VIRY.CZ

OTL logfile created on: 1.6.2015 17:18:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1011,95 Mb Total Physical Memory | 285,17 Mb Available Physical Memory | 28,18% Memory free
1,99 Gb Paging File | 1,13 Gb Available in Paging File | 56,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 44,04 Gb Total Space | 24,71 Gb Free Space | 56,10% Space Free | Partition Type: NTFS
Drive D: | 30,39 Gb Total Space | 20,92 Gb Free Space | 68,84% Space Free | Partition Type: NTFS
Drive E: | 1010,09 Mb Total Space | 3,58 Mb Free Space | 0,35% Space Free | Partition Type: FAT

Computer Name: MACIK-PC | User Name: Macik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015.06.01 17:16:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Desktop\OTL.exe
PRC - [2015.05.18 15:28:44 | 000,376,944 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2015.01.28 14:08:58 | 001,349,576 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2015.01.28 14:08:42 | 005,088,456 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - [2015.05.18 15:28:42 | 000,148,080 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015.04.27 21:05:39 | 000,851,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\diagtrack.dll -- (DiagTrack)
SRV - [2015.01.28 14:08:58 | 001,349,576 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2013.05.27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Macik\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2015.03.10 17:24:42 | 000,193,464 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2015.03.10 17:24:42 | 000,176,448 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2015.03.10 17:24:42 | 000,135,808 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2015.03.10 17:24:42 | 000,051,824 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2015.03.10 17:24:42 | 000,037,928 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV - [2013.10.02 02:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010.11.20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.11.20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.10.05 16:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2727698873-3766375548-226271867-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2727698873-3766375548-226271867-1000\..\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-2727698873-3766375548-226271867-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-2727698873-3766375548-226271867-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "CZ"
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.region: "CZ"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.2.1-signed
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:38.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1216156.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015.05.19 19:55:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 38.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 38.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2015.05.19 20:01:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 38.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 38.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2015.05.19 20:01:53 | 000,000,000 | ---D | M]

[2014.08.31 17:47:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Macik\AppData\Roaming\Mozilla\Extensions
[2015.05.26 17:09:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Macik\AppData\Roaming\Mozilla\Firefox\Profiles\5rc4dj2t.default\extensions
[2015.05.29 11:34:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Macik\AppData\Roaming\Mozilla\Firefox\Profiles\5tlm3pzm.default\extensions
[2015.05.29 10:37:58 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Macik\AppData\Roaming\Mozilla\Firefox\Profiles\5tlm3pzm.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2014.08.31 17:52:09 | 000,967,685 | ---- | M] () (No name found) -- C:\Users\Macik\AppData\Roaming\Mozilla\Firefox\Profiles\5rc4dj2t.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2015.05.29 11:34:25 | 000,151,374 | ---- | M] () (No name found) -- C:\Users\Macik\AppData\Roaming\Mozilla\Firefox\Profiles\5tlm3pzm.default\extensions\adblockpopups@jessehakanen.net.xpi
[2015.05.29 10:37:55 | 000,946,636 | ---- | M] () (No name found) -- C:\Users\Macik\AppData\Roaming\Mozilla\Firefox\Profiles\5tlm3pzm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2015.05.18 15:28:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2015.05.18 15:28:45 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.07.10 19:31:32 | 000,034,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

O1 HOSTS File: ([2015.05.31 20:13:01 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2727698873-3766375548-226271867-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2727698873-3766375548-226271867-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{825FBC4A-3711-4436-8591-16C65BB10B12}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B21B2FCB-8CDE-4181-AA5C-503D3A1908EB}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2015.06.01 17:16:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Desktop\OTL.exe
[2015.05.31 20:20:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2015.05.31 20:13:07 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2015.05.31 20:10:52 | 000,000,000 | ---D | C] -- C:\Users\Macik\AppData\Local\temp
[2015.05.31 19:52:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2015.05.31 19:52:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2015.05.31 19:52:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2015.05.31 19:50:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2015.05.31 19:50:05 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2015.05.31 19:45:09 | 005,628,238 | R--- | C] (Swearware) -- D:\Desktop\ComboFix.exe
[2015.05.31 14:04:56 | 000,000,000 | ---D | C] -- C:\Users\Macik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ghostscript
[2015.05.31 14:04:32 | 000,000,000 | ---D | C] -- C:\Program Files\gs
[2015.05.31 13:34:17 | 000,054,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys
[2015.05.31 13:23:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
[2015.05.31 13:23:25 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2015.05.27 09:49:44 | 000,000,000 | ---D | C] -- D:\Odkazy
[2015.05.26 22:19:50 | 000,000,000 | ---D | C] -- C:\Users\Macik\Downloads
[2015.05.26 18:48:51 | 000,000,000 | ---D | C] -- C:\Users\Macik\AppData\Local\VirtualStore
[2015.05.18 19:24:09 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2015.05.18 15:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2015.05.14 09:33:00 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2015.05.14 00:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2015.05.14 00:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2015.05.14 00:49:30 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2015.05.13 19:06:12 | 002,382,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2015.05.13 19:06:12 | 001,250,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2015.05.13 19:05:13 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll
[2015.05.13 19:05:12 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jnwmon.dll
[2015.05.11 20:02:36 | 000,851,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagtrack.dll
[2015.05.11 20:02:36 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UtcResources.dll
[2015.05.11 20:02:35 | 003,989,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2015.05.11 20:02:34 | 003,934,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2015.05.11 20:02:33 | 000,635,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdh.dll
[2015.05.11 20:02:32 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2015.05.11 20:02:32 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tracerpt.exe
[2015.05.11 20:02:32 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2015.05.11 20:02:31 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2015.05.11 20:02:31 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2015.05.11 20:02:31 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\auditpol.exe
[2015.05.11 20:02:31 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\typeperf.exe
[2015.05.11 20:02:31 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2015.05.11 20:02:31 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\relog.exe
[2015.05.11 20:02:30 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskperf.exe
[2015.05.11 20:02:29 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2015.05.11 20:02:29 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2015.05.11 20:02:29 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apisetschema.dll
[2015.05.11 20:02:28 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msaudite.dll
[2015.05.11 20:02:28 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msobjs.dll
[2015.05.11 20:01:35 | 001,372,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmcore.dll
[2015.05.11 19:59:36 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdbinst.exe
[2015.05.11 19:59:28 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe

========== Files - Modified Within 30 Days ==========

[2015.06.01 17:23:04 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2015.06.01 17:16:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Desktop\OTL.exe
[2015.06.01 17:06:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015.06.01 13:12:22 | 000,647,902 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2015.06.01 13:12:22 | 000,633,096 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2015.06.01 13:12:22 | 000,133,230 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2015.06.01 13:12:22 | 000,114,958 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2015.06.01 12:28:47 | 000,031,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015.06.01 12:28:47 | 000,031,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015.06.01 12:21:34 | 795,832,320 | -HS- | M] () -- C:\hiberfil.sys
[2015.05.31 20:13:01 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2015.05.31 19:45:10 | 005,628,238 | R--- | M] (Swearware) -- D:\Desktop\ComboFix.exe
[2015.05.31 12:19:27 | 000,015,195 | ---- | M] () -- D:\Desktop\Ma_Koppl_Annahme ESt unbeschränkt 2014.pdf
[2015.05.31 12:16:14 | 000,008,067 | ---- | M] () -- D:\Desktop\Anschreiben-2014.pdf
[2015.05.30 23:22:52 | 000,007,332 | ---- | M] () -- D:\Desktop\MAKoppl Steuerberechnung_2015.pdf
[2015.05.26 16:36:10 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
[2015.05.14 09:54:17 | 000,360,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2015.06.01 17:23:04 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2015.05.31 19:52:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2015.05.31 19:52:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2015.05.31 19:52:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2015.05.31 19:52:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2015.05.31 19:52:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2015.05.31 12:19:26 | 000,015,195 | ---- | C] () -- D:\Desktop\Ma_Koppl_Annahme ESt unbeschränkt 2014.pdf
[2015.05.31 12:16:14 | 000,008,067 | ---- | C] () -- D:\Desktop\Anschreiben-2014.pdf
[2015.05.30 23:22:52 | 000,007,332 | ---- | C] () -- D:\Desktop\MAKoppl Steuerberechnung_2015.pdf
[2015.05.26 17:14:57 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2015.03.31 16:02:50 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

========== ZeroAccess Check ==========

[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015.02.13 07:26:18 | 012,875,264 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014.08.31 20:28:17 | 000,000,000 | ---D | M] -- C:\Users\Macik\AppData\Roaming\ESET
[2015.03.31 16:18:56 | 000,000,000 | ---D | M] -- C:\Users\Macik\AppData\Roaming\Free Media Converter
[2015.03.31 13:20:03 | 000,000,000 | ---D | M] -- C:\Users\Macik\AppData\Roaming\SolidDocuments
[2015.03.29 23:00:43 | 000,000,000 | ---D | M] -- C:\Users\Macik\AppData\Roaming\Zoner

========== Purity Check ==========



========== Custom Scans ==========

< >
[2009.07.14 06:53:46 | 000,032,566 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT

< >

< MD5 for: AGP440.SYS >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\erdnt\cache\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\erdnt\cache\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_a5025d31bee4647c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_df26d4d57fdef5b0\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_dfc9143c98e9a6c4\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010.11.20 23:29:06 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe
[2010.11.20 23:29:06 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2010.11.20 23:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010.11.20 23:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010.11.20 23:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2014.10.30 04:14:18 | 000,145,920 | ---- | M] (Microsoft Corporation) MD5=3031B5DC2A58A7BCE6651EA9B7DD6390 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22908_none_789f60191223613f\cryptsvc.dll
[2013.05.10 06:49:59 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=33ADF6E0853AB39EA1723BE82842C1D3 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_77d7a417f9359661\cryptsvc.dll
[2013.05.13 06:45:55 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=3897DFF247D9ED0006190349DE264E14 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_77d8a461f934afb8\cryptsvc.dll
[2015.02.03 05:12:14 | 000,143,872 | ---- | M] (Microsoft Corporation) MD5=49474B3E37969AF4B5C076F42B623AFF -- C:\Windows\erdnt\cache\cryptsvc.dll
[2015.02.03 05:12:14 | 000,143,872 | ---- | M] (Microsoft Corporation) MD5=49474B3E37969AF4B5C076F42B623AFF -- C:\Windows\System32\cryptsvc.dll
[2015.02.03 05:12:14 | 000,143,872 | ---- | M] (Microsoft Corporation) MD5=49474B3E37969AF4B5C076F42B623AFF -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18741_none_77e37fb1f92c82b1\cryptsvc.dll
[2014.07.07 03:40:07 | 000,143,872 | ---- | M] (Microsoft Corporation) MD5=623E143F2DF17C0106A9988F5D7DC878 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18526_none_77fe1d2ff917cf34\cryptsvc.dll
[2013.07.09 15:57:37 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=6DB499DEFCC827317C5371164A7CDB27 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_7840d305126b8725\cryptsvc.dll
[2013.07.09 06:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=7CA1BECEA5DE2643ADDAD32670E7A4C9 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_7812b70bf9088686\cryptsvc.dll
[2010.11.20 23:29:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2013.05.11 06:59:05 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=AC04D05309BB2C418D0D80B9FB014642 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_7883b3211239122d\cryptsvc.dll
[2015.02.03 05:31:49 | 000,145,920 | ---- | M] (Microsoft Corporation) MD5=B97E16D36DB7B7DD22C97857506FA58A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22948_none_787420691243d103\cryptsvc.dll
[2013.05.10 07:06:21 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=E122AA1C9A3CC46FF9DDDE46E5EB0C58 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_7882b2d71239f8d6\cryptsvc.dll
[2013.10.05 03:52:03 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=F2D9242C3BBD1C36467FCAE1AE01733F -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_784ea5b51260b460\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010.11.20 23:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\erdnt\cache\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

