Dobrý den, chcela by som Vas poprosit o kontrolu pc.

Zpráva

habalova · #1 Příspěvek od **habalova** » 14 lis 2014 20:24

Logfile of random's system information tool 1.10 (written by random/random)
Run by Evka at 2014-11-14 20:17:14
Microsoft Windows 7 Ultimate
System drive C: has 13 GB (26%) free of 50 GB
Total RAM: 3037 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:17:45, on 14. 11. 2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\3G Connection Manager\UIExec.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Evka\Desktop\RSIT.exe
C:\Program Files\trend micro\Evka.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?st=6&barid={91 ... 0272A421B8}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?st=6&barid={91 ... 0272A421B8}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss ... ffID=17981
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: (no name) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: GamePlayLabsBHO - {984A9162-8891-4D19-8CFE-17648BB4E1EC} - C:\Users\Evka\AppData\Local\Browser Plugin\BHO.dll (file missing)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [UIExec] "C:\Program Files\3G Connection Manager\UIExec.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download Video on This Page - res://C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll/211
O8 - Extra context menu item: Download Video This Links To - res://C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll/212
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O9 - Extra button: Download Video - {11F19C45-9675-488A-A8E0-8E8234DC245D} - res://C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll/211 (file missing)
O9 - Extra 'Tools' menuitem: Download Video on This Page - {11F19C45-9675-488A-A8E0-8E8234DC245D} - res://C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll/211 (file missing)
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D467B8E6-3C4E-4F99-ABA3-08A801DF1253}: NameServer = 160.218.161.60 194.228.211.33
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\Windows\system32\dgdersvc.exe
O23 - Service: Intel® PROSet/Wireless WiMAX Red Bend Device Management Service (DMAgent) - Red Bend Ltd. - C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: UI Assistant Service - Unknown owner - C:\Program Files\3G Connection Manager\AssistantServices.exe
O23 - Service: Intel® PROSet/Wireless WiMAX Service (WiMAXAppSrv) - Intel(R) Corporation - C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe

--
End of file - 8524 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\Epson Printer Software Downloader.job - C:\Program Files\EPSON\EPAPDL\E_SAPDL2.EXE
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2418134949-3360115493-1312553204-1000Core.job - C:\Users\Evka\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2418134949-3360115493-1312553204-1000UA.job - C:\Users\Evka\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\Evka\AppData\Roaming\Mozilla\Firefox\Profiles\z4rlo3uk.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://home.sweetim.com/?barid=&src=10&&st=23&ptr=100"
prefs.js - "extensions.enabledItems" - "{3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872, {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2, {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1, {44d0a1b4-9c90-4f86-ac92-8680b5d6549e}:0.6.4.3, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906, personas@christopher.beard:1.6.1, plugin2@gameplaylabs.com:2.0, {2458abc0-f443-11dd-87af-0800200c9a66}:3.6.3.1.03.04.10, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17, info@djzig.com:1.2.9"
prefs.js - "keyword.URL" - "http://search.sweetim.com/search.asp?sr ... ptr=100&q="

"m3ffxtbr@mywebsearch.com"=C:\Program Files\MyWebSearch\bar\1.bin
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.223 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/McAfeeMssPlugin]
"Description"=McAfee Mss Plugin
"Path"=C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin]
"Description"=My Web Search Plugin
"Path"=C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\plugins\
npdeploytk.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class

C:\Users\Evka\AppData\Roaming\Mozilla\Firefox\Profiles\z4rlo3uk.default\extensions\
ffxtlbr@babylon.com
m3ffxtbr@mywebsearch.com
plugin2@gameplaylabs.com
v4ffxtbr@DictionaryBoss.com
{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
{2458abc0-f443-11dd-87af-0800200c9a66}
{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
{7b13ec3e-999a-4b70-b9cb-2617b8323822}
{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}

C:\Users\Evka\AppData\Roaming\Mozilla\Firefox\Profiles\z4rlo3uk.default\searchplugins\
ask.uk.xml
askcom.xml
BabylonMngr.xml
MyStart Search.xml
MyStart.xml
mywebsearch.xml
RadioRage_4j.xml
SweetIM Search.xml
sweetim.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}]
MyWebSearch Search Assistant BHO - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL [2011-05-28 58800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}]
mwsBar BHO - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL [2011-05-28 816648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll [2013-02-05 94112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-07-12 457712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{984A9162-8891-4D19-8CFE-17648BB4E1EC}]
GamePlayLabsBHO Class - C:\Users\Evka\AppData\Local\Browser Plugin\BHO.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14 1709152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-08 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetPacks Browser Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2012-07-04 1310040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]
{07B18EA9-A523-4961-B6BB-170DE4475CCA} - My Web Search - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL [2011-05-28 816648]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetPacks Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2012-07-04 1310040]
{98889811-442D-49dd-99D7-DC866BE87DBC}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-08-13 135168]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-08-13 167424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-08-13 144384]
"UIExec"=C:\Program Files\3G Connection Manager\UIExec.exe [2013-01-25 157440]
"My Web Search Bar Search Scope Monitor"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe /m=2 /w /h []
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-07-31 4085896]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"KiesTrayAgent"= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-09-07 37296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2009-04-24 203928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe [2009-04-07 673616]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX110 Series]
C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE [2008-09-27 199680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX110 Series (kópia 1)]
C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE [2008-09-27 199680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
C:\Users\Evka\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-14 138096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe /m=2 /w /h []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [2011-05-28 38408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA driver monitor]
c:\windows\nvsvc32.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sweetpacks Communicator]
C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe [2012-08-15 231768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USDownloader]
E:\USDownloader-Lite\USDownloader.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
C:\PROGRA~1\MCAFEE~1\307523~1.318\SSSCHE~1.EXE [2013-02-05 272248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-08-13 217088]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"E:\filmy\facebook-pic00320123561.exe"="c:\windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"msacm.divxa32"=msaud32_divx.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-11-14 20:17:14 ----D---- C:\rsit
2014-11-14 20:17:14 ----D---- C:\Program Files\trend micro
2014-11-10 20:12:02 ----D---- C:\Program Files\Mozilla Firefox
2014-11-04 21:33:13 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-11-01 18:15:12 ----D---- C:\Users\Evka\AppData\Roaming\Systweak
2014-11-01 18:14:19 ----A---- C:\Windows\system32\roboot.exe

======List of files/folders modified in the last 1 month======

2014-11-14 20:17:17 ----D---- C:\Windows\Temp
2014-11-14 20:17:14 ----D---- C:\Program Files
2014-11-14 20:13:46 ----D---- C:\Windows\tracing
2014-11-14 20:07:30 ----D---- C:\Windows
2014-11-14 17:59:08 ----D---- C:\Windows\System32
2014-11-14 17:59:08 ----D---- C:\Windows\inf
2014-11-14 17:59:08 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-11-14 11:50:26 ----D---- C:\Users\Evka\AppData\Roaming\Skype
2014-11-14 11:19:04 ----SHD---- C:\Windows\Installer
2014-11-14 11:19:04 ----SHD---- C:\Config.Msi
2014-11-14 11:14:20 ----D---- C:\Windows\Tasks
2014-11-13 10:25:17 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2014-11-11 18:16:14 ----D---- C:\Windows\system32\Tasks
2014-11-04 21:29:37 ----D---- C:\Program Files\Mozilla Thunderbird
2014-11-04 20:54:58 ----HD---- C:\ProgramData
2014-11-02 05:05:19 ----SHD---- C:\System Volume Information
2014-11-01 21:15:07 ----D---- C:\Windows\system32\config
2014-11-01 18:17:10 ----D---- C:\Windows\system32\catroot2
2014-11-01 18:14:59 ----D---- C:\Windows\Prefetch
2014-10-27 21:13:09 ----D---- C:\Windows\system32\mjcm

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-07-12 49944]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-07-12 192352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-05-12 721904]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-07-12 81768]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-07-12 779536]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-07-12 414520]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-07-12 24184]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-07-12 67824]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-07-12 71944]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-10-05 1221632]
R3 bpenum;Intel(R) WiMAX Link Enumerator; C:\Windows\system32\DRIVERS\bpenum.sys [2009-07-30 56320]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
R3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [2009-12-22 18136]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2009-12-22 36640]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-08-13 5946368]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E62x86.sys [2009-08-23 48640]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2007-07-31 7680]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2009-12-13 47360]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2009-06-06 1766592]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 a4vse9cf;a4vse9cf; C:\Windows\system32\drivers\a4vse9cf.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 KMWDFILTERx86;HIDServiceDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
S3 massfilter;Mass Storage Filter Driver; C:\Windows\system32\drivers\massfilter.sys [2011-08-29 9216]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 123648]
S3 ss_bserd;SAMSUNG USB Mobile Logging Driver; C:\Windows\system32\DRIVERS\ss_bserd.sys [2009-09-19 100224]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys [2011-08-29 107520]
S3 ZTEusbnmea;ZTE NMEA Port; C:\Windows\system32\DRIVERS\ZTEusbnmea.sys [2011-08-29 107520]
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\Windows\system32\DRIVERS\ZTEusbser6k.sys [2011-08-29 107520]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-07-12 50344]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 dgdersvc;Device Error Recovery Service; C:\Windows\system32\dgdersvc.exe [2009-12-22 95568]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2009-07-30 348160]
R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2009-12-22 217088]
R2 MyWebSearchService;My Web Search Service; C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe [2011-05-28 34320]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 UI Assistant Service;UI Assistant Service; C:\Program Files\3G Connection Manager\AssistantServices.exe [2013-01-25 276224]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2009-07-30 815104]
R3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22 107912]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2014-04-03 315008]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-13 267440]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22 107912]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-11-10 114288]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-12 1343400]
S4 Browser Manager;Browser Manager; C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe []

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 14 lis 2014 20:32

Zdravím!
Jak je na tom váš oper. systém s legalitou?

habalova · #3 Příspěvek od **habalova** » 14 lis 2014 20:40

nooo, ak sa mam priznat, tak vobec netusim..

habalova · #4 Příspěvek od **habalova** » 14 lis 2014 21:08

PC mam uz dlhsie a vazne si neviem. ale zda sa mi, ze bol kupovany aj s windovsom... takze by asi mal byt legalny

#5 Příspěvek od **Rudy** » 14 lis 2014 21:25

OK. Zkusíme tento postup:

Stáhněte a spusťte OTL: http://oldtimer.geekstogo.com/OTL.exe . Spusťte, zaškrněte "Pro všechny uživatele", Kontrola na havěť LOP" a Kontrola na hvěť PURITY" a do dolního bílého okna zkopírujte:

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*loader* /s

a klikněte na >Prohledat<. Dejte oba logy.

habalova · #6 Příspěvek od **habalova** » 14 lis 2014 22:15

OTL logfile created on: 14. 11. 2014 21:41:19 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Evka\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

2,97 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 39,22% Memory free
5,93 Gb Paging File | 4,01 Gb Available in Paging File | 67,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,73 Gb Total Space | 12,49 Gb Free Space | 25,62% Space Free | Partition Type: NTFS
Drive E: | 249,26 Gb Total Space | 160,82 Gb Free Space | 64,52% Space Free | Partition Type: NTFS

Computer Name: EVKA-PC | User Name: Evka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/11/14 21:38:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Evka\Desktop\OTL.exe
PRC - [2014/11/13 10:25:17 | 001,880,752 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
PRC - [2014/11/10 20:12:09 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/07/31 18:25:16 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/07/14 17:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/07/14 17:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/07/12 08:19:03 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/01/25 13:37:24 | 000,157,440 | ---- | M] () -- C:\Program Files\3G Connection Manager\UIExec.exe
PRC - [2013/01/25 13:36:20 | 000,276,224 | ---- | M] () -- C:\Program Files\3G Connection Manager\AssistantServices.exe
PRC - [2011/05/28 22:05:07 | 000,034,320 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
PRC - [2009/12/22 03:31:26 | 000,217,088 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2009/12/22 03:31:02 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\System32\dgdersvc.exe
PRC - [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/30 09:25:02 | 000,815,104 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
PRC - [2009/07/30 09:12:44 | 000,348,160 | ---- | M] (Red Bend Ltd.) -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2007/05/28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

========== Modules (No Company Name) ==========

MOD - [2014/11/13 10:25:16 | 016,840,880 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_15_0_0_223.dll
MOD - [2014/11/10 20:12:08 | 003,649,648 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/07/12 08:19:07 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/07/12 08:19:05 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
MOD - [2013/01/25 13:37:24 | 000,157,440 | ---- | M] () -- C:\Program Files\3G Connection Manager\UIExec.exe
MOD - [2010/01/27 14:31:24 | 000,109,312 | ---- | M] () -- C:\Program Files\Easy CD-DA Extractor 12\ezcddax32.dll
MOD - [2009/12/12 15:12:04 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager)
SRV - [2014/11/13 10:25:17 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/11/10 20:12:08 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/07/14 17:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/07/14 17:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/07/12 08:19:03 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/04/03 19:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/05 16:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2013/01/25 13:36:20 | 000,276,224 | ---- | M] () [Auto | Running] -- C:\Program Files\3G Connection Manager\AssistantServices.exe -- (UI Assistant Service)
SRV - [2011/05/28 22:05:07 | 000,034,320 | ---- | M] (MyWebSearch.com) [Auto | Running] -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2010/06/12 23:38:17 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/12/22 03:31:26 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009/12/22 03:31:02 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\System32\dgdersvc.exe -- (dgdersvc)
SRV - [2009/07/30 09:25:02 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV - [2009/07/30 09:12:44 | 000,348,160 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/11/11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/05/28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a4vse9cf)
DRV - [2014/07/12 08:19:42 | 000,414,520 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsp.sys -- (aswSP)
DRV - [2014/07/12 08:19:09 | 000,779,536 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsnx.sys -- (aswSnx)
DRV - [2014/07/12 08:19:09 | 000,192,352 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/07/12 08:19:09 | 000,081,768 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2014/07/12 08:19:09 | 000,071,944 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswstm.sys -- (aswStm)
DRV - [2014/07/12 08:19:09 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014/07/12 08:19:09 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014/07/12 08:19:09 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2011/08/29 10:42:56 | 000,107,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2011/08/29 10:42:56 | 000,107,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2011/08/29 10:42:56 | 000,107,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2011/08/29 10:42:56 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2010/05/12 13:58:23 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/12/22 03:31:26 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/12/22 03:31:02 | 000,018,136 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2009/10/05 16:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/19 06:30:10 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/09/19 06:30:10 | 000,100,224 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bserd.sys -- (ss_bserd)
DRV - [2009/09/19 06:30:10 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus)
DRV - [2009/09/19 06:30:10 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV - [2009/08/23 05:06:38 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E)
DRV - [2009/07/30 09:06:10 | 000,056,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bpenum.sys -- (bpenum)
DRV - [2009/07/14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/06/06 01:14:40 | 001,766,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2009/04/29 15:37:26 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/07/31 02:39:00 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?st=6&barid={91 ... 0272A421B8}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss ... ffID=17981
IE - HKLM\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/mywebsear ... earchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?sr ... 0272A421B8}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2418134949-3360115493-1312553204-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.babylon.com/?affID=111688 ... 25d38177d1
IE - HKU\S-1-5-21-2418134949-3360115493-1312553204-1000\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://search.babylon.com/?affID=111688 ... 25d38177d1
IE - HKU\S-1-5-21-2418134949-3360115493-1312553204-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?st=6&barid={91 ... 0272A421B8}
IE - HKU\S-1-5-21-2418134949-3360115493-1312553204-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 69 40 0D BC E4 C6 CA 01 [binary data]
IE - HKU\S-1-5-21-2418134949-3360115493-1312553204-1000\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKU\S-1-5-21-2418134949-3360115493-1312553204-1000\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No CLSID value found
IE - HKU\S-1-5-21-2418134949-3360115493-1312553204-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2418134949-3360115493-1312553204-1000\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2418134949-3360115493-1312553204-1000\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
IE - HKU\S-1-5-21-2418134949-3360115493-1312553204-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-2418134949-3360115493-1312553204-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTer ... 25d38177d1
IE - HKU\S-1-5-21-2418134949-3360115493-1312553204-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?clien ... 421EDD1E29
IE - HKU\S-1-5-21-2418134949-3360115493-1312553204-1000\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss ... ffID=17981
IE - HKU\S-1-5-21-2418134949-3360115493-1312553204-1000\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/mywebsear ... earchTerms}
IE - HKU\S-1-5-21-2418134949-3360115493-1312553204-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com//?search ... NUYyxvK0kH
IE - HKU\S-1-5-21-2418134949-3360115493-1312553204-1000\..\SearchScopes\{E977DF1B-46B5-B449-EE8E-6143A3D0FA23}: "URL" = http://iws.asksearch.com/s/?q={searchTe ... g=2-347-0-...
IE - HKU\S-1-5-21-2418134949-3360115493-1312553204-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?sr ... id=&&st=23
IE - HKU\S-1-5-21-2418134949-3360115493-1312553204-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "SweetIM Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://home.sweetim.com/?barid=&src=10&&st=23&ptr=100"
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40babylon.com:1.5.0
FF - prefs.js..extensions.enabledAddons: m3ffxtbr%40mywebsearch.com:1.1
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.7.3
FF - prefs.js..extensions.enabledAddons: plugin2%40gameplaylabs.com:2.0
FF - prefs.js..extensions.enabledAddons: v4ffxtbr%40DictionaryBoss.com:2.73.1.44222
FF - prefs.js..extensions.enabledAddons: %7BEEE6C361-6118-11DC-9C72-001320C79847%7D:1.9.0.0
FF - prefs.js..extensions.enabledAddons: %7Bef4e370e-d9f0-4e00-b93e-a4f274cfdd5a%7D:1.4.9
FF - prefs.js..extensions.enabledAddons: %7Bd40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0%7D:10.35.0.503
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e}:0.6.4.3
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: plugin2@gameplaylabs.com:2.0
FF - prefs.js..extensions.enabledItems: {2458abc0-f443-11dd-87af-0800200c9a66}:3.6.3.1.03.04.10
FF - prefs.js..extensions.enabledItems: info@djzig.com:1.2.9
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?sr ... ptr=100&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=111688 ... 25d38177d1"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll (MyWebSearch.com)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Evka\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Evka\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin [2013/10/30 20:34:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/07/12 08:19:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/11/10 20:12:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension

[2009/12/12 19:46:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Evka\AppData\Roaming\mozilla\Extensions
[2009/12/12 19:46:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Evka\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2014/11/11 18:29:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Evka\AppData\Roaming\mozilla\Firefox\Profiles\z4rlo3uk.default\extensions
[2012/10/09 18:46:16 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Evka\AppData\Roaming\mozilla\Firefox\Profiles\z4rlo3uk.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2013/08/18 08:36:25 | 000,000,000 | ---D | M] (Bloody Red) -- C:\Users\Evka\AppData\Roaming\mozilla\Firefox\Profiles\z4rlo3uk.default\extensions\{2458abc0-f443-11dd-87af-0800200c9a66}
[2010/11/07 19:01:16 | 000,000,000 | ---D | M] (Gmail Notifier) -- C:\Users\Evka\AppData\Roaming\mozilla\Firefox\Profiles\z4rlo3uk.default\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
[2014/11/11 18:29:43 | 000,000,000 | ---D | M] (Zynga) -- C:\Users\Evka\AppData\Roaming\mozilla\Firefox\Profiles\z4rlo3uk.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2014/11/07 19:23:23 | 000,000,000 | ---D | M] (IncrediMail MediaBar 2) -- C:\Users\Evka\AppData\Roaming\mozilla\Firefox\Profiles\z4rlo3uk.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}
[2012/09/29 07:20:36 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Evka\AppData\Roaming\mozilla\Firefox\Profiles\z4rlo3uk.default\extensions\ffxtlbr@babylon.com
[2011/10/12 16:24:58 | 000,000,000 | ---D | M] (My Web Search) -- C:\Users\Evka\AppData\Roaming\mozilla\Firefox\Profiles\z4rlo3uk.default\extensions\m3ffxtbr@mywebsearch.com
[2011/03/24 11:39:26 | 000,000,000 | ---D | M] (GamePlayLabs Plugin) -- C:\Users\Evka\AppData\Roaming\mozilla\Firefox\Profiles\z4rlo3uk.default\extensions\plugin2@gameplaylabs.com
[2013/12/06 22:45:46 | 000,000,000 | ---D | M] (DictionaryBoss) -- C:\Users\Evka\AppData\Roaming\mozilla\Firefox\Profiles\z4rlo3uk.default\extensions\v4ffxtbr@DictionaryBoss.com
[2013/10/26 04:54:59 | 000,348,260 | ---- | M] () (No name found) -- C:\Users\Evka\AppData\Roaming\mozilla\firefox\profiles\z4rlo3uk.default\extensions\personas@christopher.beard.xpi
[2014/09/06 16:36:06 | 002,043,936 | ---- | M] () (No name found) -- C:\Users\Evka\AppData\Roaming\mozilla\firefox\profiles\z4rlo3uk.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}.xpi
[2013/01/07 22:51:08 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\Evka\AppData\Roaming\mozilla\firefox\profiles\z4rlo3uk.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2013/02/20 06:21:23 | 000,685,671 | ---- | M] () (No name found) -- C:\Users\Evka\AppData\Roaming\mozilla\firefox\profiles\z4rlo3uk.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
[2011/03/08 10:12:45 | 000,001,743 | ---- | M] () -- C:\Users\Evka\AppData\Roaming\mozilla\firefox\profiles\z4rlo3uk.default\searchplugins\ask.uk.xml
[2010/04/29 21:45:25 | 000,002,555 | ---- | M] () -- C:\Users\Evka\AppData\Roaming\mozilla\firefox\profiles\z4rlo3uk.default\searchplugins\askcom.xml
[2012/09/28 21:27:00 | 000,002,222 | ---- | M] () -- C:\Users\Evka\AppData\Roaming\mozilla\firefox\profiles\z4rlo3uk.default\searchplugins\BabylonMngr.xml
[2014/11/03 19:30:36 | 000,002,133 | ---- | M] () -- C:\Users\Evka\AppData\Roaming\mozilla\firefox\profiles\z4rlo3uk.default\searchplugins\MyStart Search.xml
[2013/09/16 19:09:59 | 000,002,120 | ---- | M] () -- C:\Users\Evka\AppData\Roaming\mozilla\firefox\profiles\z4rlo3uk.default\searchplugins\MyStart.xml
[2012/01/06 14:48:18 | 000,009,966 | ---- | M] () -- C:\Users\Evka\AppData\Roaming\mozilla\firefox\profiles\z4rlo3uk.default\searchplugins\mywebsearch.xml
[2012/02/24 19:17:41 | 000,010,001 | ---- | M] () -- C:\Users\Evka\AppData\Roaming\mozilla\firefox\profiles\z4rlo3uk.default\searchplugins\RadioRage_4j.xml
[2014/10/31 08:39:11 | 000,004,064 | ---- | M] () -- C:\Users\Evka\AppData\Roaming\mozilla\firefox\profiles\z4rlo3uk.default\searchplugins\SweetIM Search.xml
[2012/10/08 22:26:30 | 000,003,983 | ---- | M] () -- C:\Users\Evka\AppData\Roaming\mozilla\firefox\profiles\z4rlo3uk.default\searchplugins\sweetim.xml
[2014/11/10 20:12:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/11/10 20:12:09 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll
CHR - plugin: GamePlayLabs Plugin (Enabled) = C:\Users\Evka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocphobfcfafpclibolpjdafgaffkaoci\1.0_0\npGamePlayLabsPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U17 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Evka\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll
CHR - Extension: No name found = C:\Users\Evka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Evka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Evka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Evka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Evka\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.3.16540.9015_0\
CHR - Extension: No name found = C:\Users\Evka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Evka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocphobfcfafpclibolpjdafgaffkaoci\1.0_0\
CHR - Extension: No name found = C:\Users\Evka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0\
CHR - Extension: No name found = C:\Users\Evka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2010/07/16 19:22:54 | 000,000,988 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 www.alcohol-soft.com
O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 alcohol-soft.com
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (GamePlayLabsBHO Class) - {984A9162-8891-4D19-8CFE-17648BB4E1EC} - C:\Users\Evka\AppData\Local\Browser Plugin\BHO.dll File not found
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-2418134949-3360115493-1312553204-1000\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKU\S-1-5-21-2418134949-3360115493-1312553204-1000\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h File not found
O4 - HKLM..\Run: [UIExec] C:\Program Files\3G Connection Manager\UIExec.exe ()
O4 - HKU\S-1-5-21-2418134949-3360115493-1312553204-1000..\Run: [KiesTrayAgent] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2418134949-3360115493-1312553204-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download Video on This Page - C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll (Tomato)
O8 - Extra context menu item: Download Video This Links To - C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll (Tomato)
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html ()
O9 - Extra Button: Download Video - {11F19C45-9675-488A-A8E0-8E8234DC245D} - C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll (Tomato)
O9 - Extra 'Tools' menuitem : Download Video on This Page - {11F19C45-9675-488A-A8E0-8E8234DC245D} - C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll (Tomato)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.37.80.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D21F1A3E-E659-41AA-A8A3-2DC173756EC7}: DhcpNameServer = 212.37.80.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D467B8E6-3C4E-4F99-ABA3-08A801DF1253}: NameServer = 160.218.161.60 194.228.211.33
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1946c3ee-1f66-11e3-b8ea-000272a421b8}\Shell - "" = AutoRun
O33 - MountPoints2\{1946c3ee-1f66-11e3-b8ea-000272a421b8}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{2d93c56d-1551-11e3-a54b-000272a421b8}\Shell - "" = AutoRun
O33 - MountPoints2\{2d93c56d-1551-11e3-a54b-000272a421b8}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ae366a83-7b09-11df-a73f-000272a421b8}\Shell - "" = AutoRun
O33 - MountPoints2\{ae366a83-7b09-11df-a73f-000272a421b8}\Shell\AutoRun\command - "" = F:\DPFMate.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.divxa32 - C:\Windows\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2014/11/14 21:38:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Evka\Desktop\OTL.exe
[2014/11/14 20:17:14 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014/11/14 20:17:14 | 000,000,000 | ---D | C] -- C:\rsit
[2014/11/10 20:12:02 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/11/04 21:33:13 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2014/11/01 18:15:12 | 000,000,000 | ---D | C] -- C:\Users\Evka\AppData\Roaming\Systweak
[2014/11/01 18:14:15 | 000,000,000 | ---D | C] -- C:\Users\Evka\AppData\Local\Programs
[2009/12/13 10:20:00 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Evka\AppData\Roaming\pcouffin.sys
[2009/12/12 19:45:03 | 009,325,800 | ---- | C] (Mozilla) -- C:\Users\Evka\Thunderbird Setup 3.0.exe
[2009/12/12 19:03:46 | 001,924,200 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Evka\install_flash_player.exe
[2009/12/12 18:46:01 | 022,240,040 | ---- | C] (Skype Technologies S.A.) -- C:\Users\Evka\Skype.v4.1.0.179.exe
[2009/12/12 11:51:38 | 000,891,224 | ---- | C] (AVG Technologies) -- C:\Users\Evka\avg_free_stb_eu_9_40_free.exe

========== Files - Modified Within 30 Days ==========

[2014/11/14 21:43:59 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014/11/14 21:38:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Evka\Desktop\OTL.exe
[2014/11/14 21:25:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/11/14 21:19:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/14 21:12:05 | 002,617,911 | ---- | M] () -- C:\Users\Evka\Desktop\20141114_210028.jpg
[2014/11/14 21:11:48 | 002,327,492 | ---- | M] () -- C:\Users\Evka\Desktop\20141114_210019.jpg
[2014/11/14 21:11:34 | 002,498,260 | ---- | M] () -- C:\Users\Evka\Desktop\20141114_210109.jpg
[2014/11/14 21:11:17 | 002,589,855 | ---- | M] () -- C:\Users\Evka\Desktop\20141114_210055.jpg
[2014/11/14 20:16:43 | 001,107,968 | ---- | M] () -- C:\Users\Evka\Desktop\RSIT.exe
[2014/11/14 20:05:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2418134949-3360115493-1312553204-1000UA.job
[2014/11/14 20:05:01 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2418134949-3360115493-1312553204-1000Core.job
[2014/11/14 18:58:45 | 000,026,652 | ---- | M] () -- C:\Users\Evka\Desktop\06214550000.jpg
[2014/11/14 18:51:52 | 000,022,769 | ---- | M] () -- C:\Users\Evka\Desktop\06214470000.jpg
[2014/11/14 18:26:01 | 000,000,238 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job
[2014/11/14 18:12:48 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/14 17:59:46 | 000,014,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/14 17:59:46 | 000,014,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/14 17:59:08 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/11/14 17:59:08 | 000,107,658 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/11/14 17:54:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/11/14 17:54:21 | 2388,459,520 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/13 10:25:17 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/11/13 10:25:17 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/11/11 20:30:11 | 000,045,266 | ---- | M] () -- C:\Users\Evka\Desktop\541564_474214152650578_839643763_n.jpg
[2014/11/11 18:16:08 | 000,001,146 | ---- | M] () -- C:\Users\Evka\Desktop\Live PC Help.lnk
[2014/11/04 21:33:16 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/10/29 23:15:00 | 000,002,101 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/10/29 15:42:08 | 000,017,688 | ---- | M] () -- C:\Windows\System32\roboot.exe
[2014/10/16 20:24:06 | 000,107,214 | ---- | M] () -- C:\Users\Evka\Desktop\DSC_5691.JPG

========== Files Created - No Company Name ==========

[2014/11/14 21:43:59 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014/11/14 21:11:49 | 002,617,911 | ---- | C] () -- C:\Users\Evka\Desktop\20141114_210028.jpg
[2014/11/14 21:11:34 | 002,327,492 | ---- | C] () -- C:\Users\Evka\Desktop\20141114_210019.jpg
[2014/11/14 21:11:18 | 002,498,260 | ---- | C] () -- C:\Users\Evka\Desktop\20141114_210109.jpg
[2014/11/14 21:11:01 | 002,589,855 | ---- | C] () -- C:\Users\Evka\Desktop\20141114_210055.jpg
[2014/11/14 20:16:43 | 001,107,968 | ---- | C] () -- C:\Users\Evka\Desktop\RSIT.exe
[2014/11/14 18:58:44 | 000,026,652 | ---- | C] () -- C:\Users\Evka\Desktop\06214550000.jpg
[2014/11/14 18:51:52 | 000,022,769 | ---- | C] () -- C:\Users\Evka\Desktop\06214470000.jpg
[2014/11/11 20:30:10 | 000,045,266 | ---- | C] () -- C:\Users\Evka\Desktop\541564_474214152650578_839643763_n.jpg
[2014/11/04 21:33:16 | 000,001,081 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/11/04 21:33:16 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/11/04 20:54:54 | 000,001,146 | ---- | C] () -- C:\Users\Evka\Desktop\Live PC Help.lnk
[2014/11/02 10:33:41 | 1813,264,388 | ---- | C] () -- C:\Users\Evka\Desktop\Herkules-Zrození-legendy-.2014-BDRip-CZ-Dabing.avi
[2014/11/01 18:14:19 | 000,017,688 | ---- | C] () -- C:\Windows\System32\roboot.exe
[2014/10/16 20:21:30 | 000,107,214 | ---- | C] () -- C:\Users\Evka\Desktop\DSC_5691.JPG
[2014/06/21 21:58:05 | 000,024,184 | ---- | C] () -- C:\Windows\System32\drivers\aswHwid.sys
[2014/02/13 20:40:19 | 000,002,092 | ---- | C] () -- C:\Users\Evka\.recently-used.xbel
[2013/04/27 12:03:20 | 000,192,352 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/04/27 12:03:20 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2012/06/10 10:29:17 | 000,305,788 | ---- | C] () -- C:\Users\Evka\Fotografia0661.jpg
[2011/01/22 23:47:15 | 000,000,000 | ---- | C] () -- C:\Users\Evka\AppData\Local\prvlcl.dat
[2010/04/18 19:46:18 | 000,455,161 | ---- | C] () -- C:\Users\Evka\ringtone_O2.mp3
[2009/12/18 20:50:08 | 000,011,264 | ---- | C] () -- C:\Users\Evka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/13 10:57:09 | 000,001,041 | ---- | C] () -- C:\Users\Evka\AppData\Roaming\vso_ts_preview.xml
[2009/12/13 10:20:00 | 000,087,608 | ---- | C] () -- C:\Users\Evka\AppData\Roaming\inst.exe
[2009/12/13 10:20:00 | 000,007,887 | ---- | C] () -- C:\Users\Evka\AppData\Roaming\pcouffin.cat
[2009/12/13 10:20:00 | 000,001,144 | ---- | C] () -- C:\Users\Evka\AppData\Roaming\pcouffin.inf

========== ZeroAccess Check ==========

[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/02/18 08:34:01 | 012,867,072 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/03/28 18:44:31 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\AIMP
[2014/06/21 22:05:30 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\AVAST Software
[2012/09/28 21:26:34 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\Babylon
[2011/10/28 20:12:17 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\Canneverbe Limited
[2014/06/21 22:20:42 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\Dropbox
[2014/06/21 22:20:41 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\DropboxMaster
[2010/12/12 18:26:10 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\Epson
[2009/12/12 11:52:24 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\GHISLER
[2011/09/06 11:44:33 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\go
[2014/02/13 20:35:28 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\gtk-2.0
[2010/04/05 15:07:40 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\IrfanView
[2014/10/03 19:31:56 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\OpenCandy
[2009/12/13 18:56:41 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\OpenOffice.org
[2012/01/22 23:05:50 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\Opera
[2011/02/14 21:19:08 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\PC Suite
[2012/12/28 17:42:14 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\Rovio
[2011/09/06 08:12:33 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\Samsung
[2014/11/04 20:54:57 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\Systweak
[2012/12/11 17:47:58 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\Thinstall
[2009/12/12 19:46:28 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\Thunderbird
[2011/07/08 16:56:23 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\Tomato
[2014/10/03 19:34:25 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\TuneUp Software
[2010/04/11 17:26:37 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\Ubisoft
[2014/04/09 17:53:01 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\Unity
[2011/05/15 23:14:21 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\VitySoft
[2014/03/25 13:24:13 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\Vso

========== Purity Check ==========

========== Custom Scans ==========

< >
[2009/07/14 05:53:46 | 000,032,576 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2010/12/08 18:26:40 | 000,000,238 | ---- | C] () -- C:\Windows\Tasks\Epson Printer Software Downloader.job
[2012/11/14 20:00:39 | 000,000,902 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2418134949-3360115493-1312553204-1000Core.job
[2012/11/14 20:00:40 | 000,000,924 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2418134949-3360115493-1312553204-1000UA.job
[2013/02/10 13:50:17 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013/02/14 22:44:29 | 000,000,920 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013/02/14 22:44:33 | 000,000,924 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< >

< MD5 for: ATAPI.SYS >
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009/07/14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\System32\autochk.exe
[2009/07/14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe

< MD5 for: CDROM.SYS >
[2009/07/14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009/07/14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009/07/14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: HAL.DLL >
[2009/07/14 02:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\System32\hal.dll
[2009/07/14 02:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll

< MD5 for: SCECLI.DLL >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< MD5 for: SERVICES.EXE >
[2009/07/14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: TCPIP.SYS >
[2009/07/14 02:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\System32\drivers\tcpip.sys
[2009/07/14 02:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys

< MD5 for: USERINIT.EXE >
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< >

< %systemroot%*.* /U /s >
[2 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >
[2010/02/28 16:46:14 | 006,491,984 | ---- | M] (Poikosoft) -- C:\Easy-Cd-Da-Extractor_12.0.6.exe
[2010/02/18 15:33:35 | 032,494,896 | ---- | M] (Apple Inc.) -- C:\QuickTimeInstaller.exe

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010/10/16 19:11:56 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\Adobe
[2010/03/28 18:44:31 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\AIMP
[2010/07/31 19:22:32 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\Apple Computer
[2014/06/21 22:05:30 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\AVAST Software
[2012/09/28 21:26:34 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\Babylon
[2011/10/28 20:12:17 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\Canneverbe Limited
[2014/06/21 22:20:42 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\Dropbox
[2014/06/21 22:20:41 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\DropboxMaster
[2014/10/09 20:01:25 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\dvdcss
[2010/12/12 18:26:10 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\Epson
[2009/12/12 11:52:24 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\GHISLER
[2011/09/06 11:44:33 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\go
[2010/02/10 21:30:20 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\GRETECH
[2014/02/13 20:35:28 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\gtk-2.0
[2009/12/12 11:42:25 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\Identities
[2010/12/08 18:20:23 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\InstallShield
[2010/04/05 15:07:40 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\IrfanView
[2009/12/12 19:05:27 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\Macromedia
[2009/07/14 08:50:20 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\Media Center Programs
[2013/02/10 13:57:42 | 000,000,000 | --SD | M] -- C:\Users\Evka\AppData\Roaming\Microsoft
[2009/12/12 11:49:03 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\Mozilla
[2012/09/30 10:38:19 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\Nero
[2014/10/03 19:31:56 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\OpenCandy
[2009/12/13 18:56:41 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\OpenOffice.org
[2012/01/22 23:05:50 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\Opera
[2011/02/14 21:19:08 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\PC Suite
[2012/12/28 17:42:14 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\Rovio
[2011/09/06 08:12:33 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\Samsung
[2014/11/14 11:50:26 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\Skype
[2011/05/28 19:49:22 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\skypePM
[2014/11/04 20:54:57 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\Systweak
[2012/12/11 17:47:58 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\Thinstall
[2009/12/12 19:46:28 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\Thunderbird
[2011/07/08 16:56:23 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\Tomato
[2014/10/03 19:34:25 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\TuneUp Software
[2010/04/11 17:26:37 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\Ubisoft
[2014/04/09 17:53:01 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\Unity
[2011/05/15 23:14:21 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\VitySoft
[2014/10/09 22:05:56 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\vlc
[2014/03/25 13:24:13 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\Vso
[2010/01/16 20:28:41 | 000,000,000 | ---D | M] -- C:\Users\Evka\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2009/12/13 10:20:00 | 000,087,608 | ---- | M] () -- C:\Users\Evka\AppData\Roaming\inst.exe
[2014/03/19 13:17:02 | 032,667,896 | ---- | M] (Dropbox, Inc.) -- C:\Users\Evka\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2014/03/19 13:18:14 | 000,244,648 | ---- | M] (Dropbox, Inc.) -- C:\Users\Evka\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
[2014/03/19 13:17:06 | 000,143,616 | ---- | M] (Dropbox, Inc.) -- C:\Users\Evka\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2007/03/22 11:46:42 | 000,126,976 | ---- | M] () -- C:\Users\Evka\AppData\Roaming\GRETECH\GomPlayer\GrLauncher.exe
[2014/10/03 19:31:24 | 013,305,616 | ---- | M] (Gretech Corporation) -- C:\Users\Evka\AppData\Roaming\GRETECH\GomPlayer\GrLauncherTempSetup.exe
[2011/04/20 22:41:43 | 002,832,544 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Evka\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2011/04/11 14:27:08 | 000,010,134 | R--- | M] () -- C:\Users\Evka\AppData\Roaming\Microsoft\Installer\{F2015EA4-1653-4C65-9B27-D0CF3A1DAF36}\ARPPRODUCTICON.exe
[2014/10/03 19:32:37 | 028,369,720 | ---- | M] (TuneUp Software) -- C:\Users\Evka\AppData\Roaming\OpenCandy\4C57CDEEBE984AE0A2E7B6AE06DA64E3\TuneUpUtilities2014WORLDW1D_en-US.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2014/11/14 21:25:00 | 000,000,830 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2014/11/14 18:26:01 | 000,000,238 | ---- | M] () -- C:\Windows\Tasks\Epson Printer Software Downloader.job
[2014/11/14 20:05:01 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2418134949-3360115493-1312553204-1000Core.job
[2014/11/14 20:05:01 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2418134949-3360115493-1312553204-1000UA.job
[2014/11/14 18:12:48 | 000,000,920 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2014/11/14 21:19:01 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/05/12 13:58:23 | 000,721,904 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/04/23 08:13:36 | 000,002,048 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\tzres.dll

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2014/11/14 17:59:46 | 000,014,416 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/14 17:59:46 | 000,014,416 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/13 10:25:17 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerApp.exe
[2014/11/13 10:25:17 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerCPLApp.cpl
[2014/11/14 17:59:08 | 000,107,658 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2014/11/14 17:59:08 | 000,607,190 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2014/11/14 17:59:08 | 000,718,158 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI
[2014/11/14 17:54:57 | 000,000,050 | ---- | M] () -- C:\Windows\system32\SupplicantTest.log

< %SYSTEMDRIVE%\*.exe >
[2010/02/28 16:46:14 | 006,491,984 | ---- | M] (Poikosoft) -- C:\Easy-Cd-Da-Extractor_12.0.6.exe
[2010/02/18 15:33:35 | 032,494,896 | ---- | M] (Apple Inc.) -- C:\QuickTimeInstaller.exe

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"KiesTrayAgent" =

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2014/11/10 20:12:09 | 000,275,568 | ---- | M] (Mozilla Corporation) MD5=65068E245EFE045E6956190CD0E2FB91 -- C:\Program Files\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2009/07/14 02:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Program Files\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >
[2014/08/24 20:43:19 | 000,879,456 | ---- | M] (Opera Software) MD5=64E8DB17AA4D027C24F302AC0E769EFF -- C:\Program Files\Opera\opera.exe

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2014/10/22 05:05:02 | 000,854,344 | ---- | M] (Google Inc.) MD5=66A4A7C7802E0968E07647999FFC87E2 -- C:\Program Files\Google\Chrome\Application\chrome.exe

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014/11/14 21:43:59 | 000,000,512 | ---- | M] () MD5=A92A3BF11E5F286EA95E890F7C319828 -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2010/10/04 22:50:56 | 000,062,238 | ---- | M] () -- \Program Files\GIMP-2.0\share\gimp\2.0\patterns\cracked.pat
[2011/08/27 12:57:23 | 000,000,858 | ---- | M] () -- \Users\Evka\AppData\Local\IM\Sound\tchaikovsky_the_nutcracker.imw
[2013/02/10 00:09:48 | 000,005,369 | ---- | M] () -- \Users\Evka\AppData\Roaming\VitySoft\FRD\plugins\crackle.frp

< *keygen* /s >
[2007/04/20 14:18:02 | 000,053,760 | ---- | M] () -- \Users\Evka\Desktop\Adobe photoshop CS 3 cz full version by steven\keygen.exe

