Dobrý den, povedlo se mi nějak zavirovat počítač přes email. Zkoušel to syn, který studuje 2.ročník IT školy a nepovedlo se mu to. Kdybych neveděla tak mu zavolám co a jak. Zde posílám RSIT podle návodu. Snad je vše správně.Mám pocit, že syn udělal pouze v PC ještě větší bordel než byl. Děkuji Věra.
Logfile of random's system information tool 1.10 (written by random/random)
Run by Administrator at 2015-02-25 11:24:23
Microsoft Windows 7 Ultimate
System drive C: has 61 GB (65%) free of 95 GB
Total RAM: 3033 MB (68% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:24:37, on 25.2.2015
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
D:\Dokumenty\SkypePortable\App\Skype\Phone\Skype.exe
C:\Users\Administrator\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Administrator\Desktop\RSIT.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Administrator.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\bin\core.4.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [Skype] "D:\Dokumenty\SkypePortable\App\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [LecaLbaqo] regsvr32.exe "C:\ProgramData\LecaLbaqo\CefixAvuvq.syl"
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Administrator\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Administrator\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKUS\S-1-5-18\..\RunOnce: [Report] \AdwCleaner\AdwCleaner[S0].txt (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Report] \AdwCleaner\AdwCleaner[S0].txt (User 'Default user')
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanner.ikea.com/CZ/Core/ ... _Win32.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - D:\Dokumenty\SkypePortable\App\Skype\Updater\Updater.exe
O23 - Service: SAMSUNG WiselinkPro Service (WiselinkPro) - Unknown owner - C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
--
End of file - 6177 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1025612255-1419475842-1272948856-500Core.job - C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1025612255-1419475842-1272948856-500UA.job - C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
=========Mozilla firefox=========
ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dxpuq1l9.default
prefs.js - "browser.startup.homepage" - "http://www.msn.com/?pc=UP94&ocid=UP94DHP"
prefs.js - "keyword.URL" - "http://www.bing.com/search?FORM=UP94DF&PC=UP94&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 9
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Ukazatel S-Rank - C:\Program Files\Seznam.cz\bin\core.4.dll [2012-04-16 1152024]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-12-15 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-12-15 175640]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-12-15 166936]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2010-02-25 1800464]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-09-12 959176]
"seznam-listicka-distribuce"=C:\Program Files\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [2009-11-25 95632]
"Skype"=D:\Dokumenty\SkypePortable\App\Skype\Phone\Skype.exe [2015-01-23 31087200]
"LecaLbaqo"=regsvr32.exe C:\ProgramData\LecaLbaqo\CefixAvuvq.syl []
"cz.seznam.software.autoupdate"=C:\Users\Administrator\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Users\Administrator\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2013-04-12 92664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-09-12 959176]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-13 138096]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Windows\system32\NeroCheck.exe [2001-07-09 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seznam Postak]
C:\Program Files\Seznam.cz\bin\postak.exe [2012-01-10 491040]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2012-04-19 1199104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-12-15 226304]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LMIRescue_3994b7bb-9cd6-47a8-bba6-693482804a23]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"I:0\Dokumenty\SkypePortable\App\Skype\Phone\Skype.exe"="I:0\Dokumenty\SkypePortable\App\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"msacm.ac3filter"=ac3filter.acm
"vidc.XVID"=xvidvfw.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2015-02-25 11:24:24 ----D---- C:\Program Files\trend micro
2015-02-25 11:24:23 ----D---- C:\rsit
2015-02-24 21:08:34 ----D---- C:\Windows\temp
2015-02-24 21:07:22 ----SHD---- C:\$RECYCLE.BIN
2015-02-24 19:45:03 ----D---- C:\ProgramData\Malwarebytes
2015-02-24 19:44:50 ----D---- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-24 19:43:44 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2015-02-24 17:51:51 ----A---- C:\Windows\zip.exe
2015-02-24 17:51:51 ----A---- C:\Windows\SWSC.exe
2015-02-24 17:51:51 ----A---- C:\Windows\SWREG.exe
2015-02-24 17:51:51 ----A---- C:\Windows\sed.exe
2015-02-24 17:51:51 ----A---- C:\Windows\PEV.exe
2015-02-24 17:51:51 ----A---- C:\Windows\NIRCMD.exe
2015-02-24 17:51:51 ----A---- C:\Windows\MBR.exe
2015-02-24 17:51:51 ----A---- C:\Windows\grep.exe
2015-02-24 17:51:44 ----AD---- C:\Qoobox
2015-02-24 17:51:24 ----D---- C:\Windows\erdnt
2015-02-24 17:20:25 ----D---- C:\Users\Administrator\AppData\Roaming\Seznam.cz
2015-02-24 17:10:40 ----D---- C:\ProgramData\HitmanPro
2015-02-24 17:09:06 ----A---- C:\Windows\system32\zerobyte_files_deleted.txt
2015-02-24 17:09:05 ----A---- C:\Windows\zerobyte_files_deleted.txt
2015-02-24 17:07:45 ----D---- C:\Support
2015-02-24 17:07:22 ----A---- C:\Windows\system32\zlib.dll
2015-02-24 09:30:38 ----D---- C:\Program Files\Common Files\Adobe
2015-02-17 14:16:15 ----D---- C:\ProgramData\LecaLbaqo
======List of files/folders modified in the last 1 month======
2015-02-25 11:24:24 ----RD---- C:\Program Files
2015-02-25 11:15:11 ----D---- C:\Users\Administrator\AppData\Roaming\Skype
2015-02-25 10:50:12 ----D---- C:\Windows\system32\NDF
2015-02-24 21:08:34 ----D---- C:\Windows
2015-02-24 21:05:59 ----A---- C:\Windows\system.ini
2015-02-24 21:00:41 ----D---- C:\Windows\System32
2015-02-24 21:00:40 ----D---- C:\Windows\system32\drivers
2015-02-24 21:00:40 ----D---- C:\Windows\AppPatch
2015-02-24 21:00:38 ----D---- C:\Program Files\Common Files
2015-02-24 19:45:03 ----D---- C:\ProgramData
2015-02-24 17:58:38 ----D---- C:\Windows\system32\drivers\etc
2015-02-24 17:35:37 ----D---- C:\Program Files\Google
2015-02-24 17:35:02 ----D---- C:\Windows\system32\config
2015-02-24 17:20:40 ----D---- C:\Program Files\Seznam.cz
2015-02-24 17:19:22 ----SHD---- C:\Windows\Installer
2015-02-24 17:19:06 ----D---- C:\Program Files\Skype
2015-02-24 17:19:06 ----D---- C:\Program Files\Mozilla Firefox
2015-02-24 17:17:53 ----SD---- C:\ProgramData\Microsoft
2015-02-24 17:17:53 ----D---- C:\Program Files\Microsoft
2015-02-24 17:17:34 ----D---- C:\Windows\system32\Macromed
2015-02-24 17:17:34 ----D---- C:\Windows\system32\Adobe
2015-02-24 17:10:08 ----D---- C:\Windows\SoftwareDistribution
2015-02-24 09:30:40 ----D---- C:\ProgramData\Adobe
2015-02-24 09:30:38 ----D---- C:\Program Files\Adobe
2015-02-20 11:21:26 ----D---- C:\ProgramData\Skype
2015-02-18 19:12:04 ----D---- C:\Windows\system32\LogFiles
2015-02-16 10:32:05 ----D---- C:\Windows\system32\catroot2
2015-02-10 18:05:49 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2015-02-10 11:07:15 ----D---- C:\Windows\Tasks
2015-01-27 10:36:57 ----D---- C:\Windows\inf
2015-01-27 10:36:57 ----A---- C:\Windows\system32\PerfStringBackup.INI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2006-07-24 36528]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2010-02-25 128376]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\Windows\system32\DRIVERS\AcpiVpc.sys [2010-01-20 23136]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2009-07-08 2506232]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-12-15 7062016]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 catchme;catchme; \??\C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys []
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-09-12 64704]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2010-02-25 723632]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [2007-01-11 113664]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-05 107912]
S2 SkypeUpdate;Skype Updater; D:\Dokumenty\SkypePortable\App\Skype\Updater\Updater.exe [2015-01-02 315488]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-10 267440]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-05 107912]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WiselinkPro;SAMSUNG WiselinkPro Service; C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2009-01-08 4136960]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
OTP seznam.cz
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119677
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: OTP seznam.cz
Zdravím!
Jak je na tom váš oper. systém s legalitou?
Jak je na tom váš oper. systém s legalitou?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: OTP seznam.cz
Jezíš tak to nevím jak to zjistím? Na straně počítače mám takovou samolepku kde je napsáno Windows 7 a nějaký klíč.
-
Rudy
- Site Admin
- Příspěvky: 119677
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: OTP seznam.cz
A je tam windows 7 ultimate?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: OTP seznam.cz
Je tam napsáno Windows7 Ultimate OEM HP. Chcete i ten kod?