< MD5 for: HAL.DLL >
[2010.11.20 23:29:19 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\System32\hal.dll
[2010.11.20 23:29:19 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll

< MD5 for: IASTORV.SYS >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2010.11.20 23:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 23:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009.07.14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\drivers\isapnp.sys
[2009.07.14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\isapnp.sys
[2009.07.14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\isapnp.sys

< MD5 for: LSASS.EXE >
[2014.05.30 09:34:43 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=0421593A1955FE63245B700560B44600 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22705_none_a8e74cccd4220539\lsass.exe
[2015.04.27 21:04:05 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=1667D76FBF42B24B9DE3E8B0A7CF06BE -- C:\Windows\erdnt\cache\lsass.exe
[2015.04.27 21:04:05 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=1667D76FBF42B24B9DE3E8B0A7CF06BE -- C:\Windows\System32\lsass.exe
[2015.04.27 21:04:05 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=1667D76FBF42B24B9DE3E8B0A7CF06BE -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18839_none_a8414531bb1918ec\lsass.exe
[2014.05.30 09:52:03 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=213601D688579B98F576BA7CA88496DE -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18489_none_a80b2dfdbb41b005\lsass.exe
[2015.04.27 20:55:11 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=24D7FCB0A817B4D841A3CA67212FE500 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23040_none_a8b6e798d44723da\lsass.exe
[2015.01.27 05:27:34 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=2668762334E663B7BD68067A047C4187 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22943_none_a8ba1054d4443c9d\lsass.exe
[2015.02.03 05:11:47 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=27945CF21E17AFBFF1E31993AAEE4551 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18741_none_a82e710fbb286cfe\lsass.exe
[2015.03.17 06:45:00 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=3228BE5229F9EEFB18654A56B016F642 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23002_none_a8e427dcd424e6c4\lsass.exe
[2015.04.04 05:10:24 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=35F0817C803DFC520CBF7031B72B6A17 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23017_none_a8de5962d4288168\lsass.exe
[2015.01.29 05:01:10 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=4B66FC6316D1940837965C01D6DDD9A1 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18738_none_a8404301bb1a026e\lsass.exe
[2015.04.04 05:04:25 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=618BA9298726844DA4E9E53C7C8D4015 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18812_none_a84fe303bb0f2fa9\lsass.exe
[2014.04.12 04:06:16 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=627B40EB2595D8FCF1960F33389EB7D3 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22653_none_a8af3ab6d44c6119\lsass.exe
[2014.04.12 04:06:16 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=627B40EB2595D8FCF1960F33389EB7D3 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22712_none_a8d97c02d42cd525\lsass.exe
[2014.04.12 04:06:16 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=627B40EB2595D8FCF1960F33389EB7D3 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22736_none_a8c7dd52d4397263\lsass.exe
[2014.04.12 04:06:16 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=627B40EB2595D8FCF1960F33389EB7D3 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22807_none_a8e94f46d420350e\lsass.exe
[2014.04.12 04:06:16 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=627B40EB2595D8FCF1960F33389EB7D3 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22843_none_a8ba0e6ed4443f76\lsass.exe
[2014.04.12 04:06:16 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=627B40EB2595D8FCF1960F33389EB7D3 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22923_none_a8cfb02cd43404bb\lsass.exe
[2014.04.12 04:06:16 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=627B40EB2595D8FCF1960F33389EB7D3 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22925_none_a8d1b0c0d4323769\lsass.exe
[2012.08.24 18:53:44 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=7ABC23F3D86880AD62ACEDC7479608F8 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22099_none_a889f15ed46779fd\lsass.exe
[2011.11.17 07:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=81951F51E318AECC2D68559E47485CC4 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_a84828d7bb1480d7\lsass.exe
[2011.11.17 07:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=81951F51E318AECC2D68559E47485CC4 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_a828bb43bb2beb28\lsass.exe
[2011.11.17 07:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=81951F51E318AECC2D68559E47485CC4 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17940_none_a82d8b59bb293454\lsass.exe
[2015.02.03 05:31:15 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=8CAD69B705D065CCAAA0E4C17C07B21E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22948_none_a8bf11c6d43fbb50\lsass.exe
[2015.03.17 06:56:28 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=981CE3E3A653511799F4A862494B66A8 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18798_none_a7ff6379bb4aaa14\lsass.exe
[2014.09.19 11:23:13 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=AC0D7A5778D5A8C17ECFEECB302B4FA4 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18606_none_a85eb04bbb037ec6\lsass.exe
[2015.01.14 07:40:26 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=BA0FE19728F5FA8473FB13C9C031FCC0 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18717_none_a854e28fbb0ab135\lsass.exe
[2015.03.06 07:11:16 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=BE2D700A9B21B40622C250FE1206A02F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22983_none_a88ed0a4d464ac61\lsass.exe
[2015.01.15 09:42:17 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=BF08DE8E4FA1F143D41B3241F7FCE5F6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18719_none_a856e323bb08e3e3\lsass.exe
[2014.04.12 04:11:22 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=DD17E1573651293D4ED31053795B3471 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18443_none_a8306bf1bb26a837\lsass.exe
[2014.04.12 04:11:22 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=DD17E1573651293D4ED31053795B3471 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18496_none_a7fd5d33bb4c7ff1\lsass.exe
[2014.04.12 04:11:22 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=DD17E1573651293D4ED31053795B3471 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18526_none_a8490e8dbb13b981\lsass.exe
[2014.04.12 04:11:22 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=DD17E1573651293D4ED31053795B3471 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18637_none_a83f40d1bb1aebf0\lsass.exe
[2014.09.19 11:29:14 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F0F6E52554E314A71E776B1086B5B3DD -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22814_none_a8db7e7cd42b04fa\lsass.exe
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_a851f4adbb0d5141\lsass.exe
[2015.03.06 07:09:44 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F65F365AC0D1657917EFDB52445C848B -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18779_none_a816039bbb398b89\lsass.exe
[2012.06.02 06:51:22 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=FA7B950E4CA6AA260C4EABA19E03644D -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_a8d76e24d42eb666\lsass.exe
[2011.11.17 07:24:04 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=FBCB2DFA40862DAA7B1534C9538208A5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_a8a284cad4562b09\lsass.exe

< MD5 for: NDIS.SYS >
[2012.08.22 19:05:16 | 000,712,048 | ---- | M] (Microsoft Corporation) MD5=15B74B6283CEBCCE3054C1001CA01B5E -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.22097_none_aa0491cf93ad1c31\ndis.sys
[2012.08.22 19:16:46 | 000,712,048 | ---- | M] (Microsoft Corporation) MD5=8C9C922D71F1CD4DEF73F186416B7896 -- C:\Windows\erdnt\cache\ndis.sys
[2012.08.22 19:16:46 | 000,712,048 | ---- | M] (Microsoft Corporation) MD5=8C9C922D71F1CD4DEF73F186416B7896 -- C:\Windows\System32\drivers\ndis.sys
[2012.08.22 19:16:46 | 000,712,048 | ---- | M] (Microsoft Corporation) MD5=8C9C922D71F1CD4DEF73F186416B7896 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_a9bdfee47a5cd154\ndis.sys
[2010.11.20 23:29:12 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_a9ce95b27a512623\ndis.sys

< MD5 for: NETLOGON.DLL >
[2010.11.20 23:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\erdnt\cache\netlogon.dll
[2010.11.20 23:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 23:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll

< MD5 for: NVRAID.SYS >
[2010.11.20 23:29:03 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=AF2EEC9580C1D32FB7EAF105D9784061 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvraid.sys
[2010.11.20 23:29:03 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=AF2EEC9580C1D32FB7EAF105D9784061 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvraid.sys
[2011.03.11 07:39:00 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=B3E25EE28883877076E0E1FF877D02E0 -- C:\Windows\System32\drivers\nvraid.sys
[2011.03.11 07:39:00 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=B3E25EE28883877076E0E1FF877D02E0 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvraid.sys
[2011.03.11 07:39:00 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=B3E25EE28883877076E0E1FF877D02E0 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvraid.sys
[2011.03.11 07:28:10 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=E3B840350A72CA6F39BD2BEF85A2BCFB -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2010.11.20 23:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 23:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys

< MD5 for: SCECLI.DLL >
[2010.11.20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache\scecli.dll
[2010.11.20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

< MD5 for: SMSS.EXE >
[2015.02.03 05:12:00 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=01C6C743FE49D0FB3F0A1391FEF1DEB3 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18741_none_ae1e8e4a778ed482\smss.exe
[2015.04.27 21:04:21 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=03CD13A169C19558F637C2F36B974BDA -- C:\Windows\System32\smss.exe
[2015.04.27 21:04:21 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=03CD13A169C19558F637C2F36B974BDA -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18839_none_ae31626c777f8070\smss.exe
[2015.01.29 05:01:22 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=0C41393891E2EB9F8FDF28A0654C5B5E -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18738_none_ae30603c778069f2\smss.exe
[2009.07.14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_ac10fe207a85352b\smss.exe
[2015.03.17 06:56:43 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=485436C2A90318218777401FB973558C -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18798_none_adef80b477b11198\smss.exe
[2013.07.08 05:02:28 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=634E0B45780F502304592C5615A31089 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22379_none_ae8fb42390bda114\smss.exe
[2015.02.03 05:31:31 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=7FFC65934B6CC409D62448ADFE50EBF1 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22948_none_aeaf2f0190a622d4\smss.exe
[2015.04.27 20:55:24 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=AC1D1026D06D6F74D32356772A3E321E -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23040_none_aea704d390ad8b5e\smss.exe
[2015.03.17 06:45:09 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=BCE230B8626E42E997285173A9426EE5 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23002_none_aed44517908b4e48\smss.exe
[2013.08.29 02:51:28 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=D2A72C71CD6C18A99E920EC5761F0C7D -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22436_none_aeb7f4db909fe272\smss.exe
[2014.04.12 04:06:24 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=D8A5E3B8EB601B897AC78B060177E460 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22653_none_ae9f57f190b2c89d\smss.exe
[2014.04.12 04:06:24 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=D8A5E3B8EB601B897AC78B060177E460 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22780_none_ae7be93590cdcd92\smss.exe
[2014.04.12 04:06:24 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=D8A5E3B8EB601B897AC78B060177E460 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22908_none_aeda6eb19085b310\smss.exe
[2014.04.12 04:06:24 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=D8A5E3B8EB601B897AC78B060177E460 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22921_none_aebdccd3909c3991\smss.exe
[2014.04.12 04:06:24 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=D8A5E3B8EB601B897AC78B060177E460 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22923_none_aebfcd67909a6c3f\smss.exe
[2013.03.19 04:49:16 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=DE91DCC7BC55E940979097E98F743205 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18113_none_ae40f33e7774c473\smss.exe
[2015.01.27 05:27:49 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=EA4931A2EE99926C89935FC92526D7A4 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22943_none_aeaa2d8f90aaa421\smss.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: TCPIP.SYS >
[2011.04.25 06:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\SoftwareDistribution\Download\819f2389c84fd99ac463e7d342b07134\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2010.11.20 23:29:20 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2014.04.05 04:25:01 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=5579DD18546999F5D0EC39D018726C6B -- C:\Windows\erdnt\cache\tcpip.sys
[2014.04.05 04:25:01 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=5579DD18546999F5D0EC39D018726C6B -- C:\Windows\System32\drivers\tcpip.sys
[2014.04.05 04:25:01 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=5579DD18546999F5D0EC39D018726C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18438_none_b513c4dfc4b513b9\tcpip.sys
[2013.09.07 04:06:48 | 001,309,120 | ---- | M] (Microsoft Corporation) MD5=6C4F3D92764FFA22D28061A4D9235446 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_b58e8eb0ddde6cf1\tcpip.sys
[2011.04.25 08:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\SoftwareDistribution\Download\819f2389c84fd99ac463e7d342b07134\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2013.09.08 04:07:12 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=CA59F7C570AF70BC174F477CFE2D9EE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_b4fa2013c4c8ebf1\tcpip.sys
[2012.10.03 18:44:01 | 001,308,040 | ---- | M] (Microsoft Corporation) MD5=D490DD0A91B4EAC3B4EE08D11EE37C31 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_b5a428d6ddce3d9a\tcpip.sys
[2012.10.03 18:58:30 | 001,293,680 | ---- | M] (Microsoft Corporation) MD5=E23A56F843E2AEBBB209D0ACCA73C640 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_b4ef7439c4d0da52\tcpip.sys
[2014.04.05 04:16:21 | 001,310,144 | ---- | M] (Microsoft Corporation) MD5=EA47AB18E289333AB94397D77CA6E3A1 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22648_none_b59293a4dddacc9b\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010.11.20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe
[2010.11.20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

< MD5 for: WINLOGON.EXE >
[2014.07.16 04:56:14 | 000,304,640 | ---- | M] (Microsoft Corporation) MD5=4F37B93C14AEE313BEC52A23AFB15C2E -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_7224b2134c7555fa\winlogon.exe
[2014.07.17 03:39:27 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=52449FD429D6053B78AE564DEF303870 -- C:\Windows\erdnt\cache\winlogon.exe
[2014.07.17 03:39:27 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=52449FD429D6053B78AE564DEF303870 -- C:\Windows\System32\winlogon.exe
[2014.07.17 03:39:27 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=52449FD429D6053B78AE564DEF303870 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_71a5e34e334f9d18\winlogon.exe
[2010.11.20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2014.03.04 11:17:02 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=998507B046BA314CE8245364C686FA67 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_71da23b23327143c\winlogon.exe
[2014.03.04 12:39:02 | 000,304,640 | ---- | M] (Microsoft Corporation) MD5=D53972F87D850CD2EB4B29B60CAFDD77 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_7255f1994c4f8119\winlogon.exe

< MD5 for: WS2_32.DLL >
[2010.11.20 23:29:06 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\erdnt\cache\ws2_32.dll
[2010.11.20 23:29:06 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\System32\ws2_32.dll
[2010.11.20 23:29:06 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[10 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\9045ff89f30910ac1667279c87b43df8\*.tmp files -> C:\Windows\SoftwareDistribution\Download\9045ff89f30910ac1667279c87b43df8\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2015.05.31 12:47:14 | 000,000,000 | ---D | M] -- C:\Users\Macik\AppData\Roaming\Adobe
[2014.08.31 20:28:17 | 000,000,000 | ---D | M] -- C:\Users\Macik\AppData\Roaming\ESET
[2015.03.31 16:18:56 | 000,000,000 | ---D | M] -- C:\Users\Macik\AppData\Roaming\Free Media Converter
[2014.08.31 17:36:20 | 000,000,000 | ---D | M] -- C:\Users\Macik\AppData\Roaming\Identities
[2014.08.31 19:04:56 | 000,000,000 | ---D | M] -- C:\Users\Macik\AppData\Roaming\Macromedia
[2011.04.12 03:46:30 | 000,000,000 | ---D | M] -- C:\Users\Macik\AppData\Roaming\Media Center Programs
[2015.03.20 16:11:24 | 000,000,000 | --SD | M] -- C:\Users\Macik\AppData\Roaming\Microsoft
[2014.08.31 17:47:34 | 000,000,000 | ---D | M] -- C:\Users\Macik\AppData\Roaming\Mozilla
[2015.03.31 13:20:03 | 000,000,000 | ---D | M] -- C:\Users\Macik\AppData\Roaming\SolidDocuments
[2015.05.24 22:07:44 | 000,000,000 | ---D | M] -- C:\Users\Macik\AppData\Roaming\vlc
[2014.09.03 01:06:40 | 000,000,000 | ---D | M] -- C:\Users\Macik\AppData\Roaming\WinRAR
[2015.03.29 23:00:43 | 000,000,000 | ---D | M] -- C:\Users\Macik\AppData\Roaming\Zoner

< %APPDATA%\*.exe /s >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2015.06.01 12:28:47 | 000,031,664 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015.06.01 12:28:47 | 000,031,664 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015.06.01 13:12:22 | 000,133,230 | ---- | M] () -- C:\Windows\system32\perfc005.dat
[2015.06.01 13:12:22 | 000,114,958 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2015.06.01 13:12:22 | 000,647,902 | ---- | M] () -- C:\Windows\system32\perfh005.dat
[2015.06.01 13:12:22 | 000,633,096 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2015.06.01 13:12:21 | 001,524,356 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< >

< type c:\boot.ini >> test.txt /c >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2015.06.01 17:23:04 | 000,000,512 | ---- | M] () MD5=81814E2D884A1F7AA341C6DE2636AC86 -- C:\PhysicalMBR.bin

< >

< *crack* /s >

< *keygen* /s >

< *AntiWPA* /s >

< *loader* /s >

< *minodlogin* /s >

< *tnod* /s >

< *AutoKMS* /s >

< *activator* /s >

< *serial* /s >

< *w7lxe* /s >

< End of report >

OTL Extras logfile created on: 1.6.2015 17:18:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1011,95 Mb Total Physical Memory | 285,17 Mb Available Physical Memory | 28,18% Memory free
1,99 Gb Paging File | 1,13 Gb Available in Paging File | 56,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 44,04 Gb Total Space | 24,71 Gb Free Space | 56,10% Space Free | Partition Type: NTFS
Drive D: | 30,39 Gb Total Space | 20,92 Gb Free Space | 68,84% Space Free | Partition Type: NTFS
Drive E: | 1010,09 Mb Total Space | 3,58 Mb Free Space | 0,35% Space Free | Partition Type: FAT

Computer Name: MACIK-PC | User Name: Macik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1

[HKEY_USERS\S-1-5-21-2727698873-3766375548-226271867-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office15\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00CC691A-BC1A-4BEB-AD22-FC57D2E89E0C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{05DB387F-D685-4C23-9657-DFB85F40E8EC}" = rport=138 | protocol=17 | dir=out | app=system |
"{08F43AFD-3A73-4DBA-BD97-1C9333C029B3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0F8DFFE6-CAE4-4884-986D-B0167C92150E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{115A6363-2B2C-4AEA-AD4E-F0479BB552D6}" = rport=137 | protocol=17 | dir=out | app=system |
"{116D4CCA-769B-407D-A327-5B5F05992512}" = lport=139 | protocol=6 | dir=in | app=system |
"{136CA81D-501B-448C-BED2-3E758F7D8778}" = lport=138 | protocol=17 | dir=in | app=system |
"{2CD750F9-F376-41E1-AFD9-D6BAA59F1F20}" = lport=2869 | protocol=6 | dir=in | app=system |
"{38356317-83CA-40E0-8B1E-731B4247D77E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{46C421A4-5317-4A28-8CA0-5E4D22E78B52}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4C021494-7993-42AD-B8A9-24FAEDA50227}" = rport=445 | protocol=6 | dir=out | app=system |
"{6143182D-87EE-41C5-92F8-6B944D475F38}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{765C89B6-0010-46D0-8AD3-D72B674B6FEA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{77A6127E-326D-4275-921E-61FA4F795D79}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8CFF41C0-29A3-4243-B76A-F0529C72FDAB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{90996A7B-986D-4F2F-AD07-725355EE2787}" = rport=139 | protocol=6 | dir=out | app=system |
"{A0D588CC-CF13-4833-A983-8AF0433572F7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B297601A-E090-49C9-A478-2154AF2D7572}" = lport=137 | protocol=17 | dir=in | app=system |
"{B8C2A104-C594-4A49-8F02-981A24DCF0F5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DA366938-26E3-4AAD-8E23-AFA22E3925B4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FAA2E8B4-6353-4CA6-8E94-6F3028C167E9}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1621D195-14D8-4493-B62F-6F0C200873B4}" = protocol=6 | dir=out | app=system |
"{28DD0DF7-CDE1-4EBE-9BED-6C549CDB458B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{31F14345-933B-46C3-B664-4F32526605FC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{412ED495-A44C-4464-BC0B-C2B3F8974121}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4563C63F-9AEB-465A-9F1D-2719765F4796}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{482333B0-827B-4268-A83D-86EDF3393542}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{54F53DE8-FAAE-4555-9414-E4F478C07532}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{581B62EC-F399-4448-B86D-66EC00A0C445}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6174C8FF-D05D-44D6-A336-132E667242D7}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{673A4D20-B17B-4207-8EF4-3D989D303037}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7A8E00F4-A106-465A-AD6C-9F5F94B80A46}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7E86ECE1-5CED-4749-AB73-2A2487F0D590}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{89735F88-1CCB-4EAD-9264-E371A0974212}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{8FA0B159-4DEA-4BFF-AC9A-970FBC68EBED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{99B8A689-4D8F-4706-B5D0-228FC6026EC8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{9A76233A-848A-4EF7-B03B-21AABB1D15BF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A851F034-7A4C-43B7-9DCB-FA7EB18E2910}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B831E91D-2869-47A8-B84D-31A722B39C00}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BD83E84E-E88B-408C-8672-CA1870DA87EA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D0D44F2C-E6F9-48D5-AF3B-F98B0D17BAB4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E3DB3FB6-D085-4004-9058-3B3C9A1B556F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F94AF43B-9C62-4FF6-BCE9-890CAE248F22}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{3911CF56-9EF2-39BA-846A-C27BD3CD0685}" = Microsoft .NET Framework 4.5.2
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{69EDC871-8A8A-34A8-B511-FF7CE3C4B0B7}" = Microsoft .NET Framework 4.5.2 (CSY)
"{90150000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2013
"{90150000-0015-0405-0000-0000000FF1CE}" = Microsoft Access MUI (Czech) 2013
"{90150000-0015-0409-0000-0000000FF1CE}" = Microsoft Access MUI (English) 2013
"{90150000-0016-0405-0000-0000000FF1CE}" = Microsoft Excel MUI (Czech) 2013
"{90150000-0016-0409-0000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013
"{90150000-0017-0405-0000-0000000FF1CE}" = Microsoft SharePoint Designer MUI (Czech) 2013
"{90150000-0018-0405-0000-0000000FF1CE}" = Microsoft PowerPoint MUI (Czech) 2013
"{90150000-0018-0409-0000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013
"{90150000-0019-0405-0000-0000000FF1CE}" = Microsoft Publisher MUI (Czech) 2013
"{90150000-0019-0409-0000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013
"{90150000-001A-0405-0000-0000000FF1CE}" = Microsoft Outlook MUI (Czech) 2013
"{90150000-001A-0409-0000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013
"{90150000-001B-0405-0000-0000000FF1CE}" = Microsoft Word MUI (Czech) 2013
"{90150000-001B-0409-0000-0000000FF1CE}" = Microsoft Word MUI (English) 2013
"{90150000-001F-0405-0000-0000000FF1CE}" = Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština
"{90150000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch
"{90150000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-0000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-041B-0000-0000000FF1CE}" = Nástroje korektúry balíka Microsoft Office 2013 - slovenčina
"{90150000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
"{90150000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2013
"{90150000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
"{90150000-0044-0405-0000-0000000FF1CE}" = Microsoft InfoPath MUI (Czech) 2013
"{90150000-0044-0409-0000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013
"{90150000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2013
"{90150000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
"{90150000-0090-0405-0000-0000000FF1CE}" = Microsoft DCF MUI (Czech) 2013
"{90150000-0090-0409-0000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013
"{90150000-00A1-0405-0000-0000000FF1CE}" = Microsoft OneNote MUI (Czech) 2013
"{90150000-00A1-0409-0000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013
"{90150000-00BA-0405-0000-0000000FF1CE}" = Microsoft Groove MUI (Czech) 2013
"{90150000-00BA-0409-0000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013
"{90150000-00E1-0405-0000-0000000FF1CE}" = Microsoft Office OSM MUI (Czech) 2013
"{90150000-00E1-0409-0000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013
"{90150000-00E2-0405-0000-0000000FF1CE}" = Microsoft Office OSM UX MUI (Czech) 2013
"{90150000-00E2-0409-0000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013
"{90150000-0100-0405-0000-0000000FF1CE}" = Microsoft Office O MUI (Czech) 2013
"{90150000-0101-0405-0000-0000000FF1CE}" = Microsoft X MUI (Czech) 2013
"{90150000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
"{90150000-0117-0409-0000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013
"{90150000-012B-0405-0000-0000000FF1CE}" = Microsoft Lync MUI (Czech) 2013
"{90150000-012B-0409-0000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029" = Microsoft .NET Framework 4.5.2 (čeština)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2
"{AC76BA86-0804-1033-1959-001802114130}" = Adobe Refresh Manager
"{AC76BA86-1033-FFFF-7760-000000000006}" = Adobe Acrobat XI Pro
"{AC76BA86-7AD7-1029-7B44-AB0000000001}" = Adobe Reader XI (11.0.11) - Czech
"{D17A05CB-2401-4F63-AB70-EFC060B4B4CB}" = ESET Smart Security
"Adobe Flash Player NPAPI" = Adobe Flash Player 17 NPAPI
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"Defraggler" = Defraggler
"ffdshow_is1" = ffdshow v1.3.4533 [2014-09-29]
"Free Media Converter_is1" = Free Media Converter 2.96
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Mozilla Firefox 38.0.1 (x86 cs)" = Mozilla Firefox 38.0.1 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office15.OMUI.cs-cz" = Microsoft Office Language Pack 2013 - Czech/čeština
"Office15.PROPLUS" = Microsoft Office Professional 2013
"VLC media player" = VLC media player
"WinRAR archiver" = WinRAR 5.10 (32-bit)
"ZonerCallisto5_CZ_is1" = Zoner Callisto 5 FREE

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 30.5.2015 5:12:31 | Computer Name = Macik-PC | Source = WinMgmt | ID = 10
Description =

Error - 30.5.2015 5:27:59 | Computer Name = Macik-PC | Source = Office 2013 Licensing Service | ID = 0
Description =

Error - 31.5.2015 3:11:10 | Computer Name = Macik-PC | Source = WinMgmt | ID = 10
Description =

Error - 31.5.2015 3:20:51 | Computer Name = Macik-PC | Source = Office 2013 Licensing Service | ID = 0
Description =

Error - 31.5.2015 13:41:50 | Computer Name = Macik-PC | Source = WinMgmt | ID = 10
Description =

Error - 31.5.2015 13:44:50 | Computer Name = Macik-PC | Source = System Restore | ID = 8193
Description =

Error - 31.5.2015 13:49:50 | Computer Name = Macik-PC | Source = WinMgmt | ID = 10
Description =

Error - 31.5.2015 14:13:48 | Computer Name = Macik-PC | Source = WinMgmt | ID = 10
Description =

Error - 1.6.2015 6:23:27 | Computer Name = Macik-PC | Source = WinMgmt | ID = 10
Description =

Error - 1.6.2015 6:32:01 | Computer Name = Macik-PC | Source = Office 2013 Licensing Service | ID = 0
Description =

[ System Events ]
Error - 25.4.2015 15:23:13 | Computer Name = Macik-PC | Source = bowser | ID = 8003
Description =

Error - 25.4.2015 15:35:14 | Computer Name = Macik-PC | Source = bowser | ID = 8003
Description =

Error - 25.4.2015 15:47:13 | Computer Name = Macik-PC | Source = bowser | ID = 8003
Description =

Error - 25.4.2015 15:59:12 | Computer Name = Macik-PC | Source = bowser | ID = 8003
Description =

Error - 26.4.2015 2:10:58 | Computer Name = Macik-PC | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby ShellHWDetection bylo dosaženo
časového limitu (30000 ms).

Error - 27.4.2015 10:39:32 | Computer Name = Macik-PC | Source = NetBT | ID = 4321
Description = Název WORKGROUP :1d nelze zaregistrovat v rozhraní s IP adresou
10.0.0.5. Počítač s IP adresou 10.0.0.1 nepovolil získání názvu tímto počítačem.

Error - 29.4.2015 4:02:17 | Computer Name = Macik-PC | Source = bowser | ID = 8003
Description =

Error - 30.4.2015 8:09:36 | Computer Name = Macik-PC | Source = Schannel | ID = 36887
Description = Byla přijata následující výstraha o závažné chybě: 80.

Error - 2.5.2015 3:54:32 | Computer Name = Macik-PC | Source = Microsoft-Windows-Application-Experience | ID = 205
Description = Službě Pomocník s kompatibilitou programů se nepodařilo provést inicializaci
druhé fáze.

Error - 4.5.2015 13:25:06 | Computer Name = Macik-PC | Source = bowser | ID = 8003
Description =


< End of report >

Vypnete antivir, at nebrani programu v praci.
Znovu spustte OTL jako spravce
Do spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands) Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2727698873-3766375548-226271867-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Windows\zoek-delete.exe moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5E64.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP68E1.tmp\ehshell.dll deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP68E1.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6A87.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP79DC.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7C7F.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8545.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9ACA.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB17.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB672.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPFB81.tmp folder deleted successfully.
C:\Windows\SoftwareDistribution\Download\9045ff89f30910ac1667279c87b43df8\$dpx$.tmp\job.xml deleted successfully.
C:\Windows\SoftwareDistribution\Download\9045ff89f30910ac1667279c87b43df8\$dpx$.tmp folder deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 06032015_172035

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

Prejmenujte ComboFix na Uninstall a spustte ho. CF by se mel odinstalovat.

vyosek píše: DelFix https://toolslib.net/downloads/finish/2/

• Stahnete a spustte
• Ponechte zatrzitkou pouze u volby Remove disinfection tools
• Kliknete na Run

Nastala nejaka zmena?

Hmm chova se stejne, ale asi to bude vsema tema aktualizacema od windows a tema ramkama. MOOC dekuji a nashledanou

Na havet je pc cisty. Takze problem bude bud s legitimnim softem, nebo muze byt i HW problem, kdyz to blbne i v nouzaku.

Zkuste jeste spustit mozillu v jejim nouzovem rezimu https://support.mozilla.org/cs/kb/Nouzo ... re%C5%BEim

Zkuste na chvili vypnout veskere zabezpeceni (antivir, firewall)

Kvuli combofixu jsem musel odinstalovat antivir, protoze ani po docasnem vypnuti firewalu a antiviru, ho combofix detekoval jako aktivni. Tak ze jsem ted jeste chvilku bez, i proto jsem prekvapen, ze se to nezrychlilo.

V minulosti jsem delal na tomhle ntb cistou preinstalaci a system byl rychly, po vsech aktualizacich se opet zbrzdil a to jsem mel nainstalovany pouze system, nic jineho. To je proste realita od windows.

V nouzaku to ted nabiha opravdu vyrazne rychleji, na druhou stranu se ted nacita vic reklam, tak ze ten start musi byt o 100% rychlejsi. Jenze v dnesni dobe jit bez ad-blocku na net, uz neni moc komfortni. Pres vsechna ta vyskakovaci okna, flashe, scripty se clovek nedostane ani k obsahu.

Office zkusim downgradovat na nizssi 2007 verzi, ta behala rychleji.

No pokud to blblo hned po preinstalaci, asi s tim moc nenadelame.

Zkuste jeste treba prohlizec komplet odinstalovat, vycistit CCleanerem a znovu prohlizec nainstalovat. Tim by se mel zbavit vsech doplnku. Dejte tam jen ty nejnutnejsi. Treba se to aspon trosku zlepsi.



21.6. http://forum.viry.cz/viewtopic.php?f=12&t=123975