< *loader* /s >
[2014/07/12 08:19:03 | 000,071,968 | ---- | M] () -- \Program Files\AVAST Software\Avast\aswWrcIELoader32.exe
[2007/10/23 17:52:22 | 000,114,688 | ---- | M] () -- \Program Files\Epson Software\Easy Photo Print\APFLoaderV13.dll
[2007/10/23 17:52:22 | 000,069,632 | ---- | M] () -- \Program Files\Epson Software\Easy Photo Print\EpAPFLoader.dll
[2007/10/23 17:52:22 | 000,102,400 | ---- | M] () -- \Program Files\Epson Software\Easy Photo Print\EpAPFLoader2006.dll
[2010/02/07 22:40:00 | 000,000,543 | ---- | M] () -- \Program Files\GIMP-2.0\etc\gtk-2.0\gdk-pixbuf.loaders
[2009/12/15 18:58:18 | 000,017,056 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-ani.dll
[2009/12/15 18:58:20 | 000,018,592 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-bmp.dll
[2009/12/15 18:58:24 | 000,026,272 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-gif.dll
[2009/12/15 18:58:26 | 000,012,960 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-icns.dll
[2009/12/15 18:58:28 | 000,017,568 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-ico.dll
[2009/12/15 18:58:56 | 000,019,616 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-jpeg.dll
[2009/12/15 18:59:04 | 000,015,008 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-pcx.dll
[2009/12/15 18:59:06 | 000,019,104 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-png.dll
[2009/12/15 18:59:10 | 000,017,056 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-pnm.dll
[2009/12/15 18:59:14 | 000,012,448 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-ras.dll
[2009/12/15 18:59:16 | 000,016,544 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-tga.dll
[2009/12/15 18:59:20 | 000,016,544 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-tiff.dll
[2009/12/15 18:59:22 | 000,011,936 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-wbmp.dll
[2009/12/15 18:59:24 | 000,013,984 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-xbm.dll
[2009/12/15 18:59:28 | 000,028,320 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-xpm.dll
[2009/05/01 20:42:00 | 000,009,880 | ---- | M] () -- \Program Files\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\svg_loader.dll
[2009/09/16 22:33:50 | 000,006,308 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.py
[2009/09/16 15:22:08 | 000,022,528 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.uno.dll
[2009/09/18 18:20:08 | 000,000,171 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.uno.ini
[2009/09/11 16:36:38 | 000,029,696 | ---- | M] () -- \Program Files\OpenOffice.org 3\URE\bin\javaloader.uno.dll
[2009/09/18 11:48:12 | 000,003,872 | ---- | M] () -- \Program Files\OpenOffice.org 3\URE\java\unoloader.jar
[2009/12/04 02:19:16 | 000,292,352 | ---- | M] () -- \Program Files\Samsung\Kies\BinaryLoaderForKorea.dll
[2010/01/28 14:19:32 | 000,331,576 | ---- | M] () -- \Program Files\Samsung\Kies\BinaryLoaderMgr.exe
[2011/04/28 14:58:12 | 000,991,232 | ---- | M] () -- \Program Files\Tomato\YouTube Video Downloader\YouTubeVideoDownloader.exe
[2009/12/12 15:12:04 | 000,045,056 | ---- | M] () -- \Program Files\WinRAR\RarExtLoader.exe
[2014/07/24 14:53:16 | 000,072,638 | ---- | M] () -- \Users\Evka\AppData\Local\Skype\Apps\login\images\loader.gif
[2014/07/24 14:53:16 | 000,003,032 | ---- | M] () -- \Users\Evka\AppData\Local\Skype\Apps\login\images\loader.png
[2014/07/24 14:53:16 | 000,006,012 | ---- | M] () -- \Users\Evka\AppData\Local\Skype\Apps\login\images\normal\loader_15fps.gif
[2014/07/24 14:53:16 | 000,021,956 | ---- | M] () -- \Users\Evka\AppData\Local\Skype\Apps\login\images\normal\loader_30fps.gif
[2014/07/24 14:53:16 | 000,009,772 | ---- | M] () -- \Users\Evka\AppData\Local\Skype\Apps\login\images\retina\loader@2x.png
[2011/08/14 13:52:24 | 000,010,145 | ---- | M] () -- \Users\Evka\AppData\Roaming\Mozilla\Firefox\Profiles\z4rlo3uk.default\conduitCommon\modules\3.6.0.10\ExternalLibraryLoader.jsm
[2014/11/11 18:29:32 | 000,000,847 | ---- | M] () -- \Users\Evka\AppData\Roaming\Mozilla\Firefox\Profiles\z4rlo3uk.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\Chrome\CT2438727\content\tb\al\ac\img\ajax-loader.gif
[2014/11/11 18:29:32 | 000,001,135 | ---- | M] () -- \Users\Evka\AppData\Roaming\Mozilla\Firefox\Profiles\z4rlo3uk.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\Chrome\CT2438727\content\tb\al\ac\img\loader-icon.png
[2014/11/11 18:29:33 | 000,003,208 | ---- | M] () -- \Users\Evka\AppData\Roaming\Mozilla\Firefox\Profiles\z4rlo3uk.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\Chrome\CT2438727\content\tb\al\ui\gf\img\loader.gif
[2014/11/07 14:19:08 | 000,000,847 | ---- | M] () -- \Users\Evka\AppData\Roaming\Mozilla\Firefox\Profiles\z4rlo3uk.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\Chrome\CT2724386\content\tb\al\ac\img\ajax-loader.gif
[2014/11/07 14:19:08 | 000,001,135 | ---- | M] () -- \Users\Evka\AppData\Roaming\Mozilla\Firefox\Profiles\z4rlo3uk.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\Chrome\CT2724386\content\tb\al\ac\img\loader-icon.png
[2014/11/07 14:19:09 | 000,003,208 | ---- | M] () -- \Users\Evka\AppData\Roaming\Mozilla\Firefox\Profiles\z4rlo3uk.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\Chrome\CT2724386\content\tb\al\ui\gf\img\loader.gif
[2012/08/05 16:52:56 | 000,001,656 | ---- | M] () -- \Users\Evka\AppData\Roaming\Mozilla\Firefox\Profiles\z4rlo3uk.default\extensions\ffxtlbr@babylon.com\content\loader.xul
[2011/07/08 16:55:47 | 000,001,168 | ---- | M] () -- \Users\Public\Desktop\YouTube Video Downloader.lnk
[2010/01/15 18:42:07 | 000,000,003 | ---- | M] () -- \Windows\7Loader.TAG
[2009/07/14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2010/12/08 18:26:40 | 000,002,768 | ---- | M] () -- \Windows\System32\Tasks\Epson Printer Software Downloader
[2009/07/14 05:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2014/11/14 18:26:01 | 000,000,238 | ---- | M] () -- \Windows\Tasks\Epson Printer Software Downloader.job
[2009/07/14 08:42:17 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009/07/14 08:42:17 | 000,033,344 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winload.exe.mui_3bc5b827
[2009/07/14 08:42:17 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winresume.exe.mui_ff8b5358
[2009/12/12 12:12:48 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2009/12/12 12:12:48 | 000,507,568 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed_winload.exe_75835076
[2009/12/12 12:12:48 | 000,442,920 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed_winresume.exe_85cd1215
[2009/07/14 03:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009/07/14 03:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2009/07/14 08:41:36 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009/07/14 02:47:46 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009/08/19 08:38:48 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2009/08/19 08:21:21 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20509_none_5be12f8ee6d3987e.manifest
[2009/07/14 02:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009/07/14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009/07/14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:12E23EBD

< End of report >

habalova · #7 Příspěvek od **habalova** » 14 lis 2014 22:19

druhy log sa mi nezmesti poctom znakov, mozem ho poslat na dva krat?

#8 Příspěvek od **Rudy** » 14 lis 2014 22:38

Ani nemusíte. Stačil tento jeden log, abych se přesvědčil, že váš oper. systém je nelegální. Takové systémy podle pravidel fóra neřešíme: http://forum.viry.cz/viewtopic.php?f=12&t=115512 . Lituji.

habalova · #9 Příspěvek od **habalova** » 14 lis 2014 22:41

jasne, chapem... aspon viem, ako to je a dam si to vyriesit a vymenit za legalny. aj tak vam dakujem pekne.

#10 Příspěvek od **Rudy** » 14 lis 2014 22:48

Nemáte zač!

VIRY.CZ

Dobrý den, chcela by som Vas poprosit o kontrolu pc.

Dobrý den, chcela by som Vas poprosit o kontrolu pc.

Re: Dobrý den, chcela by som Vas poprosit o kontrolu pc.

Re: Dobrý den, chcela by som Vas poprosit o kontrolu pc.

Re: Dobrý den, chcela by som Vas poprosit o kontrolu pc.

Re: Dobrý den, chcela by som Vas poprosit o kontrolu pc.

Re: Dobrý den, chcela by som Vas poprosit o kontrolu pc.

Re: Dobrý den, chcela by som Vas poprosit o kontrolu pc.

Re: Dobrý den, chcela by som Vas poprosit o kontrolu pc.

Re: Dobrý den, chcela by som Vas poprosit o kontrolu pc.

Re: Dobrý den, chcela by som Vas poprosit o kontrolu pc.