Prosim o kontrolu logu

Zpráva

Gabo · #1 Příspěvek od **Gabo** » 13 čer 2015 11:54

Zdravim

Prosim o kontrolu logu, pocitac je dost spomaleny - hlavne surfovanie v Opere neskutocne dlho trva. Dal som aj kompletny scan MBAM a naslo Trojana, ktoreho som zmazal:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verzia databázy: v2015.06.13.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Gabriel :: GABRIELN [administrátor]

13.6.2015 9:52:11
MBAM-log-2015-06-13 (12-38-16).txt

Typ kontroly: Úplná kontrola (C:\|)
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 701270
Uplynutý čas: 2 hod, 30 min, 16 sek

Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)

Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)

Detegované registračné kľúče: 0
(Škodlivé položky neboli zistené)

Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)

Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)

Detegované priečinky: 0
(Škodlivé položky neboli zistené)

Detegované súbory: 1
C:\Documents and Settings\Gabriel\Local Settings\Temp\Quarantine.exe (Trojan.Agent.AI) -> Žiadna úloha nevykonaná.

(koniec)

RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Gabriel at 2015-06-13 12:51:32
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 67 GB (44%) free of 153 GB
Total RAM: 1021 MB (5% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:52:13, on 13.6.2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\30.0.1835.59\opera.exe
C:\Program Files\Opera\30.0.1835.59\opera_crashreporter.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Opera\30.0.1835.59\opera.exe
C:\Program Files\Opera\30.0.1835.59\opera.exe
C:\Program Files\Opera\30.0.1835.59\opera.exe
C:\Program Files\Opera\30.0.1835.59\opera.exe
C:\Program Files\Opera\30.0.1835.59\opera.exe
C:\Program Files\Opera\30.0.1835.59\opera.exe
C:\Program Files\Opera\30.0.1835.59\opera.exe
C:\Documents and Settings\Gabriel\Desktop\RSIT.exe
C:\Program Files\trend micro\Gabriel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll
O4 - HKLM\..\Run: [DT PHL] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -PHL
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON SX125 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE /FU "C:\DOCUME~1\Gabriel\LOCALS~1\Temp\E_S1AB.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Wisdom-soft ScreenHunter 6.0 Free] 0
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_17_0_0_169_pepper.exe -update pepperplugin (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_17_0_0_169_pepper.exe -update pepperplugin (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7923229796
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: Foxit Cloud Safe Update Service (FoxitCloudUpdateService) - Foxit Software Inc. - C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
O23 - Service: Freemake Improver - Freemake - C:\Documents and Settings\All Users.WINDOWS\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Wise Boot Assistant (WiseBootAssistant) - WiseCleaner.com - C:\Program Files\Wise\Wise Care 365\BootTime.exe

--
End of file - 6793 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player PPAPI Notifier.job
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\Opera scheduled Autoupdate 1397242596.job
C:\WINDOWS\tasks\Wise Turbo Checker.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-23 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-10 565304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-23 172968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DT PHL"=C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe [2009-10-08 86016]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-08-15 98304]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2008-04-10 413696]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-05-12 5515496]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"EPSON SX125 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE [2009-09-14 200704]
"Wisdom-soft ScreenHunter 6.0 Free"=0 []
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2015-06-02 28785792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PivotSoftware]
C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe [2009-03-03 694824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2012-08-16 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2013-05-08 115440]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"LegalNoticeText"=
"LegalNoticeCaption"=
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=221

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe"="C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application"
"C:\Documents and Settings\Gabriel\Application Data\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\Gabriel\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox"
"C:\Program Files\Steam\SteamApps\common\Mafia II\pc\mafia2.exe"="C:\Program Files\Steam\SteamApps\common\Mafia II\pc\mafia2.exe:*:Enabled:Mafia II"
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
"C:\Program Files\Steam\bin\steamwebhelper.exe"="C:\Program Files\Steam\bin\steamwebhelper.exe:*:Enabled:Steam Web Helper"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"msacm.divxa32"=msaud32_divx.acm
"msacm.ac3filter"=ac3filter.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.FPS1"=frapsvid.dll

======List of files/folders created in the last 1 month======

2015-06-13 12:51:32 ----D---- C:\rsit
2015-06-13 08:50:19 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2015-06-12 17:22:48 ----A---- C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-06 13:24:23 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Freemake
2015-06-06 13:23:56 ----D---- C:\Program Files\Freemake
2015-06-06 13:16:42 ----D---- C:\Documents and Settings\Gabriel\Application Data\tiger-k
2015-06-06 13:16:20 ----D---- C:\Documents and Settings\Gabriel\Application Data\Leawo
2015-06-06 13:16:20 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Leawo
2015-06-06 13:13:47 ----A---- C:\WINDOWS\system32\unrar.dll
2015-05-31 20:16:37 ----D---- C:\Fraps
2015-05-29 18:03:03 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Passmark
2015-05-29 17:41:45 ----D---- C:\Program Files\CPUID

======List of files/folders modified in the last 1 month======

2015-06-13 12:51:42 ----D---- C:\Program Files\Trend Micro
2015-06-13 12:45:09 ----D---- C:\Documents and Settings\Gabriel\Application Data\Skype
2015-06-13 12:44:40 ----D---- C:\WINDOWS\Temp
2015-06-13 12:42:20 ----D---- C:\WINDOWS\system32\drivers
2015-06-13 12:41:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2015-06-13 12:38:50 ----D---- C:\WINDOWS\srchasst
2015-06-12 22:05:57 ----D---- C:\AdwCleaner
2015-06-12 22:00:51 ----D---- C:\Program Files
2015-06-12 17:23:29 ----D---- C:\WINDOWS
2015-06-12 17:22:48 ----D---- C:\WINDOWS\system32
2015-06-12 11:29:31 ----D---- C:\FFOutput
2015-06-11 15:41:22 ----D---- C:\Documents and Settings\Gabriel\Application Data\AnvSoft
2015-06-11 14:12:08 ----D---- C:\WINDOWS\Debug
2015-06-11 09:46:09 ----D---- C:\Documents and Settings\Gabriel\Application Data\Wise Care 365
2015-06-10 23:13:09 ----A---- C:\WINDOWS\system32\MRT.exe
2015-06-10 20:41:24 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2015-06-10 20:17:15 ----D---- C:\Program Files\Opera
2015-06-10 20:17:14 ----SD---- C:\WINDOWS\Tasks
2015-06-09 23:39:16 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2015-06-09 23:39:10 ----D---- C:\Program Files\SpywareBlaster
2015-06-09 18:17:57 ----D---- C:\WINDOWS\system32\CatRoot2
2015-06-06 13:14:59 ----D---- C:\Program Files\K-Lite Codec Pack
2015-06-06 13:13:16 ----SHD---- C:\WINDOWS\Installer
2015-06-06 13:13:16 ----HD---- C:\Config.Msi
2015-06-06 13:13:12 ----D---- C:\WINDOWS\WinSxS
2015-06-06 00:47:03 ----A---- C:\WINDOWS\AviSplitter.INI
2015-06-05 10:11:22 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
2015-06-01 21:21:58 ----D---- C:\WINDOWS\Minidump
2015-05-31 23:46:47 ----D---- C:\WINDOWS\system32\config
2015-05-29 13:19:20 ----D---- C:\Program Files\Steam
2015-05-28 12:57:23 ----D---- C:\Program Files\SUPERAntiSpyware
2015-05-28 00:17:11 ----D---- C:\Program Files\CCleaner
2015-05-27 20:07:06 ----HD---- C:\WINDOWS\inf
2015-05-14 09:55:45 ----A---- C:\WINDOWS\WiseHDInfo32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2015-05-10 49904]
R0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2015-05-10 209048]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2015-05-10 55200]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2015-05-10 787760]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2015-05-10 427992]
R1 aswTdi;aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [2015-05-10 57888]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 Pivot;Pivot; C:\WINDOWS\System32\drivers\pivot.sys [2009-03-03 17465]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R2 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2015-05-10 24144]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2015-05-10 74976]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2012-08-16 6810624]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdXP3.sys [2012-02-23 99856]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-01-12 163328]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-28 12160]
R3 PdiPorts;Portrait Displays low level device driver; C:\WINDOWS\System32\Drivers\PdiPorts.sys [2009-07-15 17136]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 STHDA;IDT High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2008-04-10 1271032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2013-07-17 123008]
S2 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys []
S3 anvsnddrv;AnvSoft Virtual Sound Device; C:\WINDOWS\system32\drivers\anvsnddrv.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2013-01-31 83168]
S3 DrvAgent32;DrvAgent32; \??\C:\WINDOWS\system32\Drivers\DrvAgent32.sys []
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 pivotmou;Pivot Mouse/Pointers Filter Driver; \??\C:\WINDOWS\system32\drivers\pivotmou.sys []
S3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2005-12-03 41728]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2013-01-31 181344]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WinUSB;SAMSUNG Android USB Driver; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2006-11-02 39368]
S3 WiseHDInfo;WiseHDInfo; \??\C:\WINDOWS\WiseHDInfo32.dll []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2014-07-23 142648]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2012-08-16 643072]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-05-10 343336]
R2 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe [2009-10-08 69632]
R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [2015-06-02 244392]
R2 Freemake Improver;Freemake Improver; C:\Documents and Settings\All Users.WINDOWS\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2015-05-06 108032]
R2 PdiService;Portrait Displays SDK Service; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2009-07-15 109168]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2014-12-19 93040]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2015-02-18 315488]
S2 WiseBootAssistant;Wise Boot Assistant; C:\Program Files\Wise\Wise Care 365\BootTime.exe [2015-05-12 580144]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-10 268464]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **Márty84** » 14 čer 2015 06:13

Zdravim

Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Spustte ho.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.

Gabo · #3 Příspěvek od **Gabo** » 14 čer 2015 10:24

Nic nenaslo.

# AdwCleaner v4.206 - Logfile created 14/06/2015 at 11:15:20
# Updated 01/06/2015 by Xplode
# Database : 2015-06-09.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Gabriel - GABRIELN
# Running from : C:\Documents and Settings\Gabriel\My Documents\adwcleaner_4.206.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v

-\\ Opera v30.0.1835.59

*************************

AdwCleaner[R0].txt - [1404 bytes] - [05/05/2015 09:55:03]
AdwCleaner[R1].txt - [911 bytes] - [06/05/2015 19:40:10]
AdwCleaner[R2].txt - [1123 bytes] - [12/06/2015 22:03:23]
AdwCleaner[R3].txt - [1088 bytes] - [14/06/2015 11:13:18]
AdwCleaner[S0].txt - [1484 bytes] - [05/05/2015 10:04:45]
AdwCleaner[S1].txt - [1190 bytes] - [12/06/2015 22:05:49]
AdwCleaner[S2].txt - [1014 bytes] - [14/06/2015 11:15:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1073 bytes] ##########

Log pred 2 dnami

# AdwCleaner v4.206 - Logfile created 12/06/2015 at 22:05:49
# Updated 01/06/2015 by Xplode
# Database : 2015-06-09.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Gabriel - GABRIELN
# Running from : C:\Documents and Settings\Gabriel\Local Settings\Application Data\Opera\Opera\temporary_downloads\adwcleaner_4.206.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

File Deleted : C:\Documents and Settings\admin\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v

-\\ Opera v30.0.1835.59

*************************

AdwCleaner[R0].txt - [1404 bytes] - [05/05/2015 09:55:03]
AdwCleaner[R1].txt - [911 bytes] - [06/05/2015 19:40:10]
AdwCleaner[R2].txt - [1123 bytes] - [12/06/2015 22:03:23]
AdwCleaner[S0].txt - [1484 bytes] - [05/05/2015 10:04:45]
AdwCleaner[S1].txt - [1051 bytes] - [12/06/2015 22:05:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1110 bytes] ##########

#4 Příspěvek od **Márty84** » 14 čer 2015 12:28

Stahnete crystal disk info http://sourceforge.jp/projects/crystald ... 5_0_0.zip/
Spustte ho. Za chvili se zobrazi vysledek.
Kliknete nahore na napis Úpravy a pak na napis Kopírovat. To co se zkopiruje (ulozi se to do pameti) mi sem vlozte (ctrl + V)

Dejte logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach

Gabo · #5 Příspěvek od **Gabo** » 14 čer 2015 17:26

----------------------------------------------------------------------------
CrystalDiskInfo 5.0.0 (C) 2008-2012 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows XP Home Edition SP3 [5.1 Build 2600] (x86)
Date : 2015/06/14 18:07:41

-- Controller Map ----------------------------------------------------------
+ Intel(R) 82801G (ICH7 Family) Ultra ATA Storage Controllers - 27DF [ATA]
+ Primary IDE Channel (0)
- HL-DT-ST DVDRAM GSA-H12N
+ Intel(R) 82801GB/GR/GH (ICH7 Family) Serial ATA Storage Controller - 27C0 [ATA]
+ Primary IDE Channel (0)
- WDC WD1600AAJS-00PSA0
- Secondary IDE Channel (1)

-- Disk List ---------------------------------------------------------------
(1) WDC WD1600AAJS-00PSA0 : 160,0 GB [0/1/0, pd1]

----------------------------------------------------------------------------
(1) WDC WD1600AAJS-00PSA0
----------------------------------------------------------------------------
Model : WDC WD1600AAJS-00PSA0
Firmware : 05.06H05
Serial Number : WD-WMAP91185785
Disk Size : 160,0 GB (8,4/137,4/160,0)
Buffer Size : 8192 KB
Queue Depth : 32
# of Sectors : 312581808
Rotation Rate : Unknown
Interface : Serial ATA
Major Version : ATA/ATAPI-7
Minor Version : ----
Transfer Mode : SATA/300
Power On Hours : 34253 hours
Power On Count : 5287 count
Temparature : 44 C (111 F)
Health Status : Good
Features : S.M.A.R.T., AAM, 48bit LBA, NCQ
APM Level : ----
AAM Level : 80FEh [OFF]

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 200 200 _51 000000000000 Read Error Rate
03 156 153 _21 000000000C6F Spin-Up Time
04 _95 _95 __0 0000000015BB Start/Stop Count
05 200 200 140 000000000000 Reallocated Sectors Count
07 200 200 _51 000000000000 Seek Error Rate
09 _54 _54 __0 0000000085CD Power-On Hours
0A 100 100 _51 000000000000 Spin Retry Count
0B 100 100 _51 000000000000 Recalibration Retries
0C _95 _95 __0 0000000014A7 Power Cycle Count
C0 200 200 __0 000000000023 Power-off Retract Count
C1 199 199 __0 0000000015BB Load/Unload Cycle Count
C2 _99 _92 __0 00000000002C Temperature
C4 200 200 __0 000000000000 Reallocation Event Count
C5 200 200 __0 000000000000 Current Pending Sector Count
C6 200 200 __0 000000000000 Uncorrectable Sector Count
C7 200 200 __0 000000000000 UltraDMA CRC Error Count
C8 200 200 _51 000000000000 Write Error Rate

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 427A 3FFF C837 0010 0000 003F 003F 0000 0000 0000
010: 2020 2020 2057 442D 574D 3931 3931 3138 3537 3835
020: 0000 4000 0032 3035 2E30 3035 3035 5744 4320 5744
030: 3136 3030 4141 4A53 2D30 5341 5341 3020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4001 0000 0000 0007 3FFF 003F 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 0706 0706 0000 0044 0040
080: 00FE 0000 746B 7F61 4123 BC41 BC41 4123 207F 0014
090: 0000 0000 FFFE 0000 80FE 0000 0000 0000 0000 0000
100: 9EB0 12A1 0000 0000 0000 0000 0000 0000 5001 4EE0
110: 0007 85AC 0000 0000 0000 0000 0000 0000 0000 4010
120: 4010 0000 0000 0000 0000 0000 0000 0000 0009 0000
130: 0000 0000 0000 167F 0000 0000 0000 0000 0000 0000
140: 0000 0000 0004 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 103F 103F 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
220: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 F9A5

Pri spusteni FRST launcher sa mi pocas skenu objavil prazdny poznamkovy blok s tabulkou "pristup odopreny" - klikol som na OK a sken dalej pokracoval. Logy mam vo FRST3.txt a addition.txt. Vo FRST.txt je len toto "==================== End of log ============================" Je to v poriadku?

