:04:15 | 000,001,091 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 21.lnk
[2014.05.13 08:48:13 | 000,002,053 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2014.05.13 08:45:21 | 000,024,184 | ---- | C] () -- C:\Windows\System32\drivers\aswHwid.sys
[2014.05.12 19:46:06 | 000,419,472 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2014.05.09 22:50:32 | 001,040,370 | ---- | C] () -- C:\Users\Bork\Desktop\foto.jpg
[2014.05.08 20:27:29 | 003,368,448 | ---- | C] () -- C:\Users\Bork\rec8-5-2014.mp3
[2014.04.16 19:09:46 | 000,001,963 | ---- | C] () -- C:\Users\Public\Desktop\Trade.com MetaTrader 4.lnk
[2014.03.11 23:04:14 | 000,317,150 | ---- | C] () -- C:\Users\Bork\Joe-Ross---Spread-Trading.pdf
[2014.03.11 22:48:05 | 000,055,168 | ---- | C] () -- C:\Users\Bork\Fore-oo0(GoldTrader)0oo-Foreword-to-Seasonal-Spread-Trading.pdf
[2014.03.11 22:45:38 | 002,102,058 | ---- | C] () -- C:\Users\Bork\SpreadTrading.rar
[2013.12.11 10:03:40 | 000,003,584 | ---- | C] () -- C:\Users\Bork\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.12.04 12:30:26 | 000,188,752 | ---- | C] () -- C:\Users\Bork\pf-Spořka.one
[2013.08.15 23:18:50 | 000,000,410 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013.08.03 22:51:05 | 021,038,052 | ---- | C] () -- C:\Users\Bork\sunshine for me, sunshine for you - official track and video_youtube_original.mp4
[2013.07.29 13:56:28 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systemmem3.dll
[2013.07.29 13:51:06 | 005,759,057 | ---- | C] ( ) -- C:\Windows\System32\RTKISDBT.dll
[2013.07.18 14:32:34 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2013.07.18 14:32:34 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2013.07.18 14:32:34 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2013.07.18 14:32:34 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2013.03.12 16:52:16 | 000,061,304 | ---- | C] () -- C:\Users\Bork\g2mdlhlpx.exe
[2013.03.08 23:24:27 | 000,180,632 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.03.08 23:24:26 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.02.17 19:03:52 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2013.02.17 18:59:43 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2013.02.15 15:08:42 | 000,001,026 | ---- | C] () -- C:\Users\Bork\CPUID CPU-Z.lnk
[2013.02.13 00:59:47 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2013.02.13 00:57:33 | 000,247,560 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat
[2013.02.13 00:57:33 | 000,039,672 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE3.DAT
[2013.02.13 00:57:33 | 000,033,076 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE4.DAT
[2013.02.13 00:57:33 | 000,001,448 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2013.02.13 00:57:33 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX3.dat
[2013.02.13 00:57:33 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2013.02.13 00:57:33 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2013.02.13 00:57:33 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2013.02.13 00:57:33 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2013.02.13 00:57:33 | 000,000,032 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2013.02.13 00:37:25 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2013.02.12 23:09:51 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2013.02.12 23:09:33 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

========== ZeroAccess Check ==========

[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013.10.18 11:08:55 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\.minecraft
[2013.10.24 08:34:01 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\AVAST Software
[2013.11.05 15:20:53 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\CFXStorage
[2014.05.13 22:12:28 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\Check Point Software Technologies LTD
[2014.05.13 22:04:28 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\Dropbox
[2013.08.16 21:31:56 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\Duncan Amplification
[2013.10.01 11:19:19 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\DVDVideoSoft
[2013.12.15 22:38:21 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\EAInstall
[2013.05.05 21:11:26 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\Feedreader
[2014.05.12 00:09:57 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\GHISLER
[2014.05.13 22:05:27 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\KeePass
[2013.10.07 13:35:02 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\MCharvat.cz
[2014.01.16 19:34:23 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\MetaQuotes
[2014.05.12 00:09:59 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\Opera Software
[2014.01.20 10:15:24 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\Samsung
[2013.09.30 17:04:12 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\SDR-RADIO.com
[2013.08.18 21:26:06 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\SDR-RADIO.com (Server)
[2013.08.18 20:23:51 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\SDR-RADIO.com (V2)
[2013.08.18 20:34:49 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\SDRConsole
[2014.05.12 00:17:40 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\Seznam.cz
[2013.02.13 23:26:29 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\Thunderbird
[2013.04.15 17:38:11 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\TuneUp Software
[2013.11.01 18:42:28 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\VitySoft
[2013.12.16 18:41:02 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\Zoner
[2013.10.27 10:57:33 | 000,000,000 | ---D | M] -- C:\Users\Jitka\AppData\Roaming\AVAST Software
[2013.05.09 15:16:28 | 000,000,000 | ---D | M] -- C:\Users\Jitka\AppData\Roaming\GHISLER
[2014.05.12 19:51:59 | 000,000,000 | ---D | M] -- C:\Users\Jitka\AppData\Roaming\Seznam.cz

========== Purity Check ==========



========== Custom Scans ==========

< >
[2009.07.14 06:53:46 | 000,019,890 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2013.02.13 00:46:07 | 000,000,932 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013.02.13 00:46:07 | 000,000,936 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013.03.04 22:13:38 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< >

< MD5 for: AGP440.SYS >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2010.11.20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe
[2010.11.20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
[2010.11.20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010.11.20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010.11.20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2012.06.02 06:52:32 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=063DD65889D21035311463337BD268E7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_788c7cc71232cc19\cryptsvc.dll
[2013.05.13 06:45:55 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=3897DFF247D9ED0006190349DE264E14 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_77d8a461f934afb8\cryptsvc.dll
[2013.07.09 15:57:37 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=6DB499DEFCC827317C5371164A7CDB27 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_7840d305126b8725\cryptsvc.dll
[2013.07.09 06:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=7CA1BECEA5DE2643ADDAD32670E7A4C9 -- C:\Windows\System32\cryptsvc.dll
[2013.07.09 06:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=7CA1BECEA5DE2643ADDAD32670E7A4C9 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_7812b70bf9088686\cryptsvc.dll
[2012.06.02 06:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=96C0E38905CFD788313BE8E11DAE3F2F -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_77ddc9e5f93000db\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2010.11.20 14:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2013.05.11 06:59:05 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=AC04D05309BB2C418D0D80B9FB014642 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_7883b3211239122d\cryptsvc.dll
[2012.06.02 06:41:59 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=EA8C26ECF1656D9647EF044F115EC6DA -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21225_none_76a05147150ffad1\cryptsvc.dll
[2013.10.05 03:52:03 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=F2D9242C3BBD1C36467FCAE1AE01733F -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_784ea5b51260b460\cryptsvc.dll
[2012.06.02 06:45:21 | 000,139,264 | ---- | M] (Microsoft Corporation) MD5=F2FDE6C8DBAAD44CC58D1E07E4AF4EED -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17035_none_760be2a9fbfa79d1\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: HAL.DLL >
[2010.11.20 14:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\System32\hal.dll
[2010.11.20 14:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll
[2009.07.14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll

< MD5 for: IASTOR.SYS >
[2010.11.06 01:39:18 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\Windows\System32\drivers\iaStor.sys
[2010.11.06 01:39:18 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_31e922a8dd4b16bd\iaStor.sys

< MD5 for: IASTORV.SYS >
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\drivers\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009.07.14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\drivers\isapnp.sys
[2009.07.14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\isapnp.sys
[2009.07.14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\isapnp.sys
[2009.07.14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\isapnp.sys

< MD5 for: LSASS.EXE >
[2011.11.17 09:09:25 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=05F38CB7CAB3CE8E9A1812D517DA93EF -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_a69c8e86d7476262\lsass.exe
[2013.09.25 02:54:21 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=559C7769B397F07E12725EE55337D4C6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22465_none_a8a66792d452b56a\lsass.exe
[2014.04.12 04:06:16 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=627B40EB2595D8FCF1960F33389EB7D3 -- C:\Windows\SoftwareDistribution\Download\b9a11582ff8a238d28cbbc985bf3645b\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22653_none_a8af3ab6d44c6119\lsass.exe
[2013.09.25 02:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=803B370865D907EA21DC0C2B6A8936B5 -- C:\Windows\System32\lsass.exe
[2013.09.25 02:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=803B370865D907EA21DC0C2B6A8936B5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18270_none_a80cf783bb41b5b7\lsass.exe
[2011.11.17 07:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=81951F51E318AECC2D68559E47485CC4 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_a84828d7bb1480d7\lsass.exe
[2011.11.17 07:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=81951F51E318AECC2D68559E47485CC4 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_a828bb43bb2beb28\lsass.exe
[2012.06.02 06:40:31 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=A6034689ACF9D14973F8384AD5A5451E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21225_none_a6eb42a4d70be51e\lsass.exe
[2011.11.17 07:36:26 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=C2243FF9E9AAD0C30E8B1A0914DA15B6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_a66c9bbdbde5f8fa\lsass.exe
[2011.11.17 07:36:26 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=C2243FF9E9AAD0C30E8B1A0914DA15B6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.17035_none_a656d407bdf6641e\lsass.exe
[2014.04.12 04:11:22 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=DD17E1573651293D4ED31053795B3471 -- C:\Windows\SoftwareDistribution\Download\b9a11582ff8a238d28cbbc985bf3645b\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18443_none_a8306bf1bb26a837\lsass.exe
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\lsass.exe
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\lsass.exe
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\lsass.exe
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_a851f4adbb0d5141\lsass.exe
[2012.06.02 06:51:22 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=FA7B950E4CA6AA260C4EABA19E03644D -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_a8d76e24d42eb666\lsass.exe
[2011.11.17 07:24:04 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=FBCB2DFA40862DAA7B1534C9538208A5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_a8a284cad4562b09\lsass.exe