-
Rudy
- Site Admin
- Příspěvky: 119677
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: OTP seznam.cz
Není třeba. Zkusíme tento postup:
Stáhněte a spusťte OTL: http://oldtimer.geekstogo.com/OTL.exe . Spusťte, zaškrněte "Pro všechny uživatele", Kontrola na havěť LOP" a Kontrola na hvěť PURITY" a do dolního bílého okna zkopírujte:
Stáhněte a spusťte OTL: http://oldtimer.geekstogo.com/OTL.exe . Spusťte, zaškrněte "Pro všechny uživatele", Kontrola na havěť LOP" a Kontrola na hvěť PURITY" a do dolního bílého okna zkopírujte:
a klikněte na >Prohledat<. Dejte oba logy.CREATERESTOREPOINT
netsvcs
drivers32
savembr:0
/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop
%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5
%SystemDrive%\PhysicalMBR.bin /md5
*crack* /s
*keygen* /s
*loader* /s
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: OTP seznam.cz
Pouze se chci zeptat jak dlouho to pojede? Mám to puštěné asi 40 minut a stále to jede. Děkuji
Re: OTP seznam.cz
Tak test dojel ale otevřel se mi pouze jen jeden textový editor. Snad jsem nic neudělala špatně.
OTL logfile created on: 25.2.2015 13:20:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,96 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 65,22% Memory free
5,92 Gb Paging File | 4,72 Gb Available in Paging File | 79,78% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 92,91 Gb Total Space | 59,99 Gb Free Space | 64,56% Space Free | Partition Type: NTFS
Drive D: | 205,08 Gb Total Space | 159,57 Gb Free Space | 77,81% Space Free | Partition Type: NTFS
Computer Name: MACHOVA-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2015.02.25 13:17:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2014.09.12 10:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.04.12 09:13:24 | 000,457,208 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
PRC - [2010.02.25 17:36:24 | 001,800,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2010.02.25 17:36:24 | 000,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2009.11.25 20:42:26 | 000,095,632 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
PRC - [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2007.01.11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
========== Modules (No Company Name) ==========
MOD - [2013.04.29 10:54:54 | 001,663,000 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Seznam.cz\bin\libfoxcub.dll
MOD - [2013.04.12 09:13:24 | 000,457,208 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
MOD - [2013.03.29 12:37:34 | 000,059,384 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Seznam.cz\bin\19365libfoxloader.dll
MOD - [2013.03.25 15:39:52 | 000,894,968 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Seznam.cz\bin\lightspeed.dll
MOD - [2012.10.24 15:42:06 | 000,247,352 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Seznam.cz\bin\unlockInstance.dll
========== Services (SafeList) ==========
SRV - [2015.02.10 18:05:49 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015.01.02 19:45:12 | 000,315,488 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Dokumenty\SkypePortable\App\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014.09.12 10:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.02.25 17:36:24 | 000,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.01.08 08:38:46 | 004,136,960 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe -- (WiselinkPro)
SRV - [2007.01.11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010.02.25 17:36:24 | 000,128,376 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2010.01.20 06:14:42 | 000,023,136 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1025612255-1419475842-1272948856-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1025612255-1419475842-1272948856-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Bing "
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.selectedEngine: "Bing "
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?pc=UP94&ocid=UP94DHP"
FF - prefs.js..extensions.enabledAddons: {ea614400-e918-4741-9a97-7a972ff7c30b}:3.0.8
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=UP94DF&PC=UP94&q="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Administrator\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.13 09:01:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2011.09.30 17:53:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2015.02.24 20:03:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dxpuq1l9.default\extensions
[2014.02.26 13:27:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.11.13 09:00:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012.11.13 09:00:58 | 000,000,000 | ---D | M] (Seznam lištička) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
File not found (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXPUQ1L9.DEFAULT\EXTENSIONS\{EA614400-E918-4741-9A97-7A972FF7C30B}
[2011.09.23 05:43:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.09.23 03:01:37 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2011.09.23 03:01:37 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2011.09.23 03:01:37 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2011.09.23 03:01:37 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2011.09.23 03:01:37 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml
========== Chrome ==========
CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig\1.3.14_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd\1.2.13_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim\0.0.0.4_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak\1.7.1_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2015.02.24 17:58:38 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Ukazatel S-Rank) - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\bin\core.4.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1025612255-1419475842-1272948856-500\..\Toolbar\WebBrowser: (no name) - {34AB3C4C-DA1A-4067-96F4-31452C7CFE65} - No CLSID value found.
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [seznam-listicka-distribuce] C:\Program Files\Seznam.cz\distribution\szninstall.exe ()
O4 - HKU\S-1-5-21-1025612255-1419475842-1272948856-500..\Run: [cz.seznam.software.autoupdate] C:\Users\Administrator\AppData\Roaming\Seznam.cz\szninstall.exe ()
O4 - HKU\S-1-5-21-1025612255-1419475842-1272948856-500..\Run: [cz.seznam.software.szndesktop] C:\Users\Administrator\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe ()
O4 - HKU\S-1-5-21-1025612255-1419475842-1272948856-500..\Run: [LecaLbaqo] C:\Windows\System32\regsvr32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1025612255-1419475842-1272948856-500..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKU\.DEFAULT..\RunOnce: [Report] \AdwCleaner\AdwCleaner[S0].txt File not found
O4 - HKU\S-1-5-18..\RunOnce: [Report] \AdwCleaner\AdwCleaner[S0].txt File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1025612255-1419475842-1272948856-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1025612255-1419475842-1272948856-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1025612255-1419475842-1272948856-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\S-1-5-21-1025612255-1419475842-1272948856-500\..Trusted Domains: localhost ([]http in Internet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Reg Error: Key error.)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/CZ/Core/ ... _Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7063164C-1E25-469B-915B-B5981861380D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C33C8CEA-700E-4655-A9D3-A10655FC4FEF}: DhcpNameServer = 160.218.43.200 160.218.10.200
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E985DF01-9EBB-4BEA-878D-F5FC53CEF329}: DhcpNameServer = 213.46.172.37 213.46.172.36
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 30 Days ==========
[2015.02.25 13:19:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2015.02.25 13:18:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\OTL.exe
[2015.02.25 11:24:24 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2015.02.25 11:24:23 | 000,000,000 | ---D | C] -- C:\rsit
[2015.02.24 21:08:34 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2015.02.24 21:07:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2015.02.24 20:25:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Impostazioni locali
[2015.02.24 19:45:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015.02.24 19:44:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2015.02.24 19:43:44 | 000,092,888 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2015.02.24 19:18:15 | 016,466,552 | ---- | C] (Malwarebytes Corp.) -- C:\Users\Administrator\Desktop\mbar-1.08.3.1004.exe
[2015.02.24 19:10:06 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\mbar
[2015.02.24 18:00:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\temp
[2015.02.24 17:51:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2015.02.24 17:51:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2015.02.24 17:51:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2015.02.24 17:51:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2015.02.24 17:51:24 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2015.02.24 17:43:44 | 005,611,903 | R--- | C] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2015.02.24 17:20:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Seznam.cz
[2015.02.24 17:10:40 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2015.02.24 17:07:45 | 000,000,000 | ---D | C] -- C:\Support
[2015.02.24 09:30:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2015.02.17 14:16:15 | 000,000,000 | ---D | C] -- C:\ProgramData\LecaLbaqo
[2010.02.25 17:29:37 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Program Files\ATF-Cleaner.exe
========== Files - Modified Within 30 Days ==========
[2015.02.25 13:24:39 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2015.02.25 13:17:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\OTL.exe
[2015.02.25 13:17:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2015.02.25 13:15:54 | 000,005,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015.02.25 13:15:54 | 000,005,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015.02.25 13:12:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015.02.25 12:43:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015.02.25 11:30:06 | 000,001,014 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1025612255-1419475842-1272948856-500UA.job
[2015.02.25 11:30:00 | 000,000,992 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1025612255-1419475842-1272948856-500Core.job
[2015.02.25 11:21:28 | 001,107,968 | ---- | M] () -- C:\Users\Administrator\Desktop\RSIT.exe
[2015.02.25 11:13:53 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015.02.25 11:13:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015.02.25 11:13:30 | 2384,932,864 | -HS- | M] () -- C:\hiberfil.sys
[2015.02.24 19:43:44 | 000,092,888 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2015.02.24 19:07:08 | 016,466,552 | ---- | M] (Malwarebytes Corp.) -- C:\Users\Administrator\Desktop\mbar-1.08.3.1004.exe
[2015.02.24 17:58:38 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2015.02.24 17:51:15 | 005,611,903 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2015.02.24 17:07:22 | 000,053,248 | ---- | M] () -- C:\Windows\System32\zlib.dll
[2015.02.24 17:02:23 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat
[2015.02.24 10:41:59 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015.02.24 09:30:44 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2015.02.10 18:05:49 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2015.02.10 18:05:49 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2015.01.27 10:36:57 | 000,625,936 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2015.01.27 10:36:57 | 000,610,094 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2015.01.27 10:36:57 | 000,120,008 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2015.01.27 10:36:57 | 000,104,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat
========== Files Created - No Company Name ==========
[2015.02.25 13:24:39 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2015.02.25 11:23:47 | 001,107,968 | ---- | C] () -- C:\Users\Administrator\Desktop\RSIT.exe