Davam log FRST3.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-06-2015
Ran by Gabriel (administrator) on GABRIELN on 14-06-2015 18:15:39
Running from C:\Documents and Settings\Gabriel\Desktop
Loaded Profiles: Gabriel (Available Profiles: Gabriel)
Platform: Systém Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: Angličtina (USA)
Internet Explorer Version 8 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
() C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Freemake) C:\Documents and Settings\All Users.WINDOWS\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Portrait Displays, Inc.) C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(forum.viry.cz) C:\Documents and Settings\Gabriel\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DT PHL] => C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe [86016 2009-10-08] ()
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2012-08-15] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [413696 2008-04-10] (IDT, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-12] (Avast Software s.r.o.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2012-08-16] (ATI Technologies Inc.)
HKU\S-1-5-21-1645522239-1417001333-839522115-1004\...\Run: [EPSON SX125 Series] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE [200704 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1645522239-1417001333-839522115-1004\...\Run: [Wisdom-soft ScreenHunter 6.0 Free] => 0
HKU\S-1-5-21-1645522239-1417001333-839522115-1004\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [28785792 2015-06-02] (Skype Technologies S.A.)
HKU\S-1-5-21-1645522239-1417001333-839522115-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\yowindow.scr
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_17_0_0_169_pepper.exe -update pepperplugin
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-05-10] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Gabriel\Application Data\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Gabriel\Application Data\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Gabriel\Application Data\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Gabriel\Application Data\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-01-15] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-01-15] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-01-15] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-01-15] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-01-15] (Google)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1645522239-1417001333-839522115-1004 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1645522239-1417001333-839522115-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-23] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-10] (Avast Software s.r.o.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-23] (Oracle Corporation)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/wind ... 7923174796
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 7923229796
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/download/ ... anager.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-08] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\g7je0c2u.default
FF NewTab: about:newtab
FF Homepage: about:home
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1218158.dll [2015-04-17] (Adobe Systems, Inc.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 -> C:\WINDOWS\ [2015-04-23] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2012-02-19] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2012-04-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2012-04-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2012-04-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2012-04-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2012-04-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2012-04-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2012-04-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2012-02-19] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2012-02-19] (RealNetworks, Inc.)
FF Extension: Avira Browser Safety - C:\Documents and Settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\g7je0c2u.default\Extensions\abs@avira.com [2015-03-11]
FF Extension: Stratiform - C:\Documents and Settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\g7je0c2u.default\Extensions\Stratiform@SoapySpew.xpi [2014-11-04]
FF Extension: Adblock Plus - C:\Documents and Settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\g7je0c2u.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-04]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-01-19]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-08]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-10]
FF Extension: No Name - C:\Documents and Settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\g7je0c2u.default\extensions\ascsurfingprotection@iobit.com [not found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-10]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-10]

Opera:
=======
OPR StartupUrls: "hxxp://www.sme.sk/"
OPR Extension: (adblockforopera) - C:\Documents and Settings\Gabriel\Application Data\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2014-04-11]
OPR Extension: (Opera Software) - C:\Documents and Settings\Gabriel\Application Data\Opera Software\Opera Stable\Extensions\encfpfilknmenlmjemepncnlbbjlabkc [2015-01-04]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-23] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-10] (Avast Software s.r.o.)
R2 DTSRVC; C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe [69632 2009-10-08] () [File not signed]
R2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-06-02] (Foxit Software Inc.)
R2 Freemake Improver; C:\Documents and Settings\All Users.WINDOWS\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2015-05-06] (Freemake) [File not signed]
R2 PdiService; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [109168 2009-07-15] (Portrait Displays, Inc.)
S2 WiseBootAssistant; C:\Program Files\Wise\Wise Care 365\BootTime.exe [580144 2015-05-12] (WiseCleaner.com)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-05-10] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [74976 2015-05-10] (Avast Software s.r.o.)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-05-10] (Avast Software s.r.o.)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-05-10] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787760 2015-05-10] (Avast Software s.r.o.)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [427992 2015-05-10] (Avast Software s.r.o.)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-05-10] (Avast Software s.r.o.)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209048 2015-05-10] ()
R3 AtiHDAudioService; C:\WINDOWS\System32\drivers\AtihdXP3.sys [99856 2012-02-23] (Advanced Micro Devices)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 DrvAgent32; C:\WINDOWS\system32\Drivers\DrvAgent32.sys [23456 2015-05-02] (Phoenix Technologies) [File not signed]
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2015-06-13] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 PdiPorts; C:\WINDOWS\System32\Drivers\PdiPorts.sys [17136 2009-07-15] (Portrait Displays, Inc.)
R1 Pivot; C:\WINDOWS\System32\drivers\pivot.sys [17465 2009-03-03] (Portrait Displays, Inc.) [File not signed]
S3 pivotmou; C:\WINDOWS\system32\drivers\pivotmou.sys [11323 2009-03-03] (Portrait Displays, Inc.) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 sfng32; C:\WINDOWS\System32\drivers\sfng32.sys [41728 2005-12-03] (Sonic Focus, Inc)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1271032 2008-04-10] (IDT, Inc.)
S3 WiseHDInfo; C:\WINDOWS\WiseHDInfo32.dll [13264 2015-05-14] (wisecleaner.com)
S3 anvsnddrv; system32\drivers\anvsnddrv.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S2 StarOpen; No ImagePath
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-14 18:15 - 2015-06-14 18:16 - 00017506 _____ C:\Documents and Settings\Gabriel\Desktop\FRST.txt
2015-06-14 18:14 - 2015-06-14 18:15 - 00000000 ____D C:\FRST
2015-06-14 18:12 - 2015-06-14 18:12 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Gabriel\Desktop\FRSTLauncher.exe
2015-06-14 18:11 - 2015-06-14 18:11 - 01148416 _____ (Farbar) C:\Documents and Settings\Gabriel\Desktop\FRST.exe
2015-06-14 18:06 - 2015-06-14 18:07 - 00000000 ____D C:\Documents and Settings\Gabriel\My Documents\CrystalDiskInfo5_0_0
2015-06-14 14:48 - 2015-06-14 14:49 - 01496172 _____ C:\Documents and Settings\Gabriel\My Documents\CrystalDiskInfo5_0_0.zip
2015-06-14 11:10 - 2015-06-14 11:11 - 02231296 _____ C:\Documents and Settings\Gabriel\My Documents\adwcleaner_4.206.exe
2015-06-14 09:30 - 2015-06-14 09:30 - 00122928 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-14 09:30 - 2015-06-14 09:30 - 00019504 _____ C:\Documents and Settings\Gabriel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-06-13 12:51 - 2015-06-13 12:52 - 00000000 ____D C:\rsit
2015-06-13 08:50 - 2015-06-13 09:49 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2015-06-11 14:12 - 2015-06-14 16:29 - 00090110 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-11 14:12 - 2015-06-14 16:28 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-06-11 14:12 - 2015-06-14 16:28 - 00000051 _____ C:\WINDOWS\wiaservc.log
2015-06-11 14:12 - 2015-06-11 14:12 - 00000000 ____N C:\WINDOWS\Sti_Trace.log
2015-06-08 13:11 - 2015-06-08 13:12 - 415132812 _____ C:\Documents and Settings\Gabriel\My Documents\gta_sa 2015-06-08 13-11-54-43.avi
2015-06-07 00:46 - 2015-06-13 12:41 - 00134778 _____ C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-18-0.dat
2015-06-06 14:27 - 2015-06-06 14:27 - 00000000 __SHD C:\Documents and Settings\LocalService.NT AUTHORITY\IETldCache
2015-06-06 14:00 - 2015-06-09 18:25 - 00000000 ____D C:\Documents and Settings\Gabriel\My Documents\KOJAK
2015-06-06 13:25 - 2015-06-06 13:25 - 00000000 ____D C:\Documents and Settings\Gabriel\Local Settings\Application Data\FreemakeVideoConverter
2015-06-06 13:24 - 2015-06-06 13:26 - 00000000 ____D C:\Documents and Settings\Gabriel\My Documents\Freemake
2015-06-06 13:24 - 2015-06-06 13:25 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Freemake
2015-06-06 13:24 - 2015-06-06 13:25 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Freemake
2015-06-06 13:24 - 2015-06-06 13:24 - 00000973 _____ C:\Documents and Settings\All Users.WINDOWS\Desktop\Freemake Video Converter.lnk
2015-06-06 13:24 - 2015-06-06 13:24 - 00000000 ____D C:\Documents and Settings\Gabriel\Start Menu\Programs\Freemake
2015-06-06 13:24 - 2015-06-06 13:24 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Freemake
2015-06-06 13:24 - 2015-06-06 13:24 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Freemake
2015-06-06 13:23 - 2015-06-06 13:24 - 00000000 ____D C:\Program Files\Freemake
2015-06-06 13:16 - 2015-06-06 13:17 - 00000000 ____D C:\Documents and Settings\Gabriel\Application Data\tiger-k
2015-06-06 13:16 - 2015-06-06 13:16 - 00000000 ____D C:\Documents and Settings\Gabriel\Application Data\Leawo
2015-06-06 13:16 - 2015-06-06 13:16 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Leawo
2015-06-06 13:16 - 2015-06-06 13:16 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Leawo
2015-06-06 13:13 - 2015-06-06 13:13 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\K-Lite Codec Pack
2015-06-06 13:13 - 2015-06-06 13:13 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\K-Lite Codec Pack
2015-06-06 13:13 - 2011-03-02 12:43 - 00175616 _____ C:\WINDOWS\system32\unrar.dll
2015-06-06 13:12 - 2012-01-09 11:34 - 00139264 _____ (http://www.xvid.org) C:\WINDOWS\system32\xvid.ax
2015-05-31 20:16 - 2015-05-31 20:16 - 00000478 _____ C:\Documents and Settings\All Users.WINDOWS\Desktop\Fraps.lnk
2015-05-31 20:16 - 2015-05-31 20:16 - 00000000 ____D C:\Fraps
2015-05-31 20:16 - 2015-05-31 20:16 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Fraps
2015-05-31 20:16 - 2015-05-31 20:16 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Fraps
2015-05-29 18:03 - 2015-05-29 18:03 - 00000000 ____D C:\Documents and Settings\Gabriel\My Documents\PassMark
2015-05-29 18:03 - 2015-05-29 18:03 - 00000000 ____D C:\Documents and Settings\Gabriel\Local Settings\Application Data\PassMark
2015-05-29 18:03 - 2015-05-29 18:03 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Passmark
2015-05-29 18:03 - 2015-05-29 18:03 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Passmark
2015-05-29 17:51 - 2015-05-29 17:51 - 00078544 _____ C:\Documents and Settings\Gabriel\My Documents\GABRIELN.html
2015-05-29 17:51 - 2015-05-29 17:51 - 00070272 _____ C:\Documents and Settings\Gabriel\My Documents\GABRIELN.txt
2015-05-29 17:41 - 2015-06-12 21:57 - 00000000 ____D C:\Program Files\CPUID
2015-05-29 17:41 - 2015-06-12 21:57 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\CPUID
2015-05-29 17:41 - 2015-06-12 21:57 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\CPUID