< MD5 for: NDIS.SYS >
[2009.07.14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys
[2010.11.20 14:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\System32\drivers\ndis.sys
[2010.11.20 14:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_a9ce95b27a512623\ndis.sys

< MD5 for: NETLOGON.DLL >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvraid.sys
[2010.11.20 14:30:06 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=AF2EEC9580C1D32FB7EAF105D9784061 -- C:\Windows\System32\drivers\nvraid.sys
[2010.11.20 14:30:06 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=AF2EEC9580C1D32FB7EAF105D9784061 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvraid.sys
[2010.11.20 14:30:06 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=AF2EEC9580C1D32FB7EAF105D9784061 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\drivers\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

< MD5 for: SMSS.EXE >
[2013.03.19 04:43:41 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=0294CC751D7FAEB13621EEFB8A749429 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22280_none_ae7bdfb790cddbcf\smss.exe
[2009.07.14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_ac10fe207a85352b\smss.exe
[2013.03.19 04:51:05 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=37F4765554F2CD34AAAB616F696E5539 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.21490_none_ac8ab2c593af8bd4\smss.exe
[2013.07.08 05:02:28 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=634E0B45780F502304592C5615A31089 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22379_none_ae8fb42390bda114\smss.exe
[2013.03.19 04:50:03 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=B24BF638652522BB5E14AB7993FD4A5D -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.17273_none_ac19b4ca7a7f0306\smss.exe
[2013.11.21 08:18:59 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=D2A72C71CD6C18A99E920EC5761F0C7D -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22436_none_aeb7f4db909fe272\smss.exe
[2014.04.12 04:06:24 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=D8A5E3B8EB601B897AC78B060177E460 -- C:\Windows\SoftwareDistribution\Download\b9a11582ff8a238d28cbbc985bf3645b\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22653_none_ae9f57f190b2c89d\smss.exe
[2013.03.19 04:49:16 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=DE91DCC7BC55E940979097E98F743205 -- C:\Windows\System32\smss.exe
[2013.03.19 04:49:16 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=DE91DCC7BC55E940979097E98F743205 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18113_none_ae40f33e7774c473\smss.exe
[2013.05.06 05:02:20 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=EC745C0949B101129AB6D39CD63808A6 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22318_none_aecf9361908de017\smss.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2014.04.03 09:49:02 | 000,742,200 | ---- | M] (MalwareBytes) MD5=96820649733BFB2B0499C371904B7B40 -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe

< MD5 for: TCPIP.SYS >
[2011.04.25 06:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2011.04.25 06:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009.07.14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2013.01.03 07:01:49 | 001,303,912 | ---- | M] (Microsoft Corporation) MD5=34AE5CC0C7417AB701C2AA8A7BC75417 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21415_none_b3c99dece09ecc3b\tcpip.sys
[2010.11.20 14:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2013.01.04 06:56:23 | 001,308,504 | ---- | M] (Microsoft Corporation) MD5=4A95845C5F33A4DDEB6AEF6367FB6520 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_b5becc06ddb98192\tcpip.sys
[2013.07.06 07:05:35 | 001,293,760 | ---- | M] (Microsoft Corporation) MD5=4E8B9BE71B807B3BAEDB7F4243F85E3C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_b52f2f65c4a146e5\tcpip.sys
[2013.07.06 06:57:37 | 001,309,120 | ---- | M] (Microsoft Corporation) MD5=528F7CC60391DD0FAB0344F32F051FDF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_b5721e2eddf328f9\tcpip.sys
[2013.05.08 08:15:22 | 001,309,032 | ---- | M] (Microsoft Corporation) MD5=6088D01FAD49729EA0A5A3D9B9BA8B84 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22319_none_b5b3fe00ddc19aaa\tcpip.sys
[2013.11.21 08:18:42 | 001,309,120 | ---- | M] (Microsoft Corporation) MD5=6C4F3D92764FFA22D28061A4D9235446 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_b58e8eb0ddde6cf1\tcpip.sys
[2011.04.25 08:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2013.01.03 07:05:20 | 001,293,672 | ---- | M] (Microsoft Corporation) MD5=7C0507D2391AF5933600CBCED799F277 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_b502eb9fc4c2a304\tcpip.sys
[2011.04.25 06:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2013.01.04 06:55:21 | 001,287,528 | ---- | M] (Microsoft Corporation) MD5=BBCEAEFF1FD72A026F827CBB2F4AA8AD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.17206_none_b34bcf71c7782cb0\tcpip.sys
[2013.11.21 08:18:42 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=CA59F7C570AF70BC174F477CFE2D9EE3 -- C:\Windows\System32\drivers\tcpip.sys
[2013.11.21 08:18:42 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=CA59F7C570AF70BC174F477CFE2D9EE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_b4fa2013c4c8ebf1\tcpip.sys
[2013.05.08 07:38:00 | 001,293,672 | ---- | M] (Microsoft Corporation) MD5=D32FDAC73FCD76B85389C39BC1087F2A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18148_none_b508ef41c4bd3835\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2014.04.03 09:49:02 | 000,742,200 | ---- | M] (MalwareBytes) MD5=96820649733BFB2B0499C371904B7B40 -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2014.03.04 11:17:02 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=998507B046BA314CE8245364C686FA67 -- C:\Windows\SoftwareDistribution\Download\b9a11582ff8a238d28cbbc985bf3645b\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_71da23b23327143c\winlogon.exe
[2014.03.04 12:39:02 | 000,304,640 | ---- | M] (Microsoft Corporation) MD5=D53972F87D850CD2EB4B29B60CAFDD77 -- C:\Windows\SoftwareDistribution\Download\b9a11582ff8a238d28cbbc985bf3645b\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_7255f1994c4f8119\winlogon.exe

< MD5 for: WS2_32.DLL >
[2010.11.20 14:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\System32\ws2_32.dll
[2010.11.20 14:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[14 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[3 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2013.10.18 11:08:55 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\.minecraft
[2013.10.20 14:48:15 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\Adobe
[2013.11.21 22:13:56 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\Apple Computer
[2013.02.13 01:04:47 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\Atheros
[2013.10.24 08:34:01 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\AVAST Software
[2013.11.05 15:20:53 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\CFXStorage
[2014.05.13 22:12:28 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\Check Point Software Technologies LTD
[2014.05.13 22:04:28 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\Dropbox
[2013.08.16 21:31:56 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\Duncan Amplification
[2013.10.01 11:19:19 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\DVDVideoSoft
[2013.12.15 22:38:21 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\EAInstall
[2013.05.05 21:11:26 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\Feedreader
[2014.05.12 00:09:57 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\GHISLER
[2013.02.12 22:48:20 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\Identities
[2013.02.12 23:31:18 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\InstallShield
[2013.02.13 00:35:04 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\Intel
[2013.02.13 00:42:25 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\Intel Corporation
[2014.05.13 22:05:27 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\KeePass
[2013.03.04 22:22:08 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\Macromedia
[2014.05.13 11:01:53 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\Malwarebytes
[2013.10.07 13:35:02 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\MCharvat.cz
[2009.07.14 11:20:06 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\Media Center Programs
[2014.01.16 19:34:23 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\MetaQuotes
[2013.12.13 23:19:04 | 000,000,000 | --SD | M] -- C:\Users\Bork\AppData\Roaming\Microsoft
[2013.03.13 17:05:11 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\Mozilla
[2014.05.12 00:09:59 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\Opera Software
[2014.01.20 10:15:24 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\Samsung
[2013.09.30 17:04:12 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\SDR-RADIO.com
[2013.08.18 21:26:06 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\SDR-RADIO.com (Server)
[2013.08.18 20:23:51 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\SDR-RADIO.com (V2)
[2013.08.18 20:34:49 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\SDRConsole
[2014.05.12 00:17:40 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\Seznam.cz
[2014.05.13 22:19:53 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\Skype
[2013.02.13 23:26:29 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\Thunderbird
[2013.04.15 17:38:11 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\TuneUp Software
[2013.11.01 18:42:28 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\VitySoft
[2013.02.13 12:16:31 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\WinRAR
[2013.12.16 18:41:02 | 000,000,000 | ---D | M] -- C:\Users\Bork\AppData\Roaming\Zoner

