Vir z Facebook

Zpráva

S3jp4k · #1 Příspěvek od **S3jp4k** » 12 úno 2014 22:33

Dobrý den , někdo mi poslal na facebooku nějaký odkaz (je to asi vir nebo červ či co) , Eset Smart security mi hlásí toto : 21:30:21 Kontrola při startu soubor Operační paměť » C:\Windows\SysWOW64\notepad.exe varianta infiltrace Win32/Agent.NNF červ nelze léčit. Eset mám Zkušební verzi (plánuji koupit po uplynutí TRIAL verze). Myslím si že zde měl stejný problém jako já : http://forum.viry.cz/viewtopic.php?f=13&t=135768 Tak jsem udělal log z FRST (nevím jestli jsem to udělal dobře ale snažil jsem se řídit podle návodu)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-02-2014
Ran by Šejpák (administrator) on SEJPAKPC on 12-02-2014 22:19:45
Running from C:\Users\Šejpák\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(LogMeIn Inc.) D:\Data\Hamachi\hamachi-2.exe
(LogMeIn, Inc.) D:\Data\Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\agcp.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\agcp.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\agcp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Šejpák\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7203032 2013-12-25] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1179576 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [OODefragTray] - C:\Program Files\OO Software\Defrag\oodtray.exe [4464936 2014-01-24] (O&O Software GmbH)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [5618456 2013-09-12] (ESET)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
AppInit_DLLs: => File Not Found

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Chrome:
=======
CHR HomePage: hxxp://www.seznam.cz/
CHR Extension: (Disk Google) - C:\Users\Šejpák\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-24]
CHR Extension: (YouTube) - C:\Users\Šejpák\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-24]
CHR Extension: (Vyhledávání Google) - C:\Users\Šejpák\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-24]
CHR Extension: (Peněženka Google) - C:\Users\Šejpák\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-24]
CHR Extension: (Gmail) - C:\Users\Šejpák\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-24]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752 2013-09-12] (ESET)
R2 Hamachi2Svc; D:\Data\Hamachi\hamachi-2.exe [2221904 2014-01-23] (LogMeIn Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [1657128 2014-01-24] (O&O Software GmbH)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-01-15] ()
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-08] (Qualcomm Atheros)

==================== Drivers (Whitelisted) ====================

R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [67888 2013-02-13] (Qualcomm Atheros, Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
S0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-12-25] (Intel Corporation)
R3 KbFilter_Kb_FlexDef3x; C:\Windows\System32\DRIVERS\KbFilter_FlexDef3x.sys [22016 2012-10-16] (Siliten)
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [154320 2013-03-20] (Qualcomm Atheros, Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-25] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8244312 2013-12-25] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2013-12-25] (Synaptics Incorporated)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-12 22:19 - 2014-02-12 22:19 - 00009285 _____ () C:\Users\Šejpák\Desktop\FRST.txt
2014-02-12 22:17 - 2014-02-12 22:17 - 00112640 _____ (forum.viry.cz) C:\Users\Šejpák\Desktop\FRSTLauncher.exe
2014-02-12 22:02 - 2014-02-12 21:53 - 02152448 _____ (Farbar) C:\Users\Šejpák\Desktop\FRST64.exe
2014-02-12 21:53 - 2014-02-12 22:19 - 00000000 ____D () C:\FRST
2014-02-12 18:55 - 2014-02-12 18:55 - 00108816 _____ () C:\Users\Šejpák\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-12 18:41 - 2014-02-12 18:41 - 00000000 ____D () C:\Users\Šejpák\AppData\Roaming\{9620c625-c254-6b6a-3461-87549620c625}
2014-02-12 16:37 - 2014-02-12 16:37 - 00002005 _____ () C:\Users\Šejpák\Desktop\ESET Smart Security.lnk
2014-02-12 16:05 - 2014-02-12 16:05 - 00000000 ____D () C:\ProgramData\ESET
2014-02-12 16:05 - 2014-02-12 16:05 - 00000000 ____D () C:\Program Files\ESET
2014-02-12 14:51 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 14:51 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 14:51 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 14:51 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 14:51 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 14:51 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 14:51 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 14:51 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 14:51 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 14:51 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 14:51 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 14:51 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 14:51 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 14:51 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 14:51 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 14:51 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 14:51 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 14:51 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 14:51 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 14:51 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 14:51 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 14:51 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 14:51 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 14:51 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 14:51 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 14:51 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 14:51 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 14:51 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 14:51 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 14:51 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 14:51 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 14:51 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 14:51 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 14:51 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 14:51 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 14:51 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 14:51 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 14:51 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 14:51 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 14:51 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 14:51 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 14:50 - 2014-02-11 14:53 - 01703936 _____ () C:\Users\Šejpák\Desktop\Call of Duty(R) 2 Multiplayer.exe
2014-02-12 14:23 - 2014-02-12 14:29 - 2382292992 _____ () C:\Users\Šejpák\Downloads\Crysis 3.iso
2014-02-12 14:11 - 2014-02-12 14:11 - 00000000 ____D () C:\Users\Šejpák\AppData\Local\CrashRpt
2014-02-12 07:57 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 07:57 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 07:57 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 07:57 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 07:57 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 07:57 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 07:57 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 07:57 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 07:57 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 07:57 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 07:57 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 07:57 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 07:57 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 07:57 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 07:57 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 07:57 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 07:57 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 07:57 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 07:57 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 07:57 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 07:57 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 07:57 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 07:57 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 07:57 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 07:57 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 07:57 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 07:57 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 07:57 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-11 19:08 - 2014-02-11 19:08 - 00000877 _____ () C:\Users\Šejpák\Desktop\sims.txt
2014-02-11 16:12 - 2014-02-11 16:12 - 00000646 _____ () C:\Users\Šejpák\Desktop\Call of Duty(R) 2 Singleplayer.lnk
2014-02-11 14:47 - 2014-02-11 14:47 - 00000256 _____ () C:\Windows\game.ini
2014-02-01 17:05 - 2014-02-01 17:05 - 00000132 _____ () C:\Users\Šejpák\AppData\Roaming\Formát PNG Adobe CC – předvolby
2014-02-01 16:44 - 2014-02-01 17:03 - 00001100 _____ () C:\Users\Šejpák\Desktop\Adobe Photoshop CC (64 Bit).lnk
2014-02-01 16:36 - 2014-02-01 16:36 - 00003504 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-SejpakPC-Šejpák
2014-02-01 16:36 - 2014-02-01 16:36 - 00000000 ____D () C:\Users\Šejpák\AppData\Roaming\PDAppFlex
2014-02-01 16:27 - 2014-02-01 16:32 - 00000000 ____D () C:\Program Files\Adobe
2014-02-01 16:11 - 2014-02-01 16:11 - 00001074 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2014-01-30 19:03 - 2014-01-30 19:03 - 00000000 ____D () C:\Users\Šejpák\AppData\Roaming\Microsoft Games
2014-01-30 19:01 - 2014-01-30 19:01 - 00002155 _____ () C:\Users\Public\Desktop\Rise of Nations Gold.lnk
2014-01-30 19:00 - 2014-01-30 19:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games
2014-01-24 14:32 - 2014-01-24 14:32 - 02843432 _____ (O&O Software GmbH) C:\Windows\system32\ooscrsav.scr
2014-01-24 14:32 - 2014-01-24 14:32 - 00543528 _____ (O&O Software GmbH) C:\Windows\system32\oodssrs.dll
2014-01-24 14:32 - 2014-01-24 14:32 - 00240936 _____ (O&O Software GmbH) C:\Windows\system32\oodbs.exe
2014-01-24 14:32 - 2014-01-24 14:32 - 00010536 _____ (O&O Software GmbH) C:\Windows\system32\oodbsrs.dll
2014-01-23 15:36 - 2013-12-27 19:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-01-23 15:36 - 2013-12-27 19:42 - 00033056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-01-21 07:28 - 2014-01-21 07:28 - 00000625 _____ () C:\Users\Public\Desktop\4Story.lnk
2014-01-20 22:38 - 2014-01-20 22:38 - 00000000 ____D () C:\Users\Šejpák\Documents\RtsCam
2014-01-20 19:30 - 2014-01-20 19:30 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-01-18 10:57 - 2014-01-18 10:57 - 00000000 ____D () C:\Users\Šejpák\AppData\Roaming\Publish Providers
2014-01-16 13:12 - 2014-01-16 15:42 - 00000222 _____ () C:\Users\Šejpák\Desktop\Total War ROME II.url
2014-01-16 13:12 - 2014-01-16 13:12 - 00000000 ____D () C:\Users\Šejpák\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-01-15 23:31 - 2014-01-20 21:11 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-01-15 23:31 - 2014-01-15 23:31 - 00000779 _____ () C:\Users\Public\Desktop\Battlefield 4.lnk
2014-01-15 23:31 - 2014-01-15 23:31 - 00000763 _____ () C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk
2014-01-15 21:05 - 2014-02-12 14:32 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-01-15 21:05 - 2014-01-15 21:05 - 00000967 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-01-15 06:21 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 06:21 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 06:21 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 06:21 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 06:21 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 06:21 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 06:21 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 06:21 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 06:21 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