[2015.02.24 17:51:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2015.02.24 17:51:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2015.02.24 17:51:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2015.02.24 17:51:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2015.02.24 17:51:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2015.02.24 17:07:22 | 000,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2015.02.24 09:30:44 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2015.02.24 09:30:44 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2010.09.29 19:13:34 | 000,009,216 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.02 19:14:33 | 000,000,017 | ---- | C] () -- C:\Users\Administrator\AppData\Local\resmon.resmoncfg
[2010.02.25 18:14:07 | 000,001,302 | ---- | C] () -- C:\Users\Administrator\IronPortable – zástupce.lnk
========== ZeroAccess Check ==========
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010.02.18 08:34:01 | 012,867,072 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2010.02.25 17:49:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org
[2011.08.05 09:19:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Opera
[2012.03.19 09:18:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Origin
[2015.02.25 11:19:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Seznam.cz
[2014.03.18 12:44:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Unity
[2013.10.06 12:34:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Uschovna
========== Purity Check ==========
========== Custom Scans ==========
< >
[2009.07.14 05:53:46 | 000,032,574 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2010.07.19 20:08:29 | 000,000,936 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2010.07.19 20:08:29 | 000,000,940 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.04.03 17:19:29 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.06.26 19:03:40 | 000,000,992 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1025612255-1419475842-1272948856-500Core.job
[2012.06.26 19:03:40 | 000,001,014 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1025612255-1419475842-1272948856-500UA.job
< >
< MD5 for: ATAPI.SYS >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\erdnt\cache\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.04.22 06:24:04 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=80C40F7FDFC376E4C5FEEC28B41C119E -- C:\Windows.old\Windows\System32\drivers\atapi.sys
[2009.04.22 06:24:04 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=80C40F7FDFC376E4C5FEEC28B41C119E -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_b27d5421375ad1cd\atapi.sys
[2009.04.22 06:24:04 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=80C40F7FDFC376E4C5FEEC28B41C119E -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7100.0_none_4e2b207b769f9fe5\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2009.07.14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\System32\autochk.exe
[2009.07.14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009.04.22 06:18:45 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=DCE8C59D84D5923D0CA54EF116DD8138 -- C:\Windows.old\Windows\System32\autochk.exe
[2009.04.22 06:18:45 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=DCE8C59D84D5923D0CA54EF116DD8138 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7100.0_none_52e6e5ab16d6f438\autochk.exe
< MD5 for: CDROM.SYS >
[2009.07.14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009.07.14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009.07.14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
[2009.04.22 04:08:50 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=EDF617E3CE277E60B8DDC2B6E99B1D54 -- C:\Windows.old\Windows\System32\drivers\cdrom.sys
[2009.04.22 04:08:50 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=EDF617E3CE277E60B8DDC2B6E99B1D54 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_979e56719b05c594\cdrom.sys
[2009.04.22 04:08:50 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=EDF617E3CE277E60B8DDC2B6E99B1D54 -- C:\Windows.old\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7100.0_none_d09c5443f8dd3b93\cdrom.sys
< MD5 for: EXPLORER.EXE >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\erdnt\cache\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.04.22 06:19:02 | 002,607,616 | ---- | M] (Microsoft Corporation) MD5=C133788B393EEC01439AD997D24E66ED -- C:\Windows.old\Windows\explorer.exe
[2009.04.22 06:19:02 | 002,607,616 | ---- | M] (Microsoft Corporation) MD5=C133788B393EEC01439AD997D24E66ED -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7100.0_none_c2a79f73ced24008\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
< MD5 for: HAL.DLL >
[2009.04.22 06:24:20 | 000,194,128 | ---- | M] (Microsoft Corporation) MD5=826E8635457E8215C87DB6300DFC8F35 -- C:\Windows.old\Windows\System32\hal.dll
[2009.04.22 06:24:20 | 000,194,128 | ---- | M] (Microsoft Corporation) MD5=826E8635457E8215C87DB6300DFC8F35 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7100.0_none_1c1beb05aec0089e\hal.dll
[2009.07.14 02:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\System32\hal.dll
[2009.07.14 02:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll
< MD5 for: SCECLI.DLL >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\erdnt\cache\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2009.04.22 06:21:47 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=686BAFE6AF35AF1C8D5EB536A8500430 -- C:\Windows.old\Windows\System32\scecli.dll
[2009.04.22 06:21:47 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=686BAFE6AF35AF1C8D5EB536A8500430 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7100.0_none_a900dabd2e31405b\scecli.dll
< MD5 for: SERVICES.EXE >
[2009.07.14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\erdnt\cache\services.exe
[2009.07.14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009.07.14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009.04.22 06:19:27 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=77474E495E99CCE05AD2720E6FA85A35 -- C:\Windows.old\Windows\System32\services.exe
[2009.04.22 06:19:27 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=77474E495E99CCE05AD2720E6FA85A35 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7100.0_none_4052b8c9225ed253\services.exe
< MD5 for: SVCHOST.EXE >
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.04.22 06:19:35 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5F1FE2F551E74B069C436152F06CCFDC -- C:\Windows.old\Windows\System32\svchost.exe
[2009.04.22 06:19:35 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5F1FE2F551E74B069C436152F06CCFDC -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7100.0_none_26ae52025a638f2e\svchost.exe
< MD5 for: TCPIP.SYS >
[2009.07.14 02:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\erdnt\cache\tcpip.sys
[2009.07.14 02:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\System32\drivers\tcpip.sys
[2009.07.14 02:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2009.04.22 06:23:55 | 001,267,280 | ---- | M] (Microsoft Corporation) MD5=4EB1831B5C67AFF9CFFA5269A3905505 -- C:\Windows.old\Windows\System32\drivers\tcpip.sys
[2009.04.22 06:23:55 | 001,267,280 | ---- | M] (Microsoft Corporation) MD5=4EB1831B5C67AFF9CFFA5269A3905505 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7100.0_none_24110ab3bb7c123f\tcpip.sys
< MD5 for: USERINIT.EXE >
[2009.04.22 06:19:37 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=50771CA86FF1ADAF5FD1920F8CB5665E -- C:\Windows.old\Windows\System32\userinit.exe
[2009.04.22 06:19:37 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=50771CA86FF1ADAF5FD1920F8CB5665E -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7100.0_none_4d1bb27726c5c954\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\erdnt\cache\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\erdnt\cache\winlogon.exe
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2009.04.22 06:19:40 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=B9CFF761509E6C95E964B29B279D7721 -- C:\Windows.old\Windows\System32\winlogon.exe
[2009.04.22 06:19:40 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=B9CFF761509E6C95E964B29B279D7721 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7100.0_none_e0b5f9782a074d3e\winlogon.exe
< >
< %systemroot%*.* /U /s >
[3 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[8 C:\Windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\*.tmp files -> C:\Windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
[2010.04.14 17:32:21 | 027,386,256 | ---- | M] ( ) -- C:\AdbeRdr930_en_US.exe
[2011.05.11 14:02:25 | 020,608,512 | ---- | M] (Microsoft Corporation) -- C:\IE9-Setup-Seven32.exe
[2008.10.17 18:41:42 | 001,695,744 | ---- | M] () -- C:\ImationLock.exe
[2009.12.16 18:29:46 | 138,400,584 | ---- | M] (Microsoft Corporation) -- C:\wlsetup-all.exe
[2009.12.16 18:27:45 | 001,158,984 | ---- | M] (Microsoft Corporation) -- C:\wlsetup-custom.exe
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2012.09.23 09:17:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2010.04.28 13:46:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Apple Computer
[2011.10.13 12:32:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ArcSoft
[2014.08.16 15:50:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\dvdcss
[2010.02.25 16:31:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Identities
[2010.03.02 19:45:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Macromedia
[2009.07.14 08:48:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Media Center Programs
[2012.12.25 18:40:06 | 000,000,000 | --SD | M] -- C:\Users\Administrator\AppData\Roaming\Microsoft
[2011.09.30 17:53:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla
[2010.02.25 17:49:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org
[2011.08.05 09:19:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Opera
[2012.03.19 09:18:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Origin
[2015.02.25 11:19:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Seznam.cz
[2015.02.25 14:14:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Skype
[2011.04.13 16:47:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\skypePM
[2014.03.18 12:44:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Unity
[2013.10.06 12:34:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Uschovna
[2015.01.08 18:46:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\vlc
[2010.04.13 13:53:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WinRAR
< %APPDATA%\*.exe /s >
[2012.03.18 19:08:12 | 000,010,134 | R--- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2013.05.16 14:25:04 | 001,062,472 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Seznam.cz\szninstall.exe
[2013.05.16 14:26:24 | 002,589,256 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Seznam.cz\sznsetup.exe
[2013.04.16 12:52:34 | 000,055,808 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Seznam.cz\bin\ffkill.exe
[2013.04.29 11:53:34 | 000,045,560 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
[2013.04.12 09:13:24 | 000,457,208 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
[2013.04.12 09:10:22 | 000,092,664 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job >
[2015.02.25 13:43:00 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2015.02.25 11:30:00 | 000,000,992 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1025612255-1419475842-1272948856-500Core.job
[2015.02.25 14:30:07 | 000,001,014 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1025612255-1419475842-1272948856-500UA.job
[2015.02.25 11:13:53 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2015.02.25 14:12:00 | 000,000,940 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
[2015.02.24 19:43:44 | 000,092,888 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbamchameleon.sys
< %systemroot%\system32\*.* /3 >
[2015.02.25 14:15:55 | 000,005,872 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015.02.25 14:15:55 | 000,005,872 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015.02.24 17:09:06 | 000,000,029 | ---- | M] () -- C:\Windows\system32\zerobyte_files_deleted.txt
[2015.02.24 17:07:22 | 000,053,248 | ---- | M] () -- C:\Windows\system32\zlib.dll
< %SYSTEMDRIVE%\*.exe >
[2010.04.14 17:32:21 | 027,386,256 | ---- | M] ( ) -- C:\AdbeRdr930_en_US.exe
[2011.05.11 14:02:25 | 020,608,512 | ---- | M] (Microsoft Corporation) -- C:\IE9-Setup-Seven32.exe
[2008.10.17 18:41:42 | 001,695,744 | ---- | M] () -- C:\ImationLock.exe
[2009.12.16 18:29:46 | 138,400,584 | ---- | M] (Microsoft Corporation) -- C:\wlsetup-all.exe
[2009.12.16 18:27:45 | 001,158,984 | ---- | M] (Microsoft Corporation) -- C:\wlsetup-custom.exe
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"OM2_Monitor" = "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -- [2009.11.25 20:42:26 | 000,095,632 | ---- | M] (OLYMPUS IMAGING CORP.)