< %APPDATA%\*.exe /s >
[2013.09.17 22:44:20 | 000,554,496 | ---- | M] (M. Charvát) -- C:\Users\Bork\AppData\Roaming\.minecraft\MinecraftTweakerUpdater.exe
[2013.10.07 12:39:14 | 001,319,265 | ---- | M] () -- C:\Users\Bork\AppData\Roaming\.minecraft\unins000.exe
[2014.01.03 02:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Users\Bork\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2014.01.03 02:47:26 | 000,229,288 | ---- | M] (Dropbox, Inc.) -- C:\Users\Bork\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
[2013.11.09 04:51:40 | 000,919,016 | ---- | M] (Dropbox, Inc.) -- C:\Users\Bork\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2014.03.06 17:01:54 | 000,207,368 | ---- | M] (Check Point Software Technologies LTD) -- C:\Users\Bork\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\uninstall.exe
[2014.05.13 22:12:28 | 000,200,824 | ---- | M] (Check Point Software Technologies LTD) -- C:\Users\Bork\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\uninstall_d.exe
[2014.03.06 14:18:22 | 000,729,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Users\Bork\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarm4ffx.exe
[2013.10.27 19:34:00 | 000,621,056 | ---- | M] () -- C:\Users\Bork\AppData\Roaming\MetaQuotes\Terminal\aeb4861a0ef1d9286daa04c0b04b7a1e\MQL4\Libraries\OneClickTradingNew.exe
[2014.05.05 20:07:12 | 003,601,360 | ---- | M] (MetaQuotes Software Corp.) -- C:\Users\Bork\AppData\Roaming\MetaQuotes\WebInstall\mt4clw\metaeditor.exe
[2014.05.05 20:07:13 | 009,490,184 | ---- | M] (MetaQuotes Software Corp.) -- C:\Users\Bork\AppData\Roaming\MetaQuotes\WebInstall\mt4clw\terminal.exe
[2014.01.06 18:04:39 | 000,061,641 | R--- | M] () -- C:\Users\Bork\AppData\Roaming\Microsoft\Installer\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}\_6FEFF9B68218417F98F549.exe
[2014.01.26 02:28:46 | 000,040,960 | R--- | M] (Macrovision Corporation) -- C:\Users\Bork\AppData\Roaming\Microsoft\Installer\{DC33421C-0E1C-470A-BE37-7B7C82677812}\ARPPRODUCTICON.exe
[2014.01.26 02:28:46 | 000,045,056 | R--- | M] (Macrovision Corporation) -- C:\Users\Bork\AppData\Roaming\Microsoft\Installer\{DC33421C-0E1C-470A-BE37-7B7C82677812}\EchoLink.chm_B5759EDEA3D244BBB2AAF1B15E1EC021.exe
[2014.01.26 02:28:46 | 000,040,960 | R--- | M] (Macrovision Corporation) -- C:\Users\Bork\AppData\Roaming\Microsoft\Installer\{DC33421C-0E1C-470A-BE37-7B7C82677812}\EchoLink.exe11_B5759EDEA3D244BBB2AAF1B15E1EC021.exe
[2014.01.26 02:28:46 | 000,040,960 | R--- | M] (Macrovision Corporation) -- C:\Users\Bork\AppData\Roaming\Microsoft\Installer\{DC33421C-0E1C-470A-BE37-7B7C82677812}\EchoLink.exe1_B5759EDEA3D244BBB2AAF1B15E1EC021.exe
[2014.01.26 02:28:46 | 000,053,248 | R--- | M] (Macrovision Corporation) -- C:\Users\Bork\AppData\Roaming\Microsoft\Installer\{DC33421C-0E1C-470A-BE37-7B7C82677812}\EchoLink_Support.u_B5759EDEA3D244BBB2AAF1B15E1EC021.exe
[2014.01.26 02:28:46 | 000,053,248 | R--- | M] (Macrovision Corporation) -- C:\Users\Bork\AppData\Roaming\Microsoft\Installer\{DC33421C-0E1C-470A-BE37-7B7C82677812}\EchoLink_Web_Site._B5759EDEA3D244BBB2AAF1B15E1EC021.exe
[2013.12.13 23:19:04 | 000,008,192 | R--- | M] () -- C:\Users\Bork\AppData\Roaming\Microsoft\Installer\{DD66F13B-6F35-40CB-A532-09888217A204}\Icon54C7846E.exe
[2013.12.13 23:19:04 | 000,007,168 | R--- | M] () -- C:\Users\Bork\AppData\Roaming\Microsoft\Installer\{DD66F13B-6F35-40CB-A532-09888217A204}\Icon75D5970B.exe
[2013.12.13 23:19:04 | 000,007,168 | R--- | M] () -- C:\Users\Bork\AppData\Roaming\Microsoft\Installer\{DD66F13B-6F35-40CB-A532-09888217A204}\Icon8978B101.exe
[2013.05.16 15:25:04 | 001,062,472 | ---- | M] () -- C:\Users\Bork\AppData\Roaming\Seznam.cz\szninstall.exe
[2013.05.16 15:26:24 | 002,589,256 | ---- | M] () -- C:\Users\Bork\AppData\Roaming\Seznam.cz\sznsetup.exe
[2013.04.16 13:52:34 | 000,055,808 | ---- | M] () -- C:\Users\Bork\AppData\Roaming\Seznam.cz\bin\ffkill.exe
[2013.04.29 12:53:34 | 000,045,560 | ---- | M] () -- C:\Users\Bork\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
[2013.04.12 10:13:24 | 000,457,208 | ---- | M] () -- C:\Users\Bork\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
[2013.04.12 10:10:22 | 000,092,664 | ---- | M] () -- C:\Users\Bork\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >
[2014.05.13 08:45:02 | 000,024,184 | ---- | M] () -- C:\Windows\system32\drivers\aswHwid.sys
[2014.05.13 08:44:25 | 000,026,136 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswKbd.sys
[2014.05.13 08:45:02 | 000,067,824 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswMonFlt.sys
[2014.05.13 08:45:52 | 000,270,240 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswNdisFlt.sys
[2014.05.13 08:45:02 | 000,081,768 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswRdr2.sys
[2014.05.13 08:45:03 | 000,049,944 | ---- | M] () -- C:\Windows\system32\drivers\aswRvrt.sys
[2014.05.13 08:45:52 | 000,777,488 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswsnx.sys
[2014.05.13 08:45:52 | 000,411,680 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswsp.sys
[2014.05.13 08:45:52 | 000,068,312 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswstm.sys
[2014.05.13 08:45:03 | 000,180,632 | ---- | M] () -- C:\Windows\system32\drivers\aswVmm.sys
[2014.05.15 14:06:43 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\MBAMSwissArmy.sys

< %systemroot%\system32\*.* /3 >
[2014.05.13 22:29:22 | 000,014,416 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.05.13 22:29:22 | 000,014,416 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.05.13 08:45:01 | 000,271,264 | ---- | M] (AVAST Software) -- C:\Windows\system32\aswBoot.exe
[2014.05.14 21:10:36 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerApp.exe
[2014.05.14 21:10:36 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerCPLApp.cpl
[2014.05.12 19:46:14 | 000,419,472 | ---- | M] () -- C:\Windows\system32\FNTCACHE.DAT
[2014.05.12 20:11:51 | 000,004,088 | ---- | M] () -- C:\Windows\system32\jupdate-1.7.0_55-b14.log
[2014.05.13 22:22:09 | 000,000,000 | ---- | M] () -- C:\Windows\system32\sinstall.log

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< >

< type c:\boot.ini >> test.txt /c >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014.05.15 13:33:25 | 000,000,512 | ---- | M] () MD5=833823407B47BF6203A7814CC95A67A5 -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2013.11.01 18:42:43 | 000,005,592 | ---- | M] () -- \Users\Bork\AppData\Roaming\VitySoft\FRD\plugins\crackle.frp

< *keygen* /s >
[2012.09.19 18:06:19 | 000,141,824 | ---- | M] () -- \temp\Defrag Professional 16.0 Build 345\defrag.16.0.345_x64\Keygen-MESMERiZE\keygen.exe
[2012.09.19 18:06:19 | 000,141,824 | ---- | M] () -- \temp\Defrag Professional 16.0 Build 345\defrag.16.0.345_x86\Keygen-MESMERiZE\keygen.exe



Toto je první díl OTL.txt souboru
JiBo

jibo
Návštěvník
Návštěvník
Příspěvky: 29
Registrován: 11 srp 2009 20:06

Re: Prosím o kontrolu LOGU

#5 Příspěvek od jibo »

Díl druhý:

< *AntiWPA* /s >

< *loader* /s >
[2011.09.08 17:54:20 | 000,124,200 | ---- | M] () -- \Program Files\Acer\Acer Crystal Eye Webcam\Koan\pyloader.dll
[2011.09.08 17:53:42 | 000,021,020 | ---- | M] () -- \Program Files\Acer\Acer Crystal Eye Webcam\subsys\Uploader\PyUploader.kc
[2011.09.08 17:53:42 | 000,230,696 | ---- | M] () -- \Program Files\Acer\Acer Crystal Eye Webcam\subsys\Uploader\_PyUploader.pyd
[2014.05.13 08:44:47 | 000,072,480 | ---- | M] () -- \Program Files\AVAST Software\Avast\aswWrcIELoader32.exe
[2013.04.30 18:55:00 | 001,027,744 | ---- | M] () -- \Program Files\Common Files\DVDVideoSoft\lib\DVSVideoDownloader.dll
[2006.10.26 14:40:34 | 000,057,344 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006.10.26 14:40:34 | 000,005,120 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2013.04.30 18:53:28 | 000,041,112 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\DVDVideoSoft.DVSVideoDownloader.dll
[2013.04.30 18:53:26 | 002,416,280 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe
[2013.04.04 19:56:46 | 000,001,020 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.xml
[2013.01.28 12:02:00 | 000,003,704 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\FreeYTVDownloaderProfile.xml
[2013.03.25 19:33:50 | 000,006,174 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\FreeYTVDownloaderProfileD.xml
[2013.04.30 18:13:42 | 000,036,864 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\da-DK\FreeYTVDownloader.resources.dll
[2013.04.30 18:13:42 | 000,040,960 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\de-DE\FreeYTVDownloader.resources.dll
[2013.04.30 18:13:44 | 000,045,056 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\el-GR\FreeYTVDownloader.resources.dll
[2013.04.30 18:13:42 | 000,040,960 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\es-ES\FreeYTVDownloader.resources.dll
[2013.04.30 18:13:42 | 000,040,960 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\fr-FR\FreeYTVDownloader.resources.dll
[2013.04.30 18:13:42 | 000,036,864 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\hu-HU\FreeYTVDownloader.resources.dll
[2013.04.30 18:13:42 | 000,036,864 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\it-IT\FreeYTVDownloader.resources.dll
[2013.04.30 18:13:42 | 000,040,960 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\ja-JP\FreeYTVDownloader.resources.dll
[2013.04.30 18:13:42 | 000,036,864 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\nl-NL\FreeYTVDownloader.resources.dll
[2013.04.30 18:13:42 | 000,040,960 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\pl-PL\FreeYTVDownloader.resources.dll
[2013.04.30 18:13:44 | 000,040,960 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\pt-BR\FreeYTVDownloader.resources.dll
[2013.04.30 18:13:42 | 000,040,960 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\pt-PT\FreeYTVDownloader.resources.dll
[2013.04.30 18:13:42 | 000,045,056 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\ru-RU\FreeYTVDownloader.resources.dll
[2013.04.30 18:13:44 | 000,036,864 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\sv-SE\FreeYTVDownloader.resources.dll
[2013.04.30 18:13:44 | 000,036,864 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\tr-TR\FreeYTVDownloader.resources.dll
[2013.04.30 18:13:44 | 000,036,864 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\zh-CHS\FreeYTVDownloader.resources.dll
[2013.04.30 18:13:44 | 000,036,864 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\zh-CHT\FreeYTVDownloader.resources.dll
[2012.11.30 11:12:42 | 000,001,538 | ---- | M] () -- \Program Files\HF Designer\Loader.elf
[2012.11.30 11:12:32 | 000,778,904 | ---- | M] () -- \Program Files\HF Designer\Loader.exe
[2010.03.15 12:28:24 | 000,045,056 | ---- | M] () -- \Program Files\WinRAR\RarExtLoader.exe
[2013.03.05 12:11:10 | 000,432,128 | ---- | M] () -- \Program Files\Zoner\Photo Studio 16\Plugins\Facebook\ZPSFacebookUploader.exe
[2010.04.29 16:12:40 | 000,053,640 | ---- | M] () -- \Program Files\Zoner\Photo Studio 16\Plugins\Facebook\ZPSPluginLoader.exe
[2013.03.05 15:03:44 | 000,443,904 | ---- | M] () -- \Program Files\Zoner\Photo Studio 16\Plugins\Flickr\ZPSFlickrUploader.exe
[2010.04.29 16:12:42 | 000,053,640 | ---- | M] () -- \Program Files\Zoner\Photo Studio 16\Plugins\Flickr\ZPSPluginLoader.exe
[2013.03.05 14:34:20 | 000,192,512 | ---- | M] () -- \Program Files\Zoner\Photo Studio 16\Plugins\Picasa\ZPSPicasaUploader.exe
[2010.04.29 16:12:40 | 000,053,640 | ---- | M] () -- \Program Files\Zoner\Photo Studio 16\Plugins\Picasa\ZPSPluginLoader.exe
[2013.09.27 18:47:20 | 000,103,960 | ---- | M] () -- \Program Files\Zoner\Photo Studio 16\Program32\8bfLoader.exe
[2013.09.27 18:47:28 | 000,018,968 | ---- | M] () -- \Program Files\Zoner\Photo Studio 16\Program32\WICLoader.exe
[2012.12.21 01:57:12 | 000,092,087 | ---- | M] () -- \temp\chrome-youtube-downloader-2.6.14.crx
[2009.12.15 16:52:22 | 000,584,031 | ---- | M] () -- \Trad\Indikator1+\freedownload\Forex Cash Rocket\Amazing Bonuses\HotFile Auto Downloader.zip
[2012.04.13 20:33:57 | 000,002,724 | ---- | M] () -- \Trad\StockTradingTrainer\Project\StockTradingTrainer\Web\FastDonwloader.cs
[2012.05.02 02:56:12 | 000,007,372 | ---- | M] () -- \Trad\StockTradingTrainer\Project\StockTradingTrainer\Web\StockDataDownloader.cs
[2013.11.21 22:36:03 | 000,001,052 | ---- | M] () -- \Users\Bork\AppData\Local\Apple Computer\Safari\Extensions\Lyoness.safariextension\js\bg\dataLoader.js
[2013.11.21 22:36:03 | 000,002,608 | ---- | M] () -- \Users\Bork\AppData\Local\Apple Computer\Safari\Extensions\Lyoness.safariextension\popup\img\loader.gif
[2014.05.12 20:05:15 | 000,001,870 | ---- | M] () -- \Users\Bork\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R57A0MI3\AdLoader[1].htm
[2014.05.12 20:05:15 | 000,112,122 | ---- | M] () -- \Users\Bork\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V6785X4M\AdLoader-7b473315d0084c71df83cdee72aab144.min[1].js
[2014.01.28 20:35:56 | 000,072,638 | ---- | M] () -- \Users\Bork\AppData\Local\Skype\Apps\login\images\loader.gif
[2014.01.28 20:35:56 | 000,003,032 | ---- | M] () -- \Users\Bork\AppData\Local\Skype\Apps\login\images\loader.png
[2014.01.28 20:35:56 | 000,006,012 | ---- | M] () -- \Users\Bork\AppData\Local\Skype\Apps\login\images\normal\loader_15fps.gif
[2014.01.28 20:35:56 | 000,021,956 | ---- | M] () -- \Users\Bork\AppData\Local\Skype\Apps\login\images\normal\loader_30fps.gif
[2014.01.28 20:35:56 | 000,009,772 | ---- | M] () -- \Users\Bork\AppData\Local\Skype\Apps\login\images\retina\loader@2x.png
[2013.01.28 12:02:00 | 000,003,704 | ---- | M] () -- \Users\Bork\AppData\Roaming\DVDVideoSoft\FreeYTVDownloader\FreeYTVDownloaderProfile.xml
[2013.11.24 00:10:12 | 001,285,840 | ---- | M] () -- \Users\Bork\AppData\Roaming\DVDVideoSoft\logs\FreeYTVDownloader.log
[2013.11.23 00:19:37 | 000,000,086 | ---- | M] () -- \Users\Bork\AppData\Roaming\DVDVideoSoft\logs\FreeYTVDownloader_extra_debug.log
[2013.05.11 23:00:35 | 000,141,706 | ---- | M] () -- \Users\Bork\AppData\Roaming\DVDVideoSoft\logs\FreeYTVDownloader_install.txt
[2013.11.23 00:32:12 | 000,018,789 | ---- | M] () -- \Users\Bork\AppData\Roaming\DVDVideoSoft\logs\YTVDownloader_extra2.log
[2013.03.29 13:37:34 | 000,059,384 | ---- | M] () -- \Users\Bork\AppData\Roaming\Seznam.cz\bin\20599libfoxloader.dll
[2013.04.15 13:32:10 | 000,060,416 | ---- | M] () -- \Users\Bork\AppData\Roaming\Seznam.cz\bin\20602libfoxloader-x64.dll
[2013.03.25 16:27:20 | 000,000,665 | ---- | M] () -- \Users\Bork\AppData\Roaming\Seznam.cz\uninstall\cz_seznam_software_libfoxloader_3_1_2.install.bat
[2013.03.25 16:27:26 | 000,000,117 | ---- | M] () -- \Users\Bork\AppData\Roaming\Seznam.cz\uninstall\cz_seznam_software_libfoxloader_3_1_2.uninstall.bat
[2013.05.11 22:53:09 | 021,124,296 | ---- | M] () -- \Users\Bork\Downloads\FreeYouTubeUploader.exe
[2013.02.17 15:41:23 | 000,105,903 | ---- | M] () -- \Users\Jitka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GW86MH38\AdLoader-427d9fd2a91e2f2c023aefe9f69a01d0.min[1].js
[2013.02.17 15:41:23 | 000,000,753 | ---- | M] () -- \Users\Jitka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X89FIX4L\AdLoader[1].htm
[2012.09.13 15:45:58 | 000,058,424 | ---- | M] () -- \Users\Jitka\AppData\Roaming\Seznam.cz\bin\libfoxloader.dll
[2012.08.07 14:39:12 | 000,000,165 | ---- | M] () -- \Users\Jitka\AppData\Roaming\Seznam.cz\conf\szndesktop.d\libfoxloader.conf
[2012.08.13 19:05:28 | 000,000,235 | ---- | M] () -- \Users\Jitka\AppData\Roaming\Seznam.cz\uninstall\cz_seznam_software_libfoxloader_3_0_0.install.bat
[2012.08.13 19:05:26 | 000,000,130 | ---- | M] () -- \Users\Jitka\AppData\Roaming\Seznam.cz\uninstall\cz_seznam_software_libfoxloader_3_0_0.uninstall.bat
[2013.02.13 12:26:12 | 000,082,784 | ---- | M] () -- \Windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
[2009.07.14 14:25:34 | 002,202,645 | ---- | M] () -- \Windows\Setup\SCRIPTS\Windows7Loader.exe
[2014.04.12 04:03:37 | 000,003,584 | ---- | M] () -- \Windows\SoftwareDistribution\Download\b9a11582ff8a238d28cbbc985bf3645b\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_0d169feaf3511c1f\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009.07.14 06:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2009.07.14 10:43:57 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2009.07.14 10:43:57 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winload.exe.mui_3bc5b827
[2009.07.14 10:43:57 | 000,030,272 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winresume.exe.mui_ff8b5358
[2013.03.08 23:12:18 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2013.03.08 23:12:18 | 000,508,904 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winload.exe_75835076
[2013.03.08 23:12:18 | 000,442,720 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winresume.exe_85cd1215
[2009.07.14 04:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 04:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2009.07.14 10:42:11 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2009.07.14 03:47:46 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009.08.19 09:38:48 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2009.08.19 09:21:21 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20509_none_5be12f8ee6d3987e.manifest
[2010.11.20 06:02:40 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2009.07.14 03:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:45:38 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17135_none_0abe3b21dcfb1c4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 06:43:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17206_none_0adfad15dce1def6\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:48:05 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21335_none_0b47d9d2f618b93c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 06:39:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21416_none_0b5e7bdaf60797d8\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:40:37 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_0c845227da39a5ef\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:29:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_0d3906c4f3370937\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 06:43:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22209_none_0d52a9aaf32333d8\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 07:53:29 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_0d3fdb3af3327f5f\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.03.04 12:35:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22616_none_0d44e078f32df860\api-ms-win-core-libraryloader-l1-1-0.dll