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-14 18:16 - 2015-02-06 11:40 - 00000000 ____D C:\Documents and Settings\Gabriel\Local Settings\Temp
2015-06-14 17:41 - 2015-04-23 22:30 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-14 17:28 - 2012-09-18 01:20 - 00000000 ____D C:\Documents and Settings\Gabriel\Application Data\Skype
2015-06-14 16:33 - 2015-05-10 12:57 - 00000366 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-06-14 16:27 - 2015-02-11 17:31 - 00000400 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1397242596.job
2015-06-14 16:27 - 2012-09-17 23:33 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-14 14:55 - 2014-05-02 01:35 - 00134778 _____ C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-06-14 14:55 - 2013-08-05 17:20 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2015-06-14 14:55 - 2012-09-17 23:33 - 00031946 _____ C:\WINDOWS\SchedLgU.Txt
2015-06-14 14:54 - 2012-09-17 23:35 - 00000178 ___SH C:\Documents and Settings\Gabriel\ntuser.ini
2015-06-14 14:16 - 2012-09-18 00:36 - 00162304 _____ C:\Documents and Settings\Gabriel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-14 13:41 - 2013-10-02 13:29 - 00000000 ____D C:\Documents and Settings\Gabriel\Application Data\AnvSoft
2015-06-14 13:41 - 2012-09-26 16:58 - 00000000 ____D C:\Documents and Settings\Gabriel\Desktop\BEZPEČNOSŤ
2015-06-14 11:15 - 2015-05-05 09:54 - 00000000 ____D C:\AdwCleaner
2015-06-14 10:01 - 2015-05-06 10:51 - 00000382 _____ C:\WINDOWS\Tasks\Wise Turbo Checker.job
2015-06-13 23:04 - 2015-04-23 22:29 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-06-13 21:07 - 2012-09-17 23:35 - 00000000 ____D C:\Documents and Settings\Gabriel
2015-06-13 12:51 - 2008-12-18 02:59 - 00000000 ____D C:\Program Files\Trend Micro
2015-06-13 12:42 - 2006-12-13 12:16 - 00000000 ____D C:\WINDOWS\srchasst
2015-06-13 10:42 - 2015-04-23 18:55 - 00000000 ____D C:\Documents and Settings\Gabriel\Local Settings\Application Data\Adobe
2015-06-12 11:29 - 2013-12-14 15:05 - 00000000 ____D C:\FFOutput
2015-06-11 09:46 - 2015-05-06 10:50 - 00000000 ____D C:\Documents and Settings\Gabriel\Application Data\Wise Care 365
2015-06-11 09:39 - 2015-05-06 10:49 - 00001695 _____ C:\Documents and Settings\All Users.WINDOWS\Desktop\Wise Care 365.lnk
2015-06-10 23:13 - 2012-10-05 08:13 - 136900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-10 20:41 - 2015-04-23 22:29 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-06-10 20:41 - 2015-04-23 22:29 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-06-10 20:17 - 2011-05-25 16:49 - 00000000 ____D C:\Program Files\Opera
2015-06-10 20:15 - 2006-02-28 14:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2015-06-09 23:47 - 2014-05-02 01:35 - 01269598 _____ C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1645522239-1417001333-839522115-1004-0.dat
2015-06-09 23:39 - 2013-02-09 00:29 - 00000000 ____D C:\Program Files\SpywareBlaster
2015-06-09 23:39 - 2013-02-09 00:29 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2015-06-09 23:39 - 2013-02-09 00:29 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2015-06-09 18:30 - 2012-10-11 13:37 - 00000000 ____D C:\Documents and Settings\Gabriel\My Documents\FILMY pc
2015-06-08 00:04 - 2015-05-06 10:49 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Wise Care 365
2015-06-08 00:04 - 2015-05-06 10:49 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Wise Care 365
2015-06-07 13:49 - 2014-09-28 15:13 - 00009718 _____ C:\Documents and Settings\Gabriel\Desktop\C5-ky.txt
2015-06-06 14:27 - 2012-09-17 23:33 - 00000000 __SHD C:\Documents and Settings\LocalService.NT AUTHORITY
2015-06-06 13:14 - 2007-01-19 21:41 - 00000000 ____D C:\Program Files\K-Lite Codec Pack
2015-06-06 00:47 - 2013-12-14 15:12 - 00000038 _____ C:\WINDOWS\AviSplitter.INI
2015-06-05 10:11 - 2012-09-18 01:19 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
2015-06-05 10:11 - 2012-09-18 01:19 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
2015-06-01 21:21 - 2007-03-05 00:32 - 00000000 ____D C:\WINDOWS\Minidump
2015-05-29 13:30 - 2014-02-06 23:45 - 00000852 _____ C:\Documents and Settings\Gabriel\Desktop\Any Video Converter.lnk
2015-05-29 13:19 - 2013-11-01 23:35 - 00000000 ____D C:\Program Files\Steam
2015-05-28 12:57 - 2010-12-13 16:04 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-05-28 00:17 - 2006-12-25 21:47 - 00000000 ____D C:\Program Files\CCleaner

==================== Files in the root of some directories =======

2004-06-22 09:04 - 2004-06-22 09:04 - 0000065 _____ () C:\Program Files\dxprl.dat
2004-06-22 09:04 - 2004-06-22 09:04 - 0014845 _____ () C:\Program Files\hpoapd01.dat
2004-06-22 09:04 - 2004-06-22 09:04 - 0004779 _____ () C:\Program Files\hpoglu08.inf
2004-06-22 09:04 - 2004-06-22 09:04 - 0003448 _____ () C:\Program Files\hpohub08.inf
2004-06-22 09:04 - 2004-06-22 09:04 - 0017176 _____ () C:\Program Files\hpomdl04.dat
2004-06-22 09:04 - 2004-06-22 09:04 - 0004768 _____ () C:\Program Files\hpoprl01.dat
2004-06-22 09:04 - 2004-06-22 09:04 - 0002542 _____ () C:\Program Files\hpoprl02.dat
2004-06-22 09:04 - 2004-06-22 09:04 - 0019578 _____ () C:\Program Files\hpoprl03.dat
2004-06-22 09:04 - 2004-06-22 09:04 - 0066431 _____ () C:\Program Files\hpoprl04.dat
2004-06-22 09:04 - 2004-06-22 09:04 - 0065420 _____ () C:\Program Files\hpoprl05.dat
2004-06-22 09:04 - 2004-06-22 09:04 - 0001980 _____ () C:\Program Files\hpoprl07.dat
2004-06-22 09:04 - 2004-06-22 09:04 - 0004014 _____ () C:\Program Files\hpoprl08.dat
2004-06-22 09:04 - 2004-06-22 09:04 - 0447400 _____ () C:\Program Files\hpoprn08.cat
2004-06-22 09:04 - 2004-06-22 09:04 - 0137124 _____ () C:\Program Files\hpoprn08.inf
2004-06-22 09:04 - 2004-06-22 09:04 - 0053670 _____ () C:\Program Files\hposcu08.cat
2004-06-22 09:04 - 2004-06-22 09:04 - 0094438 _____ () C:\Program Files\hposcu08.inf
2004-06-22 09:04 - 2004-06-22 09:04 - 0007579 _____ () C:\Program Files\hpound08.inf
2004-06-22 09:04 - 2004-06-22 09:04 - 0051026 _____ () C:\Program Files\HPOunp08.cat
2004-06-22 09:04 - 2004-06-22 09:04 - 0006704 _____ () C:\Program Files\hpounp08.inf
2004-06-22 09:04 - 2004-06-22 09:04 - 0004144 _____ () C:\Program Files\hpousb08.inf
2004-06-22 09:04 - 2004-06-22 09:04 - 0009773 _____ () C:\Program Files\hpousc08.inf
2004-06-22 09:04 - 2004-06-22 09:04 - 0000314 _____ () C:\Program Files\hpqprl01.dat
2004-06-22 09:04 - 2004-06-22 09:04 - 0270336 _____ (Hewlett-Packard Co.) C:\Program Files\hpzc3212.dll
2004-06-22 09:04 - 2004-06-22 09:04 - 0270336 _____ (HP) C:\Program Files\hpzglu10.exe
2004-06-22 09:04 - 2004-06-22 09:04 - 0051467 _____ () C:\Program Files\HPZid412.cat
2004-06-22 09:04 - 2004-06-22 09:04 - 0050615 _____ () C:\Program Files\hpzid412.inf
2004-06-22 09:04 - 2004-06-22 09:04 - 0051467 _____ () C:\Program Files\hpzid413.cat
2004-06-22 09:04 - 2004-06-22 09:04 - 0022636 _____ () C:\Program Files\hpzid413.inf
2004-06-22 09:04 - 2004-06-22 09:04 - 0051467 _____ () C:\Program Files\HPZipr12.cat
2004-06-22 09:04 - 2004-06-22 09:04 - 0012922 _____ () C:\Program Files\hpzipr12.inf
2004-06-22 09:04 - 2004-06-22 09:04 - 0051467 _____ () C:\Program Files\hpzipr13.cat
2004-06-22 09:04 - 2004-06-22 09:04 - 0009777 _____ () C:\Program Files\hpzipr13.inf
2004-06-22 09:04 - 2004-06-22 09:04 - 0051467 _____ () C:\Program Files\hpzist12.cat
2004-06-22 09:04 - 2004-06-22 09:04 - 0005538 _____ () C:\Program Files\hpzist12.inf
2004-06-22 09:04 - 2004-06-22 09:04 - 0051467 _____ () C:\Program Files\hpzist13.cat
2004-06-22 09:04 - 2004-06-22 09:04 - 0004132 _____ () C:\Program Files\hpzist13.inf
2004-06-22 09:04 - 2004-06-22 09:04 - 0052349 _____ () C:\Program Files\HPZius12.cat
2004-06-22 09:04 - 2004-06-22 09:04 - 0020168 _____ () C:\Program Files\hpzius12.inf
2004-06-22 09:04 - 2004-06-22 09:04 - 0052349 _____ () C:\Program Files\hpzius13.cat
2004-06-22 09:04 - 2004-06-22 09:04 - 0014815 _____ () C:\Program Files\hpzius13.inf
2004-06-22 09:04 - 2004-06-22 09:04 - 0028722 _____ (Hewlett-Packard) C:\Program Files\hpzjlog.dll
2004-06-22 09:04 - 2004-06-22 09:04 - 0442425 _____ (Hewlett-Packard) C:\Program Files\hpzjpp01.dll
2004-06-22 09:04 - 2004-06-22 09:04 - 0290873 _____ (Hewlett-Packard) C:\Program Files\hpzjut01.dll
2004-06-22 09:04 - 2004-06-22 09:04 - 0049212 _____ (Hewlett-Packard) C:\Program Files\hpzjvp01.dll
2004-06-22 09:04 - 2004-06-22 09:04 - 0200704 _____ (HP) C:\Program Files\hpzpnp10.dll
2004-06-22 09:04 - 2004-06-22 09:04 - 0000399 _____ () C:\Program Files\hpzprl01.dat
2004-06-22 09:04 - 2004-06-22 09:04 - 0000205 _____ () C:\Program Files\hpzprl02.dat
2004-06-22 09:04 - 2004-06-22 09:04 - 0176128 _____ (HP) C:\Program Files\hpzscr10.dll
2004-06-22 09:04 - 2004-06-22 09:04 - 0001479 _____ () C:\Program Files\license.txt
2004-06-22 09:04 - 2004-06-22 09:04 - 0070656 _____ (Microsoft Corporation) C:\Program Files\msvcirt.dll
2004-06-22 09:04 - 2004-06-22 09:04 - 0254005 _____ (Microsoft Corporation) C:\Program Files\msvcrt.dll
2004-06-22 09:04 - 2004-06-22 09:04 - 0000297 _____ () C:\Program Files\Readme.html
2004-06-22 09:04 - 2004-06-22 09:04 - 0001391 _____ () C:\Program Files\readme.txt
2004-06-22 09:04 - 2004-06-22 09:04 - 0026768 _____ (Microsoft Corporation) C:\Program Files\usbhub.sys
2004-06-22 09:04 - 2004-06-22 09:04 - 0012288 _____ (Microsoft Corporation) C:\Program Files\usbmon.dll
2004-06-22 09:04 - 2004-06-22 09:04 - 0022608 _____ (Microsoft Corporation) C:\Program Files\usbprint.sys
2013-10-02 15:26 - 2013-10-02 15:26 - 0000118 _____ () C:\Documents and Settings\Gabriel\Application Data\settings.xml
2012-09-18 00:36 - 2015-06-14 14:16 - 0162304 _____ () C:\Documents and Settings\Gabriel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Documents and Settings\Gabriel\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Gabriel\Local Settings\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

==================== MBR and Partition Table ==================

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_17_0_0_188_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1397242596.job => C:\Program Files\Opera\launcher.exe
Task: C:\WINDOWS\Tasks\Wise Turbo Checker.job => C:\Program Files\Wise\Wise Care 365\WiseTurbo.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5C321E34
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:661DFA1C
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5C321E34
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:661DFA1C

==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus (Disabled) {7591DB91-41F0-48A3-B128-1A293FD8233D}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\Gabriel\Desktop" je 26 MB.

***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PivotSoftware
"C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Opera\\opera.exe"="C:\\Program Files\\Opera\\opera.exe:*:Enabled:Opera Internet Browser"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\muzapp.exe"="C:\\WINDOWS\\system32\\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"="C:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe:*:Enabled:EEventManager Application"
"C:\\Documents and Settings\\Gabriel\\Application Data\\Dropbox\\bin\\Dropbox.exe"="C:\\Documents and Settings\\Gabriel\\Application Data\\Dropbox\\bin\\Dropbox.exe:*:Enabled:Dropbox"
"C:\\Program Files\\Steam\\SteamApps\\common\\Mafia II\\pc\\mafia2.exe"="C:\\Program Files\\Steam\\SteamApps\\common\\Mafia II\\pc\\mafia2.exe:*:Enabled:Mafia II"
"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"="C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe:*:Enabled:WebKit"
"C:\\Program Files\\Steam\\bin\\steamwebhelper.exe"="C:\\Program Files\\Steam\\bin\\steamwebhelper.exe:*:Enabled:Steam Web Helper"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"86:TCP"="86:TCP:*:Enabled:BroadCam Video Streaming Server TCP/IP Port"
"1935:TCP"="1935:TCP:*:Enabled:BroadCam Video Streaming Server Flash Video Server"
"4100:UDP"="4100:UDP:*:Enabled:uPNP Router Control Port"

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000

==================== End Of Log ==============================

#6 Příspěvek od **Márty84** » 14 čer 2015 18:04

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-21-1645522239-1417001333-839522115-1004\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [28785792 2015-06-02] (Skype Technologies S.A.)
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_17_0_0_169_pepper.exe -update pepperplugin

FF Extension: Avira Browser Safety - C:\Documents and Settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\g7je0c2u.default\Extensions\abs@avira.com [2015-03-11]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-01-19]
FF Extension: No Name - C:\Documents and Settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\g7je0c2u.default\extensions\ascsurfingprotection@iobit.com [not found]

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_17_0_0_188_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1397242596.job => C:\Program Files\Opera\launcher.exe
Task: C:\WINDOWS\Tasks\Wise Turbo Checker.job => C:\Program Files\Wise\Wise Care 365\WiseTurbo.exe

AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5C321E34
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:661DFA1C
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5C321E34
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:661DFA1C

S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2015-02-18 315488]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-10 268464]

Hosts:
EmptyTemp:
Reboot:
End

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

Gabo · #7 Příspěvek od **Gabo** » 14 čer 2015 20:02

Fix result of Farbar Recovery Scan Tool (x86) Version: 13-06-2015
Ran by Gabriel at 2015-06-14 19:53:45 Run:1
Running from C:\Documents and Settings\Gabriel\Desktop
Loaded Profiles: Gabriel (Available Profiles: Gabriel)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-21-1645522239-1417001333-839522115-1004\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [28785792 2015-06-02] (Skype Technologies S.A.)
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_17_0_0_169_pepper.exe -update pepperplugin

FF Extension: Avira Browser Safety - C:\Documents and Settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\g7je0c2u.default\Extensions\abs@avira.com [2015-03-11]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-01-19]
FF Extension: No Name - C:\Documents and Settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\g7je0c2u.default\extensions\ascsurfingprotection@iobit.com [not found]

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_17_0_0_188_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1397242596.job => C:\Program Files\Opera\launcher.exe
Task: C:\WINDOWS\Tasks\Wise Turbo Checker.job => C:\Program Files\Wise\Wise Care 365\WiseTurbo.exe

AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5C321E34
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:661DFA1C
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5C321E34
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:661DFA1C

S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2015-02-18 315488]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-10 268464]

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-21-1645522239-1417001333-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate => value removed successfully.
C:\Documents and Settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\g7je0c2u.default\Extensions\abs@avira.com => moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} => moved successfully.
C:\Documents and Settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\g7je0c2u.default\extensions\ascsurfingprotection@iobit.com => not found.
C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => moved successfully.
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => moved successfully.
C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1397242596.job => moved successfully.
C:\WINDOWS\Tasks\Wise Turbo Checker.job => moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP => ":5C321E34" ADS removed successfully..
C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP => ":661DFA1C" ADS removed successfully..
"C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP" => ":5C321E34" ADS not found.
"C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP" => ":661DFA1C" ADS not found.
SkypeUpdate => Service removed successfully.
AdobeFlashPlayerUpdateSvc => Service removed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 360.2 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 19:54:36 ====

#8 Příspěvek od **Márty84** » 15 čer 2015 01:37

vyosek píše: DelFix https://toolslib.net/downloads/finish/2/
Stahnete a spustte

Ponechte zatrzitkou pouze u volby Remove disinfection tools

Kliknete na Run

Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler https://www.piriform.com/defraggler/download/standard
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.