"Skype" = "D:\Dokumenty\SkypePortable\App\Skype\Phone\Skype.exe" /minimized /regrun -- [2015.01.23 14:40:42 | 031,087,200 | R--- | M] (Skype Technologies S.A.)
"LecaLbaqo" = regsvr32.exe "C:\ProgramData\LecaLbaqo\CefixAvuvq.syl" -- [2009.07.14 02:14:30 | 000,014,848 | ---- | M] (Microsoft Corporation)
"cz.seznam.software.autoupdate" = "C:\Users\Administrator\AppData\Roaming\Seznam.cz\szninstall.exe" -c -- [2013.05.16 14:25:04 | 001,062,472 | ---- | M] ()
"cz.seznam.software.szndesktop" = "C:\Users\Administrator\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q -- [2013.04.12 09:10:22 | 000,092,664 | ---- | M] ()
< >
< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2011.09.23 05:43:04 | 000,924,632 | ---- | M] (Mozilla Corporation) MD5=C5011D2FD82CE4876A0EB9D2A27ADDAA -- C:\Program Files\Mozilla Firefox\firefox.exe
< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2011.05.11 14:05:29 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Program Files\Internet Explorer\iexplore.exe
< %PROGRAMFILES%\Opera\opera.exe /md5 >
[2011.08.05 09:19:15 | 000,947,056 | ---- | M] (Opera Software) MD5=1BE8F8E2758C352280990A170DDD696D -- C:\Program Files\Opera\opera.exe
< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2015.02.17 23:45:00 | 000,843,592 | ---- | M] (Google Inc.) MD5=B9D6D7E6E5C4FCD8DD7F88EC9D563085 -- C:\Program Files\Google\Chrome\Application\chrome.exe
< >
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2015.02.25 13:24:39 | 000,000,512 | ---- | M] () MD5=37EFFA147EBA97524B039A437514B425 -- C:\PhysicalMBR.bin
< >
< *crack* /s >
< *keygen* /s >
< *loader* /s >
[2012.04.19 08:47:30 | 000,006,081 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.py
[2012.04.13 12:00:14 | 000,020,992 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.uno.dll
[2012.04.19 08:50:38 | 000,000,171 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.uno.ini
[2012.04.13 12:00:00 | 000,029,696 | ---- | M] () -- \Program Files\OpenOffice.org 3\URE\bin\javaloader.uno.dll
[2012.04.19 04:08:12 | 000,003,867 | ---- | M] () -- \Program Files\OpenOffice.org 3\URE\java\unoloader.jar
[2008.06.20 19:13:32 | 000,044,032 | ---- | M] () -- \Program Files\WinRAR\RarExtLoader.exe
[2013.08.28 01:15:54 | 000,006,643 | ---- | M] () -- \Users\Administrator\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.3.114\js\downloader.js
[2013.11.18 02:56:38 | 000,006,643 | ---- | M] () -- \Users\Administrator\AppData\Local\Microsoft\BingBar\Apps\FacebookLike_08e57417866d4faa981702780b0d36c4\7.3.132\js\downloader.js
[2013.11.18 02:56:38 | 000,006,643 | ---- | M] () -- \Users\Administrator\AppData\Local\Microsoft\BingBar\Apps\fbsharedservices_bb9c6e8b961d477e9ec95f9698bde610\7.3.132\js\downloader.js
[2013.11.18 02:56:38 | 000,006,643 | ---- | M] () -- \Users\Administrator\AppData\Local\Microsoft\BingBar\Apps\Featured_ce53daa069a4a3ad2e3d7d81081f340d\7.3.132\js\downloader.js
[2013.08.26 21:59:30 | 000,006,643 | ---- | M] () -- \Users\Administrator\AppData\Local\Microsoft\BingBar\Apps\Chat_cf57b0088a3b4f61a0bfaad0ba784240\7.3.109\js\downloader.js
[2014.12.15 17:26:30 | 000,072,638 | ---- | M] () -- \Users\Administrator\AppData\Local\Skype\Apps\login\images\loader.gif
[2014.12.15 17:26:30 | 000,003,032 | ---- | M] () -- \Users\Administrator\AppData\Local\Skype\Apps\login\images\loader.png
[2014.12.15 17:26:30 | 000,006,012 | ---- | M] () -- \Users\Administrator\AppData\Local\Skype\Apps\login\images\normal\loader_15fps.gif
[2014.12.15 17:26:30 | 000,021,956 | ---- | M] () -- \Users\Administrator\AppData\Local\Skype\Apps\login\images\normal\loader_30fps.gif
[2014.12.15 17:26:30 | 000,009,772 | ---- | M] () -- \Users\Administrator\AppData\Local\Skype\Apps\login\images\retina\loader@2x.png
[2013.03.29 12:37:34 | 000,059,384 | ---- | M] () -- \Users\Administrator\AppData\Roaming\Seznam.cz\bin\19365libfoxloader.dll
[2013.04.15 12:32:10 | 000,060,416 | ---- | M] () -- \Users\Administrator\AppData\Roaming\Seznam.cz\bin\19368libfoxloader-x64.dll
[2015.02.24 17:20:37 | 000,000,165 | ---- | M] () -- \Users\Administrator\AppData\Roaming\Seznam.cz\conf\szndesktop.d\libfoxloader.conf
[2013.03.25 15:27:20 | 000,000,665 | ---- | M] () -- \Users\Administrator\AppData\Roaming\Seznam.cz\uninstall\cz_seznam_software_libfoxloader_3_1_2.install.bat
[2013.03.25 15:27:26 | 000,000,117 | ---- | M] () -- \Users\Administrator\AppData\Roaming\Seznam.cz\uninstall\cz_seznam_software_libfoxloader_3_1_2.uninstall.bat
File not found -- \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\AppData\Local\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\AppData\Local\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\AppData\Local\Temp\*.tmp -> ]
File not found -- \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\Local Settings\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\Local Settings\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\Local Settings\Temp\*.tmp -> ]
[2009.01.21 14:30:04 | 000,003,072 | ---- | M] () -- \Windows.old\Program Files\Nokia\Nokia PC Suite 7\Lang\MapLoader_cze.NLR
[2009.09.16 22:33:50 | 000,006,308 | ---- | M] () -- \Windows.old\Program Files\OpenOffice.org 3\Basis\program\pythonloader.py
[2009.09.16 15:22:08 | 000,022,528 | ---- | M] () -- \Windows.old\Program Files\OpenOffice.org 3\Basis\program\pythonloader.uno.dll
[2009.09.17 20:12:18 | 000,000,171 | ---- | M] () -- \Windows.old\Program Files\OpenOffice.org 3\Basis\program\pythonloader.uno.ini
[2009.09.11 16:36:38 | 000,029,696 | ---- | M] () -- \Windows.old\Program Files\OpenOffice.org 3\URE\bin\javaloader.uno.dll
[2009.09.16 15:00:48 | 000,003,872 | ---- | M] () -- \Windows.old\Program Files\OpenOffice.org 3\URE\java\unoloader.jar
[2008.06.20 19:13:32 | 000,044,032 | ---- | M] () -- \Windows.old\Program Files\WinRAR\RarExtLoader.exe
File not found -- \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\AppData\Local\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\AppData\Local\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\AppData\Local\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\AppData\Local\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\AppData\Local\Temp\*.tmp files -> \Windows.old\Users\Administrator\AppData\Local\Temp\*.tmp -> ]
File not found -- \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\Local Settings\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\Local Settings\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\Local Settings\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\Local Settings\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\Local Settings\Temp\*.tmp files -> \Windows.old\Users\Administrator\Local Settings\Temp\*.tmp -> ]
[2009.04.22 06:00:53 | 000,003,584 | -H-- | M] () -- \Windows.old\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.04.22 06:20:16 | 000,038,400 | ---- | M] () -- \Windows.old\Windows\System32\dmloader.dll
[2009.04.22 09:27:33 | 000,003,532 | ---- | M] () -- \Windows.old\Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2009.11.05 15:55:04 | 000,002,879 | ---- | M] () -- \Windows.old\Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7100.0_cs-cz_a435670b521f4b5e.manifest
[2009.11.05 15:55:04 | 000,034,896 | ---- | M] () -- \Windows.old\Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7100.0_cs-cz_a435670b521f4b5e_winload.exe.mui_3bc5b827
[2009.11.05 15:55:04 | 000,030,288 | ---- | M] () -- \Windows.old\Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7100.0_cs-cz_a435670b521f4b5e_winresume.exe.mui_ff8b5358
[2009.04.22 10:01:06 | 000,002,879 | ---- | M] () -- \Windows.old\Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7100.0_en-us_e78bb2673919a7bc.manifest
[2009.04.22 10:01:06 | 000,033,344 | ---- | M] () -- \Windows.old\Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7100.0_en-us_e78bb2673919a7bc_winload.exe.mui_3bc5b827
[2009.04.22 10:01:06 | 000,029,760 | ---- | M] () -- \Windows.old\Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7100.0_en-us_e78bb2673919a7bc_winresume.exe.mui_ff8b5358
[2009.04.22 07:07:04 | 000,004,213 | ---- | M] () -- \Windows.old\Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7100.0_none_cc19b293c1bcb191.manifest