< *minodlogin* /s >

< *tnod* /s >

< *AutoKMS* /s >

< *activator* /s >

< *serial* /s >
[2 \Program Files\*.tmp files -> \Program Files\*.tmp -> ]
[2013.09.13 13:50:48 | 010,252,096 | ---- | M] () -- \Program Files\Everest Ultimate Edition 5.50.2100 CZ FULL + SERIAL 100% funkn - by kopiha\Everest Ultimate Edition 5.50.2100 CZ FULL + SERIAL 100% funkn - by kopiha.rar
[2014.02.13 23:57:42 | 000,434,368 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.1.30214.0\System.Runtime.Serialization.dll
[2014.03.16 09:25:26 | 001,164,288 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.1.30214.0\System.Runtime.Serialization.ni.dll
[2012.10.05 12:53:23 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2010.11.05 03:53:39 | 000,090,112 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[2012.08.25 12:06:54 | 000,000,046 | ---- | M] () -- \temp\Everest Ultimate Edition 5.50.2100\SERIAL.txt
[2013.08.15 20:42:12 | 000,032,768 | ---- | M] () -- \Users\Bork\AppData\Local\HF Designer\{819294D0-2E17-45BF-811C-2E818B93EB32}\mdbu\Locations!IX_VolumeSerialNumber_Location.ind
[2013.08.15 20:42:12 | 000,008,192 | ---- | M] () -- \Users\Bork\AppData\Local\HF Designer\{819294D0-2E17-45BF-811C-2E818B93EB32}\mdbu\Media!IX_VolumeSerialNumber.ind
[2009.07.14 10:43:23 | 000,011,776 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.06.10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2010.11.13 03:55:26 | 000,090,112 | ---- | M] () -- \Windows\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
[2012.10.05 12:53:23 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2014.02.15 23:43:44 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\553e7bfc9cac5e4feaa83d8ee1e187bd\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2013.08.17 11:05:21 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\d462f459c4353e2c628e6def1430aed7\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2013.08.18 20:53:57 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e043ad64456256a8ee5b934e227d9782\System.Runtime.Serialization.ni.dll
[2014.02.16 00:05:35 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f177ea74036d5fdc6c6b9c967dc877cf\System.Runtime.Serialization.ni.dll
[2014.02.15 11:47:07 | 000,311,296 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\046c2851963b30d0e14194051c03de33\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.02.15 11:47:55 | 002,658,304 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\fa954900a6cf3a095efadfa4c683a32c\System.Runtime.Serialization.ni.dll
[2010.03.18 14:16:28 | 001,026,936 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\5C1093C35543A0E32A41B090A305076A\4.0.30319\System.Runtime.Serialization.dll.x86
[2014.02.15 11:29:33 | 000,122,264 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2014.02.15 11:29:30 | 001,039,040 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2009.06.10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2010.11.05 03:53:33 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2012.10.05 12:53:24 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2013.09.11 06:06:54 | 001,039,040 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2010.03.18 14:16:28 | 000,122,264 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2009.07.14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2009.07.14 10:43:17 | 000,005,120 | ---- | M] () -- \Windows\System32\cs-CZ\serialui.dll.mui
[2009.07.14 01:45:33 | 000,083,456 | ---- | M] () -- \Windows\System32\drivers\serial.sys
[2009.07.14 10:43:30 | 000,009,728 | ---- | M] () -- \Windows\System32\drivers\cs-CZ\serial.sys.mui
[2009.07.14 00:13:45 | 001,068,032 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\mdmmotsm.inf_x86_neutral_c1415d9789c54b89\smserial.sys
[2009.07.14 01:45:33 | 000,083,456 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_x86_neutral_c1a802e06677f73f\serial.sys
[2009.07.14 00:09:18 | 000,031,232 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_x86_neutral_63e72c669d043f14\grserial.sys
[2009.07.14 04:18:03 | 000,002,762 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486.manifest
[2009.07.14 04:18:03 | 000,015,952 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486_kdcom.dll_db5e7744
[2009.07.14 10:43:55 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed_serialui.dll.mui_7d29d2a3
[2009.07.14 04:18:51 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a_serialui.dll_bea29328
[2009.07.14 03:52:33 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896.manifest
[2012.10.06 20:07:20 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.17136_none_a6a4fe887487d009.manifest
[2012.10.06 20:58:54 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.21337_none_8fd740dc8e2f4a01.manifest
[2010.11.20 06:06:16 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c.manifest
[2012.10.05 19:15:39 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17966_none_a683f56a74d63285.manifest
[2012.10.05 19:17:50 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22126_none_8fb250ac8e81277d.manifest
[2009.07.14 10:42:43 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0.manifest
[2012.10.06 21:19:17 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.17136_cs-cz_3450454183d3f023.manifest
[2012.10.06 21:26:57 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.21337_cs-cz_1d8287959d7b6a1b.manifest
[2012.10.05 21:04:43 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17966_cs-cz_342f3c238422529f.manifest
[2012.10.05 21:02:24 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22126_cs-cz_1d5d97659dcd4797.manifest
[2009.07.14 03:51:52 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9.manifest
[2012.10.06 20:11:48 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.17136_none_d6e834229c2ed13c.manifest
[2012.10.06 21:03:01 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.21337_none_c01a7676b5d64b34.manifest
[2010.11.20 06:05:38 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f.manifest
[2012.10.05 19:15:03 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17966_none_d6c72b049c7d33b8.manifest
[2012.10.05 19:17:15 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22126_none_bff58646b62828b0.manifest
[2009.07.14 03:49:26 | 000,002,762 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486.manifest
[2009.07.14 03:45:27 | 000,000,866 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.1.7600.16385_none_2c93290b67c98d09.manifest
[2009.07.14 03:57:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b.manifest
[2012.10.06 20:09:38 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.17136_none_dbc2dfefdd056b7e.manifest
[2012.10.06 21:00:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.21337_none_c4f52243f6ace576.manifest
[2010.11.20 06:10:46 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1.manifest
[2012.10.05 19:19:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_dba1d6d1dd53cdfa.manifest
[2012.10.05 19:22:10 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_c4d03213f6fec2f2.manifest
[2009.06.10 23:23:19 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll
[2009.07.14 10:43:23 | 000,011,776 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.1.7600.16385_cs-cz_d5c3552dd9b47144\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.06.10 23:14:06 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896\System.Runtime.Serialization.dll
[2012.10.06 12:54:26 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.17136_none_a6a4fe887487d009\System.Runtime.Serialization.dll
[2012.10.06 12:57:06 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.21337_none_8fd740dc8e2f4a01\System.Runtime.Serialization.dll
[2010.11.05 03:52:39 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c\System.Runtime.Serialization.dll
[2012.10.05 12:53:24 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17966_none_a683f56a74d63285\System.Runtime.Serialization.dll
[2012.10.06 12:57:06 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22126_none_8fb250ac8e81277d\System.Runtime.Serialization.dll
[2009.07.14 10:43:37 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0\System.RunTime.Serialization.Resources.dll
[2009.07.14 10:43:37 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.17136_cs-cz_3450454183d3f023\System.RunTime.Serialization.Resources.dll
[2009.07.14 10:43:37 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.21337_cs-cz_1d8287959d7b6a1b\System.RunTime.Serialization.Resources.dll
[2010.11.13 03:55:26 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17966_cs-cz_342f3c238422529f\System.RunTime.Serialization.Resources.dll
[2010.11.13 04:37:50 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22126_cs-cz_1d5d97659dcd4797\System.RunTime.Serialization.Resources.dll
[2009.06.10 23:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9\System.Runtime.Serialization.dll
[2012.10.06 12:54:25 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.17136_none_d6e834229c2ed13c\System.Runtime.Serialization.dll
[2012.10.06 12:57:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.21337_none_c01a7676b5d64b34\System.Runtime.Serialization.dll
[2010.11.05 03:52:27 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f\System.Runtime.Serialization.dll
[2012.10.05 12:53:23 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17966_none_d6c72b049c7d33b8\System.Runtime.Serialization.dll
[2012.10.06 12:57:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22126_none_bff58646b62828b0\System.Runtime.Serialization.dll
[2009.07.14 00:13:45 | 001,068,032 | ---- | M] () -- \Windows\winsxs\x86_mdmmotsm.inf_31bf3856ad364e35_6.1.7600.16385_none_7a97936f8a972896\smserial.sys
[2009.07.14 10:43:15 | 000,011,776 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_c002c1170ca9a88f\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010.11.05 03:53:33 | 000,011,776 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_c233d4df09982c29\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.07.14 10:43:17 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed\serialui.dll.mui
[2009.07.14 03:16:13 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a\serialui.dll
[2009.07.14 10:43:37 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_5d4a68b4b3d26ecc\System.RunTime.Serialization.Resources.dll
[2010.11.05 03:53:39 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_cs-cz_5f7b7c7cb0c0f266\System.RunTime.Serialization.Resources.dll
[2009.07.14 10:43:30 | 000,009,728 | ---- | M] () -- \Windows\winsxs\x86_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_c48c78a9ad8ff996\serial.sys.mui
[2009.07.14 01:45:33 | 000,083,456 | ---- | M] () -- \Windows\winsxs\x86_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_f86e06d519b1d9a4\serial.sys
[2009.07.14 00:09:18 | 000,031,232 | ---- | M] () -- \Windows\winsxs\x86_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_7280378295916274\grserial.sys
[2009.06.10 23:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b\System.Runtime.Serialization.dll
[2012.10.06 12:54:25 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.17136_none_dbc2dfefdd056b7e\System.Runtime.Serialization.dll
[2012.10.06 12:57:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.21337_none_c4f52243f6ace576\System.Runtime.Serialization.dll
[2010.11.05 03:52:27 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1\System.Runtime.Serialization.dll
[2012.10.05 12:53:23 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_dba1d6d1dd53cdfa\System.Runtime.Serialization.dll
[2012.10.06 12:57:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_c4d03213f6fec2f2\System.Runtime.Serialization.dll

< *w7lxe* /s >

< End of report >


Tak to je soubor OTL.txt, ještě pošlu Extras. Jibo
JiBo

jibo
Návštěvník
Návštěvník
Příspěvky: 29
Registrován: 11 srp 2009 20:06

Re: Prosím o kontrolu LOGU

#6 Příspěvek od jibo »

Tak a zde je Extras.txt



OTL Extras logfile created on: 15.5.2014 13:28:49 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bork\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,99 Gb Total Physical Memory | 0,82 Gb Available Physical Memory | 41,12% Memory free
3,98 Gb Paging File | 2,35 Gb Available in Paging File | 59,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 405,98 Gb Free Space | 87,18% Space Free | Partition Type: NTFS
Drive D: | 14,62 Gb Total Space | 13,66 Gb Free Space | 93,41% Space Free | Partition Type: FAT32

Computer Name: BORK-NETBOOK | User Name: Bork | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-2893531606-1056930838-4152591115-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F0F1B542-FD4D-4C86-AF92-06F4CAE9D5E2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04B57097-D998-4AD3-AF89-4DF5FD2DBB90}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{163E246E-B498-4A37-A54B-F863E1599291}" = protocol=17 | dir=in | app=c:\program files\checkpoint\zonealarm\vsmon.exe |
"{3A202759-990B-4621-B2F7-0CF16A529CF4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{483357E3-F8F6-409B-B432-EB0DDB72C3AB}" = protocol=17 | dir=in | app=c:\program files\checkpoint\zonealarm\vsmon.exe |
"{716DF7F0-93BD-46DE-8AB6-B46DF8978355}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{73424D51-9C81-4B2E-B29B-91BB965CE769}" = protocol=6 | dir=in | app=c:\program files\checkpoint\zonealarm\vsmon.exe |
"{7A208A88-8E1E-4B72-ADE4-8BDADDFAA1CE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{7FB86151-7B2B-48BB-B1CC-3FA2432768D4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{818CB459-9210-4AF3-8276-07D1F276D63C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{92256FEC-6A32-40F3-9693-940AE6CAC0F5}" = protocol=6 | dir=in | app=c:\program files\metatrader-admiral markets\metatester.exe |
"{A6402D4C-971E-4A81-B53B-9CE9E8249149}" = protocol=6 | dir=in | app=c:\program files\checkpoint\zonealarm\vsmon.exe |
"{AAD359EA-31FC-4EE0-9F7F-07AF5B4F4ED4}" = protocol=6 | dir=in | app=c:\users\bork\appdata\roaming\dropbox\bin\dropbox.exe |
"{B4CFFEAB-158C-49F6-B5D5-5DBD3BA4157E}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{CF9D21F4-7989-4670-BD53-6CE259A29D89}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DD89124C-E39C-447E-A665-6ACBCA55AF5E}" = protocol=17 | dir=in | app=c:\users\bork\appdata\roaming\dropbox\bin\dropbox.exe |
"{EC3ADF60-66DB-4D70-B95B-373401A8535F}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"TCP Query User{07A6186B-D60B-4E6D-A07A-AF787BE4D8FB}C:\program files\oo software\defrag\oodag.exe" = protocol=6 | dir=in | app=c:\program files\oo software\defrag\oodag.exe |
"TCP Query User{12C152D7-00CF-4616-B74F-96BC37EB2A5E}C:\program files\orbitron\orbitron.exe" = protocol=6 | dir=in | app=c:\program files\orbitron\orbitron.exe |
"TCP Query User{20ACB262-6DE6-4BAC-ACC6-AB79660B510F}C:\amater\borip.exe" = protocol=6 | dir=in | app=c:\amater\borip.exe |
"TCP Query User{3D4B4644-03CD-4450-898D-A231E7624C8C}C:\users\bork\downloads\starftp.exe" = protocol=6 | dir=in | app=c:\users\bork\downloads\starftp.exe |
"TCP Query User{4B34BDE0-951C-45F3-9C71-5BB2D06BE01E}C:\program files\k1rfd\echolink\echolink.exe" = protocol=6 | dir=in | app=c:\program files\k1rfd\echolink\echolink.exe |
"TCP Query User{5CDEA921-4B96-4145-BB46-800E74CA824B}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{678DF571-BAC8-474D-AF75-83877BA9A9FB}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe |
"TCP Query User{81219C2B-E67B-4337-8416-340835299E81}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe |
"TCP Query User{81D466E1-4EED-4677-9CBB-62B4135FEC60}C:\amater\sdrsharp\borip.exe" = protocol=6 | dir=in | app=c:\amater\sdrsharp\borip.exe |
"TCP Query User{98EEAB46-1175-4846-AA58-B57A9B47628E}C:\sdr\sdrsharp\borip.exe" = protocol=6 | dir=in | app=c:\sdr\sdrsharp\borip.exe |
"TCP Query User{A8C79D3F-2202-4D15-9E59-F02B6EDEA9A3}C:\program files\orbitron\orbitron.exe" = protocol=6 | dir=in | app=c:\program files\orbitron\orbitron.exe |
"TCP Query User{B180C40A-2EEB-469F-A09A-74B7D459D3E3}C:\amater\qtradio\qtradio.exe" = protocol=6 | dir=in | app=c:\amater\qtradio\qtradio.exe |
"TCP Query User{C0D2D8E1-DA83-4283-A760-ED7ECE4E1ACD}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{DECBDE82-319B-4680-8D53-D47A3457058D}C:\amater\sdrsharp\adsbsharp.exe" = protocol=6 | dir=in | app=c:\amater\sdrsharp\adsbsharp.exe |
"TCP Query User{EE0268E8-4C42-4608-A9E4-86DBF0D0D3BD}C:\program files\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{F282570A-F5D8-4E2D-BA20-58058B264357}C:\users\bork\downloads\odorik.exe" = protocol=6 | dir=in | app=c:\users\bork\downloads\odorik.exe |
"TCP Query User{F7BC8F5B-3447-4880-BD7A-5ABF5567A449}C:\users\bork\downloads\odorik.exe" = protocol=6 | dir=in | app=c:\users\bork\downloads\odorik.exe |
"UDP Query User{1A8B7115-A780-4781-8533-DDD1B1E523E7}C:\users\bork\downloads\starftp.exe" = protocol=17 | dir=in | app=c:\users\bork\downloads\starftp.exe |
"UDP Query User{1F7CBFD1-26FD-437E-8292-7195A2A27627}C:\program files\k1rfd\echolink\echolink.exe" = protocol=17 | dir=in | app=c:\program files\k1rfd\echolink\echolink.exe |
"UDP Query User{293CBF74-5FE9-4B3D-9014-485BFC7078E1}C:\program files\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"UDP Query User{3E9551AA-FDB8-4DEF-9267-B56F64208638}C:\users\bork\downloads\odorik.exe" = protocol=17 | dir=in | app=c:\users\bork\downloads\odorik.exe |
"UDP Query User{4AF496BE-DFC5-498A-B5DB-EE0FA22CB214}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{5B3FA75E-0563-45AF-98B8-A7446528A76C}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe |
"UDP Query User{6E173B02-CB17-49C7-BDFF-267E97CFC2B4}C:\amater\sdrsharp\borip.exe" = protocol=17 | dir=in | app=c:\amater\sdrsharp\borip.exe |
"UDP Query User{6E2FFD26-6E26-4876-A53D-A3DE37566531}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe |
"UDP Query User{78ACF20E-36CF-4528-BAFC-8E71D473B3CD}C:\program files\orbitron\orbitron.exe" = protocol=17 | dir=in | app=c:\program files\orbitron\orbitron.exe |