Pak napiste, jak je na tom pc.

Gabo · #9 Příspěvek od **Gabo** » 16 čer 2015 23:04

Ide to o nieco lepsie, aj ked zial nie o tolko, ako to bolo predtym. S tym sa vsak asi uz neda nic robit (stare pc, ktore nestiha). Dakujem zase raz za pomoc, ste super

#10 Příspěvek od **Márty84** » 17 čer 2015 06:36

Muzem kouknout hloubeji...

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe , ulozte na plochu a spustte
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

Gabo · #11 Příspěvek od **Gabo** » 17 čer 2015 13:53

Som rad, ze sa este nieco da urobit

Teraz som si vsimol, ze AdBlock sa mi vzdy zablokuje a nefunguje. Ked ho povolim v nastaveniach, vydrzi 5 sekund a zase sa deaktivuje. Co s tym?

Tu su logy:

OTL logfile created on: 17.6.2015 14:07:28 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Gabriel\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d.M.yyyy

1021,31 Mb Total Physical Memory | 719,43 Mb Available Physical Memory | 70,44% Memory free
2,40 Gb Paging File | 1,96 Gb Available in Paging File | 81,51% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 65,45 Gb Free Space | 43,92% Space Free | Partition Type: NTFS
Drive D: | 3,92 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: GABRIELN | User Name: Gabriel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015.06.17 14:05:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gabriel\Desktop\OTL.exe
PRC - [2015.06.02 16:24:26 | 000,244,392 | ---- | M] (Foxit Software Inc.) -- C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
PRC - [2015.05.12 10:33:03 | 005,515,496 | ---- | M] (Avast Software s.r.o.) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2015.05.10 12:56:33 | 000,343,336 | ---- | M] (Avast Software s.r.o.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2015.05.06 09:30:08 | 000,108,032 | ---- | M] (Freemake) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2014.12.19 09:38:38 | 000,093,040 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2014.07.23 01:47:10 | 000,142,648 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2009.10.08 11:14:32 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2009.07.15 13:43:46 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2008.04.14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.04.10 21:07:20 | 000,413,696 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe

========== Modules (No Company Name) ==========

MOD - [2015.06.17 13:50:36 | 002,952,704 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\15061700\algo.dll
MOD - [2015.06.16 21:05:41 | 002,952,704 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\15061602\algo.dll
MOD - [2015.05.10 12:56:37 | 040,540,672 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2015.05.10 12:56:34 | 000,104,400 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\log.dll
MOD - [2015.05.10 12:56:33 | 000,081,728 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
MOD - [2014.05.03 11:48:06 | 001,886,208 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Web.Services\a741d9ff6728605a3429f8a4c9b97fc9\System.Web.Services.ni.dll
MOD - [2014.05.03 11:47:59 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2e3fdae8546832614633495638bef8d0\System.ServiceProcess.ni.dll
MOD - [2014.05.03 11:47:49 | 018,109,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\dd733c6f1f9f50f3517d48da5bea80d2\System.ServiceModel.ni.dll
MOD - [2014.05.03 11:47:13 | 001,218,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\7612d2ecdf9c6beedc264e9390e97b0f\System.Management.ni.dll
MOD - [2014.05.03 11:45:26 | 000,148,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\d1389795ee255d46ed3ed84776d2bb69\System.Configuration.Install.ni.dll
MOD - [2014.05.03 11:44:24 | 001,021,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\469dd20488c4a9606abe21189a3c1ab9\System.Runtime.DurableInstancing.ni.dll
MOD - [2014.05.03 11:44:22 | 002,658,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\fa954900a6cf3a095efadfa4c683a32c\System.Runtime.Serialization.ni.dll
MOD - [2014.05.03 11:44:22 | 000,143,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\27bdc6196968e44234654e30e1028750\SMDiagnostics.ni.dll
MOD - [2014.05.03 00:48:11 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a4b5a1a06d2d7f77258943c8c228a5e0\System.Core.ni.dll
MOD - [2014.05.03 00:48:08 | 005,628,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\850fa7110c7423c324762c1ad3130219\System.Xml.ni.dll
MOD - [2014.05.03 00:48:02 | 001,014,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\991c4e11f571a4074b9c4a5841222338\System.Configuration.ni.dll
MOD - [2014.05.03 00:47:59 | 009,099,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\4c906eb82e6f56aea01b2a7291fab7ea\System.ni.dll
MOD - [2014.05.03 00:47:50 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\4e62d1d9b7dd2c2d14915abb73c22d50\mscorlib.ni.dll
MOD - [2014.02.14 12:33:16 | 011,906,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\f0b0625c2db624ba9c97ad1b12490d79\System.Web.ni.dll
MOD - [2014.02.14 12:31:10 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b6e70acd99dc22e29b7fc8f9ac340c4\System.Configuration.ni.dll
MOD - [2014.02.14 12:30:04 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\06b454361516e65eca55a743cd93cefc\Accessibility.ni.dll
MOD - [2014.02.14 01:15:49 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2014.02.14 01:13:43 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll
MOD - [2014.02.14 01:13:37 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1cdfe1998ad6794db3237006906c6fa2\System.Windows.Forms.ni.dll
MOD - [2014.02.14 01:12:59 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\424bff3295c6e7539cc6df62b9425bd0\System.Drawing.ni.dll
MOD - [2014.02.14 01:06:53 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll
MOD - [2014.02.14 01:06:05 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll
MOD - [2012.09.18 13:51:42 | 000,016,384 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2012.08.15 21:19:12 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010.03.16 12:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2009.10.08 11:14:32 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe

========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2015.06.02 16:24:26 | 000,244,392 | ---- | M] (Foxit Software Inc.) [Auto | Running] -- C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe -- (FoxitCloudUpdateService)
SRV - [2015.05.12 16:22:30 | 000,580,144 | ---- | M] (WiseCleaner.com) [Auto | Stopped] -- C:\Program Files\Wise\Wise Care 365\BootTime.exe -- (WiseBootAssistant)
SRV - [2015.05.10 12:56:33 | 000,343,336 | ---- | M] (Avast Software s.r.o.) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2015.05.06 09:30:08 | 000,108,032 | ---- | M] (Freemake) [Auto | Running] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2014.12.19 09:38:38 | 000,093,040 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2014.07.23 01:47:10 | 000,142,648 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2009.10.08 11:14:32 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2009.07.15 13:43:46 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [File_System | Auto | Stopped] -- -- (StarOpen)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\anvsnddrv.sys -- (anvsnddrv)
DRV - [2015.06.13 09:49:56 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2015.05.14 09:55:45 | 000,013,264 | ---- | M] (wisecleaner.com) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\WiseHDInfo32.dll -- (WiseHDInfo)
DRV - [2015.05.10 12:56:37 | 000,427,992 | ---- | M] (Avast Software s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2015.05.10 12:56:37 | 000,209,048 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2015.05.10 12:56:37 | 000,074,976 | ---- | M] (Avast Software s.r.o.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2015.05.10 12:56:37 | 000,057,888 | ---- | M] (Avast Software s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2015.05.10 12:56:37 | 000,055,200 | ---- | M] (Avast Software s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2015.05.10 12:56:37 | 000,049,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2015.05.10 12:56:37 | 000,024,144 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2015.05.10 12:56:30 | 000,787,760 | ---- | M] (Avast Software s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2015.05.02 14:29:29 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2013.01.31 10:19:50 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013.01.31 10:19:50 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012.08.16 04:58:38 | 006,810,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2012.02.23 14:31:22 | 000,099,856 | R--- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009.07.15 13:43:32 | 000,017,136 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2009.03.03 11:42:00 | 000,017,465 | ---- | M] (Portrait Displays, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pivot.sys -- (Pivot)
DRV - [2009.03.03 11:41:58 | 000,011,323 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pivotmou.sys -- (pivotmou)
DRV - [2008.04.10 21:10:10 | 001,271,032 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008.01.09 11:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2006.11.02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005.12.03 02:38:04 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1645522239-1417001333-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-1645522239-1417001333-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1645522239-1417001333-839522115-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1645522239-1417001333-839522115-1004\..\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-1645522239-1417001333-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-1645522239-1417001333-839522115-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... {startPage}
IE - HKU\S-1-5-21-1645522239-1417001333-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:10.0.2204.148
FF - prefs.js..extensions.enabledAddons: Stratiform%40SoapySpew:3.0.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1218158.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.45.2: C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.45.2: C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2015.06.16 16:48:37 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015.05.10 12:56:38 | 000,000,000 | ---D | M]

[2014.06.30 17:06:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gabriel\Application Data\Mozilla\Extensions
[2012.10.06 19:49:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gabriel\Application Data\Mozilla\Extensions\home2@tomtom.com
[2015.06.14 19:53:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\g7je0c2u.default\extensions
[2014.11.04 14:35:35 | 000,240,755 | ---- | M] () (No name found) -- C:\Documents and Settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\g7je0c2u.default\extensions\Stratiform@SoapySpew.xpi
[2014.11.04 14:28:56 | 000,979,610 | ---- | M] () (No name found) -- C:\Documents and Settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\g7je0c2u.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.02.04 12:21:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\GABRIEL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\G7JE0C2U.DEFAULT\EXTENSIONS\ASCSURFINGPROTECTION@IOBIT.COM
[2015.05.10 12:56:38 | 000,000,000 | ---D | M] ("Avast Online Security") -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

O1 HOSTS File: ([2015.06.14 19:53:59 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (Avast Software s.r.o.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1645522239-1417001333-839522115-1004\..\Toolbar\ShellBrowser: (no name) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o.)
O4 - HKLM..\Run: [DT PHL] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-1645522239-1417001333-839522115-1004..\Run: [EPSON SX125 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1645522239-1417001333-839522115-1004..\Run: [Wisdom-soft ScreenHunter 6.0 Free] 0 File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1645522239-1417001333-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKU\S-1-5-21-1645522239-1417001333-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/wind ... 7923174796 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 7923229796 (MUWebControl Class)
O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/download/ ... anager.cab (Microsoft Download Manager ActiveX control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19BFFC58-3D34-4234-B47E-2C29FDF351E7}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Gabriel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gabriel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.02.25 18:24:44 | 000,000,051 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2015.06.17 14:05:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gabriel\Desktop\OTL.exe
[2015.06.16 01:09:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Gabriel\Recent
[2015.06.14 18:29:24 | 000,112,107 | ---- | C] (forum.viry.cz) -- C:\Documents and Settings\Gabriel\My Documents\VerzeOS.exe
[2015.06.14 18:06:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gabriel\My Documents\CrystalDiskInfo5_0_0
[2015.06.13 08:50:19 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2015.06.06 14:00:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gabriel\My Documents\KOJAK
[2015.06.06 13:25:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gabriel\Local Settings\Application Data\FreemakeVideoConverter
[2015.06.06 13:24:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gabriel\My Documents\Freemake
[2015.06.06 13:24:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gabriel\Start Menu\Programs\Freemake
[2015.06.06 13:24:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Freemake
[2015.06.06 13:24:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Freemake
[2015.06.06 13:23:56 | 000,000,000 | ---D | C] -- C:\Program Files\Freemake
[2015.06.06 13:16:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gabriel\Application Data\tiger-k
[2015.06.06 13:16:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gabriel\Application Data\Leawo
[2015.06.06 13:16:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Leawo
[2015.06.06 13:13:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\K-Lite Codec Pack
[2015.06.06 13:12:45 | 000,139,264 | ---- | C] (http://www.xvid.org) -- C:\WINDOWS\System32\xvid.ax
[2015.05.31 20:16:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Fraps
[2015.05.31 20:16:37 | 000,000,000 | ---D | C] -- C:\Fraps
[2015.05.29 18:03:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gabriel\My Documents\PassMark
[2015.05.29 18:03:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gabriel\Local Settings\Application Data\PassMark
[2015.05.29 18:03:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Passmark
[2015.05.29 17:41:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\CPUID
[2015.05.29 17:41:45 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2004.06.22 09:04:56 | 000,442,425 | ---- | C] (Hewlett-Packard) -- C:\Program Files\hpzjpp01.dll
[2004.06.22 09:04:56 | 000,290,873 | ---- | C] (Hewlett-Packard) -- C:\Program Files\hpzjut01.dll
[2004.06.22 09:04:56 | 000,254,005 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcrt.dll
[2004.06.22 09:04:56 | 000,200,704 | ---- | C] (HP) -- C:\Program Files\hpzpnp10.dll
[2004.06.22 09:04:56 | 000,176,128 | ---- | C] (HP) -- C:\Program Files\hpzscr10.dll
[2004.06.22 09:04:56 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcirt.dll
[2004.06.22 09:04:56 | 000,049,212 | ---- | C] (Hewlett-Packard) -- C:\Program Files\hpzjvp01.dll
[2004.06.22 09:04:56 | 000,026,768 | ---- | C] (Microsoft Corporation) -- C:\Program Files\usbhub.sys
[2004.06.22 09:04:56 | 000,022,608 | ---- | C] (Microsoft Corporation) -- C:\Program Files\usbprint.sys
[2004.06.22 09:04:56 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Program Files\usbmon.dll
[2004.06.22 09:04:54 | 000,270,336 | ---- | C] (HP) -- C:\Program Files\hpzglu10.exe
[2004.06.22 09:04:54 | 000,270,336 | ---- | C] (Hewlett-Packard Co.) -- C:\Program Files\hpzc3212.dll
[2004.06.22 09:04:54 | 000,028,722 | ---- | C] (Hewlett-Packard) -- C:\Program Files\hpzjlog.dll