[2009.04.22 07:07:04 | 000,507,056 | ---- | M] () -- \Windows.old\Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7100.0_none_cc19b293c1bcb191_winload.exe_75835076
[2009.04.22 07:07:04 | 000,441,896 | ---- | M] () -- \Windows.old\Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7100.0_none_cc19b293c1bcb191_winresume.exe_85cd1215
[2009.04.22 07:07:01 | 000,002,886 | ---- | M] () -- \Windows.old\Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7100.0_none_dc26209aa631b5fb.manifest
[2009.04.22 07:07:01 | 000,017,488 | ---- | M] () -- \Windows.old\Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7100.0_none_dc26209aa631b5fb_spldr.sys_98bd87a0
[2009.04.21 22:46:10 | 000,002,879 | ---- | M] () -- \Windows.old\Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7100.0_cs-cz_a435670b521f4b5e.manifest
[2009.04.22 07:26:38 | 000,002,879 | ---- | M] () -- \Windows.old\Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7100.0_en-us_e78bb2673919a7bc.manifest
[2009.04.22 06:39:42 | 000,004,213 | ---- | M] () -- \Windows.old\Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7100.0_none_cc19b293c1bcb191.manifest
[2009.04.22 06:43:35 | 000,002,886 | ---- | M] () -- \Windows.old\Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7100.0_none_dc26209aa631b5fb.manifest
[2009.04.22 06:20:16 | 000,038,400 | ---- | M] () -- \Windows.old\Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7100.0_none_b6e71452e4b8a0a3\dmloader.dll
[2009.04.22 06:00:53 | 000,003,584 | -H-- | M] () -- \Windows.old\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7100.0_none_7ba4e857d0e5c485\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009.07.14 05:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2010.02.25 16:40:08 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2010.02.25 16:40:08 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winload.exe.mui_3bc5b827
[2010.02.25 16:40:08 | 000,030,272 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winresume.exe.mui_ff8b5358
[2009.07.14 05:56:40 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009.07.14 05:56:40 | 000,033,344 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winload.exe.mui_3bc5b827
[2009.07.14 05:56:40 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winresume.exe.mui_ff8b5358
[2010.02.25 16:42:56 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2010.02.25 16:42:56 | 000,507,568 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed_winload.exe_75835076
[2010.02.25 16:42:56 | 000,442,920 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed_winresume.exe_85cd1215
[2009.07.14 03:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 03:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2009.07.13 18:54:50 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2009.07.14 03:29:12 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009.07.14 02:47:46 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009.08.19 08:38:48 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2009.08.19 08:21:21 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20509_none_5be12f8ee6d3987e.manifest
[2009.07.14 02:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 776 bytes -> D:\Dokumenty\so war Lindenfels.eml:OECustomProperty
< End of report >
OTL logfile created on: 25.2.2015 13:20:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,96 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 65,22% Memory free
5,92 Gb Paging File | 4,72 Gb Available in Paging File | 79,78% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 92,91 Gb Total Space | 59,99 Gb Free Space | 64,56% Space Free | Partition Type: NTFS
Drive D: | 205,08 Gb Total Space | 159,57 Gb Free Space | 77,81% Space Free | Partition Type: NTFS
Computer Name: MACHOVA-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2015.02.25 13:17:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2014.09.12 10:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.04.12 09:13:24 | 000,457,208 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
PRC - [2010.02.25 17:36:24 | 001,800,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2010.02.25 17:36:24 | 000,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2009.11.25 20:42:26 | 000,095,632 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
PRC - [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2007.01.11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
========== Modules (No Company Name) ==========
MOD - [2013.04.29 10:54:54 | 001,663,000 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Seznam.cz\bin\libfoxcub.dll
MOD - [2013.04.12 09:13:24 | 000,457,208 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
MOD - [2013.03.29 12:37:34 | 000,059,384 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Seznam.cz\bin\19365libfoxloader.dll
MOD - [2013.03.25 15:39:52 | 000,894,968 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Seznam.cz\bin\lightspeed.dll
MOD - [2012.10.24 15:42:06 | 000,247,352 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Seznam.cz\bin\unlockInstance.dll
========== Services (SafeList) ==========
SRV - [2015.02.10 18:05:49 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015.01.02 19:45:12 | 000,315,488 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Dokumenty\SkypePortable\App\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014.09.12 10:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.02.25 17:36:24 | 000,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.01.08 08:38:46 | 004,136,960 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe -- (WiselinkPro)
SRV - [2007.01.11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010.02.25 17:36:24 | 000,128,376 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2010.01.20 06:14:42 | 000,023,136 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1025612255-1419475842-1272948856-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1025612255-1419475842-1272948856-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Bing "
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.selectedEngine: "Bing "
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?pc=UP94&ocid=UP94DHP"
FF - prefs.js..extensions.enabledAddons: {ea614400-e918-4741-9a97-7a972ff7c30b}:3.0.8
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=UP94DF&PC=UP94&q="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Administrator\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.13 09:01:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2011.09.30 17:53:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2015.02.24 20:03:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dxpuq1l9.default\extensions
[2014.02.26 13:27:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.11.13 09:00:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012.11.13 09:00:58 | 000,000,000 | ---D | M] (Seznam lištička) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
File not found (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXPUQ1L9.DEFAULT\EXTENSIONS\{EA614400-E918-4741-9A97-7A972FF7C30B}
[2011.09.23 05:43:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.09.23 03:01:37 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2011.09.23 03:01:37 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2011.09.23 03:01:37 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2011.09.23 03:01:37 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2011.09.23 03:01:37 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml
========== Chrome ==========
CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig\1.3.14_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd\1.2.13_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim\0.0.0.4_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak\1.7.1_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2015.02.24 17:58:38 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Ukazatel S-Rank) - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\bin\core.4.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1025612255-1419475842-1272948856-500\..\Toolbar\WebBrowser: (no name) - {34AB3C4C-DA1A-4067-96F4-31452C7CFE65} - No CLSID value found.
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [seznam-listicka-distribuce] C:\Program Files\Seznam.cz\distribution\szninstall.exe ()
O4 - HKU\S-1-5-21-1025612255-1419475842-1272948856-500..\Run: [cz.seznam.software.autoupdate] C:\Users\Administrator\AppData\Roaming\Seznam.cz\szninstall.exe ()
O4 - HKU\S-1-5-21-1025612255-1419475842-1272948856-500..\Run: [cz.seznam.software.szndesktop] C:\Users\Administrator\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe ()
O4 - HKU\S-1-5-21-1025612255-1419475842-1272948856-500..\Run: [LecaLbaqo] C:\Windows\System32\regsvr32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1025612255-1419475842-1272948856-500..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKU\.DEFAULT..\RunOnce: [Report] \AdwCleaner\AdwCleaner[S0].txt File not found
O4 - HKU\S-1-5-18..\RunOnce: [Report] \AdwCleaner\AdwCleaner[S0].txt File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1025612255-1419475842-1272948856-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1025612255-1419475842-1272948856-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1025612255-1419475842-1272948856-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\S-1-5-21-1025612255-1419475842-1272948856-500\..Trusted Domains: localhost ([]http in Internet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Reg Error: Key error.)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/CZ/Core/ ... _Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7063164C-1E25-469B-915B-B5981861380D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C33C8CEA-700E-4655-A9D3-A10655FC4FEF}: DhcpNameServer = 160.218.43.200 160.218.10.200
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E985DF01-9EBB-4BEA-878D-F5FC53CEF329}: DhcpNameServer = 213.46.172.37 213.46.172.36
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 30 Days ==========
[2015.02.25 13:19:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2015.02.25 13:18:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\OTL.exe
[2015.02.25 11:24:24 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2015.02.25 11:24:23 | 000,000,000 | ---D | C] -- C:\rsit
[2015.02.24 21:08:34 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2015.02.24 21:07:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2015.02.24 20:25:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Impostazioni locali
[2015.02.24 19:45:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015.02.24 19:44:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2015.02.24 19:43:44 | 000,092,888 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2015.02.24 19:18:15 | 016,466,552 | ---- | C] (Malwarebytes Corp.) -- C:\Users\Administrator\Desktop\mbar-1.08.3.1004.exe
[2015.02.24 19:10:06 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\mbar
[2015.02.24 18:00:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\temp
[2015.02.24 17:51:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2015.02.24 17:51:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2015.02.24 17:51:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2015.02.24 17:51:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2015.02.24 17:51:24 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2015.02.24 17:43:44 | 005,611,903 | R--- | C] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2015.02.24 17:20:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Seznam.cz
[2015.02.24 17:10:40 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2015.02.24 17:07:45 | 000,000,000 | ---D | C] -- C:\Support
[2015.02.24 09:30:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2015.02.17 14:16:15 | 000,000,000 | ---D | C] -- C:\ProgramData\LecaLbaqo
[2010.02.25 17:29:37 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Program Files\ATF-Cleaner.exe
========== Files - Modified Within 30 Days ==========
[2015.02.25 13:24:39 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2015.02.25 13:17:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\OTL.exe
[2015.02.25 13:17:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2015.02.25 13:15:54 | 000,005,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015.02.25 13:15:54 | 000,005,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015.02.25 13:12:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015.02.25 12:43:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015.02.25 11:30:06 | 000,001,014 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1025612255-1419475842-1272948856-500UA.job
[2015.02.25 11:30:00 | 000,000,992 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1025612255-1419475842-1272948856-500Core.job
[2015.02.25 11:21:28 | 001,107,968 | ---- | M] () -- C:\Users\Administrator\Desktop\RSIT.exe
[2015.02.25 11:13:53 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015.02.25 11:13:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015.02.25 11:13:30 | 2384,932,864 | -HS- | M] () -- C:\hiberfil.sys
[2015.02.24 19:43:44 | 000,092,888 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2015.02.24 19:07:08 | 016,466,552 | ---- | M] (Malwarebytes Corp.) -- C:\Users\Administrator\Desktop\mbar-1.08.3.1004.exe
[2015.02.24 17:58:38 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2015.02.24 17:51:15 | 005,611,903 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2015.02.24 17:07:22 | 000,053,248 | ---- | M] () -- C:\Windows\System32\zlib.dll
[2015.02.24 17:02:23 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat
[2015.02.24 10:41:59 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015.02.24 09:30:44 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2015.02.10 18:05:49 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2015.02.10 18:05:49 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2015.01.27 10:36:57 | 000,625,936 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2015.01.27 10:36:57 | 000,610,094 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2015.01.27 10:36:57 | 000,120,008 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2015.01.27 10:36:57 | 000,104,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat
========== Files Created - No Company Name ==========
[2015.02.25 13:24:39 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2015.02.25 11:23:47 | 001,107,968 | ---- | C] () -- C:\Users\Administrator\Desktop\RSIT.exe
[2015.02.24 17:51:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2015.02.24 17:51:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2015.02.24 17:51:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2015.02.24 17:51:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2015.02.24 17:51:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2015.02.24 17:07:22 | 000,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2015.02.24 09:30:44 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2015.02.24 09:30:44 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2010.09.29 19:13:34 | 000,009,216 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.02 19:14:33 | 000,000,017 | ---- | C] () -- C:\Users\Administrator\AppData\Local\resmon.resmoncfg
[2010.02.25 18:14:07 | 000,001,302 | ---- | C] () -- C:\Users\Administrator\IronPortable – zástupce.lnk
========== ZeroAccess Check ==========
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010.02.18 08:34:01 | 012,867,072 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2010.02.25 17:49:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org
[2011.08.05 09:19:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Opera
[2012.03.19 09:18:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Origin
[2015.02.25 11:19:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Seznam.cz
[2014.03.18 12:44:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Unity
[2013.10.06 12:34:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Uschovna
========== Purity Check ==========
========== Custom Scans ==========
< >
[2009.07.14 05:53:46 | 000,032,574 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2010.07.19 20:08:29 | 000,000,936 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2010.07.19 20:08:29 | 000,000,940 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.04.03 17:19:29 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.06.26 19:03:40 | 000,000,992 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1025612255-1419475842-1272948856-500Core.job
[2012.06.26 19:03:40 | 000,001,014 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1025612255-1419475842-1272948856-500UA.job
< >
< MD5 for: ATAPI.SYS >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\erdnt\cache\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.04.22 06:24:04 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=80C40F7FDFC376E4C5FEEC28B41C119E -- C:\Windows.old\Windows\System32\drivers\atapi.sys
[2009.04.22 06:24:04 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=80C40F7FDFC376E4C5FEEC28B41C119E -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_b27d5421375ad1cd\atapi.sys
[2009.04.22 06:24:04 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=80C40F7FDFC376E4C5FEEC28B41C119E -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7100.0_none_4e2b207b769f9fe5\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2009.07.14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\System32\autochk.exe
[2009.07.14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009.04.22 06:18:45 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=DCE8C59D84D5923D0CA54EF116DD8138 -- C:\Windows.old\Windows\System32\autochk.exe
[2009.04.22 06:18:45 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=DCE8C59D84D5923D0CA54EF116DD8138 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7100.0_none_52e6e5ab16d6f438\autochk.exe
< MD5 for: CDROM.SYS >
[2009.07.14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009.07.14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009.07.14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
[2009.04.22 04:08:50 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=EDF617E3CE277E60B8DDC2B6E99B1D54 -- C:\Windows.old\Windows\System32\drivers\cdrom.sys
[2009.04.22 04:08:50 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=EDF617E3CE277E60B8DDC2B6E99B1D54 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_979e56719b05c594\cdrom.sys
[2009.04.22 04:08:50 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=EDF617E3CE277E60B8DDC2B6E99B1D54 -- C:\Windows.old\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7100.0_none_d09c5443f8dd3b93\cdrom.sys
< MD5 for: EXPLORER.EXE >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\erdnt\cache\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.04.22 06:19:02 | 002,607,616 | ---- | M] (Microsoft Corporation) MD5=C133788B393EEC01439AD997D24E66ED -- C:\Windows.old\Windows\explorer.exe
[2009.04.22 06:19:02 | 002,607,616 | ---- | M] (Microsoft Corporation) MD5=C133788B393EEC01439AD997D24E66ED -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7100.0_none_c2a79f73ced24008\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
< MD5 for: HAL.DLL >
[2009.04.22 06:24:20 | 000,194,128 | ---- | M] (Microsoft Corporation) MD5=826E8635457E8215C87DB6300DFC8F35 -- C:\Windows.old\Windows\System32\hal.dll
[2009.04.22 06:24:20 | 000,194,128 | ---- | M] (Microsoft Corporation) MD5=826E8635457E8215C87DB6300DFC8F35 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7100.0_none_1c1beb05aec0089e\hal.dll
[2009.07.14 02:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\System32\hal.dll
[2009.07.14 02:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll
< MD5 for: SCECLI.DLL >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\erdnt\cache\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2009.04.22 06:21:47 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=686BAFE6AF35AF1C8D5EB536A8500430 -- C:\Windows.old\Windows\System32\scecli.dll
[2009.04.22 06:21:47 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=686BAFE6AF35AF1C8D5EB536A8500430 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7100.0_none_a900dabd2e31405b\scecli.dll
< MD5 for: SERVICES.EXE >
[2009.07.14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\erdnt\cache\services.exe
[2009.07.14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009.07.14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009.04.22 06:19:27 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=77474E495E99CCE05AD2720E6FA85A35 -- C:\Windows.old\Windows\System32\services.exe
[2009.04.22 06:19:27 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=77474E495E99CCE05AD2720E6FA85A35 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7100.0_none_4052b8c9225ed253\services.exe
< MD5 for: SVCHOST.EXE >
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.04.22 06:19:35 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5F1FE2F551E74B069C436152F06CCFDC -- C:\Windows.old\Windows\System32\svchost.exe
[2009.04.22 06:19:35 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5F1FE2F551E74B069C436152F06CCFDC -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7100.0_none_26ae52025a638f2e\svchost.exe
< MD5 for: TCPIP.SYS >
[2009.07.14 02:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\erdnt\cache\tcpip.sys
[2009.07.14 02:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\System32\drivers\tcpip.sys
[2009.07.14 02:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2009.04.22 06:23:55 | 001,267,280 | ---- | M] (Microsoft Corporation) MD5=4EB1831B5C67AFF9CFFA5269A3905505 -- C:\Windows.old\Windows\System32\drivers\tcpip.sys
[2009.04.22 06:23:55 | 001,267,280 | ---- | M] (Microsoft Corporation) MD5=4EB1831B5C67AFF9CFFA5269A3905505 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7100.0_none_24110ab3bb7c123f\tcpip.sys
< MD5 for: USERINIT.EXE >
[2009.04.22 06:19:37 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=50771CA86FF1ADAF5FD1920F8CB5665E -- C:\Windows.old\Windows\System32\userinit.exe
[2009.04.22 06:19:37 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=50771CA86FF1ADAF5FD1920F8CB5665E -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7100.0_none_4d1bb27726c5c954\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\erdnt\cache\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\erdnt\cache\winlogon.exe
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2009.04.22 06:19:40 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=B9CFF761509E6C95E964B29B279D7721 -- C:\Windows.old\Windows\System32\winlogon.exe
[2009.04.22 06:19:40 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=B9CFF761509E6C95E964B29B279D7721 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7100.0_none_e0b5f9782a074d3e\winlogon.exe
< >
< %systemroot%*.* /U /s >
[3 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[8 C:\Windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\*.tmp files -> C:\Windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
[2010.04.14 17:32:21 | 027,386,256 | ---- | M] ( ) -- C:\AdbeRdr930_en_US.exe
[2011.05.11 14:02:25 | 020,608,512 | ---- | M] (Microsoft Corporation) -- C:\IE9-Setup-Seven32.exe
[2008.10.17 18:41:42 | 001,695,744 | ---- | M] () -- C:\ImationLock.exe
[2009.12.16 18:29:46 | 138,400,584 | ---- | M] (Microsoft Corporation) -- C:\wlsetup-all.exe
[2009.12.16 18:27:45 | 001,158,984 | ---- | M] (Microsoft Corporation) -- C:\wlsetup-custom.exe
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2012.09.23 09:17:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2010.04.28 13:46:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Apple Computer
[2011.10.13 12:32:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ArcSoft
[2014.08.16 15:50:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\dvdcss
[2010.02.25 16:31:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Identities
[2010.03.02 19:45:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Macromedia
[2009.07.14 08:48:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Media Center Programs
[2012.12.25 18:40:06 | 000,000,000 | --SD | M] -- C:\Users\Administrator\AppData\Roaming\Microsoft
[2011.09.30 17:53:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla
[2010.02.25 17:49:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org
[2011.08.05 09:19:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Opera
[2012.03.19 09:18:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Origin
[2015.02.25 11:19:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Seznam.cz
[2015.02.25 14:14:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Skype
[2011.04.13 16:47:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\skypePM
[2014.03.18 12:44:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Unity
[2013.10.06 12:34:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Uschovna
[2015.01.08 18:46:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\vlc
[2010.04.13 13:53:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WinRAR
< %APPDATA%\*.exe /s >
[2012.03.18 19:08:12 | 000,010,134 | R--- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2013.05.16 14:25:04 | 001,062,472 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Seznam.cz\szninstall.exe
[2013.05.16 14:26:24 | 002,589,256 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Seznam.cz\sznsetup.exe
[2013.04.16 12:52:34 | 000,055,808 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Seznam.cz\bin\ffkill.exe
[2013.04.29 11:53:34 | 000,045,560 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
[2013.04.12 09:13:24 | 000,457,208 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
[2013.04.12 09:10:22 | 000,092,664 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job >
[2015.02.25 13:43:00 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2015.02.25 11:30:00 | 000,000,992 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1025612255-1419475842-1272948856-500Core.job
[2015.02.25 14:30:07 | 000,001,014 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1025612255-1419475842-1272948856-500UA.job
[2015.02.25 11:13:53 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2015.02.25 14:12:00 | 000,000,940 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
[2015.02.24 19:43:44 | 000,092,888 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbamchameleon.sys
< %systemroot%\system32\*.* /3 >
[2015.02.25 14:15:55 | 000,005,872 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015.02.25 14:15:55 | 000,005,872 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015.02.24 17:09:06 | 000,000,029 | ---- | M] () -- C:\Windows\system32\zerobyte_files_deleted.txt
[2015.02.24 17:07:22 | 000,053,248 | ---- | M] () -- C:\Windows\system32\zlib.dll
< %SYSTEMDRIVE%\*.exe >
[2010.04.14 17:32:21 | 027,386,256 | ---- | M] ( ) -- C:\AdbeRdr930_en_US.exe
[2011.05.11 14:02:25 | 020,608,512 | ---- | M] (Microsoft Corporation) -- C:\IE9-Setup-Seven32.exe
[2008.10.17 18:41:42 | 001,695,744 | ---- | M] () -- C:\ImationLock.exe
[2009.12.16 18:29:46 | 138,400,584 | ---- | M] (Microsoft Corporation) -- C:\wlsetup-all.exe
[2009.12.16 18:27:45 | 001,158,984 | ---- | M] (Microsoft Corporation) -- C:\wlsetup-custom.exe
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"OM2_Monitor" = "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -- [2009.11.25 20:42:26 | 000,095,632 | ---- | M] (OLYMPUS IMAGING CORP.)
"Skype" = "D:\Dokumenty\SkypePortable\App\Skype\Phone\Skype.exe" /minimized /regrun -- [2015.01.23 14:40:42 | 031,087,200 | R--- | M] (Skype Technologies S.A.)
"LecaLbaqo" = regsvr32.exe "C:\ProgramData\LecaLbaqo\CefixAvuvq.syl" -- [2009.07.14 02:14:30 | 000,014,848 | ---- | M] (Microsoft Corporation)
"cz.seznam.software.autoupdate" = "C:\Users\Administrator\AppData\Roaming\Seznam.cz\szninstall.exe" -c -- [2013.05.16 14:25:04 | 001,062,472 | ---- | M] ()
"cz.seznam.software.szndesktop" = "C:\Users\Administrator\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q -- [2013.04.12 09:10:22 | 000,092,664 | ---- | M] ()
< >
< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2011.09.23 05:43:04 | 000,924,632 | ---- | M] (Mozilla Corporation) MD5=C5011D2FD82CE4876A0EB9D2A27ADDAA -- C:\Program Files\Mozilla Firefox\firefox.exe
< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2011.05.11 14:05:29 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Program Files\Internet Explorer\iexplore.exe
< %PROGRAMFILES%\Opera\opera.exe /md5 >
[2011.08.05 09:19:15 | 000,947,056 | ---- | M] (Opera Software) MD5=1BE8F8E2758C352280990A170DDD696D -- C:\Program Files\Opera\opera.exe
< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2015.02.17 23:45:00 | 000,843,592 | ---- | M] (Google Inc.) MD5=B9D6D7E6E5C4FCD8DD7F88EC9D563085 -- C:\Program Files\Google\Chrome\Application\chrome.exe
< >
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2015.02.25 13:24:39 | 000,000,512 | ---- | M] () MD5=37EFFA147EBA97524B039A437514B425 -- C:\PhysicalMBR.bin
< >
< *crack* /s >
< *keygen* /s >
< *loader* /s >
[2012.04.19 08:47:30 | 000,006,081 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.py
[2012.04.13 12:00:14 | 000,020,992 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.uno.dll
[2012.04.19 08:50:38 | 000,000,171 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.uno.ini
[2012.04.13 12:00:00 | 000,029,696 | ---- | M] () -- \Program Files\OpenOffice.org 3\URE\bin\javaloader.uno.dll
[2012.04.19 04:08:12 | 000,003,867 | ---- | M] () -- \Program Files\OpenOffice.org 3\URE\java\unoloader.jar
[2008.06.20 19:13:32 | 000,044,032 | ---- | M] () -- \Program Files\WinRAR\RarExtLoader.exe
[2013.08.28 01:15:54 | 000,006,643 | ---- | M] () -- \Users\Administrator\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.3.114\js\downloader.js
[2013.11.18 02:56:38 | 000,006,643 | ---- | M] () -- \Users\Administrator\AppData\Local\Microsoft\BingBar\Apps\FacebookLike_08e57417866d4faa981702780b0d36c4\7.3.132\js\downloader.js
[2013.11.18 02:56:38 | 000,006,643 | ---- | M] () -- \Users\Administrator\AppData\Local\Microsoft\BingBar\Apps\fbsharedservices_bb9c6e8b961d477e9ec95f9698bde610\7.3.132\js\downloader.js
[2013.11.18 02:56:38 | 000,006,643 | ---- | M] () -- \Users\Administrator\AppData\Local\Microsoft\BingBar\Apps\Featured_ce53daa069a4a3ad2e3d7d81081f340d\7.3.132\js\downloader.js
[2013.08.26 21:59:30 | 000,006,643 | ---- | M] () -- \Users\Administrator\AppData\Local\Microsoft\BingBar\Apps\Chat_cf57b0088a3b4f61a0bfaad0ba784240\7.3.109\js\downloader.js
[2014.12.15 17:26:30 | 000,072,638 | ---- | M] () -- \Users\Administrator\AppData\Local\Skype\Apps\login\images\loader.gif
[2014.12.15 17:26:30 | 000,003,032 | ---- | M] () -- \Users\Administrator\AppData\Local\Skype\Apps\login\images\loader.png
[2014.12.15 17:26:30 | 000,006,012 | ---- | M] () -- \Users\Administrator\AppData\Local\Skype\Apps\login\images\normal\loader_15fps.gif
[2014.12.15 17:26:30 | 000,021,956 | ---- | M] () -- \Users\Administrator\AppData\Local\Skype\Apps\login\images\normal\loader_30fps.gif
[2014.12.15 17:26:30 | 000,009,772 | ---- | M] () -- \Users\Administrator\AppData\Local\Skype\Apps\login\images\retina\loader@2x.png
[2013.03.29 12:37:34 | 000,059,384 | ---- | M] () -- \Users\Administrator\AppData\Roaming\Seznam.cz\bin\19365libfoxloader.dll
[2013.04.15 12:32:10 | 000,060,416 | ---- | M] () -- \Users\Administrator\AppData\Roaming\Seznam.cz\bin\19368libfoxloader-x64.dll
[2015.02.24 17:20:37 | 000,000,165 | ---- | M] () -- \Users\Administrator\AppData\Roaming\Seznam.cz\conf\szndesktop.d\libfoxloader.conf
[2013.03.25 15:27:20 | 000,000,665 | ---- | M] () -- \Users\Administrator\AppData\Roaming\Seznam.cz\uninstall\cz_seznam_software_libfoxloader_3_1_2.install.bat
[2013.03.25 15:27:26 | 000,000,117 | ---- | M] () -- \Users\Administrator\AppData\Roaming\Seznam.cz\uninstall\cz_seznam_software_libfoxloader_3_1_2.uninstall.bat
File not found -- \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\AppData\Local\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\AppData\Local\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\AppData\Local\Temp\*.tmp -> ]
File not found -- \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\Local Settings\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\Local Settings\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\Local Settings\Temp\*.tmp -> ]
[2009.01.21 14:30:04 | 000,003,072 | ---- | M] () -- \Windows.old\Program Files\Nokia\Nokia PC Suite 7\Lang\MapLoader_cze.NLR
[2009.09.16 22:33:50 | 000,006,308 | ---- | M] () -- \Windows.old\Program Files\OpenOffice.org 3\Basis\program\pythonloader.py
[2009.09.16 15:22:08 | 000,022,528 | ---- | M] () -- \Windows.old\Program Files\OpenOffice.org 3\Basis\program\pythonloader.uno.dll
[2009.09.17 20:12:18 | 000,000,171 | ---- | M] () -- \Windows.old\Program Files\OpenOffice.org 3\Basis\program\pythonloader.uno.ini
[2009.09.11 16:36:38 | 000,029,696 | ---- | M] () -- \Windows.old\Program Files\OpenOffice.org 3\URE\bin\javaloader.uno.dll
[2009.09.16 15:00:48 | 000,003,872 | ---- | M] () -- \Windows.old\Program Files\OpenOffice.org 3\URE\java\unoloader.jar
[2008.06.20 19:13:32 | 000,044,032 | ---- | M] () -- \Windows.old\Program Files\WinRAR\RarExtLoader.exe
File not found -- \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\AppData\Local\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\AppData\Local\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\AppData\Local\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\AppData\Local\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\AppData\Local\Temp\*.tmp files -> \Windows.old\Users\Administrator\AppData\Local\Temp\*.tmp -> ]
File not found -- \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\Local Settings\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\Local Settings\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\Local Settings\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\Local Settings\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\Local Settings\Temp\*.tmp files -> \Windows.old\Users\Administrator\Local Settings\Temp\*.tmp -> ]
[2009.04.22 06:00:53 | 000,003,584 | -H-- | M] () -- \Windows.old\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.04.22 06:20:16 | 000,038,400 | ---- | M] () -- \Windows.old\Windows\System32\dmloader.dll
[2009.04.22 09:27:33 | 000,003,532 | ---- | M] () -- \Windows.old\Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2009.11.05 15:55:04 | 000,002,879 | ---- | M] () -- \Windows.old\Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7100.0_cs-cz_a435670b521f4b5e.manifest
[2009.11.05 15:55:04 | 000,034,896 | ---- | M] () -- \Windows.old\Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7100.0_cs-cz_a435670b521f4b5e_winload.exe.mui_3bc5b827
[2009.11.05 15:55:04 | 000,030,288 | ---- | M] () -- \Windows.old\Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7100.0_cs-cz_a435670b521f4b5e_winresume.exe.mui_ff8b5358
[2009.04.22 10:01:06 | 000,002,879 | ---- | M] () -- \Windows.old\Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7100.0_en-us_e78bb2673919a7bc.manifest
[2009.04.22 10:01:06 | 000,033,344 | ---- | M] () -- \Windows.old\Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7100.0_en-us_e78bb2673919a7bc_winload.exe.mui_3bc5b827
[2009.04.22 10:01:06 | 000,029,760 | ---- | M] () -- \Windows.old\Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7100.0_en-us_e78bb2673919a7bc_winresume.exe.mui_ff8b5358
[2009.04.22 07:07:04 | 000,004,213 | ---- | M] () -- \Windows.old\Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7100.0_none_cc19b293c1bcb191.manifest
[2009.04.22 07:07:04 | 000,507,056 | ---- | M] () -- \Windows.old\Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7100.0_none_cc19b293c1bcb191_winload.exe_75835076
[2009.04.22 07:07:04 | 000,441,896 | ---- | M] () -- \Windows.old\Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7100.0_none_cc19b293c1bcb191_winresume.exe_85cd1215
[2009.04.22 07:07:01 | 000,002,886 | ---- | M] () -- \Windows.old\Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7100.0_none_dc26209aa631b5fb.manifest
[2009.04.22 07:07:01 | 000,017,488 | ---- | M] () -- \Windows.old\Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7100.0_none_dc26209aa631b5fb_spldr.sys_98bd87a0
[2009.04.21 22:46:10 | 000,002,879 | ---- | M] () -- \Windows.old\Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7100.0_cs-cz_a435670b521f4b5e.manifest
[2009.04.22 07:26:38 | 000,002,879 | ---- | M] () -- \Windows.old\Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7100.0_en-us_e78bb2673919a7bc.manifest
[2009.04.22 06:39:42 | 000,004,213 | ---- | M] () -- \Windows.old\Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7100.0_none_cc19b293c1bcb191.manifest
[2009.04.22 06:43:35 | 000,002,886 | ---- | M] () -- \Windows.old\Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7100.0_none_dc26209aa631b5fb.manifest
[2009.04.22 06:20:16 | 000,038,400 | ---- | M] () -- \Windows.old\Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7100.0_none_b6e71452e4b8a0a3\dmloader.dll
[2009.04.22 06:00:53 | 000,003,584 | -H-- | M] () -- \Windows.old\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7100.0_none_7ba4e857d0e5c485\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009.07.14 05:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2010.02.25 16:40:08 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2010.02.25 16:40:08 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winload.exe.mui_3bc5b827
[2010.02.25 16:40:08 | 000,030,272 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winresume.exe.mui_ff8b5358
[2009.07.14 05:56:40 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009.07.14 05:56:40 | 000,033,344 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winload.exe.mui_3bc5b827
[2009.07.14 05:56:40 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winresume.exe.mui_ff8b5358
[2010.02.25 16:42:56 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2010.02.25 16:42:56 | 000,507,568 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed_winload.exe_75835076
[2010.02.25 16:42:56 | 000,442,920 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed_winresume.exe_85cd1215
[2009.07.14 03:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 03:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2009.07.13 18:54:50 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2009.07.14 03:29:12 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009.07.14 02:47:46 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009.08.19 08:38:48 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2009.08.19 08:21:21 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20509_none_5be12f8ee6d3987e.manifest
[2009.07.14 02:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 776 bytes -> D:\Dokumenty\so war Lindenfels.eml:OECustomProperty
< End of report >
-
Rudy
- Site Admin
- Příspěvky: 119677
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: OTP seznam.cz
Znovu spustte OTL jako spravce
Do spodniho okna vlozte nasledujici text:
Po restartu se objevi novy log, ten sem dejte.
Do spodniho okna vlozte nasledujici text:
Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1025612255-1419475842-1272948856-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
FF - prefs.js..browser.search.defaultenginename: "Bing "
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.selectedEngine: "Bing "
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=UP94DF&PC=UP94&q="
FF - user.js - File not found
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig\1.3.14_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd\1.2.13_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim\0.0.0.4_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak\1.7.1_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1025612255-1419475842-1272948856-500\..\Toolbar\WebBrowser: (no name) - {34AB3C4C-DA1A-4067-96F4-31452C7CFE65} - No CLSID value found.
O4 - HKU\S-1-5-21-1025612255-1419475842-1272948856-500..\Run: [LecaLbaqo] C:\Windows\System32\regsvr32.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [Report] \AdwCleaner\AdwCleaner[S0].txt File not found
O4 - HKU\S-1-5-18..\RunOnce: [Report] \AdwCleaner\AdwCleaner[S0].txt File not found
@Alternate Data Stream - 776 bytes -> D:\Dokumenty\so war Lindenfels.eml:OECustomProperty
:files
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1025612255-1419475842-1272948856-500UA.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1025612255-1419475842-1272948856-500Core.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
c:\\Users\Administrator\AppData\Local\Microsoft\BingBar
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
:commands
[EMPTYTEMP]
[EMPTYFLASH]
[Purity]
[CreateRestorePoint]
Po restartu se objevi novy log, ten sem dejte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?