"UDP Query User{8BF82435-6079-4F9F-9546-F466285E83A7}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{965B735D-A0D5-4009-9679-54C74647CC98}C:\sdr\sdrsharp\borip.exe" = protocol=17 | dir=in | app=c:\sdr\sdrsharp\borip.exe |
"UDP Query User{9F9F7936-D42E-472A-8701-A892CC2E5714}C:\amater\qtradio\qtradio.exe" = protocol=17 | dir=in | app=c:\amater\qtradio\qtradio.exe |
"UDP Query User{A1F802A8-359C-4EEE-AE1A-1532AC2139DE}C:\amater\sdrsharp\adsbsharp.exe" = protocol=17 | dir=in | app=c:\amater\sdrsharp\adsbsharp.exe |
"UDP Query User{A8EACA27-F2EA-4BC0-96C8-BA3A52278BAE}C:\program files\orbitron\orbitron.exe" = protocol=17 | dir=in | app=c:\program files\orbitron\orbitron.exe |
"UDP Query User{C1E30502-A669-493D-9A9D-2D3D37D45607}C:\amater\borip.exe" = protocol=17 | dir=in | app=c:\amater\borip.exe |
"UDP Query User{D5B16816-F5A3-479B-8862-247BB8E7A08B}C:\program files\oo software\defrag\oodag.exe" = protocol=17 | dir=in | app=c:\program files\oo software\defrag\oodag.exe |
"UDP Query User{E427EB23-4436-4026-90ED-1E9F514FD91E}C:\users\bork\downloads\odorik.exe" = protocol=17 | dir=in | app=c:\users\bork\downloads\odorik.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A3BD328-B672-4009-8E8A-70FE08FB6A54}_is1" = MetaTrader 4 Builder 2.2
"{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Bluetooth Win7 Suite
"{1C5C3196-734B-4AB2-81C0-CAD4AE7F7E13}_is1" = UltimateAAC V1.0.1.18
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 55
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2F881B56-CBDF-4EC6-A8D2-6412A879C66A}_is1" = AMR Player 1.2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{418BAAD1-754D-48B4-B078-46EF4F25AF42}" = Google Drive
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CE5C92D-998A-4BD7-87ED-5EF9C737A99F}" = Trading Central Indicator for MetaTrader
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{59C7552B-17E9-4BDF-977F-A19CF8987C69}" = O&O Defrag Professional
"{618A02F0-E2C5-4E1B-9D0E-B0282167431D}" = Winrad 1.6.1
"{6428D19C-67AF-44FB-9496-E255C5D1E553}_is1" = Minecraft Tweaker for Minecraft 1.6.4, ver. 1.6.4_7.5
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{698BBAD8-B116-495D-B879-0F07A533E57F}" = Samsung Story Album Viewer
"{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}" = WIDCOMM Bluetooth Software
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{726912E6-FB5A-4BFC-A97A-54D64E56D8D3}_is1" = HamSphere 3.0.3.2
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{0B7A4B67-2A38-42B1-9857-662FAB361E08}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{FDF9A959-241A-4662-A8DE-7DED9C22D160}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904BE4B0-D9B9-4997-B108-403C62FC0D75}_is1" = xOption
"{96498A8F-5127-B546-E97E-243824FFBC55}_is1" = Everest Ultimate Edition 5.50.2100 CZ FULL + SERIAL 100% funkn - by kopiha version for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-AB0000000001}" = Adobe Reader XI (11.0.06) - Czech
"{AC7E7905-8C59-4806-A96D-30936A2B1FC5}" = Citrix Online Launcher
"{B8936C0A-26EB-4133-956D-DF6F0D7175E5}" = ZoneAlarm Security
"{BB285C9F-C821-4770-8970-56C4AB52C87E}" = Skype Click to Call
"{BC0DCD27-345B-4013-A6E0-67EC92DF32C8}" = Presto! PVR
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{CB3A93AC-7A71-435E-88FB-5A22555BE953}" = Trading Station Publisher
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DB200CBD-9E3E-4C72-B711-B46D6817BC51}_is1" = HDSDR 2.63
"{DC33421C-0E1C-470A-BE37-7B7C82677812}" = EchoLink
"{DD66F13B-6F35-40CB-A532-09888217A204}" = MT4i Desktop
"{DDBB7C89-1A09-441E-AA0F-6AA465755C17}" = REALTEK DTV USB DEVICE
"{EC2ABCAA-0616-4A3E-8227-599DB484C54E}" = ZoneAlarm Firewall
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"32DC281B7E359EA3D16ECC7D98609F6A592B981D" = Balíček ovladače systému Windows - MediaTek Inc. (usbser) Ports (09/01/2011 2.0.1136.0)
"76F6B4A696B8C9A7ACFF01D4E1D6EF2D974C3E67" = Balíček ovladače systému Windows - Google, Inc. (WinUSB) AndroidUsbDeviceClass (12/06/2010 4.0.0000.00000)
"8BC3CF920AF63C7AEF78B82D1C60D94704FB95CD" = Balíček ovladače systému Windows - MediaTek Inc. Net (07/14/2011 1.1129.00)
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"avast" = avast! Internet Security
"B77DDB8A5697AAF5DA4E4859E53C301B877DD206" = Balíček ovladače systému Windows - Microsoft (WUDFRd) WPD (02/22/2006 5.2.5326.4762)
"Blaze Video Magic_is1" = Blaze Video Magic 3.0
"Broadcom Wireless Utility" = Broadcom Wireless Utility
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.63.0
"DrEditHD" = DrEditHD (remove only)
"DriverAgent.exe" = DriverAgent by eSupport.com
"Elantech" = ETDWare PS/2-X86 11.6.2.1_WHQL
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"ExtIO_USRP+FCD+RTL2832U + BorIP" = ExtIO_USRP+FCD+RTL2832U + BorIP
"Free YouTube Download_is1" = Free YouTube Download version 3.2.2.430
"FXTrend Detector Pro" = FXTrend Detector Pro
"Google Chrome" = Google Chrome
"HappyFoto-Designer_is1" = HF Designer 4.4
"InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}" = Samsung Story Album Viewer
"InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam
"KeePass Password Safe_is1" = KeePass Password Safe 1.27
"LManager" = Launch Manager
"M0KGK SDR Decoder" = M0KGK SDR Decoder
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware verze 2.0.1.1004
"MetaTrader - Alpari UK" = MetaTrader - Alpari UK
"MetaTrader 4 Admiral Markets AS" = MetaTrader 4 Admiral Markets AS
"MetaTrader 4 TeleTrade EU" = MetaTrader 4 TeleTrade EU
"MetaTrader FLOAT" = MetaTrader FLOAT
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 29.0 (x86 cs)" = Mozilla Firefox 29.0 (x86 cs)
"Mozilla Thunderbird 24.5.0 (x86 cs)" = Mozilla Thunderbird 24.5.0 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Opera 20.0.1387.91" = Opera Stable 20.0.1387.91
"Opera 21.0.1432.57" = Opera Stable 21.0.1432.57
"Orbitron_is1" = Orbitron - Satellite Tracking System
"SDR-RADIO.com" = SDR-RADIO.com
"SDR-RADIO.com (V2)" = SDR-RADIO.com (V2)
"SeaMonkey 2.24 (x86 cs)" = SeaMonkey 2.24 (x86 cs)
"SP_360582d7" = ss helper 1.74
"ssinstall" = Seznam Instalátor
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Totalcmd" = Total Commander (Remove or Repair)
"Trade.com MetaTrader 4" = Trade.com MetaTrader 4
"WinRAR archiver" = WinRAR
"zonealarm" = ZoneAlarm Security Toolbar
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall
"ZonerPhotoStudio16_CZ_is1" = Zoner Photo Studio 16
"ZonerPhotoStudio16_Templates_CZ_is1" = Zoner Photo Studio 16 - Obálky a šablony

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2893531606-1056930838-4152591115-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"GoToMeeting" = GoToMeeting 6.0.0.1259
"SeznamInstall" = Seznam Software
"zonealarm" = ZoneAlarm Security Toolbar

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6.1.2014 13:26:32 | Computer Name = Bork-Netbook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6.1.2014 13:26:32 | Computer Name = Bork-Netbook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1030

Error - 6.1.2014 13:26:32 | Computer Name = Bork-Netbook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1030

Error - 6.1.2014 13:26:33 | Computer Name = Bork-Netbook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6.1.2014 13:26:33 | Computer Name = Bork-Netbook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2200

Error - 6.1.2014 13:26:33 | Computer Name = Bork-Netbook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2200

Error - 6.1.2014 13:26:34 | Computer Name = Bork-Netbook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6.1.2014 13:26:34 | Computer Name = Bork-Netbook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3198

Error - 6.1.2014 13:26:34 | Computer Name = Bork-Netbook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3198

Error - 6.1.2014 13:26:35 | Computer Name = Bork-Netbook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

[ System Events ]
Error - 11.5.2014 8:01:12 | Computer Name = Bork-Netbook | Source = DCOM | ID = 10010
Description =

Error - 11.5.2014 16:59:02 | Computer Name = Bork-Netbook | Source = DCOM | ID = 10005
Description =

Error - 11.5.2014 16:59:02 | Computer Name = Bork-Netbook | Source = Service Control Manager | ID = 7038
Description = Služba upnphost se nemohla přihlásit jako NT AUTHORITY\LocalService
s aktuálně konfigurovaným heslem z důvodu následující chyby: %%1352 Chcete-li zajistit
správnou konfiguraci služby, použijte modul snap-in Služby konzoly Microsoft Management
Console (MMC).

Error - 11.5.2014 16:59:02 | Computer Name = Bork-Netbook | Source = Service Control Manager | ID = 7000
Description = Služba Hostitel zařízení UPnP neuspěla při spuštění v důsledku následující
chyby: %%1069

Error - 12.5.2014 13:46:39 | Computer Name = Bork-Netbook | Source = Service Control Manager | ID = 7024
Description = Služba Windows Search ukončena s chybou %%-1073473535, specifickou
pro službu.

Error - 12.5.2014 13:46:39 | Computer Name = Bork-Netbook | Source = Service Control Manager | ID = 7031
Description = Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát.
Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error - 13.5.2014 2:41:22 | Computer Name = Bork-Netbook | Source = Service Control Manager | ID = 7009
Description = Při čekání na připojení služby Util HypeNet bylo dosaženo časového
limitu (30000 ms).

Error - 13.5.2014 2:41:22 | Computer Name = Bork-Netbook | Source = Service Control Manager | ID = 7000
Description = Služba Util HypeNet neuspěla při spuštění v důsledku následující chyby:
%%1053

Error - 13.5.2014 2:48:12 | Computer Name = Bork-Netbook | Source = Service Control Manager | ID = 7000
Description = Služba avast! Firewall neuspěla při spuštění v důsledku následující
chyby: %%2

Error - 13.5.2014 5:02:59 | Computer Name = Bork-Netbook | Source = Service Control Manager | ID = 7034
Description = Služba MBAMService byla neočekávaně ukončena. Tento stav nastal již
1krát.


< End of report >




Díky za analýzu. Docela OTL běžel dlouho.
Měj se fajn a díky Márty.

Jibo
JiBo

jibo
Návštěvník
Návštěvník
Příspěvky: 29
Registrován: 11 srp 2009 20:06

Re: Prosím o kontrolu LOGU

#7 Příspěvek od jibo »

Posílám soubory v raru
Přílohy
OTL.rar
(25.2 KiB) Staženo 50 x
JiBo

jibo
Návštěvník
Návštěvník
Příspěvky: 29
Registrován: 11 srp 2009 20:06

Re: Prosím o kontrolu LOGU

#8 Příspěvek od jibo »

Ještě Extras v raru
Přílohy
Extras.rar
(9.22 KiB) Staženo 48 x
JiBo

Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Prosím o kontrolu LOGU

#9 Příspěvek od Márty84 »

:???: Jak je to s legalitou systemu? Ultimate neni zrovna bezna domci verze :?:

:arrow: Udelejte !!!kompletni!!! kontrolu s MBAM http://forum.viry.cz/viewtopic.php?f=29&t=115222 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).

jibo
Návštěvník
Návštěvník
Příspěvky: 29
Registrován: 11 srp 2009 20:06

Re: Prosím o kontrolu LOGU

#10 Příspěvek od jibo »

Netbook jsem koupil asi před 4 lety, dá se říci z druhé ruky a s již nainstalovaným softem win7 ultimate. Aktualizace běhají jak mají, beru za to, že prodejce dělal provedl instalaci či upgrade na ultimate z oficiální verze, tedy legální. To k legálnosti systému systému.

Spustil jsem MBAM a proběhl scan s nulovým zjištěním nákazy.

Zde je log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 16.5.2014
Čas skenování: 9:04:41
Protokol: mbamlog.txt
Správce: Ano

Verze: 2.00.1.1004
Databáze malwaru: v2014.05.16.05
Databáze rootkitů: v2014.03.27.01
Licence: Premium
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Chameleon: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x86
Souborový systém: NTFS
Uživatel: Bork

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 270303
Uplynulý čas: 32 min, 50 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Shuriken: Zapnuto
PUP: Varovat
PUM: Zapnuto

Procesy: 0
(No malicious items detected)

Moduly: 0
(No malicious items detected)

Klíče registru: 0
(No malicious items detected)

Hodnoty registru: 0
(No malicious items detected)

Data registru: 0
(No malicious items detected)

Složky: 0
(No malicious items detected)

Soubory: 0
(No malicious items detected)

Fyzické sektory: 0
(No malicious items detected)


(end)
JiBo

Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Prosím o kontrolu LOGU

#11 Příspěvek od Márty84 »

jibo píše:Netbook jsem koupil asi před 4 lety, dá se říci z druhé ruky a s již nainstalovaným softem win7 ultimate. Aktualizace běhají jak mají, beru za to, že prodejce dělal provedl instalaci či upgrade na ultimate z oficiální verze, tedy legální. To k legálnosti systému systému.
V tom pripade vas nepotesim. System bohuzel rozhodne legalni neni :(


A pravidla fora hovori jasne http://forum.viry.cz/viewtopic.php?f=12&t=115512
Pomáhat NELZE:
2) Pokud stroj uživatele prokazatelně obsahuje nelegální hostitelský čí ochranný software
(operační systém, antivir, firewall, atd.), je nutné navést uživatele k nápravě, např. skrze neplacený software,
a začít řešit, až v době kdy je PC "v pořádku". V případě že uživatel nechce na pravidla přistoupit,
je nutné jej vyzvat ať fórum opustí, a vrátí se až je splní.
:42:
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).

jibo
Návštěvník
Návštěvník
Příspěvky: 29
Registrován: 11 srp 2009 20:06

Re: Prosím o kontrolu LOGU

#12 Příspěvek od jibo »

Hmm tak to tedy jsem netušil.
Díky za veškeré informace, asi jsem naletěl :cry: . Tak nyní budu činit kroky k legalizaci, zřejmě dám provést legální instalaci do místní firmy s výp. technikou.

Díky za informace a hezký den. Jibo
JiBo

Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Prosím o kontrolu LOGU

#13 Příspěvek od Márty84 »

No pokud byl system pricteny k cene (nejlevnejsi verze Ultimate stoji kolem 4500), tak jste naletel :boxed: Je tam pouzity crack, ktery umoznuje i stahovani aktualizaci. Ono to funguje, ale u nas se takto "upravene" systemy neresi.

Mejte se a drzim palce :bye:

:closed:
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).

Zamčeno