========== Files - Modified Within 30 Days ==========

[2015.06.17 14:10:19 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2015.06.17 14:05:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gabriel\Desktop\OTL.exe
[2015.06.17 12:57:16 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2015.06.17 09:47:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015.06.16 16:48:15 | 000,122,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2015.06.14 19:53:59 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2015.06.14 18:29:35 | 000,112,107 | ---- | M] (forum.viry.cz) -- C:\Documents and Settings\Gabriel\My Documents\VerzeOS.exe
[2015.06.14 14:49:07 | 001,496,172 | ---- | M] () -- C:\Documents and Settings\Gabriel\My Documents\CrystalDiskInfo5_0_0.zip
[2015.06.14 14:16:32 | 000,162,304 | ---- | M] () -- C:\Documents and Settings\Gabriel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2015.06.14 11:11:09 | 002,231,296 | ---- | M] () -- C:\Documents and Settings\Gabriel\My Documents\adwcleaner_4.206.exe
[2015.06.13 09:49:56 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2015.06.11 09:39:24 | 000,001,695 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Wise Care 365.lnk
[2015.06.10 20:41:24 | 000,778,416 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2015.06.10 20:41:24 | 000,142,512 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2015.06.10 20:15:36 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2015.06.09 13:01:38 | 000,113,084 | ---- | M] () -- C:\Documents and Settings\Gabriel\My Documents\Ziadost_pri_opakovanej_evidencii (1).rtf
[2015.06.08 13:12:24 | 415,132,812 | ---- | M] () -- C:\Documents and Settings\Gabriel\My Documents\gta_sa 2015-06-08 13-11-54-43.avi
[2015.06.07 20:30:43 | 000,031,342 | ---- | M] () -- C:\Documents and Settings\Gabriel\My Documents\Ziadost_pri_opakovanej_evidencii.rtf
[2015.06.06 22:00:18 | 000,640,792 | ---- | M] () -- C:\Documents and Settings\Gabriel\My Documents\11224358_1146927288667869_814114173278784505_n.png
[2015.06.06 13:24:28 | 000,000,973 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Freemake Video Converter.lnk
[2015.06.06 00:47:03 | 000,000,038 | ---- | M] () -- C:\WINDOWS\AviSplitter.INI
[2015.06.05 00:45:21 | 006,904,007 | ---- | M] () -- C:\Documents and Settings\Gabriel\My Documents\Ponuky uchádzačov.pdf
[2015.06.04 22:59:35 | 000,209,490 | ---- | M] () -- C:\Documents and Settings\Gabriel\Desktop\brana Omama.jpg
[2015.05.31 20:16:39 | 000,000,478 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Fraps.lnk
[2015.05.29 18:57:48 | 000,129,207 | ---- | M] () -- C:\Documents and Settings\Gabriel\Desktop\bot Anna.jpg
[2015.05.29 17:51:23 | 000,078,544 | ---- | M] () -- C:\Documents and Settings\Gabriel\My Documents\GABRIELN.html
[2015.05.29 13:30:58 | 000,000,852 | ---- | M] () -- C:\Documents and Settings\Gabriel\Desktop\Any Video Converter.lnk
[2015.05.27 00:48:46 | 000,130,142 | ---- | M] () -- C:\Documents and Settings\Gabriel\Desktop\JFTW.jpg
[2015.05.25 00:47:33 | 000,112,958 | ---- | M] () -- C:\Documents and Settings\Gabriel\Desktop\organigram_byt_cintorinska.jpg
[2015.05.23 15:42:37 | 000,101,417 | ---- | M] () -- C:\Documents and Settings\Gabriel\Desktop\trueb.d.jpg

========== Files Created - No Company Name ==========

[2015.06.17 14:10:19 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2015.06.16 16:48:15 | 000,122,928 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2015.06.14 14:48:25 | 001,496,172 | ---- | C] () -- C:\Documents and Settings\Gabriel\My Documents\CrystalDiskInfo5_0_0.zip
[2015.06.14 11:10:38 | 002,231,296 | ---- | C] () -- C:\Documents and Settings\Gabriel\My Documents\adwcleaner_4.206.exe
[2015.06.09 13:01:30 | 000,113,084 | ---- | C] () -- C:\Documents and Settings\Gabriel\My Documents\Ziadost_pri_opakovanej_evidencii (1).rtf
[2015.06.08 13:11:54 | 415,132,812 | ---- | C] () -- C:\Documents and Settings\Gabriel\My Documents\gta_sa 2015-06-08 13-11-54-43.avi
[2015.06.06 22:00:14 | 000,640,792 | ---- | C] () -- C:\Documents and Settings\Gabriel\My Documents\11224358_1146927288667869_814114173278784505_n.png
[2015.06.06 13:24:28 | 000,000,973 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Freemake Video Converter.lnk
[2015.06.06 13:13:47 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2015.06.05 00:44:51 | 006,904,007 | ---- | C] () -- C:\Documents and Settings\Gabriel\My Documents\Ponuky uchádzačov.pdf
[2015.06.04 22:59:35 | 000,209,490 | ---- | C] () -- C:\Documents and Settings\Gabriel\Desktop\brana Omama.jpg
[2015.05.31 20:16:39 | 000,000,478 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Fraps.lnk
[2015.05.29 18:57:48 | 000,129,207 | ---- | C] () -- C:\Documents and Settings\Gabriel\Desktop\bot Anna.jpg
[2015.05.29 17:51:23 | 000,078,544 | ---- | C] () -- C:\Documents and Settings\Gabriel\My Documents\GABRIELN.html
[2015.05.27 00:48:46 | 000,130,142 | ---- | C] () -- C:\Documents and Settings\Gabriel\Desktop\JFTW.jpg
[2015.05.25 00:47:18 | 000,112,958 | ---- | C] () -- C:\Documents and Settings\Gabriel\Desktop\organigram_byt_cintorinska.jpg
[2015.05.23 15:42:37 | 000,101,417 | ---- | C] () -- C:\Documents and Settings\Gabriel\Desktop\trueb.d.jpg
[2015.05.10 12:56:48 | 000,209,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2015.05.10 12:56:47 | 000,049,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2015.05.10 12:56:46 | 000,024,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2015.05.06 11:07:54 | 005,677,056 | ---- | C] () -- C:\Documents and Settings\Gabriel\ntuser.rhk
[2014.09.16 22:53:44 | 000,000,091 | ---- | C] () -- C:\WINDOWS\CIV.INI
[2013.12.14 15:12:44 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2013.11.13 19:11:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2013.10.02 15:26:47 | 000,000,118 | ---- | C] () -- C:\Documents and Settings\Gabriel\Application Data\settings.xml
[2013.08.05 17:17:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2013.08.05 17:16:50 | 000,632,252 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2013.08.05 12:15:56 | 000,007,432 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2012.09.22 17:39:47 | 000,004,943 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\mtbjfghn.xbe
[2012.09.18 00:36:52 | 000,162,304 | ---- | C] () -- C:\Documents and Settings\Gabriel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004.06.22 09:04:56 | 000,000,399 | ---- | C] () -- C:\Program Files\hpzprl01.dat
[2004.06.22 09:04:56 | 000,000,297 | ---- | C] () -- C:\Program Files\Readme.html
[2004.06.22 09:04:56 | 000,000,205 | ---- | C] () -- C:\Program Files\hpzprl02.dat
[2004.06.22 09:04:54 | 000,447,400 | ---- | C] () -- C:\Program Files\hpoprn08.cat
[2004.06.22 09:04:54 | 000,137,124 | ---- | C] () -- C:\Program Files\hpoprn08.inf
[2004.06.22 09:04:54 | 000,094,438 | ---- | C] () -- C:\Program Files\hposcu08.inf
[2004.06.22 09:04:54 | 000,066,431 | ---- | C] () -- C:\Program Files\hpoprl04.dat
[2004.06.22 09:04:54 | 000,065,420 | ---- | C] () -- C:\Program Files\hpoprl05.dat
[2004.06.22 09:04:54 | 000,053,670 | ---- | C] () -- C:\Program Files\hposcu08.cat
[2004.06.22 09:04:54 | 000,052,349 | ---- | C] () -- C:\Program Files\hpzius13.cat
[2004.06.22 09:04:54 | 000,052,349 | ---- | C] () -- C:\Program Files\HPZius12.cat
[2004.06.22 09:04:54 | 000,051,467 | ---- | C] () -- C:\Program Files\hpzist13.cat
[2004.06.22 09:04:54 | 000,051,467 | ---- | C] () -- C:\Program Files\hpzist12.cat
[2004.06.22 09:04:54 | 000,051,467 | ---- | C] () -- C:\Program Files\hpzipr13.cat
[2004.06.22 09:04:54 | 000,051,467 | ---- | C] () -- C:\Program Files\HPZipr12.cat
[2004.06.22 09:04:54 | 000,051,467 | ---- | C] () -- C:\Program Files\hpzid413.cat
[2004.06.22 09:04:54 | 000,051,467 | ---- | C] () -- C:\Program Files\HPZid412.cat
[2004.06.22 09:04:54 | 000,051,026 | ---- | C] () -- C:\Program Files\HPOunp08.cat
[2004.06.22 09:04:54 | 000,050,615 | ---- | C] () -- C:\Program Files\hpzid412.inf
[2004.06.22 09:04:54 | 000,022,636 | ---- | C] () -- C:\Program Files\hpzid413.inf
[2004.06.22 09:04:54 | 000,020,168 | ---- | C] () -- C:\Program Files\hpzius12.inf
[2004.06.22 09:04:54 | 000,019,578 | ---- | C] () -- C:\Program Files\hpoprl03.dat
[2004.06.22 09:04:54 | 000,014,815 | ---- | C] () -- C:\Program Files\hpzius13.inf
[2004.06.22 09:04:54 | 000,012,922 | ---- | C] () -- C:\Program Files\hpzipr12.inf
[2004.06.22 09:04:54 | 000,009,777 | ---- | C] () -- C:\Program Files\hpzipr13.inf
[2004.06.22 09:04:54 | 000,009,773 | ---- | C] () -- C:\Program Files\hpousc08.inf
[2004.06.22 09:04:54 | 000,007,579 | ---- | C] () -- C:\Program Files\hpound08.inf
[2004.06.22 09:04:54 | 000,006,704 | ---- | C] () -- C:\Program Files\hpounp08.inf
[2004.06.22 09:04:54 | 000,005,538 | ---- | C] () -- C:\Program Files\hpzist12.inf
[2004.06.22 09:04:54 | 000,004,144 | ---- | C] () -- C:\Program Files\hpousb08.inf
[2004.06.22 09:04:54 | 000,004,132 | ---- | C] () -- C:\Program Files\hpzist13.inf
[2004.06.22 09:04:54 | 000,004,014 | ---- | C] () -- C:\Program Files\hpoprl08.dat
[2004.06.22 09:04:54 | 000,001,980 | ---- | C] () -- C:\Program Files\hpoprl07.dat
[2004.06.22 09:04:54 | 000,000,314 | ---- | C] () -- C:\Program Files\hpqprl01.dat
[2004.06.22 09:04:52 | 000,017,176 | ---- | C] () -- C:\Program Files\hpomdl04.dat
[2004.06.22 09:04:52 | 000,014,845 | ---- | C] () -- C:\Program Files\hpoapd01.dat
[2004.06.22 09:04:52 | 000,004,779 | ---- | C] () -- C:\Program Files\hpoglu08.inf
[2004.06.22 09:04:52 | 000,004,768 | ---- | C] () -- C:\Program Files\hpoprl01.dat
[2004.06.22 09:04:52 | 000,003,448 | ---- | C] () -- C:\Program Files\hpohub08.inf
[2004.06.22 09:04:52 | 000,002,542 | ---- | C] () -- C:\Program Files\hpoprl02.dat
[2004.06.22 09:04:52 | 000,000,065 | ---- | C] () -- C:\Program Files\dxprl.dat

========== ZeroAccess Check ==========

[2012.09.18 15:51:11 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012.10.31 13:33:26 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 14:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009.11.14 01:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\.freeciv
[2011.06.16 21:35:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\.minecraft
[2009.04.04 19:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Ashampoo
[2012.09.11 23:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Auslogics
[2010.03.28 16:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Canneverbe Limited
[2010.09.27 01:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\ChemTable Software
[2012.03.31 19:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\DAEMON Tools Lite
[2009.02.11 22:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\DAEMON Tools Pro
[2011.05.05 19:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Epson
[2010.11.22 13:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Feedreader
[2012.03.21 13:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Foxit Software
[2009.07.07 15:40:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\gtk-2.0
[2010.02.26 18:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\id Software
[2010.03.07 21:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Jpeg Resampler
[2009.10.09 18:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Leawo
[2009.09.26 01:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\MSNInstaller
[2011.04.10 20:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\MyPhoneExplorer
[2009.03.25 17:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\OpenOffice.org
[2011.05.25 16:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Opera
[2012.06.16 23:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Oracle
[2011.04.29 11:28:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\PCToolsFirewallPlus
[2011.06.16 21:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Roaming
[2009.10.22 12:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\SystemRequirementsLab
[2009.01.03 22:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Teleca
[2009.07.22 16:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\TomTom
[2010.11.20 03:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\uTorrent
[2010.02.04 15:21:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Windows Desktop Search
[2010.02.04 15:22:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Windows Search
[2009.11.23 13:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\ZipGenius
[2008.05.09 23:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010.02.08 22:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009.02.28 21:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2012.09.17 13:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2010.03.28 16:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010.02.12 23:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Codemasters
[2012.04.26 22:16:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009.11.07 13:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011.09.27 13:48:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009.03.22 02:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
[2014.06.30 16:41:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2011.10.05 12:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IC_Katalog
[2010.02.26 18:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
[2010.03.16 21:23:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2012.09.17 22:40:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009.07.22 16:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2011.09.27 13:52:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2012.03.25 01:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2009.03.31 22:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010.05.31 15:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009.11.12 22:11:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2015.05.10 12:55:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software
[2015.05.08 12:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Baidu
[2012.09.18 15:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\BVRP Software
[2012.10.08 19:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Canneverbe Limited
[2013.11.13 19:07:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON
[2015.06.06 13:25:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Freemake
[2014.11.15 18:33:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\HitmanPro
[2014.11.21 22:18:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\IObit
[2014.10.07 14:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\IsolatedStorage
[2015.06.06 13:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Leawo
[2013.03.16 14:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Licenses
[2015.04.23 19:55:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Oracle
[2015.05.11 12:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Package Cache
[2015.05.29 18:03:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Passmark
[2013.04.16 00:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Samsung
[2015.06.09 23:39:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2012.09.18 15:58:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TomTom
[2014.06.04 10:55:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Western Digital
[2014.01.09 01:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Zoner
[2013.10.26 23:25:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\0ad
[2015.06.14 13:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\AnvSoft
[2014.10.01 17:14:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Audacity
[2015.05.10 12:57:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\AVAST Software
[2013.11.22 23:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\avidemux
[2012.10.10 20:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Canneverbe Limited
[2012.09.22 17:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Carambis
[2013.10.02 15:24:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\convertaudiofree
[2013.08.05 12:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\DisplayTune
[2014.06.06 12:03:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Dropbox
[2014.06.06 10:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\DropboxMaster
[2013.05.11 11:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\DVDVideoSoft
[2013.11.13 19:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\EPSON
[2013.11.23 19:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Eusing
[2014.03.16 21:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Foxit Software
[2014.11.21 21:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\IObit
[2015.06.06 13:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Leawo
[2013.12.11 02:01:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Machete Lite
[2013.09.24 21:04:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\OpenOffice
[2012.09.21 01:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\OpenOffice.org
[2012.09.18 00:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Opera
[2014.04.11 20:56:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Opera Software
[2013.06.24 00:07:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Oracle
[2013.05.06 09:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\PhotoFiltre 7
[2013.04.16 00:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Samsung
[2013.11.10 13:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Sony
[2014.05.08 21:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\SystemRequirementsLab
[2015.06.06 13:17:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\tiger-k
[2012.09.18 15:56:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\TomTom
[2014.07.27 23:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Unity
[2015.06.11 09:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Wise Care 365
[2014.08.25 12:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\XnView
[2015.05.03 21:28:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\YoWindow
[2011.05.05 13:50:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Opera
[2014.03.16 21:57:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Foxit Software