2014-02-12 22:19 - 2014-02-12 22:19 - 00009285 _____ () C:\Users\Šejpák\Desktop\FRST.txt
2014-02-12 22:19 - 2014-02-12 21:53 - 00000000 ____D () C:\FRST
2014-02-12 22:17 - 2014-02-12 22:17 - 00112640 _____ (forum.viry.cz) C:\Users\Šejpák\Desktop\FRSTLauncher.exe
2014-02-12 21:54 - 2013-12-24 19:36 - 00000000 ___RD () C:\Users\Šejpák\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-12 21:53 - 2014-02-12 22:02 - 02152448 _____ (Farbar) C:\Users\Šejpák\Desktop\FRST64.exe
2014-02-12 21:36 - 2014-01-04 19:52 - 01354116 _____ () C:\Windows\WindowsUpdate.log
2014-02-12 21:26 - 2013-12-25 01:27 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-12 19:59 - 2013-12-25 01:40 - 00000000 ____D () C:\Users\Šejpák\AppData\Roaming\Skype
2014-02-12 18:55 - 2014-02-12 18:55 - 00108816 _____ () C:\Users\Šejpák\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-12 18:44 - 2013-12-24 23:58 - 00000342 _____ () C:\Windows\Tasks\dsmonitor.job
2014-02-12 18:41 - 2014-02-12 18:41 - 00000000 ____D () C:\Users\Šejpák\AppData\Roaming\{9620c625-c254-6b6a-3461-87549620c625}
2014-02-12 18:04 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-12 16:37 - 2014-02-12 16:37 - 00002005 _____ () C:\Users\Šejpák\Desktop\ESET Smart Security.lnk
2014-02-12 16:09 - 2009-07-14 05:45 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-12 16:09 - 2009-07-14 05:45 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-12 16:08 - 2010-11-21 10:27 - 00668866 _____ () C:\Windows\system32\perfh005.dat
2014-02-12 16:08 - 2010-11-21 10:27 - 00141526 _____ () C:\Windows\system32\perfc005.dat
2014-02-12 16:08 - 2009-07-14 06:13 - 01584554 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-12 16:05 - 2014-02-12 16:05 - 00000000 ____D () C:\ProgramData\ESET
2014-02-12 16:05 - 2014-02-12 16:05 - 00000000 ____D () C:\Program Files\ESET
2014-02-12 16:02 - 2013-12-24 20:21 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-12 16:02 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-12 14:55 - 2013-12-25 00:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-12 14:52 - 2013-12-24 20:20 - 01559268 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-12 14:52 - 2009-07-14 03:34 - 00000478 _____ () C:\Windows\win.ini
2014-02-12 14:32 - 2014-01-15 21:05 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-12 14:30 - 2013-12-24 19:36 - 00000000 ____D () C:\Users\Šejpák\AppData\Local\VirtualStore
2014-02-12 14:29 - 2014-02-12 14:23 - 2382292992 _____ () C:\Users\Šejpák\Downloads\Crysis 3.iso
2014-02-12 14:11 - 2014-02-12 14:11 - 00000000 ____D () C:\Users\Šejpák\AppData\Local\CrashRpt
2014-02-12 14:11 - 2013-12-24 23:00 - 00003948 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-12 14:11 - 2013-12-24 23:00 - 00003696 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-12 07:17 - 2013-12-25 01:27 - 00000000 ____D () C:\Users\Šejpák\AppData\Local\Adobe
2014-02-11 19:08 - 2014-02-11 19:08 - 00000877 _____ () C:\Users\Šejpák\Desktop\sims.txt
2014-02-11 16:12 - 2014-02-11 16:12 - 00000646 _____ () C:\Users\Šejpák\Desktop\Call of Duty(R) 2 Singleplayer.lnk
2014-02-11 14:53 - 2014-02-12 14:50 - 01703936 _____ () C:\Users\Šejpák\Desktop\Call of Duty(R) 2 Multiplayer.exe
2014-02-11 14:51 - 2013-12-24 20:11 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-11 14:47 - 2014-02-11 14:47 - 00000256 _____ () C:\Windows\game.ini
2014-02-10 14:06 - 2013-12-25 00:00 - 00002497 _____ () C:\Users\Public\Desktop\O&O Defrag.lnk
2014-02-07 19:16 - 2014-01-10 19:09 - 00000000 ____D () C:\Users\Šejpák\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-02-06 13:16 - 2014-02-12 14:51 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-12 14:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-12 14:51 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-12 14:51 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-12 14:51 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-12 14:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-12 14:51 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-12 14:51 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-12 14:51 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-12 14:51 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-12 14:51 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-12 14:51 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-12 14:51 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-12 14:51 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-12 14:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-12 14:51 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-12 14:51 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-12 14:51 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-12 14:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-12 14:51 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-12 14:51 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-12 14:51 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-12 14:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-12 14:51 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-12 14:51 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-12 14:51 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-12 14:51 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-12 14:51 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-12 14:51 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-12 14:51 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-12 14:51 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-12 14:51 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-12 14:51 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-12 14:51 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-12 14:51 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-12 14:51 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-12 14:51 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-12 14:51 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-12 14:51 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-05 18:29 - 2013-12-25 20:53 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-02-05 17:59 - 2013-12-25 20:53 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-02-05 17:50 - 2013-12-25 20:10 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-02-04 22:26 - 2013-12-25 01:27 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-04 22:26 - 2013-12-25 01:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-04 22:26 - 2013-12-25 01:27 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-04 13:13 - 2013-12-24 23:00 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-02 20:24 - 2013-12-28 17:11 - 00000000 ____D () C:\Users\Šejpák\AppData\Roaming\TS3Client
2014-02-01 23:03 - 2013-12-26 01:13 - 00001198 _____ () C:\Windows\system32\RTCM_Config.ini
2014-02-01 18:40 - 2013-12-25 02:12 - 00000000 ____D () C:\Users\Šejpák\AppData\Local\CrashDumps
2014-02-01 17:05 - 2014-02-01 17:05 - 00000132 _____ () C:\Users\Šejpák\AppData\Roaming\Formát PNG Adobe CC – předvolby
2014-02-01 17:03 - 2014-02-01 16:44 - 00001100 _____ () C:\Users\Šejpák\Desktop\Adobe Photoshop CC (64 Bit).lnk
2014-02-01 16:36 - 2014-02-01 16:36 - 00003504 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-SejpakPC-Šejpák
2014-02-01 16:36 - 2014-02-01 16:36 - 00000000 ____D () C:\Users\Šejpák\AppData\Roaming\PDAppFlex
2014-02-01 16:32 - 2014-02-01 16:27 - 00000000 ____D () C:\Program Files\Adobe
2014-02-01 16:31 - 2013-12-27 00:11 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-02-01 16:31 - 2013-12-25 01:29 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-02-01 16:26 - 2013-12-24 19:36 - 00000000 ____D () C:\Users\Šejpák\AppData\Roaming\Adobe
2014-02-01 16:25 - 2013-12-25 01:29 - 00000000 ____D () C:\ProgramData\Adobe
2014-02-01 16:11 - 2014-02-01 16:11 - 00001074 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2014-02-01 12:48 - 2014-01-10 17:41 - 00000000 ____D () C:\Users\Šejpák\AppData\Local\LogMeIn Hamachi
2014-02-01 12:46 - 2013-12-25 21:49 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-01 12:46 - 2013-12-25 21:49 - 00000000 ____D () C:\Program Files\CCleaner
2014-01-31 17:04 - 2013-12-25 20:10 - 00000000 ____D () C:\ProgramData\Origin
2014-01-30 19:19 - 2014-01-10 17:41 - 00000606 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-01-30 19:15 - 2013-12-25 02:21 - 00000000 ____D () C:\Users\Šejpák\Documents\My Games
2014-01-30 19:03 - 2014-01-30 19:03 - 00000000 ____D () C:\Users\Šejpák\AppData\Roaming\Microsoft Games
2014-01-30 19:01 - 2014-01-30 19:01 - 00002155 _____ () C:\Users\Public\Desktop\Rise of Nations Gold.lnk
2014-01-30 19:00 - 2014-01-30 19:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games
2014-01-26 08:50 - 2009-07-14 06:08 - 00032544 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-24 14:32 - 2014-01-24 14:32 - 02843432 _____ (O&O Software GmbH) C:\Windows\system32\ooscrsav.scr
2014-01-24 14:32 - 2014-01-24 14:32 - 00543528 _____ (O&O Software GmbH) C:\Windows\system32\oodssrs.dll
2014-01-24 14:32 - 2014-01-24 14:32 - 00240936 _____ (O&O Software GmbH) C:\Windows\system32\oodbs.exe
2014-01-24 14:32 - 2014-01-24 14:32 - 00010536 _____ (O&O Software GmbH) C:\Windows\system32\oodbsrs.dll
2014-01-23 20:10 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-01-23 15:36 - 2013-12-24 20:21 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-01-21 07:28 - 2014-01-21 07:28 - 00000625 _____ () C:\Users\Public\Desktop\4Story.lnk
2014-01-21 03:53 - 2013-12-24 20:21 - 01179576 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-01-21 03:53 - 2013-12-24 20:21 - 01048152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-01-20 22:38 - 2014-01-20 22:38 - 00000000 ____D () C:\Users\Šejpák\Documents\RtsCam
2014-01-20 21:11 - 2014-01-15 23:31 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-01-20 20:29 - 2013-12-25 20:10 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-01-20 19:30 - 2014-01-20 19:30 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-01-19 23:28 - 2013-12-27 03:48 - 00000000 ____D () C:\Users\Šejpák\AppData\Roaming\Sony
2014-01-19 22:58 - 2013-12-25 01:26 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-18 10:57 - 2014-01-18 10:57 - 00000000 ____D () C:\Users\Šejpák\AppData\Roaming\Publish Providers
2014-01-18 10:51 - 2014-01-12 21:47 - 00000000 ____D () C:\Users\Šejpák\AppData\Roaming\TeamViewer
2014-01-18 10:34 - 2013-12-24 23:55 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-01-16 15:42 - 2014-01-16 13:12 - 00000222 _____ () C:\Users\Šejpák\Desktop\Total War ROME II.url
2014-01-16 13:12 - 2014-01-16 13:12 - 00000000 ____D () C:\Users\Šejpák\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-01-15 23:31 - 2014-01-15 23:31 - 00000779 _____ () C:\Users\Public\Desktop\Battlefield 4.lnk
2014-01-15 23:31 - 2014-01-15 23:31 - 00000763 _____ () C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk
2014-01-15 23:31 - 2013-12-25 20:53 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-01-15 21:05 - 2014-01-15 21:05 - 00000967 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-01-15 07:37 - 2013-12-24 22:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 07:36 - 2013-12-24 22:34 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-13 21:18 - 2013-12-27 02:23 - 00291944 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-01-13 16:20 - 2013-12-27 02:21 - 00000000 ____D () C:\Users\Šejpák\Documents\Assassin's Creed IV Black Flag

