Zdravím,
Poprosím o kontrolu logu z RSIT
Logfile of random's system information tool 1.10 (written by random/random)
Run by Aquapro at 2014-06-03 11:19:16
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 3 GB (10%) free of 30 GB
Total RAM: 1272 MB (50% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:20:11, on 3. 6. 2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TeamViewer\Version9\TeamViewer.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Aquapro\Downloads\RSIT.exe
C:\Program Files\trend micro\Aquapro.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dalesearch.com/?babsrc=HP_ss ... 0&tsp=5008
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Rich Media Downloader - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - C:\Users\Aquapro\AppData\Local\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WebCapture.dll2.htm
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WebCapture.dll1.htm
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WebCapture.dll.htm
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Rich Media Downloader - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - C:\Users\Aquapro\AppData\Local\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
--
End of file - 4370 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-04-14 462760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}]
Rich Media Downloader - C:\Users\Aquapro\AppData\Local\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-04-14 171944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe []
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2014-05-27 737872]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
======List of files/folders modified in the last 1 month======
2014-06-03 11:19:29 ----D---- C:\Windows\Prefetch
2014-06-03 11:19:24 ----D---- C:\Windows\temp
2014-06-03 11:19:20 ----D---- C:\Program Files\trend micro
2014-06-02 12:31:59 ----D---- C:\Windows\system32\config
2014-06-02 12:20:33 ----D---- C:\Windows\system32\catroot2
2014-06-02 12:20:25 ----SHD---- C:\System Volume Information
2014-06-02 09:19:34 ----D---- C:\ProgramData
2014-05-27 13:47:18 ----D---- C:\Windows\system32\catroot
2014-05-26 12:44:07 ----SHD---- C:\Windows\Installer
2014-05-26 12:44:07 ----D---- C:\Config.Msi
2014-05-26 12:44:05 ----D---- C:\Program Files\Common Files\Adobe
2014-05-14 10:43:36 ----D---- C:\Windows\System32
2014-05-14 10:43:22 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2014-05-09 08:11:00 ----RD---- C:\Program Files
2014-05-07 11:36:33 ----D---- C:\Windows\inf
2014-05-07 11:36:33 ----A---- C:\Windows\system32\PerfStringBackup.INI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2014-05-27 136216]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2013-10-01 37352]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2012-08-27 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2014-05-27 93528]
R2 DgiVecp;DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [2009-10-12 38400]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2012-12-12 5120]
R3 aeaudio;aeaudio; C:\Windows\system32\drivers\aeaudio.sys [2003-10-23 100384]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
R3 smwdm;smwdm; C:\Windows\system32\drivers\smwdm.sys [2004-04-15 612416]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 catchme;catchme; \??\C:\Users\Aquapro\AppData\Local\Temp\catchme.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 Point32;Microsoft Mouse and Keyboard Center Filter Driver; C:\Windows\system32\DRIVERS\point32.sys [2013-01-29 44144]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-14 9216]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-11 65640]
R2 AntiVirService;Avira Real-Time Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2014-05-27 430160]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2014-05-27 430160]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 TeamViewer9;TeamViewer 9; C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe [2014-04-25 5024576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-21 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14 257712]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-21 116648]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-01-21 1343400]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Preskakovanie klavesky, spomaleny PC
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119541
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Preskakovanie klavesky, spomaleny PC
Zdravím!
Jak na tom váš oper. systém s legalitou?
Jak na tom váš oper. systém s legalitou?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Preskakovanie klavesky, spomaleny PC
Zdravím,
Systém je legálny
Systém je legálny
-
Rudy
- Site Admin
- Příspěvky: 119541
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Preskakovanie klavesky, spomaleny PC
Zkusíme tento postup:
Stáhněte a spusťte OTL: http://oldtimer.geekstogo.com/OTL.exe . Spusťte, zaškrněte "Pro všechny uživatele", Kontrola na havěť LOP" a Kontrola na hvěť PURITY" a do dolního bílého okna zkopírujte:
Stáhněte a spusťte OTL: http://oldtimer.geekstogo.com/OTL.exe . Spusťte, zaškrněte "Pro všechny uživatele", Kontrola na havěť LOP" a Kontrola na hvěť PURITY" a do dolního bílého okna zkopírujte:
a klikněte na >Prohledat<. Dejte oba logy.CREATERESTOREPOINT
netsvcs
drivers32
savembr:0
/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop
%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5
%SystemDrive%\PhysicalMBR.bin /md5
*crack* /s
*keygen* /s
*loader* /s
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Preskakovanie klavesky, spomaleny PC
Zdravím
Posielam tie dva logy
OTL logfile created on: 5. 6. 2014 9:25:11 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Aquapro\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy
1,24 Gb Total Physical Memory | 0,34 Gb Available Physical Memory | 27,67% Memory free
2,48 Gb Paging File | 1,41 Gb Available in Paging File | 56,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 2,91 Gb Free Space | 9,95% Space Free | Partition Type: NTFS
Drive D: | 45,23 Gb Total Space | 30,64 Gb Free Space | 67,73% Space Free | Partition Type: NTFS
Computer Name: AQUAPRO-PC | User Name: Aquapro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/06/05 09:22:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Aquapro\Downloads\OTL (1).exe
PRC - [2014/05/27 13:45:35 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2014/05/27 13:45:15 | 000,425,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2014/05/27 13:45:10 | 000,737,872 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2014/05/27 13:45:10 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2014/05/14 01:40:56 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014/05/09 08:10:39 | 000,263,048 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe
PRC - [2014/04/25 11:56:12 | 012,971,328 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version9\TeamViewer.exe
PRC - [2014/04/25 11:56:12 | 005,024,576 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2014/04/25 11:42:00 | 000,238,400 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version9\tv_w32.exe
PRC - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/01/29 19:13:12 | 001,668,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
PRC - [2013/01/29 19:13:12 | 001,093,744 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
PRC - [2012/08/03 09:01:00 | 003,801,736 | ---- | M] (Ghisler Software GmbH) -- C:\totalcmd\TOTALCMD.EXE
PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2014/05/14 01:40:54 | 000,414,536 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppgooglenaclpluginchrome.dll
MOD - [2014/05/14 01:40:50 | 004,217,672 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll
MOD - [2014/05/14 01:40:43 | 001,732,424 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
MOD - [2013/03/04 10:25:00 | 000,193,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\d2574c8ae333ff959be2e0d83121ad10\CustomMarshalers.ni.dll
MOD - [2013/03/04 08:40:45 | 013,006,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\17e020ae92d7fab33bcc1c98b25019d0\System.Windows.Forms.ni.dll
MOD - [2013/03/04 08:40:14 | 001,651,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\dd57bc19f5807c6dbe8f88d4a23277f6\System.Drawing.ni.dll
MOD - [2013/03/04 08:37:15 | 007,025,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\713647b987b140a17e3c4ffe4c721f85\System.Core.ni.dll
MOD - [2013/03/04 08:36:49 | 009,000,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\964da027ebca3b263a05cadb8eaa20a3\System.ni.dll
MOD - [2013/03/04 08:36:23 | 014,415,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\246f1a5abb686b9dcdf22d3505b08cea\mscorlib.ni.dll
MOD - [2011/06/22 12:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2011/05/31 16:45:50 | 000,756,048 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2009/02/26 14:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
========== Services (SafeList) ==========
SRV - [2014/05/27 13:45:35 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014/05/27 13:45:10 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014/05/14 10:43:30 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/25 11:56:12 | 005,024,576 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/01/21 16:49:26 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Aquapro\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2014/05/27 13:45:11 | 000,136,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2014/05/27 13:45:10 | 000,093,528 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013/10/01 13:48:39 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/12/12 14:33:20 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.sys -- (SSPORT)
DRV - [2012/08/27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/11/20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/10/12 22:15:06 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2009/07/14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3035887750-930535871-2281112751-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dalesearch.com/?babsrc=HP_ss ... 0&tsp=5008
IE - HKU\S-1-5-21-3035887750-930535871-2281112751-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 BF 9D 85 50 AD CE 01 [binary data]
IE - HKU\S-1-5-21-3035887750-930535871-2281112751-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3035887750-930535871-2281112751-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-3035887750-930535871-2281112751-1002\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.dalesearch.com/?q={searchTer ... 0&tsp=5008
IE - HKU\S-1-5-21-3035887750-930535871-2281112751-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3035887750-930535871-2281112751-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
[2013/09/17 15:42:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/03/12 10:27:46 | 000,093,976 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\nppluginrichmediaplayer.dll
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Error reading preferences file
CHR - Extension: Dokumenty Google = C:\Users\Aquapro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\