========== Purity Check ==========

========== Custom Scans ==========

< >
[2012.09.17 23:26:56 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2012.09.17 23:33:19 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2015.05.10 12:57:02 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job

< >

< MD5 for: AGP440.SYS >
[2006.02.28 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2006.02.28 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006.02.28 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0059\DriverFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0060\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 02:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\cmdcons\autochk.exe
[2008.04.14 05:42:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 05:42:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2006.02.28 14:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: CDROM.SYS >
[2006.02.28 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.04.14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\Documents and Settings\admin\Local Settings\Application Data\SlimWare Utilities Inc\SlimDrivers\Backups\20120426T202212968750\gencdrom\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\Documents and Settings\admin\Local Settings\Application Data\SlimWare Utilities Inc\SlimDrivers\Backups\20120426T203355765625\gencdrom\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\Documents and Settings\admin\Local Settings\Application Data\SlimWare Utilities Inc\SlimDrivers\Backups\20120426T204653062500\gencdrom\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\Documents and Settings\admin\Local Settings\Application Data\SlimWare Utilities Inc\SlimDrivers\Backups\20120426T205454828125\gencdrom\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\Documents and Settings\admin\Local Settings\Application Data\SlimWare Utilities Inc\SlimDrivers\Backups\20120426T210614937500\gencdrom\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\Documents and Settings\admin\Local Settings\Application Data\SlimWare Utilities Inc\SlimDrivers\Backups\20120702T200914921875\gencdrom\cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2006.02.28 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2006.02.28 14:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=10654F9DDCEA9C46CFB77554231BE73B -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 05:41:52 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 05:41:52 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2006.02.28 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008.04.14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2006.02.28 14:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: HAL.DLL >
[2006.02.28 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.04.14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 20:31:28 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\Documents and Settings\admin\Local Settings\Application Data\SlimWare Utilities Inc\SlimDrivers\Backups\20120426T202212968750\acpiapic_mp\hal.dll
[2008.04.13 20:31:28 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\Documents and Settings\admin\Local Settings\Application Data\SlimWare Utilities Inc\SlimDrivers\Backups\20120426T203355765625\acpiapic_mp\hal.dll
[2008.04.13 20:31:28 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\Documents and Settings\admin\Local Settings\Application Data\SlimWare Utilities Inc\SlimDrivers\Backups\20120426T204653062500\acpiapic_mp\hal.dll
[2008.04.13 20:31:28 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\Documents and Settings\admin\Local Settings\Application Data\SlimWare Utilities Inc\SlimDrivers\Backups\20120426T205454828125\acpiapic_mp\hal.dll
[2008.04.13 20:31:28 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\Documents and Settings\admin\Local Settings\Application Data\SlimWare Utilities Inc\SlimDrivers\Backups\20120426T210614937500\acpiapic_mp\hal.dll
[2008.04.13 20:31:28 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\Documents and Settings\admin\Local Settings\Application Data\SlimWare Utilities Inc\SlimDrivers\Backups\20120702T200914921875\acpiapic_mp\hal.dll
[2008.04.14 00:01:30 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.14 00:01:34 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2006.02.28 14:00:00 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: CHANGER.SYS >
[2006.02.28 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.04.14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2008.04.14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.14 00:11:00 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys

< MD5 for: ISAPNP.SYS >
[2008.04.14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2008.04.14 00:06:42 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 00:06:42 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
[2001.08.17 13:58:02 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=E504F706CCB699C2596E9A3DA1596E87 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2006.02.28 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=E504F706CCB699C2596E9A3DA1596E87 -- C:\WINDOWS\system32\ReinstallBackups\0055\DriverFiles\i386\isapnp.sys

< MD5 for: LSASS.EXE >
[2006.02.28 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=84885F9B82F4D55C6146EBF6065D75D2 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2006.02.28 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008.04.14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2006.02.28 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2006.02.28 14:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2008.04.14 05:42:38 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 05:42:38 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\system32\smss.exe
[2006.02.28 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=BD7FB0957C716F1A60333AEE04DE2178 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2004.08.04 01:56:58 | 000,152,576 | ---- | M] (Microsoft Corporation) MD5=DA5CF1C368B33D75602FD6B3A7F5E0C6 -- C:\cmdcons\SYSTEM32\SMSS.EXE

< MD5 for: SVCHOST.EXE >
[2008.04.14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2006.02.28 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2013.04.04 15:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2006.02.28 14:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2006.02.28 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008.04.14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006.02.28 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2013.04.04 15:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.04.14 05:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 05:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2006.02.28 14:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[40 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >
[2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< %ALLUSERSPROFILE%\Application Data\*. >
[2014.10.30 15:51:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
[2014.10.30 15:50:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
[2013.08.05 17:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ATI
[2015.05.10 12:55:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software
[2015.05.10 12:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
[2015.05.08 12:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Baidu
[2012.09.18 15:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\BVRP Software
[2012.10.08 19:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Canneverbe Limited
[2013.11.13 19:07:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON
[2015.06.06 13:25:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Freemake
[2014.05.15 13:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\GRETECH
[2014.11.15 18:33:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\HitmanPro
[2012.09.18 23:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Intel
[2014.11.21 22:18:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\IObit
[2014.10.07 14:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\IsolatedStorage
[2015.06.06 13:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Leawo
[2013.03.16 14:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Licenses
[2015.03.08 02:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2013.05.23 12:53:46 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
[2012.09.20 13:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla
[2014.12.16 17:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton
[2014.12.16 16:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NortonInstaller
[2015.04.23 19:55:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Oracle
[2015.05.11 12:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Package Cache
[2015.05.29 18:03:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Passmark
[2013.04.16 00:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Samsung
[2015.06.05 10:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
[2012.09.18 15:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sony Ericsson
[2013.04.28 23:48:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
[2015.04.13 13:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
[2015.06.09 23:39:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2012.09.18 15:58:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TomTom
[2014.06.04 10:55:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Western Digital
[2012.10.26 00:43:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage
[2014.01.09 01:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Zoner

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2015.05.06 09:30:08 | 000,108,032 | ---- | M] (Freemake) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
[2015.05.06 09:30:06 | 000,304,128 | ---- | M] (Freemake) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Freemake\FreemakeUtilsService\ErrorReporter\FreemakeErrorReporter.exe
[2015.06.12 21:31:37 | 021,546,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

< %APPDATA%\*. >
[2013.10.26 23:25:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\0ad
[2012.09.18 11:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Adobe
[2015.06.14 13:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\AnvSoft
[2014.11.21 21:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Apple Computer
[2013.08.05 17:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\ATI
[2014.10.01 17:14:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Audacity
[2015.05.10 12:57:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\AVAST Software
[2013.11.22 23:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\avidemux
[2012.10.10 20:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Canneverbe Limited
[2012.09.22 17:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Carambis
[2013.10.02 15:24:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\convertaudiofree
[2013.08.05 12:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\DisplayTune
[2014.06.06 12:03:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Dropbox
[2014.06.06 10:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\DropboxMaster
[2013.05.11 11:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\DVDVideoSoft
[2013.11.13 19:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\EPSON
[2013.11.23 19:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Eusing
[2014.03.16 21:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Foxit Software
[2013.10.04 10:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\GRETECH
[2012.09.17 23:35:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Identities
[2012.09.18 23:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Intel
[2014.11.21 21:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\IObit
[2015.06.06 13:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Leawo
[2013.12.11 02:01:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Machete Lite
[2012.09.18 00:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Macromedia
[2015.03.08 02:06:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Malwarebytes
[2014.05.08 21:50:35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Gabriel\Application Data\Microsoft
[2014.11.04 14:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Mozilla
[2013.09.24 21:04:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\OpenOffice
[2012.09.21 01:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\OpenOffice.org
[2012.09.18 00:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Opera
[2014.04.11 20:56:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Opera Software
[2013.06.24 00:07:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Oracle
[2013.05.06 09:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\PhotoFiltre 7
[2013.04.16 00:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Samsung
[2015.06.16 23:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Skype
[2013.11.10 13:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Sony
[2013.04.28 23:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Sun
[2015.04.13 13:28:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\SUPERAntiSpyware.com
[2014.05.08 21:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\SystemRequirementsLab
[2015.06.06 13:17:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\tiger-k
[2012.09.18 15:56:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\TomTom
[2014.07.27 23:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Unity
[2012.09.18 09:52:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\WinRAR
[2015.06.11 09:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\Wise Care 365
[2014.08.25 12:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\XnView
[2015.05.03 21:28:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabriel\Application Data\YoWindow

< %APPDATA%\*.exe /s >
[2015.05.18 05:50:26 | 005,494,882 | ---- | M] () -- C:\Documents and Settings\Gabriel\Application Data\AnvSoft\Common\youtube-dl.exe
[2014.05.20 02:45:22 | 033,322,312 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Gabriel\Application Data\Dropbox\bin\Dropbox.exe
[2014.05.20 02:47:16 | 000,244,368 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Gabriel\Application Data\Dropbox\bin\DropboxUninstaller.exe
[2014.05.20 02:45:26 | 000,143,648 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Gabriel\Application Data\Dropbox\bin\DropboxUpdateHelper.exe
[2015.04.22 14:53:18 | 004,881,120 | ---- | M] (Foxit Corporation) -- C:\Documents and Settings\Gabriel\Application Data\Foxit Software\Addon\Foxit Reader\FoxitReaderUpdater.exe
[2014.03.25 04:47:24 | 000,139,368 | ---- | M] () -- C:\Documents and Settings\Gabriel\Application Data\GRETECH\GomPlayer\GrLauncher.exe
[2014.11.21 21:36:31 | 000,588,608 | ---- | M] () -- C:\Documents and Settings\Gabriel\Application Data\IObit\IObit Uninstaller\Install_PintoStartMenutemp.exe
[2014.11.21 21:36:35 | 000,629,568 | ---- | M] () -- C:\Documents and Settings\Gabriel\Application Data\IObit\IObit Uninstaller\UninstallDisplaytemp.exe
[2014.01.21 12:06:26 | 002,129,728 | ---- | M] (IObit) -- C:\Documents and Settings\Gabriel\Application Data\IObit\IObit Uninstaller\UninstallPromotetemp.exe
[2014.01.22 23:12:32 | 000,145,408 | ---- | M] () -- C:\Documents and Settings\Gabriel\Application Data\Sun\Java\jre1.7.0_51\lzma.exe
[2014.05.08 22:02:49 | 000,145,408 | ---- | M] () -- C:\Documents and Settings\Gabriel\Application Data\Sun\Java\jre1.7.0_55\lzma.exe
[2014.06.29 23:25:55 | 000,145,408 | ---- | M] () -- C:\Documents and Settings\Gabriel\Application Data\Sun\Java\jre1.7.0_60\lzma.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2012.09.18 01:11:52 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2012.09.18 01:11:52 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2012.09.18 01:11:52 | 000,921,600 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2015.06.16 16:48:15 | 000,122,928 | ---- | M] () -- C:\WINDOWS\system32\FNTCACHE.DAT

< %SYSTEMDRIVE%\*.exe >
[2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 05:42:18 | 000,015,360 | ---- | M] (Microsoft Corporation)
"EPSON SX125 Series" = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE /FU "C:\DOCUME~1\Gabriel\LOCALS~1\Temp\E_S1AB.tmp" /EF "HKCU" -- [2009.09.14 08:00:00 | 000,200,704 | ---- | M] (SEIKO EPSON CORPORATION)
"Wisdom-soft ScreenHunter 6.0 Free" = 0

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

Gabo · #12 Příspěvek od **Gabo** » 17 čer 2015 13:53

< >

< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2015.06.17 14:10:19 | 000,000,512 | ---- | M] () MD5=883673C6C824D6273CEB2D470DC58A14 -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2003.12.05 14:52:40 | 000,000,796 | ---- | M] () -- \Program Files\Rockstar Games\GTA San Andreas\data\Decision\Craig\crack1.ped