Some content of TEMP:
====================
C:\Users\Šejpák\AppData\Local\Temp\InstHelper.exe
C:\Users\Šejpák\AppData\Local\Temp\speeditupfree-knowledge.exe
C:\Users\Šejpák\AppData\Local\Temp\ytdownloader_ww_setup_20140203.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-02-08 00:45

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:111.69 GB) (Free:46.17 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:783.05 GB) NTFS

Available physical RAM: 5927.44 MB
Total physical RAM: 8136.01 MB
Percentage of memory in use: 27%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: E291D752)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS)
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: E291D72F)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\dsmonitor.job => C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\ProgramData:NT
AlternateDataStreams: C:\Users\All Users:NT
AlternateDataStreams: C:\ProgramData\Application Data:NT
AlternateDataStreams: C:\ProgramData\Data aplikací:NT
AlternateDataStreams: C:\Users\Šejpák\Data aplikací:NT
AlternateDataStreams: C:\Users\Šejpák\AppData\Roaming:NT

==================== Security Center ==================

AV: ESET Smart Security 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personální firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\�ejp�k\Desktop" je 3 MB.

***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4StoryPrePatch
D:\Hry\4Story_CZ\PrePatch.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Creative Cloud
"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCEPServiceManager
"C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync
"C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bloody2
"C:\Program Files (x86)\Bloody4\Bloody4\Bloody4.exe" Minimum [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cm108Sound
C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui
"D:\Data\Hamachi\hamachi-2-ui.exe" --auto-start [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mskqcnisSrv
C:\Windows\inf\mskqcnis.vbe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mssiplSrv
"C:\Windows\system32\mssipl.vbe" mshfhcgi msbfbde [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mswwkgSrv
C:\Windows\inf\mswwkg.vbe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray
C:\Program Files\OO Software\Defrag\oodtray.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Printsrv
c:\Windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Killer Network Manager.lnk
C:\Windows\Installer\{4E08CC97-912D-458B-8705-9A14C325532F}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe -minimize [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^O&O Defrag Tray.lnk
C:\Windows\Installer\{F17BA1CA-0FAF-40BF-A5FD-BF1B727D855E}\app_icon.ico [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Qualcomm Atheros Killer Network Manager.lnk
C:\PROGRA~1\QUALCO~1\KILLER~1\KILLER~1.EXE -minimized [x]

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

#2 Příspěvek od **Rudy** » 12 úno 2014 22:44

Zdravím!

Jak to vypadá s legalitou vašeho oper. systému?

S3jp4k · #3 Příspěvek od **S3jp4k** » 12 úno 2014 22:47

bohužel , asi víte jak to myslím (nelegal.) ... Ale ten červ se mi ukazoval po tom kliku z facebooku.

#4 Příspěvek od **Rudy** » 12 úno 2014 22:54

To je možné. V takovém případě vám s vyčištěním nemůžeme vyhovět, neboť by to bylo v rozporu s pravidly fóra: http://forum.viry.cz/viewtopic.php?f=12&t=115512 . Lituji.

S3jp4k · #5 Příspěvek od **S3jp4k** » 12 úno 2014 23:03

Legální windows mám na stolním počítači OEM licenci a nelegální na notebooku toto je legální ale vir mám na obou dvouch počítačích protože sem to spustil jak zde tak na notebooku. Dotyčný mi říkal že je to nějaká fotka na notebooku to nešlo spustit (protože je to asi vir) a tak jsem to skusil zde. Já vás prosím jestli byjste mi nemohl pomoct aspoň s 1 Počítačem který tu OEM licenci má . Legální mám windows 7 Ultimate a nelegální také w7 ultimate na notebook mi to nahrával pan který mi opravoval notebook. Ale tento počítač licenci má. Dofam že my uvěříte .

S3jp4k · #6 Příspěvek od **S3jp4k** » 12 úno 2014 23:11

Pokud stroj uživatele prokazatelně obsahuje nelegální hostitelský čí ochranný software - Tento stolní počítač neobsahuje nelegální winy pouze notebook s kterým bych chtěl taky pomoct to odstranit ale jak tak vidím asi my ho neuznáte. Ten stolní s ním by jste mi měl pomoci ne ? Windows jsem kupoval v obchodě CZC.cz kde mi i počítač sestavili

#7 Příspěvek od **Rudy** » 13 úno 2014 06:30

S3jp4k píše:bohužel , asi víte jak to myslím (nelegal.) ... Ale ten červ se mi ukazoval po tom kliku z facebooku.

Jak mám pak rozumět tomuhle? Toto byla vaše jednoznačná odpověď na mou otázku:

Rudy píše:Jak to vypadá s legalitou vašeho oper. systému?

Kdyby log neobsahoval některé markanty nelegálních Win, neptal bych se.

S3jp4k · #8 Příspěvek od **S3jp4k** » 13 úno 2014 06:55

chtěl jsem pomoct s 2 počítačema myslel jsem že je to důležitejší když mám jen 1 legální (a 1 nelegální na ntb) ! (stolním a notebookem) přeci bych se tu takhle nemordoval a radši bych přeinstaloval systém ! Tet mi nebudete chtít pomoct ani s legálem a budu muset vše zálohovat a nakonec přeinstalovat co ?

S3jp4k · #9 Příspěvek od **S3jp4k** » 13 úno 2014 07:12

asi bych to nazval nedorozumění , také ten 1 příspěvek jsem psal z ntb protože stolní mi kůli tomu červu dost blbne , a řekl jsem pravdu o winů na notebooku. Tet jsem na stolním už to není tak hrozné eset my našel nějaké trojany které s tím točily. Ale nevím jestli v tom stolním ještě něco je pokud chcete pošlu vám log . Jak to vypadá současně

#10 Příspěvek od **Rudy** » 13 úno 2014 08:08

S tím legálním vám pomohu, s nelegálem ovšem ne. Na tom legálním systému spusťte OTL:

Stáhněte a spusťte OTL: http://oldtimer.geekstogo.com/OTL.exe . Spusťte, zaškrněte "Pro všechny uživatele", Kontrola na havěť LOP" a Kontrola na hvěť PURITY" a do dolního bílého okna zkopírujte:

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*loader* /s

a klikněte na >Prohledat<. Dejte oba logy. Pokračovat budu večer, nyní jsem v zaměstnání.