CHR - Extension: Disk Google = C:\Users\Aquapro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Aquapro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: HÄľadaĹĄ v Google = C:\Users\Aquapro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: PeĹaĹľenka Google = C:\Users\Aquapro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Aquapro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Abstract-Blue = C:\Users\Aquapro\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnacehkknmafkjgkikclamogikoiaaa\1.1_0\
O1 HOSTS File: ([2013/01/21 14:22:38 | 000,000,864 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 validation.sls.microsoft.com
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Rich Media Downloader) - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - C:\Users\Aquapro\AppData\Local\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3035887750-930535871-2281112751-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3035887750-930535871-2281112751-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WebCapture.dll2.htm File not found
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WebCapture.dll1.htm File not found
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WebCapture.dll.htm File not found
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll File not found
O9 - Extra Button: Rich Media Downloader - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - C:\Users\Aquapro\AppData\Local\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52D93D49-56B4-4A68-B328-853B23519C88}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 30 Days ==========
[2014/06/05 09:24:54 | 000,000,000 | ---D | C] -- C:\_OTL
========== Files - Modified Within 30 Days ==========
[2014/06/05 09:30:19 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014/06/05 09:16:50 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/05 08:48:01 | 000,014,336 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/05 08:48:01 | 000,014,336 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/05 08:41:27 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/05 08:41:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/05 08:40:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/05 08:39:57 | 999,952,384 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/27 13:45:11 | 000,136,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2014/05/27 13:45:10 | 000,093,528 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2014/05/26 08:18:25 | 000,002,147 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/05/14 10:43:22 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/05/14 10:43:22 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/05/07 11:36:34 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/05/07 11:36:34 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
========== Files Created - No Company Name ==========
[2014/06/05 09:00:34 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013/11/11 14:47:26 | 000,000,132 | ---- | C] () -- C:\Users\Aquapro\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013/08/13 15:19:07 | 000,153,151 | ---- | C] () -- C:\Users\Aquapro\Karol Roubal.jpeg
[2013/03/12 08:17:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/03/12 08:17:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/03/12 08:17:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/03/12 08:17:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/03/12 08:17:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/02/08 12:33:29 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2013/02/08 12:28:56 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2013/01/28 14:16:47 | 000,022,723 | ---- | C] () -- C:\Windows\System32\ssw1ml3.dll
[2013/01/22 10:16:12 | 000,036,864 | ---- | C] () -- C:\Windows\System32\SvcMan.exe
[2013/01/22 10:11:45 | 000,471,040 | ---- | C] () -- C:\Windows\ssndii.exe
[2013/01/22 10:07:42 | 000,124,792 | ---- | C] () -- C:\Windows\WiaInst.exe
[2013/01/22 10:07:21 | 000,011,264 | R--- | C] () -- C:\Windows\System32\sssegfilter.dll
[2013/01/22 10:07:20 | 000,027,136 | R--- | C] () -- C:\Windows\System32\ssimgfilter.dll
[2013/01/22 10:07:20 | 000,010,752 | R--- | C] () -- C:\Windows\System32\sserrhandler.dll
[2013/01/22 10:07:19 | 000,217,088 | R--- | C] () -- C:\Windows\System32\ssminidriver.dll
[2012/12/12 14:30:44 | 000,094,208 | ---- | C] () -- C:\Windows\System32\ssdevm.dll
========== ZeroAccess Check ==========
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013/11/11 14:12:05 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\Azureus
[2013/09/17 15:39:50 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\Babylon
[2013/09/17 14:53:59 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\BSplayer
[2013/09/17 14:52:30 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\BSplayer Pro
[2013/01/21 15:55:26 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\GHISLER
[2013/02/28 14:48:47 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\IrfanView
[2013/10/16 13:51:34 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\Notepad++
[2013/08/20 11:53:25 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\OpenOffice
[2013/03/20 10:50:17 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\Opera
[2013/09/17 14:54:19 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\Radiocom
[2013/02/04 16:13:20 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\Samsung
[2013/06/13 07:55:24 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\Softplicity
[2014/05/02 08:13:39 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\Solvusoft
[2013/10/30 15:04:21 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\Stylus Studio
[2013/09/17 15:48:37 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\Systweak
[2014/04/14 10:50:51 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\TeamViewer
[2013/03/11 11:56:31 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\TestApp
========== Purity Check ==========
========== Custom Scans ==========
< >
[2009/07/14 06:53:46 | 000,032,584 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2013/01/21 11:54:37 | 000,000,922 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013/01/21 11:54:38 | 000,000,926 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013/01/21 15:51:39 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
< >
< MD5 for: ATAPI.SYS >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\erdnt\cache\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2010/11/20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe
[2010/11/20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe
< MD5 for: CDROM.SYS >
[2009/07/14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
[2010/11/20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010/11/20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010/11/20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys
< MD5 for: EXPLORER.EXE >
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\erdnt\cache\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
< MD5 for: HAL.DLL >
[2010/11/20 14:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\System32\hal.dll
[2010/11/20 14:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll
[2009/07/14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll
< MD5 for: SCECLI.DLL >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
< MD5 for: SERVICES.EXE >
[2009/07/14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\erdnt\cache\services.exe
[2009/07/14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
< MD5 for: TCPIP.SYS >
[2011/04/25 06:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2011/04/25 06:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009/07/14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010/11/20 14:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2012/03/30 12:29:05 | 001,287,024 | ---- | M] (Microsoft Corporation) MD5=55E9965552741F3850CB22CBBA9671ED -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_b2f57423c7b8dea8\tcpip.sys
[2011/04/25 08:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2012/03/30 12:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\erdnt\cache\tcpip.sys
[2012/03/30 12:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\System32\drivers\tcpip.sys
[2012/03/30 12:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_b52e5147c4a202d7\tcpip.sys
[2011/04/25 06:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2012/03/30 11:04:23 | 001,306,480 | ---- | M] (Microsoft Corporation) MD5=88FCDB9923EFECA207B3CEBD24407126 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_b583df0adde66104\tcpip.sys
[2012/03/30 12:08:19 | 001,303,408 | ---- | M] (Microsoft Corporation) MD5=E47C2844A1605A44178F4281E4D58B3D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_b38bb990e0ccc871\tcpip.sys
< MD5 for: USERINIT.EXE >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\erdnt\cache\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
< >
< %systemroot%*.* /U /s >
[4 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[4 C:\Windows\temp\*.tmp files -> C:\Windows\temp\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2013/11/12 11:53:46 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\Adobe
[2013/05/20 07:39:44 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\Avira
[2013/03/06 09:46:41 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\AVS4YOU
[2013/11/11 14:12:05 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\Azureus
[2013/09/17 15:39:50 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\Babylon
[2013/09/17 14:53:59 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\BSplayer
[2013/09/17 14:52:30 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\BSplayer Pro
[2013/01/21 15:55:26 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\GHISLER
[2013/01/21 11:45:55 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\Identities
[2013/02/28 14:48:47 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\IrfanView
[2009/07/14 09:48:45 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\Media Center Programs
[2013/11/11 14:59:25 | 000,000,000 | --SD | M] -- C:\Users\Aquapro\AppData\Roaming\Microsoft
[2013/10/16 13:51:34 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\Notepad++
[2013/08/20 11:53:25 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\OpenOffice
[2013/03/20 10:50:17 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\Opera
[2013/09/17 14:54:19 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\Radiocom
[2013/02/04 16:13:20 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\Samsung
[2013/06/13 07:55:24 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\Softplicity
[2014/05/02 08:13:39 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\Solvusoft
[2013/10/30 15:04:21 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\Stylus Studio
[2013/09/17 15:48:37 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\Systweak
[2014/04/14 10:50:51 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\TeamViewer
[2013/03/11 11:56:31 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\TestApp
[2013/01/22 09:25:34 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\WinRAR
< %APPDATA%\*.exe /s >
[2013/01/21 13:44:33 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Aquapro\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
[2009/08/11 21:21:26 | 000,087,552 | ---- | M] () -- C:\Users\Aquapro\AppData\Roaming\BSplayer\AC3 Filter\ac3config.exe
[2009/08/11 21:21:30 | 000,090,112 | ---- | M] () -- C:\Users\Aquapro\AppData\Roaming\BSplayer\AC3 Filter\spdif_test.exe
[2010/03/22 14:52:04 | 000,697,690 | ---- | M] () -- C:\Users\Aquapro\AppData\Roaming\BSplayer\AC3 Filter\unins000.exe
[2012/10/11 09:01:20 | 001,175,371 | ---- | M] () -- C:\Users\Aquapro\AppData\Roaming\BSplayer\FFDShow\unins000.exe
[2010/08/14 10:42:54 | 000,113,152 | ---- | M] () -- C:\Users\Aquapro\AppData\Roaming\BSplayer\Haali media splitter\dsmux.exe
[2010/08/14 10:45:10 | 000,358,400 | ---- | M] () -- C:\Users\Aquapro\AppData\Roaming\BSplayer\Haali media splitter\gdsmux.exe
[2010/08/14 10:42:06 | 000,137,728 | ---- | M] () -- C:\Users\Aquapro\AppData\Roaming\BSplayer\Haali media splitter\mkv2vfr.exe
[2010/09/30 15:30:22 | 000,042,305 | ---- | M] () -- C:\Users\Aquapro\AppData\Roaming\BSplayer\Haali media splitter\uninstall.exe
[2013/02/07 11:45:34 | 000,022,486 | R--- | M] () -- C:\Users\Aquapro\AppData\Roaming\Microsoft\Installer\{5FF3B3AC-57B8-4DAA-915C-D580D1B72716}\_B9D5F7C55C2563F1929ED8.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 03:15:20 | 000,380,957 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\expsrv.dll
< %systemroot%\Tasks\*.job >
[2014/06/05 09:41:47 | 000,000,830 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2014/06/05 08:41:27 | 000,000,922 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2014/06/05 09:16:50 | 000,000,926 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 03:15:20 | 000,380,957 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\expsrv.dll
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2014/06/05 08:48:01 | 000,014,336 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/05 08:48:01 | 000,014,336 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
< %SYSTEMDRIVE%\*.exe >
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
< >
< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2013/01/21 16:55:34 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=B201AF83DF2E85323E29EB83E4046810 -- C:\Program Files\Internet Explorer\iexplore.exe
< %PROGRAMFILES%\Opera\opera.exe /md5 >
[2013/03/20 10:49:51 | 000,879,456 | ---- | M] (Opera Software) MD5=2ABD166EC31BE154D8CBEEC5D7F5714C -- C:\Program Files\Opera\opera.exe
< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2014/05/14 01:40:56 | 000,860,488 | ---- | M] (Google Inc.) MD5=1620FE36666F4BBC2314B7F360FB1965 -- C:\Program Files\Google\Chrome\Application\chrome.exe
< >
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014/06/05 09:30:19 | 000,000,512 | ---- | M] () MD5=A67192784F19B9F86A3D988D1F4CBCBE -- C:\PhysicalMBR.bin
< >
< *crack* /s >
< *keygen* /s >
< *loader* /s >
[2014/05/27 13:45:16 | 000,044,112 | ---- | M] () -- \Program Files\Avira\AntiVir Desktop\avwebloader.dll
[2014/05/27 13:45:17 | 000,494,672 | ---- | M] () -- \Program Files\Avira\AntiVir Desktop\avwebloader.exe
[2014/05/27 13:45:17 | 000,193,104 | ---- | M] () -- \Program Files\Avira\AntiVir Desktop\avwebloadergui.dll
[2012/02/23 08:11:56 | 000,078,336 | ---- | M] () -- \Program Files\Common Files\Adobe\dynamiclinkmediaserver\1.0\MXF_SDK_MetaMetadata_BinaryLoader_4.4.3.dll
[2012/02/23 08:11:56 | 000,155,136 | ---- | M] () -- \Program Files\Common Files\Adobe\dynamiclinkmediaserver\1.0\MXF_SDK_MetaMetadata_XSDLoader2_4.4.3.dll
[2012/02/23 08:11:56 | 000,117,248 | ---- | M] () -- \Program Files\Common Files\Adobe\dynamiclinkmediaserver\1.0\MXF_SDK_MetaMetadata_XSDLoader_4.4.3.dll
[2006/10/26 14:40:34 | 000,057,344 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006/10/26 14:40:34 | 000,005,120 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2011/07/18 23:33:32 | 000,008,787 | ---- | M] () -- \Program Files\Notepad++\user.manual\sites\all\modules\fancy_login\images\ajax-loader.gif
[2013/07/10 22:08:32 | 000,029,696 | ---- | M] () -- \Program Files\OpenOffice 4\program\javaloader.uno.dll
[2013/07/16 15:31:10 | 000,005,813 | ---- | M] () -- \Program Files\OpenOffice 4\program\pythonloader.py
[2013/07/10 22:08:34 | 000,020,992 | ---- | M] () -- \Program Files\OpenOffice 4\program\pythonloader.uno.dll
[2013/07/16 16:44:12 | 000,000,171 | ---- | M] () -- \Program Files\OpenOffice 4\program\pythonloader.uno.ini
[2013/07/16 15:21:10 | 000,003,868 | ---- | M] () -- \Program Files\OpenOffice 4\program\classes\unoloader.jar
[2013/07/10 15:46:18 | 000,013,420 | ---- | M] () -- \Program Files\OpenOffice 4\program\python-core-2.7.5\lib\unittest\loader.py
[2010/06/28 11:01:54 | 000,032,509 | ---- | M] () -- \Program Files\Stylus Studio X15 XML Enterprise Suite\Components\DataDirect XQuery\examples\DataLoader\dataloader.jar
[2013/09/17 15:40:38 | 000,001,048 | ---- | M] () -- \Users\Aquapro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FU93LIYK\downloader[1].htm
[2013/09/18 07:42:03 | 000,019,497 | ---- | M] () -- \Users\Aquapro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FU93LIYK\loader[1].gif
[2013/09/17 15:40:08 | 000,001,048 | ---- | M] () -- \Users\Aquapro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M491K0X8\downloader[1].htm
[2013/09/17 14:50:08 | 000,022,002 | ---- | M] () -- \Users\Aquapro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M491K0X8\ProgressLoader[1].gif
[2013/09/17 15:37:44 | 000,077,247 | ---- | M] () -- \Users\Aquapro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M491K0X8\universaldownloader-prefetch[1].htm
[2013/01/21 11:48:48 | 000,002,545 | ---- | M] () -- \Users\Aquapro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E54JQN1L\ajax-loader[1].gif
[2013/01/21 11:46:48 | 000,016,948 | ---- | M] () -- \Users\Aquapro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E54JQN1L\loader[1].gif
[2013/01/21 11:49:55 | 000,003,705 | ---- | M] () -- \Users\Aquapro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q6OI7UB8\lang_loader[1].gif
[2013/07/03 13:51:14 | 000,155,928 | ---- | M] () -- \Users\Aquapro\AppData\Local\Rich Media Player\{B1820CFD-FC69-4DEF-8388-6E80E20E5731}\IE\RichMediaDownloader.dll
[2013/09/17 14:49:57 | 000,006,494 | ---- | M] () -- \Users\Aquapro\AppData\Local\Temp\avg_a01676\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\skin\ajax-loader.gif
[2013/09/17 14:49:58 | 000,000,729 | ---- | M] () -- \Users\Aquapro\AppData\Local\Temp\avg_a01676\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\skin\loader.gif
[2013/09/17 14:49:58 | 000,019,497 | ---- | M] () -- \Users\Aquapro\AppData\Local\Temp\avg_a01676\ProgFiles\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\loader.gif
[2013/09/17 14:50:30 | 000,006,494 | ---- | M] () -- \Users\Aquapro\AppData\Local\Temp\avg_a02384\ProgData\AVG SafeGuard toolbar\FireFoxExt\15.4.0.5\modules\skin\ajax-loader.gif
[2013/09/17 14:50:30 | 000,000,729 | ---- | M] () -- \Users\Aquapro\AppData\Local\Temp\avg_a02384\ProgData\AVG SafeGuard toolbar\FireFoxExt\15.4.0.5\modules\skin\loader.gif
[2013/09/17 14:50:30 | 000,019,497 | ---- | M] () -- \Users\Aquapro\AppData\Local\Temp\avg_a02384\ProgFiles\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\loader.gif
[2013/07/23 11:49:28 | 000,051,005 | ---- | M] () -- \Users\Aquapro\AppData\Local\Temp\scoped_dir_3652_4340\richmediadownloader.crx
[2013/09/17 14:53:54 | 000,085,784 | ---- | M] () -- \Users\Aquapro\AppData\Local\Temp\scoped_dir_3652_4340\CRX_INSTALL\nprichmediadownloader.dll
[2013/09/17 14:50:30 | 000,019,497 | ---- | M] () -- \Users\Aquapro\AppData\Local\Temp\UninstallRes\ClientPackage\Images\uninstall\loader.gif
[2012/10/04 18:40:37 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009/07/14 06:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2009/07/14 06:56:40 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009/07/14 06:56:40 | 000,033,344 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winload.exe.mui_3bc5b827
[2009/07/14 06:56:40 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winresume.exe.mui_ff8b5358
[2013/02/08 13:58:29 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2013/02/08 13:58:29 | 000,508,904 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winload.exe_75835076
[2013/02/08 13:58:29 | 000,442,720 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winresume.exe_85cd1215
[2009/07/14 04:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009/07/14 04:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2009/07/14 04:29:12 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009/07/14 03:47:46 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009/08/19 09:38:48 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2009/08/19 09:21:21 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20509_none_5be12f8ee6d3987e.manifest
[2010/11/20 06:02:40 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2009/07/14 03:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009/07/14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 18:45:38 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17135_none_0abe3b21dcfb1c4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 18:48:05 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21335_none_0b47d9d2f618b93c\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 18:40:37 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_0c845227da39a5ef\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 18:29:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_0d3906c4f3370937\api-ms-win-core-libraryloader-l1-1-0.dll
========== Files - Unicode (All) ==========
[2013/09/27 08:56:35 | 098,009,570 | ---- | M] ()(C:\Windows\System32\???v) -- C:\Windows\System32\㦲翷v
[2013/09/27 08:56:35 | 098,009,570 | ---- | C] ()(C:\Windows\System32\???v) -- C:\Windows\System32\㦲翷v
[2013/09/25 13:38:42 | 097,729,025 | ---- | M] ()(C:\Windows\System32\???n) -- C:\Windows\System32\㪷䘒n
[2013/09/25 13:38:42 | 097,729,025 | ---- | C] ()(C:\Windows\System32\???n) -- C:\Windows\System32\㪷䘒n
[2013/09/13 07:43:15 | 097,443,711 | ---- | M] ()(C:\Windows\System32\???s) -- C:\Windows\System32\쒝s
[2013/09/13 07:43:15 | 097,443,711 | ---- | C] ()(C:\Windows\System32\???s) -- C:\Windows\System32\쒝s
[2013/09/05 13:41:10 | 096,044,050 | ---- | M] ()(C:\Windows\System32\???~) -- C:\Windows\System32\霷炓~
[2013/09/05 13:41:10 | 096,044,050 | ---- | C] ()(C:\Windows\System32\???~) -- C:\Windows\System32\霷炓~
========== Alternate Data Streams ==========
@Alternate Data Stream - 176 bytes -> C:\Users\Aquapro\Karol Roubal.jpeg:3or4kl4x13tuuug3Byamue2s4b
< End of report >
OTL Extras logfile created on: 5. 6. 2014 9:25:11 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Aquapro\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy
1,24 Gb Total Physical Memory | 0,34 Gb Available Physical Memory | 27,67% Memory free
2,48 Gb Paging File | 1,41 Gb Available in Paging File | 56,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 2,91 Gb Free Space | 9,95% Space Free | Partition Type: NTFS
Drive D: | 45,23 Gb Total Space | 30,64 Gb Free Space | 67,73% Space Free | Partition Type: NTFS
Computer Name: AQUAPRO-PC | User Name: Aquapro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
[HKEY_USERS\S-1-5-21-3035887750-930535871-2281112751-1002\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015E7412-40E1-406F-81A5-BF8B4A9B6126}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{017355C6-F7CC-42A9-A1C6-965FFE8B56D2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0DD23A1A-4449-44B8-98B7-0719793FE7BB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1F5FFF54-BBE4-450E-97E7-9ADD66FA12CA}" = lport=139 | protocol=6 | dir=in | app=system |
"{22E4098E-D83D-49B0-BAB9-8C73B76C5DFE}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{282EB62F-54AE-43CA-AAC4-F2A7DF128273}" = rport=10243 | protocol=6 | dir=out | app=system |
"{33968FDD-52C2-4D36-B36A-4410BE596183}" = lport=138 | protocol=17 | dir=in | app=system |
"{3B92F708-7833-4B29-96DF-3FB8B0BBCA5E}" = rport=137 | protocol=17 | dir=out | app=system |
"{3F84B0F2-3ED4-42E6-9F50-883266D75BF7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5DF3E32B-25FA-4498-9D8E-C64BCBB833D4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5F1AA003-C8D5-4CB4-B4F1-21D0197ABABE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{68A0E905-1525-43AD-8C77-873D04C90C8E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6DC9D8C7-C589-42A3-96FB-5E5C59BEE166}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6F8B7B77-BEC7-4211-A044-10CD5A502004}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{71037E7B-C954-418C-A80D-6A497FC4D803}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{80EA1571-91C7-41A4-A532-F82771F9C00D}" = lport=137 | protocol=17 | dir=in | app=system |
"{997016DD-7A74-478F-A127-9EFD9D0E2249}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A028FA4C-7A2A-4789-ADD9-F91680BD8A17}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A285D855-ADB8-4271-8BC9-5D686CEB4045}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A927027C-F18B-4210-950A-C86C6CE57635}" = rport=445 | protocol=6 | dir=out | app=system |
"{CFF8F688-3D77-49D3-89CF-291D8ABFDD29}" = lport=445 | protocol=6 | dir=in | app=system |
"{D09293CA-C808-4519-A3F9-3A525BDE8082}" = rport=138 | protocol=17 | dir=out | app=system |
"{D263C3E9-B5ED-4360-8AD5-5688DDF13FB6}" = rport=139 | protocol=6 | dir=out | app=system |
"{D29AC45E-8CDE-4330-B9B5-C52DAE25A33F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D6112C85-CA94-428D-AEB7-208A8434B227}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{DD9E6A74-B545-4B11-8222-F574F96E83BE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E18A477B-95DC-49EE-8D3A-A0C3F8043C38}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F0ED6AE8-302A-41CD-A399-AC0A71843E50}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F54E6C70-D2DC-4398-ACD4-B1D47C47A7E3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F93B36FC-A09E-4D0C-BF2E-0F328353E446}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FBECBEAF-B913-4C0F-9830-0DA14C28DF4A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FF4FCE12-2CDC-434F-A3B3-BCB8A60C3657}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05355789-26D8-4DAC-96B6-882C6EB59F9A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1965D479-239B-4062-A654-797A01CD7DB8}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version9\teamviewer.exe |
"{1EBA1E9C-FBF6-4B36-B4DB-9871F2EFB3CD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{228AB0D0-AD96-46D9-937B-4C272260881E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{31E228F8-BAC6-43A1-99A8-F3F4A4D9D59C}" = protocol=17 | dir=in | app=c:\users\aquapro\downloads\sweetimsetup (1).exe |
"{3B61501C-897D-4629-9E41-EBB583443812}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3B94BE2A-C207-456B-973A-74FBA559A6F6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{46908616-E4D8-47BA-8A28-7546FDBEADBF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{47A5D151-297E-4DFD-B024-3C8D0D055E68}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{54D91071-7F55-4C7F-A510-F070A96EB8CE}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{684CE5F1-ACCA-42E3-9BF6-D99D1ACCD8FA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6E6DDE3E-75AB-4251-8A94-8C281D47A33C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{727141CC-FD1B-4B6B-9E78-B2BE5D42A42C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8436B5FF-3F27-4D1C-A71D-46ACC70867A1}" = protocol=6 | dir=out | app=system |
"{9BD28123-21BC-47FB-AE7A-292F5337B9E3}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{A8A5E9BE-41DE-4EA2-90C4-44815EEB10A3}" = protocol=17 | dir=in | app=c:\program files\samsung\easy printer manager\uninstall.exe |
"{B3AB4959-3607-4296-AB4E-BA191C578E23}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BC902854-5351-4FEC-B8B7-6DA3D07761A0}" = protocol=6 | dir=in | app=c:\program files\samsung\easy printer manager\uninstall.exe |
"{BC9AF06F-F068-4FA3-AF27-96815ADCC95A}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version9\teamviewer_service.exe |
"{BDBCD9DE-8173-494D-8490-C9F6B797B9D7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C0D3319C-08C7-409F-84FA-25FBDB58B3B9}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{C4E5EEDB-AF80-40D6-822E-30160682433D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D055067A-D3BD-48BF-8E54-A497C7C42BA0}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version9\teamviewer_service.exe |
"{DDD3EEB3-31AF-499D-8A8C-C959FF771105}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E61F9B0C-1E57-40E8-9E6F-942787BFE28A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E6526107-DF7A-4DCB-92AC-DFC300093CF8}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version9\teamviewer.exe |
"{EE955526-CBC2-4812-877F-9A8AC5B7DA5F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F55E4066-1BD2-49BA-97F0-AE3D4661310D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F7A81FDD-57F0-407B-BF69-BFE825EC2A9A}" = protocol=6 | dir=in | app=c:\users\aquapro\downloads\sweetimsetup (1).exe |
"TCP Query User{F60B9329-2B56-4C2E-AB78-0868CAA61117}C:\program files\stylus studio 2009 release 2 xml enterprise suite\bin\struzzo.exe" = protocol=6 | dir=in | app=c:\program files\stylus studio 2009 release 2 xml enterprise suite\bin\struzzo.exe |
"UDP Query User{A25C0B2B-2531-4670-ACE6-27B856697C29}C:\program files\stylus studio 2009 release 2 xml enterprise suite\bin\struzzo.exe" = protocol=17 | dir=in | app=c:\program files\stylus studio 2009 release 2 xml enterprise suite\bin\struzzo.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 55
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{50D887F4-9A93-46BD-AFA1-60C611A9990F}" = Stylus Studio X15 XML Enterprise Suite
"{5FF3B3AC-57B8-4DAA-915C-D580D1B72716}" = Datecs
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_PROPLUS_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_PROPLUS_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_PROPLUS_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_PROPLUS_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_PROPLUS_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_PROPLUS_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_PROPLUS_{0B7A4B67-2A38-42B1-9857-662FAB361E08}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_PROPLUS_{FDF9A959-241A-4662-A8DE-7DED9C22D160}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_PROPLUS_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_PROPLUS_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{B645BA5F-A4CD-44B8-BE37-A0F6BDF4A6D3}" = OpenOffice 4.0.0
"{B8EC0AD1-E8E3-42C3-9BAB-6A14E96FD136}" = Microsoft Mouse and Keyboard Center
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FD3E4B4E-9486-4556-96C5-5B7DD0101D63}" = ExpressShip
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"BSPlayerf" = BS.Player FREE
"Google Chrome" = Google Chrome
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Notepad++" = Notepad++
"Opera 12.14.1738" = Opera 12.14
"PROPLUS" = Microsoft Office Professional Plus 2007
"Samsung SCX-4x21 Series" = Samsung SCX-4x21 Series
"TeamViewer 9" = TeamViewer 9
"Totalcmd" = Total Commander (Remove or Repair)
"WinRAR archiver" = WinRAR 4.20 (32-bit)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15. 5. 2014 18:33:43 | Computer Name = Aquapro-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\totalcmd\TCUNIN64.EXE".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 18. 5. 2014 3:21:31 | Computer Name = Aquapro-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\totalcmd\TCUNIN64.EXE".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 20. 5. 2014 2:26:10 | Computer Name = Aquapro-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\totalcmd\TCUNIN64.EXE".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 26. 5. 2014 3:02:53 | Computer Name = Aquapro-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\totalcmd\TCUNIN64.EXE".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 26. 5. 2014 6:44:05 | Computer Name = Aquapro-PC | Source = MsiInstaller | ID = 11706
Description =
Error - 27. 5. 2014 2:39:44 | Computer Name = Aquapro-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\totalcmd\TCUNIN64.EXE".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 28. 5. 2014 6:03:45 | Computer Name = Aquapro-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\totalcmd\TCUNIN64.EXE".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 3. 6. 2014 4:06:47 | Computer Name = Aquapro-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\totalcmd\TCUNIN64.EXE".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 4. 6. 2014 5:12:32 | Computer Name = Aquapro-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\totalcmd\TCUNIN64.EXE".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 5. 6. 2014 3:21:59 | Computer Name = Aquapro-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: d1c Start Time:
01cf808ad166608d Termination Time: 36 Application Path: C:\Users\Aquapro\Downloads\OTL.exe
Report
Id:
[ OSession Events ]
Error - 28. 1. 2013 9:46:37 | Computer Name = Aquapro-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.4518.1014. This session lasted 2369
seconds with 0 seconds of active time. This session ended with a crash.
Error - 4. 2. 2014 10:04:41 | Computer Name = Aquapro-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6611.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 21737
seconds with 1020 seconds of active time. This session ended with a crash.
Error - 11. 2. 2014 9:18:18 | Computer Name = Aquapro-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 22
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 13. 1. 2014 2:46:09 | Computer Name = Aquapro-PC | Source = Service Control Manager | ID = 7001
Description = Spustenie služby Peer Networking Identity Manager, od ktorej závisí
služba Peer Networking Grouping, zlyhalo kvôli nasledujúcej chybe: %%1053
Error - 13. 1. 2014 2:46:09 | Computer Name = Aquapro-PC | Source = Service Control Manager | ID = 7001
Description = Spustenie služby Peer Networking Identity Manager, od ktorej závisí
služba Peer Name Resolution Protocol, zlyhalo kvôli nasledujúcej chybe: %%1053
Error - 13. 1. 2014 7:59:41 | Computer Name = Aquapro-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.
Error - 15. 1. 2014 8:34:00 | Computer Name = Aquapro-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.
Error - 16. 1. 2014 4:46:30 | Computer Name = Aquapro-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.
Error - 17. 1. 2014 2:41:33 | Computer Name = Aquapro-PC | Source = Service Control Manager | ID = 7011
Description = Počas čakania na odpoveď transakcie od služby Netman bol dosiahnutý
časový limit (30000 ms).
Error - 17. 1. 2014 2:41:33 | Computer Name = Aquapro-PC | Source = Service Control Manager | ID = 7000
Description = Spustenie služby Network Connections zlyhalo kvôli nasledujúcej chybe:
%%1053
Error - 17. 1. 2014 2:41:33 | Computer Name = Aquapro-PC | Source = Service Control Manager | ID = 7001
Description = Spustenie služby Network Connections, od ktorej závisí služba Internet
Connection Sharing (ICS), zlyhalo kvôli nasledujúcej chybe: %%1053
Error - 17. 1. 2014 8:05:58 | Computer Name = Aquapro-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.
Error - 21. 1. 2014 4:52:10 | Computer Name = Aquapro-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.
< End of report >
Posielam tie dva logy
OTL logfile created on: 5. 6. 2014 9:25:11 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Aquapro\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy
1,24 Gb Total Physical Memory | 0,34 Gb Available Physical Memory | 27,67% Memory free
2,48 Gb Paging File | 1,41 Gb Available in Paging File | 56,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 2,91 Gb Free Space | 9,95% Space Free | Partition Type: NTFS
Drive D: | 45,23 Gb Total Space | 30,64 Gb Free Space | 67,73% Space Free | Partition Type: NTFS
Computer Name: AQUAPRO-PC | User Name: Aquapro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/06/05 09:22:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Aquapro\Downloads\OTL (1).exe
PRC - [2014/05/27 13:45:35 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2014/05/27 13:45:15 | 000,425,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2014/05/27 13:45:10 | 000,737,872 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2014/05/27 13:45:10 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2014/05/14 01:40:56 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014/05/09 08:10:39 | 000,263,048 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe
PRC - [2014/04/25 11:56:12 | 012,971,328 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version9\TeamViewer.exe
PRC - [2014/04/25 11:56:12 | 005,024,576 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2014/04/25 11:42:00 | 000,238,400 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version9\tv_w32.exe
PRC - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/01/29 19:13:12 | 001,668,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
PRC - [2013/01/29 19:13:12 | 001,093,744 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
PRC - [2012/08/03 09:01:00 | 003,801,736 | ---- | M] (Ghisler Software GmbH) -- C:\totalcmd\TOTALCMD.EXE
PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2014/05/14 01:40:54 | 000,414,536 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppgooglenaclpluginchrome.dll
MOD - [2014/05/14 01:40:50 | 004,217,672 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll
MOD - [2014/05/14 01:40:43 | 001,732,424 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
MOD - [2013/03/04 10:25:00 | 000,193,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\d2574c8ae333ff959be2e0d83121ad10\CustomMarshalers.ni.dll
MOD - [2013/03/04 08:40:45 | 013,006,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\17e020ae92d7fab33bcc1c98b25019d0\System.Windows.Forms.ni.dll
MOD - [2013/03/04 08:40:14 | 001,651,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\dd57bc19f5807c6dbe8f88d4a23277f6\System.Drawing.ni.dll
MOD - [2013/03/04 08:37:15 | 007,025,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\713647b987b140a17e3c4ffe4c721f85\System.Core.ni.dll
MOD - [2013/03/04 08:36:49 | 009,000,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\964da027ebca3b263a05cadb8eaa20a3\System.ni.dll
MOD - [2013/03/04 08:36:23 | 014,415,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\246f1a5abb686b9dcdf22d3505b08cea\mscorlib.ni.dll
MOD - [2011/06/22 12:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2011/05/31 16:45:50 | 000,756,048 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2009/02/26 14:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
========== Services (SafeList) ==========
SRV - [2014/05/27 13:45:35 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014/05/27 13:45:10 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014/05/14 10:43:30 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/25 11:56:12 | 005,024,576 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/01/21 16:49:26 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Aquapro\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2014/05/27 13:45:11 | 000,136,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2014/05/27 13:45:10 | 000,093,528 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013/10/01 13:48:39 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/12/12 14:33:20 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.sys -- (SSPORT)
DRV - [2012/08/27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/11/20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/10/12 22:15:06 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2009/07/14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3035887750-930535871-2281112751-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dalesearch.com/?babsrc=HP_ss ... 0&tsp=5008
IE - HKU\S-1-5-21-3035887750-930535871-2281112751-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 BF 9D 85 50 AD CE 01 [binary data]
IE - HKU\S-1-5-21-3035887750-930535871-2281112751-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3035887750-930535871-2281112751-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-3035887750-930535871-2281112751-1002\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.dalesearch.com/?q={searchTer ... 0&tsp=5008
IE - HKU\S-1-5-21-3035887750-930535871-2281112751-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3035887750-930535871-2281112751-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
[2013/09/17 15:42:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/03/12 10:27:46 | 000,093,976 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\nppluginrichmediaplayer.dll
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Error reading preferences file
CHR - Extension: Dokumenty Google = C:\Users\Aquapro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\
CHR - Extension: Disk Google = C:\Users\Aquapro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Aquapro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: HÄľadaĹĄ v Google = C:\Users\Aquapro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: PeĹaĹľenka Google = C:\Users\Aquapro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Aquapro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Abstract-Blue = C:\Users\Aquapro\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnacehkknmafkjgkikclamogikoiaaa\1.1_0\
O1 HOSTS File: ([2013/01/21 14:22:38 | 000,000,864 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 validation.sls.microsoft.com
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Rich Media Downloader) - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - C:\Users\Aquapro\AppData\Local\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3035887750-930535871-2281112751-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3035887750-930535871-2281112751-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WebCapture.dll2.htm File not found
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WebCapture.dll1.htm File not found
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WebCapture.dll.htm File not found
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll File not found
O9 - Extra Button: Rich Media Downloader - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - C:\Users\Aquapro\AppData\Local\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52D93D49-56B4-4A68-B328-853B23519C88}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 30 Days ==========
[2014/06/05 09:24:54 | 000,000,000 | ---D | C] -- C:\_OTL
========== Files - Modified Within 30 Days ==========
[2014/06/05 09:30:19 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014/06/05 09:16:50 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/05 08:48:01 | 000,014,336 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/05 08:48:01 | 000,014,336 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/05 08:41:27 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/05 08:41:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/05 08:40:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/05 08:39:57 | 999,952,384 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/27 13:45:11 | 000,136,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2014/05/27 13:45:10 | 000,093,528 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2014/05/26 08:18:25 | 000,002,147 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/05/14 10:43:22 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/05/14 10:43:22 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/05/07 11:36:34 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/05/07 11:36:34 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
========== Files Created - No Company Name ==========
[2014/06/05 09:00:34 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013/11/11 14:47:26 | 000,000,132 | ---- | C] () -- C:\Users\Aquapro\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013/08/13 15:19:07 | 000,153,151 | ---- | C] () -- C:\Users\Aquapro\Karol Roubal.jpeg
[2013/03/12 08:17:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/03/12 08:17:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/03/12 08:17:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/03/12 08:17:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/03/12 08:17:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/02/08 12:33:29 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2013/02/08 12:28:56 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2013/01/28 14:16:47 | 000,022,723 | ---- | C] () -- C:\Windows\System32\ssw1ml3.dll
[2013/01/22 10:16:12 | 000,036,864 | ---- | C] () -- C:\Windows\System32\SvcMan.exe
[2013/01/22 10:11:45 | 000,471,040 | ---- | C] () -- C:\Windows\ssndii.exe
[2013/01/22 10:07:42 | 000,124,792 | ---- | C] () -- C:\Windows\WiaInst.exe
[2013/01/22 10:07:21 | 000,011,264 | R--- | C] () -- C:\Windows\System32\sssegfilter.dll
[2013/01/22 10:07:20 | 000,027,136 | R--- | C] () -- C:\Windows\System32\ssimgfilter.dll
[2013/01/22 10:07:20 | 000,010,752 | R--- | C] () -- C:\Windows\System32\sserrhandler.dll
[2013/01/22 10:07:19 | 000,217,088 | R--- | C] () -- C:\Windows\System32\ssminidriver.dll
[2012/12/12 14:30:44 | 000,094,208 | ---- | C] () -- C:\Windows\System32\ssdevm.dll
========== ZeroAccess Check ==========
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013/11/11 14:12:05 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\Azureus
[2013/09/17 15:39:50 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\Babylon
[2013/09/17 14:53:59 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\BSplayer
[2013/09/17 14:52:30 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\BSplayer Pro
[2013/01/21 15:55:26 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\GHISLER
[2013/02/28 14:48:47 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\IrfanView
[2013/10/16 13:51:34 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\Notepad++
[2013/08/20 11:53:25 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\OpenOffice
[2013/03/20 10:50:17 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\Opera
[2013/09/17 14:54:19 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\Radiocom
[2013/02/04 16:13:20 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\Samsung
[2013/06/13 07:55:24 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\Softplicity
[2014/05/02 08:13:39 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\Solvusoft
[2013/10/30 15:04:21 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\Stylus Studio
[2013/09/17 15:48:37 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\Systweak
[2014/04/14 10:50:51 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\TeamViewer
[2013/03/11 11:56:31 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\TestApp
========== Purity Check ==========
========== Custom Scans ==========
< >
[2009/07/14 06:53:46 | 000,032,584 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2013/01/21 11:54:37 | 000,000,922 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013/01/21 11:54:38 | 000,000,926 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013/01/21 15:51:39 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
< >
< MD5 for: ATAPI.SYS >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\erdnt\cache\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2010/11/20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe
[2010/11/20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe
< MD5 for: CDROM.SYS >
[2009/07/14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
[2010/11/20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010/11/20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010/11/20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys
< MD5 for: EXPLORER.EXE >
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\erdnt\cache\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
< MD5 for: HAL.DLL >
[2010/11/20 14:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\System32\hal.dll
[2010/11/20 14:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll
[2009/07/14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll
< MD5 for: SCECLI.DLL >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
< MD5 for: SERVICES.EXE >
[2009/07/14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\erdnt\cache\services.exe
[2009/07/14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
< MD5 for: TCPIP.SYS >
[2011/04/25 06:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2011/04/25 06:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009/07/14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010/11/20 14:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2012/03/30 12:29:05 | 001,287,024 | ---- | M] (Microsoft Corporation) MD5=55E9965552741F3850CB22CBBA9671ED -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_b2f57423c7b8dea8\tcpip.sys
[2011/04/25 08:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2012/03/30 12:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\erdnt\cache\tcpip.sys
[2012/03/30 12:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\System32\drivers\tcpip.sys
[2012/03/30 12:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_b52e5147c4a202d7\tcpip.sys
[2011/04/25 06:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2012/03/30 11:04:23 | 001,306,480 | ---- | M] (Microsoft Corporation) MD5=88FCDB9923EFECA207B3CEBD24407126 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_b583df0adde66104\tcpip.sys
[2012/03/30 12:08:19 | 001,303,408 | ---- | M] (Microsoft Corporation) MD5=E47C2844A1605A44178F4281E4D58B3D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_b38bb990e0ccc871\tcpip.sys
< MD5 for: USERINIT.EXE >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\erdnt\cache\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
< >
< %systemroot%*.* /U /s >
[4 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[4 C:\Windows\temp\*.tmp files -> C:\Windows\temp\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2013/11/12 11:53:46 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\Adobe
[2013/05/20 07:39:44 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\Avira
[2013/03/06 09:46:41 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\AVS4YOU
[2013/11/11 14:12:05 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\Azureus
[2013/09/17 15:39:50 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\Babylon
[2013/09/17 14:53:59 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\BSplayer
[2013/09/17 14:52:30 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\BSplayer Pro
[2013/01/21 15:55:26 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\GHISLER
[2013/01/21 11:45:55 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\Identities
[2013/02/28 14:48:47 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\IrfanView
[2009/07/14 09:48:45 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\Media Center Programs
[2013/11/11 14:59:25 | 000,000,000 | --SD | M] -- C:\Users\Aquapro\AppData\Roaming\Microsoft
[2013/10/16 13:51:34 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\Notepad++
[2013/08/20 11:53:25 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\OpenOffice
[2013/03/20 10:50:17 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\Opera
[2013/09/17 14:54:19 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\Radiocom
[2013/02/04 16:13:20 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\Samsung
[2013/06/13 07:55:24 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\Softplicity
[2014/05/02 08:13:39 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\Solvusoft
[2013/10/30 15:04:21 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\Stylus Studio
[2013/09/17 15:48:37 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\Systweak
[2014/04/14 10:50:51 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\TeamViewer
[2013/03/11 11:56:31 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\TestApp
[2013/01/22 09:25:34 | 000,000,000 | ---D | M] -- C:\Users\Aquapro\AppData\Roaming\WinRAR
< %APPDATA%\*.exe /s >
[2013/01/21 13:44:33 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Aquapro\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
[2009/08/11 21:21:26 | 000,087,552 | ---- | M] () -- C:\Users\Aquapro\AppData\Roaming\BSplayer\AC3 Filter\ac3config.exe
[2009/08/11 21:21:30 | 000,090,112 | ---- | M] () -- C:\Users\Aquapro\AppData\Roaming\BSplayer\AC3 Filter\spdif_test.exe
[2010/03/22 14:52:04 | 000,697,690 | ---- | M] () -- C:\Users\Aquapro\AppData\Roaming\BSplayer\AC3 Filter\unins000.exe
[2012/10/11 09:01:20 | 001,175,371 | ---- | M] () -- C:\Users\Aquapro\AppData\Roaming\BSplayer\FFDShow\unins000.exe
[2010/08/14 10:42:54 | 000,113,152 | ---- | M] () -- C:\Users\Aquapro\AppData\Roaming\BSplayer\Haali media splitter\dsmux.exe
[2010/08/14 10:45:10 | 000,358,400 | ---- | M] () -- C:\Users\Aquapro\AppData\Roaming\BSplayer\Haali media splitter\gdsmux.exe
[2010/08/14 10:42:06 | 000,137,728 | ---- | M] () -- C:\Users\Aquapro\AppData\Roaming\BSplayer\Haali media splitter\mkv2vfr.exe
[2010/09/30 15:30:22 | 000,042,305 | ---- | M] () -- C:\Users\Aquapro\AppData\Roaming\BSplayer\Haali media splitter\uninstall.exe
[2013/02/07 11:45:34 | 000,022,486 | R--- | M] () -- C:\Users\Aquapro\AppData\Roaming\Microsoft\Installer\{5FF3B3AC-57B8-4DAA-915C-D580D1B72716}\_B9D5F7C55C2563F1929ED8.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 03:15:20 | 000,380,957 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\expsrv.dll
< %systemroot%\Tasks\*.job >
[2014/06/05 09:41:47 | 000,000,830 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2014/06/05 08:41:27 | 000,000,922 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2014/06/05 09:16:50 | 000,000,926 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 03:15:20 | 000,380,957 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\expsrv.dll
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2014/06/05 08:48:01 | 000,014,336 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/05 08:48:01 | 000,014,336 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
< %SYSTEMDRIVE%\*.exe >
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
< >
< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2013/01/21 16:55:34 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=B201AF83DF2E85323E29EB83E4046810 -- C:\Program Files\Internet Explorer\iexplore.exe
< %PROGRAMFILES%\Opera\opera.exe /md5 >
[2013/03/20 10:49:51 | 000,879,456 | ---- | M] (Opera Software) MD5=2ABD166EC31BE154D8CBEEC5D7F5714C -- C:\Program Files\Opera\opera.exe
< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2014/05/14 01:40:56 | 000,860,488 | ---- | M] (Google Inc.) MD5=1620FE36666F4BBC2314B7F360FB1965 -- C:\Program Files\Google\Chrome\Application\chrome.exe
< >
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014/06/05 09:30:19 | 000,000,512 | ---- | M] () MD5=A67192784F19B9F86A3D988D1F4CBCBE -- C:\PhysicalMBR.bin
< >
< *crack* /s >
< *keygen* /s >
< *loader* /s >
[2014/05/27 13:45:16 | 000,044,112 | ---- | M] () -- \Program Files\Avira\AntiVir Desktop\avwebloader.dll
[2014/05/27 13:45:17 | 000,494,672 | ---- | M] () -- \Program Files\Avira\AntiVir Desktop\avwebloader.exe
[2014/05/27 13:45:17 | 000,193,104 | ---- | M] () -- \Program Files\Avira\AntiVir Desktop\avwebloadergui.dll
[2012/02/23 08:11:56 | 000,078,336 | ---- | M] () -- \Program Files\Common Files\Adobe\dynamiclinkmediaserver\1.0\MXF_SDK_MetaMetadata_BinaryLoader_4.4.3.dll
[2012/02/23 08:11:56 | 000,155,136 | ---- | M] () -- \Program Files\Common Files\Adobe\dynamiclinkmediaserver\1.0\MXF_SDK_MetaMetadata_XSDLoader2_4.4.3.dll
[2012/02/23 08:11:56 | 000,117,248 | ---- | M] () -- \Program Files\Common Files\Adobe\dynamiclinkmediaserver\1.0\MXF_SDK_MetaMetadata_XSDLoader_4.4.3.dll
[2006/10/26 14:40:34 | 000,057,344 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006/10/26 14:40:34 | 000,005,120 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2011/07/18 23:33:32 | 000,008,787 | ---- | M] () -- \Program Files\Notepad++\user.manual\sites\all\modules\fancy_login\images\ajax-loader.gif
[2013/07/10 22:08:32 | 000,029,696 | ---- | M] () -- \Program Files\OpenOffice 4\program\javaloader.uno.dll
[2013/07/16 15:31:10 | 000,005,813 | ---- | M] () -- \Program Files\OpenOffice 4\program\pythonloader.py
[2013/07/10 22:08:34 | 000,020,992 | ---- | M] () -- \Program Files\OpenOffice 4\program\pythonloader.uno.dll
[2013/07/16 16:44:12 | 000,000,171 | ---- | M] () -- \Program Files\OpenOffice 4\program\pythonloader.uno.ini
[2013/07/16 15:21:10 | 000,003,868 | ---- | M] () -- \Program Files\OpenOffice 4\program\classes\unoloader.jar
[2013/07/10 15:46:18 | 000,013,420 | ---- | M] () -- \Program Files\OpenOffice 4\program\python-core-2.7.5\lib\unittest\loader.py
[2010/06/28 11:01:54 | 000,032,509 | ---- | M] () -- \Program Files\Stylus Studio X15 XML Enterprise Suite\Components\DataDirect XQuery\examples\DataLoader\dataloader.jar
[2013/09/17 15:40:38 | 000,001,048 | ---- | M] () -- \Users\Aquapro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FU93LIYK\downloader[1].htm
[2013/09/18 07:42:03 | 000,019,497 | ---- | M] () -- \Users\Aquapro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FU93LIYK\loader[1].gif
[2013/09/17 15:40:08 | 000,001,048 | ---- | M] () -- \Users\Aquapro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M491K0X8\downloader[1].htm
[2013/09/17 14:50:08 | 000,022,002 | ---- | M] () -- \Users\Aquapro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M491K0X8\ProgressLoader[1].gif
[2013/09/17 15:37:44 | 000,077,247 | ---- | M] () -- \Users\Aquapro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M491K0X8\universaldownloader-prefetch[1].htm
[2013/01/21 11:48:48 | 000,002,545 | ---- | M] () -- \Users\Aquapro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E54JQN1L\ajax-loader[1].gif
[2013/01/21 11:46:48 | 000,016,948 | ---- | M] () -- \Users\Aquapro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E54JQN1L\loader[1].gif
[2013/01/21 11:49:55 | 000,003,705 | ---- | M] () -- \Users\Aquapro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q6OI7UB8\lang_loader[1].gif
[2013/07/03 13:51:14 | 000,155,928 | ---- | M] () -- \Users\Aquapro\AppData\Local\Rich Media Player\{B1820CFD-FC69-4DEF-8388-6E80E20E5731}\IE\RichMediaDownloader.dll
[2013/09/17 14:49:57 | 000,006,494 | ---- | M] () -- \Users\Aquapro\AppData\Local\Temp\avg_a01676\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\skin\ajax-loader.gif
[2013/09/17 14:49:58 | 000,000,729 | ---- | M] () -- \Users\Aquapro\AppData\Local\Temp\avg_a01676\ProgData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.12\modules\skin\loader.gif
[2013/09/17 14:49:58 | 000,019,497 | ---- | M] () -- \Users\Aquapro\AppData\Local\Temp\avg_a01676\ProgFiles\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\loader.gif
[2013/09/17 14:50:30 | 000,006,494 | ---- | M] () -- \Users\Aquapro\AppData\Local\Temp\avg_a02384\ProgData\AVG SafeGuard toolbar\FireFoxExt\15.4.0.5\modules\skin\ajax-loader.gif
[2013/09/17 14:50:30 | 000,000,729 | ---- | M] () -- \Users\Aquapro\AppData\Local\Temp\avg_a02384\ProgData\AVG SafeGuard toolbar\FireFoxExt\15.4.0.5\modules\skin\loader.gif
[2013/09/17 14:50:30 | 000,019,497 | ---- | M] () -- \Users\Aquapro\AppData\Local\Temp\avg_a02384\ProgFiles\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\loader.gif
[2013/07/23 11:49:28 | 000,051,005 | ---- | M] () -- \Users\Aquapro\AppData\Local\Temp\scoped_dir_3652_4340\richmediadownloader.crx
[2013/09/17 14:53:54 | 000,085,784 | ---- | M] () -- \Users\Aquapro\AppData\Local\Temp\scoped_dir_3652_4340\CRX_INSTALL\nprichmediadownloader.dll
[2013/09/17 14:50:30 | 000,019,497 | ---- | M] () -- \Users\Aquapro\AppData\Local\Temp\UninstallRes\ClientPackage\Images\uninstall\loader.gif
[2012/10/04 18:40:37 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009/07/14 06:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2009/07/14 06:56:40 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009/07/14 06:56:40 | 000,033,344 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winload.exe.mui_3bc5b827
[2009/07/14 06:56:40 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winresume.exe.mui_ff8b5358
[2013/02/08 13:58:29 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2013/02/08 13:58:29 | 000,508,904 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winload.exe_75835076
[2013/02/08 13:58:29 | 000,442,720 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winresume.exe_85cd1215
[2009/07/14 04:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009/07/14 04:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2009/07/14 04:29:12 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009/07/14 03:47:46 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009/08/19 09:38:48 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2009/08/19 09:21:21 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20509_none_5be12f8ee6d3987e.manifest
[2010/11/20 06:02:40 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2009/07/14 03:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009/07/14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 18:45:38 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17135_none_0abe3b21dcfb1c4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 18:48:05 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21335_none_0b47d9d2f618b93c\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 18:40:37 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_0c845227da39a5ef\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 18:29:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_0d3906c4f3370937\api-ms-win-core-libraryloader-l1-1-0.dll
========== Files - Unicode (All) ==========
[2013/09/27 08:56:35 | 098,009,570 | ---- | M] ()(C:\Windows\System32\???v) -- C:\Windows\System32\㦲翷v
[2013/09/27 08:56:35 | 098,009,570 | ---- | C] ()(C:\Windows\System32\???v) -- C:\Windows\System32\㦲翷v
[2013/09/25 13:38:42 | 097,729,025 | ---- | M] ()(C:\Windows\System32\???n) -- C:\Windows\System32\㪷䘒n
[2013/09/25 13:38:42 | 097,729,025 | ---- | C] ()(C:\Windows\System32\???n) -- C:\Windows\System32\㪷䘒n
[2013/09/13 07:43:15 | 097,443,711 | ---- | M] ()(C:\Windows\System32\???s) -- C:\Windows\System32\쒝s
[2013/09/13 07:43:15 | 097,443,711 | ---- | C] ()(C:\Windows\System32\???s) -- C:\Windows\System32\쒝s
[2013/09/05 13:41:10 | 096,044,050 | ---- | M] ()(C:\Windows\System32\???~) -- C:\Windows\System32\霷炓~
[2013/09/05 13:41:10 | 096,044,050 | ---- | C] ()(C:\Windows\System32\???~) -- C:\Windows\System32\霷炓~
========== Alternate Data Streams ==========
@Alternate Data Stream - 176 bytes -> C:\Users\Aquapro\Karol Roubal.jpeg:3or4kl4x13tuuug3Byamue2s4b
< End of report >
OTL Extras logfile created on: 5. 6. 2014 9:25:11 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Aquapro\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy
1,24 Gb Total Physical Memory | 0,34 Gb Available Physical Memory | 27,67% Memory free
2,48 Gb Paging File | 1,41 Gb Available in Paging File | 56,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 2,91 Gb Free Space | 9,95% Space Free | Partition Type: NTFS
Drive D: | 45,23 Gb Total Space | 30,64 Gb Free Space | 67,73% Space Free | Partition Type: NTFS
Computer Name: AQUAPRO-PC | User Name: Aquapro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
[HKEY_USERS\S-1-5-21-3035887750-930535871-2281112751-1002\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015E7412-40E1-406F-81A5-BF8B4A9B6126}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{017355C6-F7CC-42A9-A1C6-965FFE8B56D2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0DD23A1A-4449-44B8-98B7-0719793FE7BB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1F5FFF54-BBE4-450E-97E7-9ADD66FA12CA}" = lport=139 | protocol=6 | dir=in | app=system |
"{22E4098E-D83D-49B0-BAB9-8C73B76C5DFE}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{282EB62F-54AE-43CA-AAC4-F2A7DF128273}" = rport=10243 | protocol=6 | dir=out | app=system |
"{33968FDD-52C2-4D36-B36A-4410BE596183}" = lport=138 | protocol=17 | dir=in | app=system |
"{3B92F708-7833-4B29-96DF-3FB8B0BBCA5E}" = rport=137 | protocol=17 | dir=out | app=system |
"{3F84B0F2-3ED4-42E6-9F50-883266D75BF7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5DF3E32B-25FA-4498-9D8E-C64BCBB833D4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5F1AA003-C8D5-4CB4-B4F1-21D0197ABABE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{68A0E905-1525-43AD-8C77-873D04C90C8E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6DC9D8C7-C589-42A3-96FB-5E5C59BEE166}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6F8B7B77-BEC7-4211-A044-10CD5A502004}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{71037E7B-C954-418C-A80D-6A497FC4D803}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{80EA1571-91C7-41A4-A532-F82771F9C00D}" = lport=137 | protocol=17 | dir=in | app=system |
"{997016DD-7A74-478F-A127-9EFD9D0E2249}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A028FA4C-7A2A-4789-ADD9-F91680BD8A17}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A285D855-ADB8-4271-8BC9-5D686CEB4045}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A927027C-F18B-4210-950A-C86C6CE57635}" = rport=445 | protocol=6 | dir=out | app=system |
"{CFF8F688-3D77-49D3-89CF-291D8ABFDD29}" = lport=445 | protocol=6 | dir=in | app=system |
"{D09293CA-C808-4519-A3F9-3A525BDE8082}" = rport=138 | protocol=17 | dir=out | app=system |
"{D263C3E9-B5ED-4360-8AD5-5688DDF13FB6}" = rport=139 | protocol=6 | dir=out | app=system |
"{D29AC45E-8CDE-4330-B9B5-C52DAE25A33F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D6112C85-CA94-428D-AEB7-208A8434B227}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{DD9E6A74-B545-4B11-8222-F574F96E83BE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E18A477B-95DC-49EE-8D3A-A0C3F8043C38}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F0ED6AE8-302A-41CD-A399-AC0A71843E50}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F54E6C70-D2DC-4398-ACD4-B1D47C47A7E3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F93B36FC-A09E-4D0C-BF2E-0F328353E446}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FBECBEAF-B913-4C0F-9830-0DA14C28DF4A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FF4FCE12-2CDC-434F-A3B3-BCB8A60C3657}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05355789-26D8-4DAC-96B6-882C6EB59F9A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1965D479-239B-4062-A654-797A01CD7DB8}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version9\teamviewer.exe |
"{1EBA1E9C-FBF6-4B36-B4DB-9871F2EFB3CD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{228AB0D0-AD96-46D9-937B-4C272260881E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{31E228F8-BAC6-43A1-99A8-F3F4A4D9D59C}" = protocol=17 | dir=in | app=c:\users\aquapro\downloads\sweetimsetup (1).exe |
"{3B61501C-897D-4629-9E41-EBB583443812}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3B94BE2A-C207-456B-973A-74FBA559A6F6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{46908616-E4D8-47BA-8A28-7546FDBEADBF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{47A5D151-297E-4DFD-B024-3C8D0D055E68}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{54D91071-7F55-4C7F-A510-F070A96EB8CE}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{684CE5F1-ACCA-42E3-9BF6-D99D1ACCD8FA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6E6DDE3E-75AB-4251-8A94-8C281D47A33C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{727141CC-FD1B-4B6B-9E78-B2BE5D42A42C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8436B5FF-3F27-4D1C-A71D-46ACC70867A1}" = protocol=6 | dir=out | app=system |
"{9BD28123-21BC-47FB-AE7A-292F5337B9E3}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{A8A5E9BE-41DE-4EA2-90C4-44815EEB10A3}" = protocol=17 | dir=in | app=c:\program files\samsung\easy printer manager\uninstall.exe |
"{B3AB4959-3607-4296-AB4E-BA191C578E23}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BC902854-5351-4FEC-B8B7-6DA3D07761A0}" = protocol=6 | dir=in | app=c:\program files\samsung\easy printer manager\uninstall.exe |
"{BC9AF06F-F068-4FA3-AF27-96815ADCC95A}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version9\teamviewer_service.exe |
"{BDBCD9DE-8173-494D-8490-C9F6B797B9D7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C0D3319C-08C7-409F-84FA-25FBDB58B3B9}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{C4E5EEDB-AF80-40D6-822E-30160682433D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D055067A-D3BD-48BF-8E54-A497C7C42BA0}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version9\teamviewer_service.exe |
"{DDD3EEB3-31AF-499D-8A8C-C959FF771105}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E61F9B0C-1E57-40E8-9E6F-942787BFE28A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E6526107-DF7A-4DCB-92AC-DFC300093CF8}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version9\teamviewer.exe |
"{EE955526-CBC2-4812-877F-9A8AC5B7DA5F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F55E4066-1BD2-49BA-97F0-AE3D4661310D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F7A81FDD-57F0-407B-BF69-BFE825EC2A9A}" = protocol=6 | dir=in | app=c:\users\aquapro\downloads\sweetimsetup (1).exe |
"TCP Query User{F60B9329-2B56-4C2E-AB78-0868CAA61117}C:\program files\stylus studio 2009 release 2 xml enterprise suite\bin\struzzo.exe" = protocol=6 | dir=in | app=c:\program files\stylus studio 2009 release 2 xml enterprise suite\bin\struzzo.exe |
"UDP Query User{A25C0B2B-2531-4670-ACE6-27B856697C29}C:\program files\stylus studio 2009 release 2 xml enterprise suite\bin\struzzo.exe" = protocol=17 | dir=in | app=c:\program files\stylus studio 2009 release 2 xml enterprise suite\bin\struzzo.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 55
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{50D887F4-9A93-46BD-AFA1-60C611A9990F}" = Stylus Studio X15 XML Enterprise Suite
"{5FF3B3AC-57B8-4DAA-915C-D580D1B72716}" = Datecs
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_PROPLUS_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_PROPLUS_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_PROPLUS_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_PROPLUS_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_PROPLUS_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_PROPLUS_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_PROPLUS_{0B7A4B67-2A38-42B1-9857-662FAB361E08}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_PROPLUS_{FDF9A959-241A-4662-A8DE-7DED9C22D160}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_PROPLUS_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_PROPLUS_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{B645BA5F-A4CD-44B8-BE37-A0F6BDF4A6D3}" = OpenOffice 4.0.0
"{B8EC0AD1-E8E3-42C3-9BAB-6A14E96FD136}" = Microsoft Mouse and Keyboard Center
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FD3E4B4E-9486-4556-96C5-5B7DD0101D63}" = ExpressShip
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"BSPlayerf" = BS.Player FREE
"Google Chrome" = Google Chrome
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Notepad++" = Notepad++
"Opera 12.14.1738" = Opera 12.14
"PROPLUS" = Microsoft Office Professional Plus 2007
"Samsung SCX-4x21 Series" = Samsung SCX-4x21 Series
"TeamViewer 9" = TeamViewer 9
"Totalcmd" = Total Commander (Remove or Repair)
"WinRAR archiver" = WinRAR 4.20 (32-bit)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15. 5. 2014 18:33:43 | Computer Name = Aquapro-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\totalcmd\TCUNIN64.EXE".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 18. 5. 2014 3:21:31 | Computer Name = Aquapro-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\totalcmd\TCUNIN64.EXE".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 20. 5. 2014 2:26:10 | Computer Name = Aquapro-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\totalcmd\TCUNIN64.EXE".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 26. 5. 2014 3:02:53 | Computer Name = Aquapro-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\totalcmd\TCUNIN64.EXE".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 26. 5. 2014 6:44:05 | Computer Name = Aquapro-PC | Source = MsiInstaller | ID = 11706
Description =
Error - 27. 5. 2014 2:39:44 | Computer Name = Aquapro-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\totalcmd\TCUNIN64.EXE".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 28. 5. 2014 6:03:45 | Computer Name = Aquapro-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\totalcmd\TCUNIN64.EXE".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 3. 6. 2014 4:06:47 | Computer Name = Aquapro-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\totalcmd\TCUNIN64.EXE".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 4. 6. 2014 5:12:32 | Computer Name = Aquapro-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\totalcmd\TCUNIN64.EXE".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 5. 6. 2014 3:21:59 | Computer Name = Aquapro-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: d1c Start Time:
01cf808ad166608d Termination Time: 36 Application Path: C:\Users\Aquapro\Downloads\OTL.exe
Report
Id:
[ OSession Events ]
Error - 28. 1. 2013 9:46:37 | Computer Name = Aquapro-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.4518.1014. This session lasted 2369
seconds with 0 seconds of active time. This session ended with a crash.
Error - 4. 2. 2014 10:04:41 | Computer Name = Aquapro-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6611.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 21737
seconds with 1020 seconds of active time. This session ended with a crash.
Error - 11. 2. 2014 9:18:18 | Computer Name = Aquapro-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 22
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 13. 1. 2014 2:46:09 | Computer Name = Aquapro-PC | Source = Service Control Manager | ID = 7001
Description = Spustenie služby Peer Networking Identity Manager, od ktorej závisí
služba Peer Networking Grouping, zlyhalo kvôli nasledujúcej chybe: %%1053
Error - 13. 1. 2014 2:46:09 | Computer Name = Aquapro-PC | Source = Service Control Manager | ID = 7001
Description = Spustenie služby Peer Networking Identity Manager, od ktorej závisí
služba Peer Name Resolution Protocol, zlyhalo kvôli nasledujúcej chybe: %%1053
Error - 13. 1. 2014 7:59:41 | Computer Name = Aquapro-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.
Error - 15. 1. 2014 8:34:00 | Computer Name = Aquapro-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.
Error - 16. 1. 2014 4:46:30 | Computer Name = Aquapro-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.
Error - 17. 1. 2014 2:41:33 | Computer Name = Aquapro-PC | Source = Service Control Manager | ID = 7011
Description = Počas čakania na odpoveď transakcie od služby Netman bol dosiahnutý
časový limit (30000 ms).
Error - 17. 1. 2014 2:41:33 | Computer Name = Aquapro-PC | Source = Service Control Manager | ID = 7000
Description = Spustenie služby Network Connections zlyhalo kvôli nasledujúcej chybe:
%%1053
Error - 17. 1. 2014 2:41:33 | Computer Name = Aquapro-PC | Source = Service Control Manager | ID = 7001
Description = Spustenie služby Network Connections, od ktorej závisí služba Internet
Connection Sharing (ICS), zlyhalo kvôli nasledujúcej chybe: %%1053
Error - 17. 1. 2014 8:05:58 | Computer Name = Aquapro-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.
Error - 21. 1. 2014 4:52:10 | Computer Name = Aquapro-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.
< End of report >
-
Rudy
- Site Admin
- Příspěvky: 119541
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Preskakovanie klavesky, spomaleny PC
Znovu spustte OTL jako spravce
Do spodniho okna vlozte nasledujici text:
Po restartu se objevi novy log, ten sem dejte.
Do spodniho okna vlozte nasledujici text:
Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.:OTL
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3035887750-930535871-2281112751-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dalesearch.com/?babsrc=HP_ss ... 0&tsp=5008
IE - HKU\S-1-5-21-3035887750-930535871-2281112751-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-3035887750-930535871-2281112751-1002\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.dalesearch.com/?q={searchTer ... 0&tsp=5008
IE - HKU\S-1-5-21-3035887750-930535871-2281112751-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
O2 - BHO: (Rich Media Downloader) - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - C:\Users\Aquapro\AppData\Local\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll File not found
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WebCapture.dll2.htm File not found
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WebCapture.dll1.htm File not found
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WebCapture.dll.htm File not found
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll File not found
O9 - Extra Button: Rich Media Downloader - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - C:\Users\Aquapro\AppData\Local\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
@Alternate Data Stream - 176 bytes -> C:\Users\Aquapro\Karol Roubal.jpeg:3or4kl4x13tuuug3Byamue2s4b
:files
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Users\Aquapro\AppData\Roaming\Babylon
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
:commands
[EMPTYTEMP]
[EMPTYFLASH]
[Purity]
[CreateRestorePoint]
Po restartu se objevi novy log, ten sem dejte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Preskakovanie klavesky, spomaleny PC
Dávam k dispozícii log z OTL
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-3035887750-930535871-2281112751-1002\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3035887750-930535871-2281112751-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3035887750-930535871-2281112751-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-3035887750-930535871-2281112751-1002\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\SmarThru4 Capture Selection\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\SmarThru4 Save as HTML\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\SmarThru4 Save Selected Text\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\SmarThru4 Web Capture\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
ADS C:\Users\Aquapro\Karol Roubal.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
========== FILES ==========
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Users\Aquapro\AppData\Roaming\Babylon folder moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Aquapro
->Temp folder emptied: 186314609 bytes
->Temporary Internet Files folder emptied: 197616045 bytes
->Java cache emptied: 688155 bytes
->Google Chrome cache emptied: 309942852 bytes
->Opera cache emptied: 688689 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 238253674 bytes
RecycleBin emptied: 2728912241 bytes
Total Files Cleaned = 3 493,00 mb
[EMPTYFLASH]
User: All Users
User: Aquapro
User: Default
User: Default User
User: Public
Total Flash Files Cleaned = 0,00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.69.0 log created on 06062014_101515
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-3035887750-930535871-2281112751-1002\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3035887750-930535871-2281112751-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3035887750-930535871-2281112751-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-3035887750-930535871-2281112751-1002\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\SmarThru4 Capture Selection\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\SmarThru4 Save as HTML\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\SmarThru4 Save Selected Text\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\SmarThru4 Web Capture\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
ADS C:\Users\Aquapro\Karol Roubal.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
========== FILES ==========
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Users\Aquapro\AppData\Roaming\Babylon folder moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Aquapro
->Temp folder emptied: 186314609 bytes
->Temporary Internet Files folder emptied: 197616045 bytes
->Java cache emptied: 688155 bytes
->Google Chrome cache emptied: 309942852 bytes
->Opera cache emptied: 688689 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 238253674 bytes
RecycleBin emptied: 2728912241 bytes
Total Files Cleaned = 3 493,00 mb
[EMPTYFLASH]
User: All Users
User: Aquapro
User: Default
User: Default User
User: Public
Total Flash Files Cleaned = 0,00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.69.0 log created on 06062014_101515
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
-
Rudy
- Site Admin
- Příspěvky: 119541
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Preskakovanie klavesky, spomaleny PC
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?