< *keygen* /s >

< *AntiWPA* /s >

< *loader* /s >
[2012.03.16 20:35:38 | 000,009,051 | ---- | M] () -- \Documents and Settings\admin\Application Data\DAEMON Tools Lite\MediaInfo\img\loader.gif
[2012.03.16 20:35:38 | 000,016,119 | ---- | M] () -- \Documents and Settings\admin\Application Data\DAEMON Tools Lite\MediaInfo\img\logo_loader_page.jpg
[2012.03.16 20:35:38 | 000,018,434 | ---- | M] () -- \Documents and Settings\admin\Application Data\DAEMON Tools Lite\MediaInfo\img\logo_loader_page.png
[2012.03.16 20:35:38 | 000,006,553 | ---- | M] () -- \Documents and Settings\admin\Application Data\DAEMON Tools Lite\MediaInfo\js\app\MediaInfo\ImageInfoLoader.js
[2011.05.28 13:25:06 | 000,000,663 | ---- | M] () -- \Documents and Settings\admin\Application Data\Roaming\.minecraft\ModLoader.txt
[2011.05.20 12:34:06 | 000,000,887 | ---- | M] () -- \Documents and Settings\admin\Application Data\Roaming\.minecraft\ModLoader.txt.1
[2011.05.28 13:25:04 | 000,000,130 | ---- | M] () -- \Documents and Settings\admin\Application Data\Roaming\.minecraft\config\ModLoader.cfg
[2015.05.06 09:23:50 | 000,015,511 | ---- | M] () -- \Documents and Settings\All Users.WINDOWS\Application Data\Freemake\FreemakeUtilsService\ErrorReporter\FMCommon\FreemakeCommon\Profiles\FmDownloaderProfiles.xml
[2015.05.06 09:23:50 | 000,064,651 | ---- | M] () -- \Documents and Settings\All Users.WINDOWS\Application Data\Freemake\FreemakeUtilsService\ErrorReporter\FMCommon\FreemakeCommon\Resources\VideoDownloader.png
[2015.05.06 09:23:50 | 000,064,719 | ---- | M] () -- \Documents and Settings\All Users.WINDOWS\Application Data\Freemake\FreemakeUtilsService\ErrorReporter\FMCommon\FreemakeCommon\Resources\VideoDownloaderOn.png
[2011.10.05 13:20:41 | 000,000,078 | ---- | M] () -- \Documents and Settings\All Users\Application Data\IC_Katalog\Common\log_downloader.txt
[2012.02.19 21:16:13 | 000,007,715 | ---- | M] () -- \Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Chrome\Content\browserrecordloader.js
[2012.02.19 21:16:13 | 000,000,319 | ---- | M] () -- \Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Chrome\Content\browserrecordloader.xul
[2012.06.18 12:39:40 | 000,072,638 | ---- | M] () -- \Documents and Settings\All Users\Application Data\Skype\Apps\login\images\loader.gif
[2012.06.18 12:39:40 | 000,003,032 | ---- | M] () -- \Documents and Settings\All Users\Application Data\Skype\Apps\login\images\loader.png
[2010.12.10 23:09:58 | 000,000,328 | ---- | M] () -- \Documents and Settings\All Users\Start Menu\Programs\JDownloader\JDownloader Support.lnk
[2010.12.10 23:09:58 | 000,000,808 | ---- | M] () -- \Documents and Settings\All Users\Start Menu\Programs\JDownloader\JDownloader.lnk
[2010.12.10 23:10:05 | 000,000,798 | ---- | M] () -- \Documents and Settings\All Users\Start Menu\Programs\JDownloader\Uninstall JDownloader.lnk
[2012.03.25 01:29:08 | 000,000,072 | ---- | M] () -- \Documents and Settings\All Users\Start Menu\Programs\YouTube Downloader\YouTube Downloader Help.url
[2012.03.25 01:29:08 | 000,001,713 | ---- | M] () -- \Documents and Settings\All Users\Start Menu\Programs\YouTube Downloader\YouTube Downloader.lnk
[2013.02.09 02:09:27 | 000,004,153 | ---- | M] () -- \Documents and Settings\Gabriel\Application Data\DVDVideoSoft\logs\FreeYTVDownloader.log
[2013.02.09 02:09:05 | 000,143,667 | ---- | M] () -- \Documents and Settings\Gabriel\Application Data\DVDVideoSoft\logs\FreeYTVDownloader_install.txt
[2013.05.11 11:50:47 | 000,043,998 | ---- | M] () -- \Documents and Settings\Gabriel\Application Data\DVDVideoSoft\logs\FreeYTVDownloader_uninstall.txt
[2013.02.07 18:00:02 | 000,227,592 | ---- | M] () -- \Documents and Settings\Gabriel\Application Data\DVDVideoSoft\logs\YTVDownloader_extra1.log
[2014.08.13 13:14:28 | 000,009,418 | ---- | M] () -- \Documents and Settings\Gabriel\Application Data\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj\2.12.1_0\img\gifloader.gif
[2014.08.13 14:14:28 | 000,009,418 | ---- | M] () -- \Documents and Settings\Gabriel\Application Data\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj\2.13.2_0\img\gifloader.gif
[2014.08.13 13:14:28 | 000,009,418 | ---- | M] () -- \Documents and Settings\Gabriel\Application Data\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj\2.13_0\img\gifloader.gif
[2014.08.13 14:14:28 | 000,009,418 | ---- | M] () -- \Documents and Settings\Gabriel\Application Data\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj\2.14.4_0\img\gifloader.gif
[2014.08.13 14:14:28 | 000,009,418 | ---- | M] () -- \Documents and Settings\Gabriel\Application Data\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj\2.14_0\img\gifloader.gif
[2014.08.13 14:14:28 | 000,009,418 | ---- | M] () -- \Documents and Settings\Gabriel\Application Data\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj\2.15_0\img\gifloader.gif
[2014.08.13 14:14:28 | 000,009,418 | ---- | M] () -- \Documents and Settings\Gabriel\Application Data\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj\2.15_1\img\gifloader.gif
[2014.08.13 14:14:28 | 000,009,418 | ---- | M] () -- \Documents and Settings\Gabriel\Application Data\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj\2.15_2\img\gifloader.gif
[2014.08.13 14:14:28 | 000,009,418 | ---- | M] () -- \Documents and Settings\Gabriel\Application Data\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj\2.17_0\img\gifloader.gif
[2014.08.13 14:14:28 | 000,009,418 | ---- | M] () -- \Documents and Settings\Gabriel\Application Data\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj\2.18_0\img\gifloader.gif
[2014.08.13 14:14:28 | 000,009,418 | ---- | M] () -- \Documents and Settings\Gabriel\Application Data\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj\2.20.1_0\img\gifloader.gif
[2014.08.13 14:14:28 | 000,009,418 | ---- | M] () -- \Documents and Settings\Gabriel\Application Data\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj\2.21_0\img\gifloader.gif
[2014.08.13 14:14:28 | 000,009,418 | ---- | M] () -- \Documents and Settings\Gabriel\Application Data\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj\2.24_0\img\gifloader.gif
[2014.08.13 14:14:28 | 000,009,418 | ---- | M] () -- \Documents and Settings\Gabriel\Application Data\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj\2.26_0\img\gifloader.gif
[2014.08.13 13:14:28 | 000,009,418 | ---- | M] () -- \Documents and Settings\Gabriel\Application Data\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj\2.34_0\img\gifloader.gif
[2015.06.08 15:52:46 | 000,009,418 | ---- | M] () -- \Documents and Settings\Gabriel\Application Data\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj\2.35_0\img\gifloader.gif
[2014.08.13 13:14:28 | 000,009,418 | ---- | M] () -- \Documents and Settings\Gabriel\Application Data\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj\2.7.12_0\img\gifloader.gif
[2014.08.13 13:14:28 | 000,009,418 | ---- | M] () -- \Documents and Settings\Gabriel\Application Data\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj\2.7.13_0\img\gifloader.gif
[2014.06.26 09:46:48 | 000,009,418 | ---- | M] () -- \Documents and Settings\Gabriel\Application Data\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj\2.7.7_0\img\gifloader.gif
[2014.06.26 09:46:48 | 000,009,418 | ---- | M] () -- \Documents and Settings\Gabriel\Application Data\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj\2.7.8_0\img\gifloader.gif
[2014.06.26 09:46:48 | 000,009,418 | ---- | M] () -- \Documents and Settings\Gabriel\Application Data\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj\2.7.9_0\img\gifloader.gif
[2014.08.13 13:14:28 | 000,009,418 | ---- | M] () -- \Documents and Settings\Gabriel\Application Data\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj\2.9.4_0\img\gifloader.gif
[2015.05.13 14:57:28 | 000,072,638 | ---- | M] () -- \Documents and Settings\Gabriel\Local Settings\Application Data\Skype\Apps\login\images\loader.gif
[2015.05.13 14:57:28 | 000,003,032 | ---- | M] () -- \Documents and Settings\Gabriel\Local Settings\Application Data\Skype\Apps\login\images\loader.png
[2015.05.13 14:57:28 | 000,006,012 | ---- | M] () -- \Documents and Settings\Gabriel\Local Settings\Application Data\Skype\Apps\login\images\normal\loader_15fps.gif
[2015.05.13 14:57:28 | 000,021,956 | ---- | M] () -- \Documents and Settings\Gabriel\Local Settings\Application Data\Skype\Apps\login\images\normal\loader_30fps.gif
[2015.05.13 14:57:28 | 000,009,772 | ---- | M] () -- \Documents and Settings\Gabriel\Local Settings\Application Data\Skype\Apps\login\images\retina\loader@2x.png
[2014.01.04 11:46:43 | 000,000,673 | ---- | M] () -- \Documents and Settings\Gabriel\My Documents\Čo bolo na ploche\Citroen C5 2.0 HDi 16V Exclusive_files\loader00.gif
[2013.12.30 15:16:59 | 000,000,673 | ---- | M] () -- \Documents and Settings\Gabriel\My Documents\Nissan Micra 1.0 16V Visia AC_files\loader00.gif
[2010.12.16 14:12:56 | 000,000,051 | ---- | M] () -- \Documents and Settings\Gabriel\My Documents\TomTom\HOME\Backup\ONE\Backup01\InternalMemory\bootloaderversion.txt
[2011.03.26 12:44:52 | 000,000,051 | ---- | M] () -- \Documents and Settings\Gabriel\My Documents\TomTom\HOME\Backup\START\Backup01\InternalMemory\bootloaderversion.txt
[2013.07.27 18:14:30 | 000,000,673 | ---- | M] () -- \Documents and Settings\Gabriel\My Documents\Toyota Corolla 1.4 XLI_files\loader00.gif
[2008.08.28 18:21:15 | 005,886,678 | ---- | M] () -- \DVDVideoSoft\Installations\FreeYouTubeUploader.exe
[2015.05.14 05:35:14 | 000,173,056 | ---- | M] () -- \Program Files\AnvSoft\Any Video Converter\avcdownloader.dll
[2015.04.24 14:49:28 | 000,005,932 | ---- | M] () -- \Program Files\AnvSoft\Any Video Converter\plugins\loader.avsi
[2015.05.10 12:56:32 | 000,072,440 | ---- | M] () -- \Program Files\AVAST Software\Avast\aswWrcIELoader32.exe
[2013.04.21 21:44:16 | 000,008,827 | ---- | M] () -- \Program Files\Common Files\Apple\Apple Application Support\WebKit.resources\inspector\HeapSnapshotLoader.js
[2007.10.23 17:52:22 | 000,114,688 | ---- | M] () -- \Program Files\Epson Software\Easy Photo Print\APFLoaderV13.dll
[2007.10.23 17:52:22 | 000,069,632 | ---- | M] () -- \Program Files\Epson Software\Easy Photo Print\EpAPFLoader.dll
[2007.10.23 17:52:22 | 000,102,400 | ---- | M] () -- \Program Files\Epson Software\Easy Photo Print\EpAPFLoader2006.dll
[2015.04.27 13:11:42 | 004,929,248 | ---- | M] () -- \Program Files\Foxit Software\Foxit Reader\plugins\PlgDynLoader.fpi
[2015.05.06 09:23:50 | 000,015,511 | ---- | M] () -- \Program Files\Freemake\Freemake Video Converter\FMCommon\FreemakeCommon\Profiles\FmDownloaderProfiles.xml
[2015.05.06 09:23:50 | 000,064,651 | ---- | M] () -- \Program Files\Freemake\Freemake Video Converter\FMCommon\FreemakeCommon\Resources\VideoDownloader.png
[2015.05.06 09:23:50 | 000,064,719 | ---- | M] () -- \Program Files\Freemake\Freemake Video Converter\FMCommon\FreemakeCommon\Resources\VideoDownloaderOn.png
[2015.05.06 09:31:04 | 000,043,008 | ---- | M] () -- \Program Files\Freemake\Freemake Video Converter\FMWeb\Downloader\DownloaderCommon.dll
[2015.05.06 09:31:02 | 000,021,504 | ---- | M] () -- \Program Files\Freemake\Freemake Video Converter\FMWeb\Downloader\FMDownloader.Detector.dll
[2015.05.06 09:26:16 | 000,008,192 | ---- | M] () -- \Program Files\Freemake\Freemake Video Converter\FMWeb\Downloader\FMDownloader.GlobalSettings.dll
[2015.05.06 09:31:12 | 000,014,336 | ---- | M] () -- \Program Files\Freemake\Freemake Video Converter\FMWeb\Downloader\FMDownloader.HtmlParser.dll
[2015.05.06 09:30:58 | 000,045,568 | ---- | M] () -- \Program Files\Freemake\Freemake Video Converter\FMWeb\Downloader\FMDownloader.Interface.dll
[2015.05.06 09:26:16 | 000,020,480 | ---- | M] () -- \Program Files\Freemake\Freemake Video Converter\FMWeb\Downloader\FMDownloader.Miscellaneous.dll
[2015.05.06 09:31:00 | 000,066,048 | ---- | M] () -- \Program Files\Freemake\Freemake Video Converter\FMWeb\Downloader\FMDownloader.SmartDownloader.Core.dll
[2015.05.06 09:31:02 | 000,158,720 | ---- | M] () -- \Program Files\Freemake\Freemake Video Converter\FMWeb\Downloader\FMDownloader.SmartDownloader.Extensions.dll
[2015.05.06 09:31:12 | 000,146,432 | ---- | M] () -- \Program Files\Freemake\Freemake Video Converter\FMWeb\Downloader\FMDownloader.SupportedSite.dll
[2015.05.06 09:31:00 | 000,019,456 | ---- | M] () -- \Program Files\Freemake\Freemake Video Converter\FMWeb\Downloader\FMDownloader.TrackDownloaderLib.dll
[2015.05.06 09:23:30 | 000,034,304 | ---- | M] () -- \Program Files\Freemake\Freemake Video Converter\FMWeb\Uploader\FMYouTubeUploader.dll
[2009.05.31 04:21:00 | 000,071,008 | ---- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2014.10.07 14:10:01 | 000,029,696 | ---- | M] () -- \Program Files\OpenOffice 4\program\javaloader.uno.dll
[2014.08.13 09:30:44 | 000,005,813 | ---- | M] () -- \Program Files\OpenOffice 4\program\pythonloader.py
[2014.10.07 14:10:05 | 000,020,992 | ---- | M] () -- \Program Files\OpenOffice 4\program\pythonloader.uno.dll
[2014.08.13 13:12:00 | 000,000,171 | ---- | M] () -- \Program Files\OpenOffice 4\program\pythonloader.uno.ini
[2014.08.13 09:11:40 | 000,003,868 | ---- | M] () -- \Program Files\OpenOffice 4\program\classes\unoloader.jar
[2014.07.29 09:07:24 | 000,013,501 | ---- | M] () -- \Program Files\OpenOffice 4\program\python-core-2.7.6\lib\unittest\loader.py
[2014.12.10 03:28:04 | 000,001,701 | ---- | M] () -- \Program Files\Steam\friends\broadcastuploaderrornotification.res
[2014.11.11 20:48:42 | 000,007,825 | ---- | M] () -- \Program Files\Steam\remoteui\static\libs\images\ajax-loader.gif
[2013.11.07 18:27:16 | 000,071,008 | ---- | M] () -- \Program Files\Steam\SteamApps\common\Mafia II\pc\PhysXLoader.dll
[2010.08.05 18:28:30 | 000,299,408 | ---- | M] () -- \Program Files\Windows Live Safety Center\wlscUploader.exe
[2006.02.28 14:00:00 | 000,035,840 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\dmloader.dll
[2008.04.14 05:41:54 | 000,035,840 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\dmloader.dll
[2008.04.14 00:01:44 | 000,230,400 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.exe
[2008.04.14 00:01:46 | 000,278,016 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.ntd
[2008.04.14 05:41:54 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[2015.04.17 16:22:32 | 000,012,532 | ---- | M] () -- \WINDOWS\system32\Adobe\Shockwave 12\shockwave_Projector_Loader.dcr