S3jp4k · #11 Příspěvek od **S3jp4k** » 13 úno 2014 13:10

Log z Extras.Txt : 2 pošlu v dalším příspěvku

OTL Extras logfile created on: 13.2.2014 13:01:01 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Download
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

7,95 Gb Total Physical Memory | 6,33 Gb Available Physical Memory | 79,72% Memory free
15,89 Gb Paging File | 14,09 Gb Available in Paging File | 88,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 45,84 Gb Free Space | 41,05% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 783,09 Gb Free Space | 84,07% Space Free | Partition Type: NTFS

Computer Name: SEJPAKPC | User Name: Šejpák | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2287406693-4035591509-3392762823-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{016AE848-5388-4A55-A558-FF004905F334}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0A2D2832-94EB-4261-A5EE-1C156A13B7CF}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{1472F7B7-24EA-475E-85FB-B8B088C09B3D}" = lport=20443 | protocol=6 | dir=in | name=war thunder |
"{1C5B8422-3C98-4ABD-86A7-9DD71FC98712}" = lport=20010 | protocol=17 | dir=in | name=war thunder |
"{1E311389-61E8-4BF2-A3B9-8286CFE387FF}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{210A59D4-7FDC-41D5-8E93-052F37FEB7FA}" = lport=7850 | protocol=6 | dir=in | name=war thunder |
"{232C2FA6-3200-452B-9F45-B8BC278B562B}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{27D12E16-C6CA-422F-89AB-5FA5186BE7A6}" = lport=6881 | protocol=6 | dir=in | name=war thunder |
"{2890619E-2136-4E5A-88CB-E9BB0BEE844C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2D1AD743-13DD-4622-98BE-99EF7288D865}" = lport=80 | protocol=6 | dir=in | name=war thunder |
"{366E673F-C9D4-4F57-9D35-6CB69AD48828}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{39103BF0-AED5-456A-BD36-23F9B2DF0ACC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3FDD1CB1-94A6-4CCE-9AE5-FA64B03CB641}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{4BA32C74-5212-4650-9C49-FB7BB68A1824}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{51A804E3-3DF2-44F4-B850-AC6F2B3FBE2A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{54A5B535-DA5A-40A4-B9FC-C541A54808D8}" = lport=7852 | protocol=6 | dir=in | name=war thunder |
"{5EC0608F-C820-4407-BB8C-E06E542A7DF5}" = lport=3478 | protocol=17 | dir=in | name=war thunder |
"{65FBB163-9BB6-4CE4-8C03-F40D83AD3212}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{6C27A0D4-3558-48E3-ADBA-8E0580AC6422}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6CE65C23-E30B-418D-843D-00A711020731}" = lport=443 | protocol=6 | dir=in | name=war thunder |
"{79182498-212E-467C-B63A-0039F47AA102}" = lport=7853 | protocol=6 | dir=in | name=war thunder |
"{7FDC58D4-69B1-4F94-B9D4-E2034BC8BB4F}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{8DE8E7CC-0BE7-4DB4-8D84-BCF6EC51A22F}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{97211F62-D2C3-4D5E-8F00-A898A1E0715E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A2BEC73C-B2E0-4DC2-B69A-0813152300D3}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{A3928B84-0A95-42D6-8D48-5DF1823E8198}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{AC41C8FC-399B-47C9-96D9-426A6C65CBFD}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{B202A231-A5D7-41D7-A6DE-FFFF6C01382B}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{B32F79C8-C37B-477B-BBD0-F910FD3E56D1}" = lport=8090 | protocol=6 | dir=in | name=war thunder |
"{B45C157C-B60F-46AB-AAC8-35981A753C50}" = lport=33333 | protocol=6 | dir=in | name=war thunder |
"{B4C19E57-AD69-432C-98AD-630959456912}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{CBF34841-A06E-44BA-9CD4-33E34A087FCE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D7D58101-3FCA-4BA9-A16C-7BECD8B33827}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{DE8BACEA-160B-4ABB-B3A7-D4594B4A934B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E448C0C6-8456-4F48-A807-655F67EBD0D1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E8F5DC68-C560-480C-BDD0-EAD06E344C7B}" = lport=27022 | protocol=6 | dir=in | name=war thunder |
"{EBDB2430-6124-461C-BC7C-66A6D0AA38FE}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{EC94C281-7A50-4AC1-9F10-A8F2C01C834E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{F18A0D03-EA3F-42D9-B9A6-47E49A2A9C0A}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{F6629BFF-F8A2-4CC9-B244-70949353B7E0}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00186875-D63B-4A49-B7A3-38E5BF281698}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{004A9961-7DF9-4243-8A82-B1AE9730E684}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{03B50A4F-550A-4DA6-A4F2-596519C009B8}" = protocol=6 | dir=in | app=d:\hry\tom clancy's splinter cell blacklist\src\system\blacklist_game.exe |
"{0A25A250-5D6D-4CD5-9E75-529DB04A2FC5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0D711461-1C7E-4859-8E17-0F60EEA2C8DC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{10D4C6D9-E96A-4406-A1DE-4E81A6415869}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{1731EE0D-3A31-4402-9EA1-86D1DAF9BB45}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\rise of nations\thrones.exe |
"{18A390DA-E1A0-4D51-8F65-CE62568A9BE3}" = protocol=6 | dir=in | app=d:\hry\tom clancy's splinter cell blacklist\src\system\blacklist_dx11_game.exe |
"{1E819DB2-0FEC-4CB7-8265-6A367F8CE006}" = protocol=17 | dir=in | app=d:\hry\origin games\battlefield 4\bf4.exe |
"{213BB1BA-3E8B-42E9-83A8-17E79FDF7FAC}" = protocol=6 | dir=in | app=d:\hry\tom clancy's splinter cell blacklist\src\system\gu.exe |
"{223AB532-6142-437A-853C-E1967112B267}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{26429714-97A3-4513-8486-3B3613D88C09}" = protocol=6 | dir=in | app=d:\hry\origin games\battlefield 4\bf4_x86.exe |
"{282E2D3B-1909-44A9-8639-332A89F1D87B}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{2A843C78-62E2-4AAE-993E-C05423195C2F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{3351BD35-EABE-4298-BBC5-8EB46DC40BF1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{35AFE96B-E113-4FEA-80A9-3CA6A861C41C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{35B4DECE-7F97-46A9-8BD3-953733B35596}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{41185DBF-836B-44C7-91A9-3D296F8F6616}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{4285B0C3-B4D7-4BFE-A162-9883DB2223B2}" = protocol=17 | dir=in | app=d:\hry\warthunder\launcher.exe |
"{473EEA9F-8FD5-4F62-A610-5790F9793A82}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{47790693-9B7A-4EF8-A63E-111AF2E1578F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{47E7B793-4B95-4845-BF57-01D246E2BE05}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{486505A5-F976-48BD-9DA5-27A8CB362E80}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{4B90C02E-BB2E-41B2-B102-6BA9D6709884}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{4CEDE603-661E-46C3-9790-63179D75A610}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5010B257-0AD9-419F-999D-1717F91633B7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{57B9EC12-38DE-44CD-A545-6973E0A8BCB0}" = protocol=17 | dir=in | app=d:\hry\tom clancy's splinter cell blacklist\src\system\blacklist_game.exe |
"{5D2D259C-75C1-4D0F-A5E7-4ACA078795FF}" = protocol=17 | dir=in | app=d:\hry\tom clancy's splinter cell blacklist\src\system\gu.exe |
"{5D30CFB4-BD51-408C-87F6-6861C844CE5A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{6004FD9C-B380-4400-A539-0B6966B66D59}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{61F5AA60-700E-4254-B088-67183E92E1FA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\rise of nations\thrones.exe |
"{627397DB-E98E-4BF0-AAE4-7EBDE349D822}" = protocol=17 | dir=in | app=d:\hry\tom clancy's splinter cell blacklist\src\system\blacklist_dx11_game.exe |
"{6B3EA0E6-C729-494E-981C-AF33C744AF47}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{6DD2DE51-13E6-4775-B8E8-9F68E07D732A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7706C1F9-A541-4C1C-B553-5A6E56169042}" = protocol=6 | dir=in | app=d:\hry\assassin's creed iv black flag\ac4bfsp.exe |
"{78656B14-E028-4271-83F6-C706E234BE7D}" = protocol=6 | dir=in | app=d:\hry\warthunder\launcher.exe |
"{7B6A2C75-FFAC-437F-A408-755FB268601B}" = protocol=6 | dir=in | app=d:\hry\origin games\battlefield 4\bf4.exe |
"{88BF0446-A70C-458B-BFBA-023D171F5B3F}" = protocol=6 | dir=out | app=system |
"{8BC03AD4-A7D3-4A33-8A00-2029B9278EAE}" = protocol=17 | dir=in | app=d:\hry\origin games\battlefield 4\bf4_x86.exe |
"{8D597927-0EAB-4551-9565-E4F54C4D07B7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{96504E44-844D-405C-A2AB-BE096B29FE0A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9BBF9EB8-657E-40CF-9D40-F2E2F4417862}" = protocol=6 | dir=in | app=d:\hry\total war rome ii\steamapps\common\total war rome ii\launcher\launcher.exe |
"{9CD76B5E-FBA2-46AF-9238-6BF1DC4C27B4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9D097BFC-0942-4EBF-A39D-10AAE1CF0889}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A03F2546-D378-4AB8-8840-78095BD39F48}" = protocol=6 | dir=in | app=d:\hry\tom clancy's splinter cell blacklist\blacklist_launcher.exe |
"{A7F08D7B-2735-4465-B25B-12CAFA61E53A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B6DB76F8-149A-48C6-8BF7-426471F91A45}" = protocol=17 | dir=in | app=d:\hry\tom clancy's splinter cell blacklist\blacklist_launcher.exe |
"{BB983E82-75C0-4EF4-BE99-B4A33C7D4710}" = protocol=17 | dir=in | app=d:\hry\assassin's creed iv black flag\ac4bfmp.exe |
"{BE4DE129-3095-4292-B09C-328199C03339}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{BFB726C1-FD41-4DFD-9168-DCCCDC9D3EFC}" = protocol=6 | dir=in | app=d:\hry\assassin's creed iv black flag\ac4bfmp.exe |
"{CA9883C7-B06D-4E74-A0BD-D6A08363ED6D}" = protocol=58 | dir=in | app=system |
"{CAF11283-EEA2-4847-A8EB-B3CD163175A9}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{D284198E-5AC5-4F09-8FFD-B4B5B11BAF6F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{D78EF447-3434-4FDD-A0C1-7B0A572E006F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{DD511998-2477-46C5-8EA9-0AF803F50447}" = protocol=17 | dir=in | app=d:\hry\assassin's creed iv black flag\ac4bfsp.exe |
"{E7EFBAC0-4815-4FDA-98A2-6BDCFFBD6EA4}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{F120F821-4A11-4D6E-838D-B3A4ECC218BF}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{FAB0D0D3-A340-4477-A5CA-0A5F380DFC47}" = protocol=17 | dir=in | app=d:\hry\total war rome ii\steamapps\common\total war rome ii\launcher\launcher.exe |
"{FD6FCE1E-A311-4A03-AC9B-59507E9F2E48}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FF022257-EE4F-45C8-8E4E-804CD133B65B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{2FBB9AB1-2031-4F69-8C8B-C976E3D6E05E}D:\hry\total war rome ii\steamapps\common\total war rome ii\rome2.exe" = protocol=6 | dir=in | app=d:\hry\total war rome ii\steamapps\common\total war rome ii\rome2.exe |
"TCP Query User{B5B10217-BB14-4DCA-B9C6-0D8253DE6D8B}D:\hry\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=d:\hry\call of duty 2\cod2mp_s.exe |
"UDP Query User{13C4DC42-8153-45B5-B52C-E44D3575EEA9}D:\hry\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=d:\hry\call of duty 2\cod2mp_s.exe |
"UDP Query User{202293BA-5EE8-49EE-9B0A-DDDCC7FDAE20}D:\hry\total war rome ii\steamapps\common\total war rome ii\rome2.exe" = protocol=17 | dir=in | app=d:\hry\total war rome ii\steamapps\common\total war rome ii\rome2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{177DE549-9107-4370-A840-9FC4AE8BC2BE}" = O&O Defrag Professional
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{4E08CC97-912D-458B-8705-9A14C325532F}" = Qualcomm Atheros Network Manager
"{50813B8C-FCBB-3C61-8039-EAAA93029066}" = Microsoft .NET Framework 4.5.1 (CSY)
"{579C5E7D-904F-447B-94F8-9413005C162C}" = Qualcomm Atheros Killer E220x Drivers
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6734576C-DC0C-4CFB-9C22-92DAAA73F6D5}" = Qualcomm Atheros Bandwidth Control Filter Driver
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0405-1000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2010
"{90140000-0016-0405-1000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2010
"{90140000-0018-0405-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2010
"{90140000-0019-0405-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2010
"{90140000-001A-0405-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2010
"{90140000-001B-0405-1000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2010
"{90140000-001F-0405-1000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2010
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-041B-1000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2010
"{90140000-002C-0405-1000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0405-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Czech) 2010
"{90140000-0044-0405-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2010
"{90140000-006E-0405-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2010
"{90140000-00A1-0405-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2010
"{90140000-00BA-0405-1000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2010
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029" = Microsoft .NET Framework 4.5.1 (čeština)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B1920A83-25A3-4DBB-B1F5-2395BD05370E}" = ESET Smart Security
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Ovladač 3D Vision 332.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 332.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Ovladače grafiky 332.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.8.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Ovladač řídící jednotky 3D Vision 332.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Systémový software PhysX 9.13.0725
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizace NVIDIA 11.10.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Ovladač HD audia 1.3.30.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 11.10.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.20
"{BD422D00-5232-11E3-A6F3-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit)
"{C2B8CBDE-5232-11E3-B494-F04DA23A5C58}" = MSVCRT Redists
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"CCleaner" = CCleaner
"C-Media CM108 Like Sound Driver" = GX GAMING CAVIMANUS HEADSET
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBAE18D-4DE4-47AA-83EC-D1B046F262DC}" = PDF Settings CC
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 51
"{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}" = Adobe Photoshop CC
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{5A25051F-19BD-4634-9B15-4E99A5C0CC37}" = LogMeIn Hamachi
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}" = Tom Clancy's Splinter Cell® Blacklist™
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABADE36E-EC37-413B-8179-B432AD3FACE7}" = Battlefield 4™
"{AC76BA86-7AD7-1029-7B44-AB0000000001}" = Adobe Reader XI (11.0.06) - Czech
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = DriverScanner
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{DD21E907-9A2A-44B8-A12E-13691E166664}" = Qualcomm Atheros Killer Network Manager Suite
"{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = USB Video Device
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.302
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4Story_CZ_is1" = 4Story CZ 4.2.111
"Adobe Creative Cloud" = Adobe Creative Cloud
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"AIDA64 Extreme_is1" = AIDA64 Extreme v4.00
"ESN Sonar-0.70.4" = ESN Sonar
"Fraps" = Fraps (remove only)
"Google Chrome" = Google Chrome
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"LogMeIn Hamachi" = LogMeIn Hamachi
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"RiseOfNationsExpansion 1.0" = Rise of Nations
"Steam" = Steam
"Steam App 214950" = Total War: ROME II
"TeamViewer 9" = TeamViewer 9
"Uplay" = Uplay
"Uplay Install 273" = Assassins Creed IV Black Flag

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2287406693-4035591509-3392762823-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 13.2.2014 7:56:37 | Computer Name = SejpakPC | Source = WinMgmt | ID = 10
Description =

< End of report >

S3jp4k · #12 Příspěvek od **S3jp4k** » 13 úno 2014 13:12

Log z OTL.Txt:

OTL logfile created on: 13.2.2014 13:01:01 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Download
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

7,95 Gb Total Physical Memory | 6,33 Gb Available Physical Memory | 79,72% Memory free
15,89 Gb Paging File | 14,09 Gb Available in Paging File | 88,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 45,84 Gb Free Space | 41,05% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 783,09 Gb Free Space | 84,07% Space Free | Partition Type: NTFS

Computer Name: SEJPAKPC | User Name: Šejpák | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014.02.13 12:57:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Download\OTL.exe
PRC - [2014.02.02 00:42:39 | 000,866,632 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014.01.21 03:56:25 | 002,234,144 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014.01.21 03:55:50 | 001,593,632 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014.01.15 23:31:05 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013.12.21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.12.19 12:20:16 | 000,411,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013.12.17 11:38:33 | 005,341,536 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2013.12.17 09:25:24 | 000,026,984 | ---- | M] (Uniblue Systems Ltd) -- C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
PRC - [2013.09.12 12:06:22 | 001,337,752 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

========== Modules (No Company Name) ==========

MOD - [2014.02.02 00:42:37 | 000,399,688 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppgooglenaclpluginchrome.dll
MOD - [2014.02.02 00:42:35 | 004,055,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
MOD - [2014.02.02 00:41:45 | 000,715,592 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
MOD - [2014.02.02 00:41:45 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll
MOD - [2014.02.02 00:41:43 | 001,634,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
MOD - [2013.09.05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

========== Services (SafeList) ==========

SRV:64bit: - [2014.02.06 11:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014.01.24 14:32:44 | 001,657,128 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent)
SRV:64bit: - [2014.01.21 03:55:35 | 016,939,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013.10.10 23:54:28 | 000,144,152 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2013.09.12 12:06:22 | 001,337,752 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2013.08.08 14:35:22 | 000,343,040 | ---- | M] (Qualcomm Atheros) [Auto | Running] -- C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe -- (Qualcomm Atheros Killer Service V2)
SRV:64bit: - [2013.07.14 13:03:14 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014.02.04 22:26:06 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.01.27 20:02:50 | 000,571,816 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014.01.23 13:33:48 | 002,221,904 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Data\Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2014.01.21 03:55:50 | 001,593,632 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014.01.15 23:31:05 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013.12.21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.12.19 12:20:16 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.12.17 11:38:33 | 005,341,536 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2013.10.23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.09.11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.12.27 19:42:26 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013.12.25 01:32:50 | 000,644,968 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013.12.25 01:32:50 | 000,028,008 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2013.12.25 01:32:48 | 000,033,008 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2013.12.25 01:32:42 | 000,100,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:64bit: - [2013.12.25 01:32:00 | 008,244,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvc.sys -- (rtsuvc)
DRV:64bit: - [2013.11.28 14:38:18 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013.09.17 15:17:38 | 000,239,320 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2013.09.17 15:17:38 | 000,220,232 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2013.09.17 15:17:38 | 000,168,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2013.09.17 15:17:38 | 000,062,136 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2013.09.17 15:17:38 | 000,044,120 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2013.07.07 21:47:07 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013.07.07 21:47:07 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013.07.07 21:22:56 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013.03.20 16:46:40 | 000,154,320 | ---- | M] (Qualcomm Atheros, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e22W7x64.sys -- (Ke2200)
DRV:64bit: - [2013.02.13 15:07:46 | 000,067,888 | ---- | M] (Qualcomm Atheros, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bflwfx64.sys -- (BfLwf)
DRV:64bit: - [2012.10.16 10:07:08 | 000,022,016 | ---- | M] (Siliten) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KbFilter_FlexDef3x.sys -- (KbFilter_Kb_FlexDef3x)
DRV:64bit: - [2012.08.23 15:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010.11.21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.11.18 10:55:50 | 001,308,160 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CM10864.sys -- (USBPNPA)
DRV:64bit: - [2009.11.18 00:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2287406693-4035591509-3392762823-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2287406693-4035591509-3392762823-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE11SR
IE - HKU\S-1-5-21-2287406693-4035591509-3392762823-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect_x86_64: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.3.2: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2014.02.12 16:05:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014.02.12 16:05:43 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.seznam.cz/
CHR - Extension: Disk Google = C:\Users\Šejpák\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Šejpák\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Users\Šejpák\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Pen\u011B\u017Eenka Google = C:\Users\Šejpák\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Pen\u011B\u017Eenka Google = C:\Users\Šejpák\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Gmail = C:\Users\Šejpák\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2014.02.13 07:21:47 | 000,449,906 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15470 more lines...
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2287406693-4035591509-3392762823-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2287406693-4035591509-3392762823-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Od&eslat do aplikace OneNote - res://D:\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://D:\Office14\ONBttnIE.dll/105 File not found
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F735DE14-D8E2-48E9-95E2-623F505A49B6}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - frapsvid.dll File not found
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2014.02.13 07:18:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2014.02.13 00:11:39 | 000,000,000 | ---D | C] -- C:\Users\Šejpák\AppData\Roaming\Malwarebytes
[2014.02.12 22:17:43 | 000,112,640 | ---- | C] (forum.viry.cz) -- C:\Users\Šejpák\Desktop\FRSTLauncher.exe
[2014.02.12 22:02:38 | 002,152,448 | ---- | C] (Farbar) -- C:\Users\Šejpák\Desktop\FRST64.exe
[2014.02.12 21:53:23 | 000,000,000 | ---D | C] -- C:\FRST
[2014.02.12 18:41:01 | 000,000,000 | ---D | C] -- C:\Users\Šejpák\AppData\Roaming\{9620c625-c254-6b6a-3461-87549620c625}
[2014.02.12 16:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2014.02.12 16:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2014.02.12 16:05:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014.02.12 14:51:43 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014.02.12 14:51:27 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014.02.12 14:51:27 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014.02.12 14:51:27 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014.02.12 14:51:27 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014.02.12 14:51:27 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014.02.12 14:51:27 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014.02.12 14:51:26 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014.02.12 14:51:26 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014.02.12 14:51:26 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014.02.12 14:51:26 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014.02.12 14:51:26 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014.02.12 14:51:26 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014.02.12 14:51:26 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014.02.12 14:51:26 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014.02.12 14:51:26 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014.02.12 14:51:26 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014.02.12 14:51:26 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014.02.12 14:51:25 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014.02.12 14:51:25 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014.02.12 14:51:25 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014.02.12 14:51:25 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014.02.12 14:51:25 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014.02.12 14:51:23 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014.02.12 14:11:18 | 000,000,000 | ---D | C] -- C:\Users\Šejpák\AppData\Local\Installer
[2014.02.12 14:11:17 | 000,000,000 | ---D | C] -- C:\Users\Šejpák\AppData\Local\CrashRpt
[2014.02.12 14:11:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Retro PC Calculator
[2014.02.12 07:57:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014.02.12 07:57:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014.02.12 07:57:25 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2014.02.12 07:57:25 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2014.02.12 07:57:25 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2014.02.12 07:57:24 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2014.02.12 07:57:24 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2014.02.12 07:57:24 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2014.02.12 07:57:24 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2014.02.12 07:57:24 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2014.02.12 07:57:24 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2014.02.12 07:57:24 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2014.02.12 07:57:24 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2014.02.12 07:57:24 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2014.02.12 07:57:24 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2014.02.12 07:57:24 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2014.02.12 07:57:24 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2014.02.12 07:57:24 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2014.02.12 07:57:24 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2014.02.12 07:57:22 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014.02.12 07:57:22 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014.02.11 14:47:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
[2014.02.10 14:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software
[2014.02.01 16:36:19 | 000,000,000 | ---D | C] -- C:\Users\Šejpák\AppData\Roaming\PDAppFlex
[2014.02.01 16:27:05 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2014.02.01 16:26:25 | 000,000,000 | ---D | C] -- C:\adobeTemp
[2014.01.30 19:19:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2014.01.30 19:03:56 | 000,000,000 | ---D | C] -- C:\Users\Šejpák\AppData\Roaming\Microsoft Games
[2014.01.30 19:01:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
[2014.01.30 19:01:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2014.01.30 19:00:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2014.01.24 14:32:52 | 002,843,432 | ---- | C] (O&O Software GmbH) -- C:\Windows\SysNative\ooscrsav.scr
[2014.01.24 14:32:36 | 000,240,936 | ---- | C] (O&O Software GmbH) -- C:\Windows\SysNative\oodbs.exe
[2014.01.24 14:32:20 | 000,543,528 | ---- | C] (O&O Software GmbH) -- C:\Windows\SysNative\oodssrs.dll
[2014.01.24 14:32:14 | 000,010,536 | ---- | C] (O&O Software GmbH) -- C:\Windows\SysNative\oodbsrs.dll
[2014.01.23 20:10:58 | 000,000,000 | ---D | C] -- C:\Users\Šejpák\AppData\Local\Diagnostics
[2014.01.23 15:36:29 | 000,039,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys
[2014.01.23 15:36:29 | 000,033,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll
[2014.01.21 07:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4Story_CZ
[2014.01.20 22:38:39 | 000,000,000 | ---D | C] -- C:\Users\Šejpák\Documents\RtsCam
[2014.01.19 22:58:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014.01.18 10:57:55 | 000,000,000 | ---D | C] -- C:\Users\Šejpák\AppData\Roaming\Publish Providers
[2014.01.16 15:46:18 | 000,000,000 | ---D | C] -- C:\Users\Šejpák\AppData\Roaming\The Creative Assembly
[2014.01.16 13:12:32 | 000,000,000 | ---D | C] -- C:\Users\Šejpák\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2014.01.15 23:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 4
[2014.01.15 23:31:34 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2014.01.15 23:31:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins
[2014.01.15 21:05:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2014.01.15 21:05:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2014.01.15 21:05:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2014.01.15 06:21:17 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2014.01.15 06:21:17 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2014.01.15 06:21:16 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys

========== Files - Modified Within 30 Days ==========

[2014.02.13 13:01:56 | 000,026,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.02.13 13:01:56 | 000,026,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.02.13 13:01:39 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014.02.13 13:00:39 | 001,584,554 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.02.13 13:00:39 | 000,668,866 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2014.02.13 13:00:39 | 000,654,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.02.13 13:00:39 | 000,141,526 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2014.02.13 13:00:39 | 000,122,126 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.02.13 12:54:54 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\dsmonitor.job
[2014.02.13 12:54:47 | 005,081,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014.02.13 12:54:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.02.13 12:54:41 | 2103,451,647 | -HS- | M] () -- C:\hiberfil.sys
[2014.02.13 07:40:52 | 000,000,085 | ---- | M] () -- C:\Windows\wininit.ini
[2014.02.13 07:26:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.02.13 07:21:47 | 000,449,906 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014.02.12 22:17:36 | 000,112,640 | ---- | M] (forum.viry.cz) -- C:\Users\Šejpák\Desktop\FRSTLauncher.exe
[2014.02.12 21:53:10 | 002,152,448 | ---- | M] (Farbar) -- C:\Users\Šejpák\Desktop\FRST64.exe
[2014.02.12 16:37:48 | 000,002,005 | ---- | M] () -- C:\Users\Šejpák\Desktop\ESET Smart Security.lnk
[2014.02.12 14:52:51 | 001,559,268 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014.02.11 16:12:27 | 000,000,646 | ---- | M] () -- C:\Users\Šejpák\Desktop\Call of Duty(R) 2 Singleplayer.lnk
[2014.02.11 14:53:50 | 001,703,936 | ---- | M] () -- C:\Users\Šejpák\Desktop\Call of Duty(R) 2 Multiplayer.exe
[2014.02.11 14:47:41 | 000,000,256 | ---- | M] () -- C:\Windows\game.ini
[2014.02.10 14:06:21 | 000,002,497 | ---- | M] () -- C:\Users\Public\Desktop\O&O Defrag.lnk
[2014.02.10 14:06:21 | 000,002,441 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\O&O Defrag Tray.lnk
[2014.02.06 12:30:12 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014.02.06 12:07:39 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014.02.06 12:06:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014.02.06 11:56:03 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014.02.06 11:52:11 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014.02.06 11:49:03 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014.02.06 11:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014.02.06 11:48:11 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014.02.06 11:32:49 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014.02.06 11:17:15 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014.02.06 11:11:37 | 005,768,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014.02.06 11:01:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014.02.06 11:00:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014.02.06 10:57:13 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014.02.06 10:52:21 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014.02.06 10:50:32 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014.02.06 10:49:22 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014.02.06 10:47:22 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014.02.06 10:46:27 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014.02.06 10:25:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014.02.06 10:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014.02.06 09:40:06 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014.02.06 09:34:31 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014.02.05 18:29:40 | 000,214,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014.02.05 17:59:32 | 000,214,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2014.02.04 22:26:06 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014.02.04 22:26:06 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014.02.04 13:13:58 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014.02.01 23:03:10 | 000,001,198 | ---- | M] () -- C:\Windows\SysNative\RTCM_Config.ini
[2014.02.01 17:05:13 | 000,000,132 | ---- | M] () -- C:\Users\Šejpák\AppData\Roaming\Formát PNG Adobe CC – předvolby
[2014.02.01 17:03:45 | 000,001,100 | ---- | M] () -- C:\Users\Šejpák\Desktop\Adobe Photoshop CC (64 Bit).lnk
[2014.02.01 16:11:53 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
[2014.02.01 12:46:43 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014.01.30 19:19:59 | 000,000,606 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2014.01.30 19:01:40 | 000,002,155 | ---- | M] () -- C:\Users\Public\Desktop\Rise of Nations Gold.lnk
[2014.01.24 14:32:52 | 002,843,432 | ---- | M] (O&O Software GmbH) -- C:\Windows\SysNative\ooscrsav.scr
[2014.01.24 14:32:36 | 000,240,936 | ---- | M] (O&O Software GmbH) -- C:\Windows\SysNative\oodbs.exe
[2014.01.24 14:32:20 | 000,543,528 | ---- | M] (O&O Software GmbH) -- C:\Windows\SysNative\oodssrs.dll
[2014.01.24 14:32:14 | 000,010,536 | ---- | M] (O&O Software GmbH) -- C:\Windows\SysNative\oodbsrs.dll
[2014.01.21 07:28:21 | 000,000,625 | ---- | M] () -- C:\Users\Public\Desktop\4Story.lnk
[2014.01.21 03:53:40 | 001,048,152 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll
[2014.01.21 03:53:29 | 001,179,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspcap64.dll
[2014.01.16 15:42:34 | 000,000,222 | ---- | M] () -- C:\Users\Šejpák\Desktop\Total War ROME II.url
[2014.01.15 23:31:34 | 000,000,779 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 4.lnk
[2014.01.15 23:31:34 | 000,000,763 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk
[2014.01.15 23:31:05 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2014.01.15 21:05:24 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk

========== Files Created - No Company Name ==========

[2014.02.13 13:01:39 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014.02.13 12:54:42 | 005,081,176 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014.02.13 07:40:51 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2014.02.12 16:37:48 | 000,002,005 | ---- | C] () -- C:\Users\Šejpák\Desktop\ESET Smart Security.lnk
[2014.02.12 14:50:22 | 001,703,936 | ---- | C] () -- C:\Users\Šejpák\Desktop\Call of Duty(R) 2 Multiplayer.exe
[2014.02.11 16:12:35 | 000,000,646 | ---- | C] () -- C:\Users\Šejpák\Desktop\Call of Duty(R) 2 Singleplayer.lnk
[2014.02.11 14:47:41 | 000,000,256 | ---- | C] () -- C:\Windows\game.ini
[2014.02.10 14:06:21 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\O&O Defrag Tray.lnk
[2014.02.01 17:05:13 | 000,000,132 | ---- | C] () -- C:\Users\Šejpák\AppData\Roaming\Formát PNG Adobe CC – předvolby
[2014.02.01 16:44:16 | 000,001,100 | ---- | C] () -- C:\Users\Šejpák\Desktop\Adobe Photoshop CC (64 Bit).lnk
[2014.02.01 16:27:10 | 000,001,068 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC (64 Bit).lnk
[2014.02.01 16:26:49 | 000,001,204 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC.lnk
[2014.02.01 16:11:53 | 000,001,086 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
[2014.02.01 16:11:53 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
[2014.01.30 19:01:40 | 000,002,155 | ---- | C] () -- C:\Users\Public\Desktop\Rise of Nations Gold.lnk
[2014.01.21 07:28:21 | 000,000,625 | ---- | C] () -- C:\Users\Public\Desktop\4Story.lnk
[2014.01.16 13:12:32 | 000,000,222 | ---- | C] () -- C:\Users\Šejpák\Desktop\Total War ROME II.url
[2014.01.15 23:31:34 | 000,000,779 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 4.lnk
[2014.01.15 23:31:34 | 000,000,763 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk
[2014.01.15 21:05:24 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2014.01.11 12:20:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014.01.11 12:20:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014.01.11 12:20:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014.01.11 12:20:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014.01.11 12:20:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014.01.07 19:56:27 | 000,314,656 | ---- | C] () -- C:\Windows\SysWow64\NvIFROpenGL.dll
[2014.01.02 18:25:18 | 000,000,000 | ---- | C] () -- C:\Users\Šejpák\AppData\Local\Driver_LOM_8161Present.flag
[2013.12.31 01:07:14 | 000,007,605 | ---- | C] () -- C:\Users\Šejpák\AppData\Local\Resmon.ResmonCfg
[2013.12.30 10:20:20 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix108.dll
[2013.12.30 10:20:11 | 000,000,257 | ---- | C] () -- C:\Windows\Cm108.ini.cfl
[2013.12.30 10:20:07 | 000,002,029 | ---- | C] () -- C:\Windows\Cm108.ini.cfg
[2013.12.30 10:20:07 | 000,000,766 | ---- | C] () -- C:\Windows\Cm108.ini.imi
[2013.12.28 20:58:02 | 000,000,000 | ---- | C] () -- C:\Users\Šejpák\regbcm
[2013.12.27 02:21:01 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2013.12.25 20:53:57 | 000,214,392 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.12.25 20:53:55 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.12.25 00:28:55 | 000,000,161 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2013.12.24 20:20:14 | 001,559,268 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014.01.11 09:18:38 | 000,000,000 | ---D | M] -- C:\Users\Šejpák\AppData\Roaming\ESET
[2013.12.25 22:13:25 | 000,000,000 | ---D | M] -- C:\Users\Šejpák\AppData\Roaming\Origin
[2014.02.01 16:36:19 | 000,000,000 | ---D | M] -- C:\Users\Šejpák\AppData\Roaming\PDAppFlex
[2014.01.18 10:57:55 | 000,000,000 | ---D | M] -- C:\Users\Šejpák\AppData\Roaming\Publish Providers
[2014.01.19 23:28:42 | 000,000,000 | ---D | M] -- C:\Users\Šejpák\AppData\Roaming\Sony
[2014.01.18 10:51:51 | 000,000,000 | ---D | M] -- C:\Users\Šejpák\AppData\Roaming\TeamViewer
[2014.01.16 15:46:18 | 000,000,000 | ---D | M] -- C:\Users\Šejpák\AppData\Roaming\The Creative Assembly
[2014.02.02 20:24:52 | 000,000,000 | ---D | M] -- C:\Users\Šejpák\AppData\Roaming\TS3Client
[2013.12.24 23:58:02 | 000,000,000 | ---D | M] -- C:\Users\Šejpák\AppData\Roaming\Uniblue
[2013.12.29 17:22:53 | 000,000,000 | ---D | M] -- C:\Users\Šejpák\AppData\Roaming\Wargaming.net
[2014.02.12 18:41:01 | 000,000,000 | ---D | M] -- C:\Users\Šejpák\AppData\Roaming\{9620c625-c254-6b6a-3461-87549620c625}

========== Purity Check ==========

========== Custom Scans ==========

< >
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,544 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013.12.24 23:58:04 | 000,000,342 | ---- | C] () -- C:\Windows\Tasks\dsmonitor.job
[2013.12.25 01:27:53 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< >

< MD5 for: ATAPI.SYS >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010.11.21 04:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010.11.21 04:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2010.11.21 04:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010.11.21 04:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2010.11.21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010.11.21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010.11.21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2013.07.06 21:08:00 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2013.07.06 21:08:00 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2013.07.06 21:08:00 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2013.07.06 21:08:00 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2013.07.06 21:08:00 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2013.07.06 21:08:00 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2013.07.06 21:08:00 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: HAL.DLL >
[2010.11.21 04:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\SysNative\hal.dll
[2010.11.21 04:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll

< MD5 for: SCECLI.DLL >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache86\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\erdnt\cache64\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SERVICES.EXE >
[2009.07.14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009.07.14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009.07.14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2013.07.07 21:33:57 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[2013.09.08 03:30:37 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\erdnt\cache64\tcpip.sys
[2013.09.08 03:30:37 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\SysNative\drivers\tcpip.sys
[2013.09.08 03:30:37 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_1118bb977d265d27\tcpip.sys
[2010.11.21 04:24:08 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2013.09.07 03:27:48 | 001,896,896 | ---- | M] (Microsoft Corporation) MD5=75F9106B74585D38C8FF6BB5CAD262D7 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_11ad2a34963bde27\tcpip.sys
[2013.07.07 21:33:57 | 001,902,472 | ---- | M] (Microsoft Corporation) MD5=D5707FC2300AA5B04B7BFE86D40C0133 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys
[2013.11.26 12:34:34 | 001,897,408 | ---- | M] (Microsoft Corporation) MD5=F55B41AA6114568AC558ADBABDA85620 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22525_none_11c3cc3c962abcc3\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< >

< %systemroot%*.* /U /s >
[2 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[9 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[2 C:\Windows\temp\*.tmp files -> C:\Windows\temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2014.02.01 16:26:47 | 000,000,000 | ---D | M] -- C:\Users\Šejpák\AppData\Roaming\Adobe
[2014.01.11 09:18:38 | 000,000,000 | ---D | M] -- C:\Users\Šejpák\AppData\Roaming\ESET
[2013.12.24 19:36:48 | 000,000,000 | ---D | M] -- C:\Users\Šejpák\AppData\Roaming\Identities
[2014.01.04 19:38:02 | 000,000,000 | ---D | M] -- C:\Users\Šejpák\AppData\Roaming\InstallShield
[2013.12.27 00:01:46 | 000,000,000 | ---D | M] -- C:\Users\Šejpák\AppData\Roaming\Macromedia
[2014.02.13 00:11:39 | 000,000,000 | ---D | M] -- C:\Users\Šejpák\AppData\Roaming\Malwarebytes
[2010.11.21 10:38:07 | 000,000,000 | ---D | M] -- C:\Users\Šejpák\AppData\Roaming\Media Center Programs
[2014.02.05 20:03:41 | 000,000,000 | --SD | M] -- C:\Users\Šejpák\AppData\Roaming\Microsoft
[2014.01.30 19:03:56 | 000,000,000 | ---D | M] -- C:\Users\Šejpák\AppData\Roaming\Microsoft Games
[2013.12.27 00:13:23 | 000,000,000 | ---D | M] -- C:\Users\Šejpák\AppData\Roaming\NVIDIA
[2013.12.25 22:13:25 | 000,000,000 | ---D | M] -- C:\Users\Šejpák\AppData\Roaming\Origin
[2014.02.01 16:36:19 | 000,000,000 | ---D | M] -- C:\Users\Šejpák\AppData\Roaming\PDAppFlex
[2014.01.18 10:57:55 | 000,000,000 | ---D | M] -- C:\Users\Šejpák\AppData\Roaming\Publish Providers
[2014.02.13 12:58:36 | 000,000,000 | ---D | M] -- C:\Users\Šejpák\AppData\Roaming\Skype
[2014.01.19 23:28:42 | 000,000,000 | ---D | M] -- C:\Users\Šejpák\AppData\Roaming\Sony
[2014.01.12 15:43:46 | 000,000,000 | ---D | M] -- C:\Users\Šejpák\AppData\Roaming\SUPERAntiSpyware.com
[2014.01.18 10:51:51 | 000,000,000 | ---D | M] -- C:\Users\Šejpák\AppData\Roaming\TeamViewer
[2014.01.16 15:46:18 | 000,000,000 | ---D | M] -- C:\Users\Šejpák\AppData\Roaming\The Creative Assembly
[2014.02.02 20:24:52 | 000,000,000 | ---D | M] -- C:\Users\Šejpák\AppData\Roaming\TS3Client
[2013.12.24 23:58:02 | 000,000,000 | ---D | M] -- C:\Users\Šejpák\AppData\Roaming\Uniblue
[2013.12.29 17:22:53 | 000,000,000 | ---D | M] -- C:\Users\Šejpák\AppData\Roaming\Wargaming.net
[2013.12.24 23:57:24 | 000,000,000 | ---D | M] -- C:\Users\Šejpák\AppData\Roaming\WinRAR
[2014.02.12 18:41:01 | 000,000,000 | ---D | M] -- C:\Users\Šejpák\AppData\Roaming\{9620c625-c254-6b6a-3461-87549620c625}

< %APPDATA%\*.exe /s >
[2014.01.07 07:28:04 | 005,581,608 | ---- | M] (Uniblue Systems Ltd ) -- C:\Users\Šejpák\AppData\Roaming\Uniblue\DriverScanner\_temp\ub.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2014.02.13 07:26:00 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2014.02.13 12:54:54 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\dsmonitor.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2014.02.12 14:52:51 | 001,559,268 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2014.02.06 23:24:01 | 000,808,152 | ---- | M] (Microsoft Corporation) MD5=4263F6C131E513CEA1AE82B5B81A4E1A -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2014.02.02 00:42:39 | 000,866,632 | ---- | M] (Google Inc.) MD5=5640B4C10682FBC39C86C8C7A8392B5E -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014.02.13 13:01:39 | 000,000,512 | ---- | M] () MD5=4954649ED3870B8CF80C03BCF705EA7D -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2014.02.11 16:09:52 | 000,858,303 | ---- | M] () -- \Programy\Call-of-Duty-2-crack.rar
[2012.12.29 14:12:54 | 004,763,493 | ---- | M] () -- \Programy\GTA-SA-CRACK.rar
[2010.02.11 22:55:15 | 005,317,648 | ---- | M] () -- \Programy\Medieval_II_Total_war_Crack+CD-key.exe
[2012.11.26 19:47:24 | 035,090,280 | ---- | M] () -- \Programy\Virtual-DJ-Pro-7.0.3.-And-Crack.rar

< *keygen* /s >

< *loader* /s >
[2013.02.19 14:35:18 | 000,032,768 | ---- | M] () -- \Hry\4Story_CZ\TLoader.exe
[2013.12.27 00:43:48 | 000,419,232 | ---- | M] () -- \Hry\Assassin's Creed IV Black Flag\uplay_r1_loader.dll
[2014.01.02 22:46:58 | 000,400,912 | ---- | M] () -- \Hry\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\uplay_r1_loader.dll
[2003.09.15 14:02:00 | 000,169,384 | ---- | M] () -- \Hry\Valve\cstrike\models\qloader.mdl
[2003.09.15 13:55:50 | 000,352,548 | ---- | M] () -- \Hry\Valve\valve\models\loader.mdl
[2003.09.15 13:56:04 | 000,012,764 | ---- | M] () -- \Hry\Valve\valve\sound\ambience\loader_hydra1.wav
[2003.09.15 13:56:04 | 000,012,164 | ---- | M] () -- \Hry\Valve\valve\sound\ambience\loader_step1.wav
[2013.12.17 15:43:40 | 000,071,208 | ---- | M] () -- \Hry\World_of_Tanks\PhysXLoader.dll
[2013.12.17 15:43:40 | 000,002,221 | ---- | M] () -- \Hry\World_of_Tanks\res\scripts\client\gui\doc_loaders\graphicspresetsloader.pyc
[2013.12.17 15:43:40 | 000,007,015 | ---- | M] () -- \Hry\World_of_Tanks\res\scripts\client\gui\doc_loaders\guicolorsloader.pyc
[2013.12.17 15:43:40 | 000,003,974 | ---- | M] () -- \Hry\World_of_Tanks\res\scripts\client\gui\doc_loaders\guisoundsloader.pyc
[2013.12.17 15:43:40 | 000,006,629 | ---- | M] () -- \Hry\World_of_Tanks\res\scripts\client\gui\doc_loaders\logindataloader.pyc
[2013.12.17 15:43:40 | 000,002,773 | ---- | M] () -- \Hry\World_of_Tanks\res\scripts\client\gui\doc_loaders\windowsstoreddataloader.pyc
[2013.12.17 15:43:40 | 000,001,504 | ---- | M] () -- \Hry\World_of_Tanks\res\scripts\client\gui\scaleform\framework\entities\abstract\loadermanagermeta.pyc
[2013.12.17 15:43:40 | 000,006,542 | ---- | M] () -- \Hry\World_of_Tanks\res\scripts\client\gui\scaleform\framework\managers\loaders.pyc
[2013.12.17 15:43:40 | 000,003,668 | ---- | M] () -- \Hry\World_of_Tanks\res\scripts\client\helpers\rssdownloader.pyc
[2013.12.17 15:43:40 | 000,006,907 | ---- | M] () -- \Hry\World_of_Tanks\res\scripts\client\tutorial\loader.pyc
[2013.12.05 17:58:54 | 001,021,872 | ---- | M] () -- \Programy\N360Downloader.exe
[2013.12.05 17:58:54 | 001,021,872 | ---- | M] () -- \Programy\táta\N360Downloader.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 40 bytes -> C:\ProgramData:NT

< End of report >

#13 Příspěvek od **Rudy** » 13 úno 2014 18:52

Znovu spustte OTL
Do spodniho okna vlozte nasledujici text:

:OTL
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2287406693-4035591509-3392762823-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE11SR
O13 - gopher Prefix: missing
@Alternate Data Stream - 40 bytes -> C:\ProgramData:NT

:files
C:\Windows\AutoKMS.ini
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[Purity]
[CreateRestorePoint]

Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

S3jp4k · #14 Příspěvek od **S3jp4k** » 13 úno 2014 19:14

Zde je log :

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2287406693-4035591509-3392762823-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
ADS C:\ProgramData:NT deleted successfully.
========== FILES ==========
C:\Windows\AutoKMS.ini moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes

User: Šejpák
->Temp folder emptied: 4842457 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 84986846 bytes
->Flash cache emptied: 521 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 372642 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 86,00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: UpdatusUser

User: Šejpák
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 02132014_191118

Files\Folders moved on Reboot...
C:\Users\Šejpák\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Šejpák\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#15 Příspěvek od **Rudy** » 13 úno 2014 19:15

Smazáno. Nastala nějaká změna?

VIRY.CZ

Vir z Facebook

Vir z Facebook

Re: Vir z Facebook

Re: Vir z Facebook

Re: Vir z Facebook

Re: Vir z Facebook

Re: Vir z Facebook

Re: Vir z Facebook

Re: Vir z Facebook

Re: Vir z Facebook

Re: Vir z Facebook

Re: Vir z Facebook

Re: Vir z Facebook

Re: Vir z Facebook

Re: Vir z Facebook

Re: Vir z Facebook