< *minodlogin* /s >

< *tnod* /s >

< *AutoKMS* /s >

< *activator* /s >

< *serial* /s >
[2004.08.04 00:15:54 | 000,030,067 | ---- | M] () -- \cmdcons\SERIAL.SY_
[1998.12.21 07:52:42 | 000,000,006 | ---- | M] () -- \OpenSSL\bin\PEM\demoCA\serial
[2010.05.31 15:01:42 | 000,011,548 | ---- | M] () -- \Program Files\Common Files\Teleca Shared\DSS-20\USBSerialPort.PNF
[2010.05.31 15:01:42 | 000,011,532 | ---- | M] () -- \Program Files\Common Files\Teleca Shared\DSS-25\USBSerialPort.PNF
[2014.05.13 23:17:02 | 000,434,368 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.1.30514.0\System.Runtime.Serialization.dll
[2014.07.24 16:35:42 | 001,164,288 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.1.30514.0\System.Runtime.Serialization.ni.dll
[2006.09.12 16:26:12 | 000,016,384 | ---- | M] () -- \Program Files\Multiple Image Resizer .NET\UpdateChecker.XmlSerializers.dll
[2012.09.27 01:12:26 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2006.02.28 14:00:00 | 000,064,896 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\serial.sys
[2014.02.14 01:15:47 | 000,131,072 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2013.01.10 01:04:22 | 000,970,752 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2014.02.14 12:32:51 | 000,311,296 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\6c29ee2bedfe88dcd66993f1af135ad8\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.02.14 12:30:21 | 002,345,472 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9860da66bf0219612908e7412b0a6e2e\System.Runtime.Serialization.ni.dll
[2013.08.15 11:34:37 | 000,311,296 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a95e0af6fa5d2e8ffd5e0091f6513271\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2013.08.15 11:32:25 | 002,345,472 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\ba6670610621b25b1608e457ba0ef305\System.Runtime.Serialization.ni.dll
[2014.05.03 11:44:32 | 000,311,296 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\046c2851963b30d0e14194051c03de33\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.05.01 16:09:52 | 000,310,272 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\d0ff3383438d688a0118d0fa19ed1dc4\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.05.03 11:44:22 | 002,658,304 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\fa954900a6cf3a095efadfa4c683a32c\System.Runtime.Serialization.ni.dll
[2014.05.03 00:58:01 | 000,122,264 | ---- | M] () -- \WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2014.05.03 00:57:57 | 001,039,040 | ---- | M] () -- \WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2008.07.25 11:17:00 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2012.09.27 01:12:26 | 000,970,752 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2013.09.11 06:06:54 | 001,039,040 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2010.03.18 13:16:28 | 000,122,264 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2003.08.01 12:54:06 | 000,005,632 | ---- | M] () -- \WINDOWS\mui\FALLBACK\041b\serialui.dll.mui
[2008.04.14 00:10:22 | 000,028,288 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\grserial.sys
[2008.04.14 00:45:46 | 000,064,512 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\serial.sys
[2006.02.28 14:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dpserial.dll
[2006.02.28 14:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\serialui.dll
[2006.02.28 14:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dllcache\dpserial.dll
[2006.02.28 14:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\dllcache\serialui.dll
[2008.04.14 00:45:46 | 000,064,512 | ---- | M] () -- \WINDOWS\system32\drivers\serial.sys

< *w7lxe* /s >

< End of report >

Gabo · #13 Příspěvek od **Gabo** » 17 čer 2015 13:53

OTL Extras logfile created on: 17.6.2015 14:07:28 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Gabriel\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d.M.yyyy

1021,31 Mb Total Physical Memory | 719,43 Mb Available Physical Memory | 70,44% Memory free
2,40 Gb Paging File | 1,96 Gb Available in Paging File | 81,51% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 65,45 Gb Free Space | 43,92% Space Free | Partition Type: NTFS
Drive D: | 3,92 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: GABRIELN | User Name: Gabriel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = OperaStable] -- C:\Program Files\Opera\Launcher.exe (Opera Software)

[HKEY_USERS\S-1-5-21-1645522239-1417001333-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = OperaStable] -- C:\Program Files\Opera\Launcher.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\launcher.exe" -noautoupdate -- "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\launcher.exe" -noautoupdate -- "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"86:TCP" = 86:TCP:*:Enabled:BroadCam Video Streaming Server TCP/IP Port
"1935:TCP" = 1935:TCP:*:Enabled:BroadCam Video Streaming Server Flash Video Server
"4100:UDP" = 4100:UDP:*:Enabled:uPNP Router Control Port

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application -- (SEIKO EPSON CORPORATION)
"C:\Documents and Settings\Gabriel\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Gabriel\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Steam\SteamApps\common\Mafia II\pc\mafia2.exe" = C:\Program Files\Steam\SteamApps\common\Mafia II\pc\mafia2.exe:*:Enabled:Mafia II -- (2K Czech)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Steam\bin\steamwebhelper.exe" = C:\Program Files\Steam\bin\steamwebhelper.exe:*:Enabled:Steam Web Helper -- (Valve Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{107254A0-0ADF-11D4-9397-00D0B7020B38}" =
"{15B44041-33AC-9421-20E0-2011347C8C08}" = AMD Catalyst Install Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 7.5
"{26A24AE4-039D-4CA4-87B4-2F83218045F0}" = Java 8 Update 45
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}" = QuickTime 7
"{3E362879-36FD-6D05-2DC0-2D549BDF920C}" = CCC Help English
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1" = Foxit Cloud
"{456408C1-3BDE-48CC-9A5A-79B1BB4C4787}" = OpenOffice 4.1.1
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51F2E507-2883-1D24-D896-214CBAFCC50F}" = Catalyst Control Center InstallProxy
"{5F32FBBF-92E3-49B1-34B9-73510853A341}" = AMD AVIVO Codecs
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{654977DB-0001-0002-0001-EABD228DDE8B}" = Microsoft Download Manager
"{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}" = Google Drive
"{6BB32D96-A515-2643-8335-5D9AA079AED5}" = Catalyst Control Center Localization All
"{70C6CF73-E9B2-1188-833C-0ECF1293D97B}" = ccc-utility
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{717BC543-C050-4750-822B-BA6D492688E8}" = Catalyst Control Center - Branding
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}" = TomTom HOME
"{86E192C5-92A0-1210-EF0E-18AB41F45752}" = Skins
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{91E5AFAE-3AFE-01CD-892A-B32DB35A7D0D}" = Catalyst Control Center
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{BB05590A-6602-43F3-A400-77EA0976BC0A}" = TomTom HOME
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C70AF388-BBF9-30B3-305B-03A1E0BCFEC8}" = HydraVision
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{EFE35D53-AD0B-4CEB-9333-8E5D56E7C352}" = OpenOffice 4.1.1 Language Pack (Slovak)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F6B23E59-1240-4C20-AE0B-70658A91976A}" = Intel(R) PRO Network Connections
"{FDA7A7CB-F1DE-42A9-83A6-27BE6CD6E8F3}" = SmartControl II
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter_is1" = AC3Filter 2.5b
"Adobe Flash Player ActiveX" = Adobe Flash Player 17 ActiveX
"Adobe Flash Player PPAPI" = Adobe Flash Player 17 PPAPI
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"Any Video Converter" = Any Video Converter 5.8.1
"Any Video Converter_is1" = Any Video Converter 5.7.9
"Avast" = Avast Free Antivirus
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.72.1
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.27
"Defraggler" = Defraggler
"EPSON Scanner" = EPSON Scan
"EPSON SX125 Series" = EPSON SX125 Series Printer Uninstall
"ESET Online Scanner" = ESET Online Scanner v3
"FileHippo.com" = FileHippo App Manager
"FormatFactory" = FormatFactory 3.6.0.0
"Foxit Reader_is1" = Foxit Reader
"Fraps" = Fraps
"Freemake Video Converter_is1" = Freemake Video Converter verzia 4.1.6
"GOM Player" = GOM Player
"GTA:SanAndreas_CZ" = GTA:SanAndreas_CZ
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.7.0 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verzia 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"OpenAL" = OpenAL
"OpenTTD" = OpenTTD 1.4.1
"Opera 12.17.1863" = Opera 12.17
"Opera 30.0.1835.59" = Opera Stable 30.0.1835.59
"SpywareBlaster_is1" = SpywareBlaster 5.0
"Steam App 50130" = Mafia II
"upnito.sk Manager_is1" = upnito.sk Manager 2
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 5.21 (32-bit)
"winusb0100" = Microsoft WinUsb 1.0
"Wise Care 365_is1" = Wise Care 365 3.71
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1645522239-1417001333-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6.6.2015 8:27:25 | Computer Name = GABRIELN | Source = .NET Runtime | ID = 1026
Description =

[ System Events ]
Error - 14.6.2015 13:56:57 | Computer Name = GABRIELN | Source = Service Control Manager | ID = 7000
Description = Spustenie služby StarOpen zlyhalo kvôli nasledujúcej chybe: %%2

Error - 14.6.2015 13:58:18 | Computer Name = GABRIELN | Source = Service Control Manager | ID = 7022
Description = Služba Freemake Improver sa pri spustení zablokovala.

Error - 15.6.2015 3:12:42 | Computer Name = GABRIELN | Source = Service Control Manager | ID = 7000
Description = Spustenie služby StarOpen zlyhalo kvôli nasledujúcej chybe: %%2

Error - 15.6.2015 3:14:05 | Computer Name = GABRIELN | Source = Service Control Manager | ID = 7022
Description = Služba Freemake Improver sa pri spustení zablokovala.

Error - 15.6.2015 11:18:17 | Computer Name = GABRIELN | Source = Service Control Manager | ID = 7000
Description = Spustenie služby StarOpen zlyhalo kvôli nasledujúcej chybe: %%2

Error - 15.6.2015 11:19:37 | Computer Name = GABRIELN | Source = Service Control Manager | ID = 7022
Description = Služba Freemake Improver sa pri spustení zablokovala.

Error - 16.6.2015 10:48:45 | Computer Name = GABRIELN | Source = Service Control Manager | ID = 7000
Description = Spustenie služby StarOpen zlyhalo kvôli nasledujúcej chybe: %%2

Error - 16.6.2015 10:50:05 | Computer Name = GABRIELN | Source = Service Control Manager | ID = 7022
Description = Služba Freemake Improver sa pri spustení zablokovala.

Error - 17.6.2015 3:48:18 | Computer Name = GABRIELN | Source = Service Control Manager | ID = 7000
Description = Spustenie služby StarOpen zlyhalo kvôli nasledujúcej chybe: %%2

Error - 17.6.2015 3:49:38 | Computer Name = GABRIELN | Source = Service Control Manager | ID = 7022
Description = Služba Freemake Improver sa pri spustení zablokovala.

< End of report >

#14 Příspěvek od **Márty84** » 17 čer 2015 20:03

Gabo píše:eraz som si vsimol, ze AdBlock sa mi vzdy zablokuje a nefunguje. Ked ho povolim v nastaveniach, vydrzi 5 sekund a zase sa deaktivuje. Co s tym?

Nejlepsi by bylo komplet odinstalovat prohlizec, vcetne profilu a znovu nainstalovat.
Pokud mate zalozky a nechcete o ne prijit, daji se zazalohovat.

Jen jestli to nema na svedomi ten pitomy Wise Care :-/

Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne

Znovu spustte OTL
Do spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[Purity]
[CreateRestorePoint]

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:otl
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1645522239-1417001333-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\GABRIEL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\G7JE0C2U.DEFAULT\EXTENSIONS\ASCSURFINGPROTECTION@IOBIT.COM
O3 - HKU\S-1-5-21-1645522239-1417001333-839522115-1004\..\Toolbar\ShellBrowser: (no name) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1645522239-1417001333-839522115-1004..\Run: [Wisdom-soft ScreenHunter 6.0 Free] 0 File not found

Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

Gabo · #15 Příspěvek od **Gabo** » 18 čer 2015 19:45

Wise Care som odinstaloval - o nieco je pc rychlejsi. Zaujimave, ze ked som ho instaloval, tak vdaka nemu bol o nieco rychlejsi

Tak veru Operu by som rad preinstaloval, ale nechcem stratit tie zalozky a aj hesla... Ktory spolahlivy program doporucite? Mam Operu 30.

Pc uz lepsie reaguje. Dalo by sa este nieco urobit, alebo uz sme vsetko vycerpali?

Tu je log.

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: All Users.WINDOWS

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gabriel
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49554 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32768 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0,00 mb

[EMPTYFLASH]

User: admin
->Flash cache emptied: 0 bytes

User: Administrator

User: All Users

User: All Users.WINDOWS

User: Default User
->Flash cache emptied: 0 bytes

User: Default User.WINDOWS

User: Gabriel
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: LocalService.NT AUTHORITY

User: NetworkService

User: NetworkService.NT AUTHORITY

Total Flash Files Cleaned = 0,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1645522239-1417001333-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_USERS\S-1-5-21-1645522239-1417001333-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{10921475-03CE-4E04-90CE-E2E7EF20C814} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\APSDaemon deleted successfully.
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1645522239-1417001333-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Wisdom-soft ScreenHunter 6.0 Free deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 06182015_203004

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_9ec.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

VIRY.CZ

Prosim o kontrolu logu

Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu