Prosím o kontrolu logu - náhlé restarty a vypínání notebooku

Zpráva

Salat23 · #1 Příspěvek od **Salat23** » 20 říj 2014 10:13

Zdravím, před pár dny se notebook začal samovolně a opakovaně restartovat nebo úplně vypínat. Vkládám log z RSIT a předem moc děkuji za pomoc.

Kód: Vybrat vše

Logfile of random's system information tool 1.10 (written by random/random)
Run by Salat at 2014-10-20 11:07:32
Microsoft Windows 7 Ultimate  Service Pack 1
System drive C: has 1 GB (1%) free of 153 GB
Total RAM: 2046 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:07:40, on 20.10.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16798)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\TightVNC\tvnserver.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHAE.EXE
C:\Windows\System32\rundll32.exe
C:\Users\Salat\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Downloads\RSIT.exe
C:\Program Files\trend micro\Salat.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [tvncontrol] "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [EPSONE7E783 (Epson Stylus SX430)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHAE.EXE /FU "C:\Users\Salat\AppData\Local\Temp\E_S9B0E.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [tsiVideo] rundll32.exe C:\Users\Salat\AppData\Local\Temp\\mdi164.dll,asdasd
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: Dropbox.lnk = Salat\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs:  
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: PDF Architect Helper Service - pdfforge GmbH - C:\Program Files\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GmbH - C:\Program Files\PDF Architect\ConversionService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - C:\Program Files\TightVNC\tvnserver.exe

--
End of file - 6302 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe  /c 
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe  /ua /installsource scheduler 

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}]
PDF Architect Helper - C:\Program Files\PDF Architect\PDFIEHelper.dll [2013-04-08 92208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-09-26 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-01-16 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-09-26 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{25A3A431-30BB-47C8-AD6A-E1063801134F} - PDF Architect Toolbar - C:\Program Files\PDF Architect\PDFIEPlugin.dll [2013-04-08 654384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21 959176]
"KiesTrayAgent"=C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [2014-02-14 311616]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-09-27 59240]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2011-10-24 421888]
"tvncontrol"=C:\Program Files\TightVNC\tvnserver.exe [2013-07-19 1690096]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-09-26 271744]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2013-10-28 3675352]
"KiesPreload"=C:\Program Files\Samsung\Kies\Kies.exe [2014-02-14 1564992]
"KiesAirMessage"=C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup []
"EPSONE7E783 (Epson Stylus SX430)"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHAE.EXE [2011-01-20 212480]
"tsiVideo"=C:\Users\Salat\AppData\Local\Temp\\mdi164.dll [2014-09-29 1289728]

C:\Users\Salat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Salat\AppData\Roaming\Dropbox\bin\Dropbox.exe
Launchy.lnk - C:\Program Files\Launchy\Launchy.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 2 months======

2014-10-20 11:07:32 ----D---- C:\rsit
2014-10-20 11:07:32 ----D---- C:\Program Files\trend micro
2014-10-15 10:23:01 ----D---- C:\Program Files\Common Files\Java
2014-10-15 10:22:55 ----A---- C:\Windows\system32\javaws.exe
2014-10-15 10:22:47 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
2014-10-15 10:22:47 ----A---- C:\Windows\system32\javaw.exe
2014-10-15 10:22:47 ----A---- C:\Windows\system32\java.exe
2014-09-29 08:23:58 ----D---- C:\Program Files\SysInfoTools PDF Image Extractor Demo v2.0
2014-09-29 08:20:11 ----D---- C:\Program Files\Repair File
2014-08-28 23:19:05 ----D---- C:\Program Files\CurlingWorks
2014-08-28 23:18:18 ----A---- C:\Windows\system32\D3DX9_37.dll
2014-08-22 09:30:03 ----A---- C:\Windows\system32\wups2.dll
2014-08-22 09:30:03 ----A---- C:\Windows\system32\wucltux.dll
2014-08-22 09:30:03 ----A---- C:\Windows\system32\wuaueng.dll
2014-08-22 09:30:03 ----A---- C:\Windows\system32\wuauclt.exe
2014-08-22 09:29:54 ----A---- C:\Windows\system32\wups.dll
2014-08-22 09:29:54 ----A---- C:\Windows\system32\wudriver.dll
2014-08-22 09:29:54 ----A---- C:\Windows\system32\wuapi.dll
2014-08-22 09:29:22 ----A---- C:\Windows\system32\wuwebv.dll
2014-08-22 09:29:22 ----A---- C:\Windows\system32\wuapp.exe

======List of files/folders modified in the last 2 months======

2014-10-20 11:07:33 ----D---- C:\Windows\Temp
2014-10-20 11:07:32 ----RD---- C:\Program Files
2014-10-20 11:05:52 ----D---- C:\Downloads
2014-10-20 11:04:15 ----D---- C:\Windows\Prefetch
2014-10-20 11:04:13 ----RD---- C:\Dropbox
2014-10-20 11:04:08 ----D---- C:\Users\Salat\AppData\Roaming\Dropbox
2014-10-19 18:29:43 ----D---- C:\Windows\system32\config
2014-10-16 23:40:57 ----D---- C:\Users\Salat\AppData\Roaming\vlc
2014-10-16 16:25:48 ----D---- C:\Windows\System32
2014-10-16 16:25:48 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-10-16 16:25:47 ----D---- C:\Windows\inf
2014-10-16 08:43:08 ----D---- C:\Users\Salat\AppData\Roaming\Azureus
2014-10-15 10:24:22 ----D---- C:\ProgramData\Oracle
2014-10-15 10:23:01 ----SHD---- C:\Windows\Installer
2014-10-15 10:23:01 ----D---- C:\Program Files\Common Files
2014-10-15 10:22:47 ----D---- C:\Program Files\Java
2014-10-15 10:21:43 ----SHD---- C:\System Volume Information
2014-10-01 09:26:01 ----D---- C:\CERGE
2014-09-30 17:24:49 ----D---- C:\Program Files\Vuze
2014-09-27 06:53:30 ----D---- C:\!tisk
2014-09-26 18:17:53 ----D---- C:\Other
2014-09-24 22:26:00 ----D---- C:\Users\Salat\AppData\Roaming\Skype
2014-09-15 09:28:35 ----D---- C:\CAAF
2014-09-11 10:54:28 ----D---- C:\ProgramData\Microsoft Help
2014-09-07 18:09:21 ----D---- C:\Windows\rescache
2014-09-07 18:08:24 ----D---- C:\Windows\system32\catroot2
2014-09-04 11:57:15 ----D---- C:\Windows\winsxs
2014-09-04 11:56:51 ----D---- C:\Windows\system32\en-US
2014-08-28 23:17:56 ----D---- C:\Windows\Logs
2014-08-22 09:30:16 ----D---- C:\Windows\system32\catroot

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2014-02-26 243128]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-18 4994560]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
R3 csr_a2dp;Bluetooth AV Profile; C:\Windows\system32\drivers\bthav.sys [2009-12-21 61952]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-14 4231168]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-07-14 139776]
R3 WSDPrintDevice;WSD Print Support via UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R3 WSDScan;WSD Scan Support via UMB; C:\Windows\system32\drivers\WSDScan.sys [2009-07-14 20480]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2013-12-26 88632]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;SAMSUNG Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-09-12 64704]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-18 176128]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 PDF Architect Helper Service;PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [2013-04-08 1320496]
R2 PDF Architect Service;PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [2013-04-08 799280]
R2 tvnserver;TightVNC Server; C:\Program Files\TightVNC\tvnserver.exe [2013-07-19 1690096]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-26 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-26 116648]
S3 ose;Office  Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-02-28 1343400]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 20 říj 2014 17:10

Zdravím!
Jak je na tom váš oper. systém s legalitou?

Salat23 · #3 Příspěvek od **Salat23** » 20 říj 2014 17:29

Pěkný večer, s legalitou op. systému jsem dosud nikdy neměl žádné problémy.

#4 Příspěvek od **Rudy** » 20 říj 2014 17:31

Zkusíme tento postup:

Stáhněte a spusťte OTL: http://oldtimer.geekstogo.com/OTL.exe . Spusťte, zaškrněte "Pro všechny uživatele", Kontrola na havěť LOP" a Kontrola na hvěť PURITY" a do dolního bílého okna zkopírujte:

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*loader* /s

a klikněte na >Prohledat<. Dejte oba logy.

Salat23 · #5 Příspěvek od **Salat23** » 21 říj 2014 12:41

Posílám oba logy.

Soubor OTL.txt:

Kód: Vybrat vše

OTL logfile created on: 21.10.2014 13:10:05 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16798)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
 
2.00 Gb Total Physical Memory | 0.70 Gb Available Physical Memory | 35.19% Memory free
4.00 Gb Paging File | 2.39 Gb Available in Paging File | 59.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 24.46 Gb Free Space | 16.41% Space Free | Partition Type: NTFS
 
Computer Name: SALAT-PC | User Name: Salat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2014.10.21 12:51:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe
PRC - [2014.09.13 02:52:04 | 036,414,624 | ---- | M] (Dropbox, Inc.) -- C:\Users\Salat\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014.09.12 11:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014.09.04 05:01:19 | 000,852,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014.03.08 21:47:32 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2014.02.26 16:24:25 | 004,046,704 | ---- | M] (Ghisler Software GmbH) -- C:\Programs\Total.Commander.8.50.Final.Portable\App\TotalCommander\TOTALCMD.EXE
PRC - [2014.02.26 16:24:23 | 000,063,717 | ---- | M] (PortableAppZ.blogspot.com) -- C:\Programs\Total.Commander.8.50.Final.Portable\TotalCommanderPortable.exe
PRC - [2014.02.14 22:55:24 | 000,311,616 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2014.02.14 22:55:18 | 001,564,992 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe
PRC - [2013.07.19 12:12:00 | 001,690,096 | ---- | M] (GlavSoft LLC.) -- C:\Program Files\TightVNC\tvnserver.exe
PRC - [2013.04.08 19:44:12 | 001,320,496 | ---- | M] (pdfforge GmbH) -- C:\Program Files\PDF Architect\HelperService.exe
PRC - [2013.04.08 19:43:36 | 000,799,280 | ---- | M] (pdfforge GmbH) -- C:\Program Files\PDF Architect\ConversionService.exe
PRC - [2011.01.20 23:01:00 | 000,212,480 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHAE.EXE
PRC - [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:16:54 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2010.11.10 20:38:40 | 000,380,928 | ---- | M] () -- C:\Program Files\Launchy\Launchy.exe
PRC - [2009.08.18 03:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.08.18 03:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2014.10.21 12:28:10 | 000,043,008 | ---- | M] () -- c:\Users\Salat\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdklv71.dll
MOD - [2014.10.21 12:28:05 | 000,011,264 | ---- | M] () -- C:\Users\Salat\AppData\Local\Temp\nsfDE3F.tmp\System.dll
MOD - [2014.10.21 12:28:05 | 000,008,704 | ---- | M] () -- C:\Users\Salat\AppData\Local\Temp\nsfDE3F.tmp\newadvsplash.dll
MOD - [2014.09.29 08:16:41 | 001,289,728 | ---- | M] () -- C:\Users\Salat\AppData\Local\Temp\mdi164.dll
MOD - [2014.09.13 02:20:58 | 003,610,624 | ---- | M] () -- C:\Users\Salat\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2014.09.04 05:01:18 | 000,331,592 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\37.0.2062.120\ppgooglenaclpluginchrome.dll
MOD - [2014.09.04 05:01:17 | 014,891,848 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll
MOD - [2014.09.04 05:01:16 | 008,577,864 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\37.0.2062.120\pdf.dll
MOD - [2014.09.04 05:01:12 | 001,098,056 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
MOD - [2014.09.04 05:01:10 | 000,174,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\37.0.2062.120\libegl.dll
MOD - [2014.09.04 05:01:09 | 001,660,232 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
MOD - [2014.03.08 23:32:01 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\868ad9d8acc0bf80a973c0e4e9cae4fa\System.Core.ni.dll
MOD - [2014.03.08 23:31:55 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\b34b348a9935338b1282fd0c9309eb1f\System.ServiceProcess.ni.dll
MOD - [2014.03.08 23:31:27 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll
MOD - [2014.03.08 23:31:13 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f703846404bb66a4ae03ef8133755007\PresentationFramework.ni.dll
MOD - [2014.03.08 23:30:43 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014.03.08 23:30:39 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014.03.08 23:30:38 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\660ac5d6da77df8e86fb26f05c6a9816\PresentationCore.ni.dll
MOD - [2014.03.08 23:30:26 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014.03.08 23:30:20 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014.03.08 23:30:13 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014.02.14 22:54:00 | 014,959,616 | ---- | M] () -- C:\Program Files\Samsung\Kies\Theme\Kies.Theme.dll
MOD - [2014.02.14 22:53:46 | 000,594,944 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.UI.dll
MOD - [2014.02.14 22:53:44 | 000,036,864 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll
MOD - [2014.02.14 22:53:22 | 000,023,040 | ---- | M] () -- C:\Program Files\Samsung\Kies\MVVM\Kies.MVVM.dll
MOD - [2014.01.23 19:23:26 | 000,057,856 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\MediaModules\ASF_cSharpAPI.dll
MOD - [2013.08.23 21:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Salat\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2010.11.10 20:39:08 | 000,090,112 | ---- | M] () -- C:\Program Files\Launchy\plugins\controly.dll
MOD - [2010.11.10 20:39:00 | 000,081,920 | ---- | M] () -- C:\Program Files\Launchy\plugins\calcy.dll
MOD - [2010.11.10 20:38:52 | 000,024,064 | ---- | M] () -- C:\Program Files\Launchy\plugins\gcalc.dll
MOD - [2010.11.10 20:38:40 | 000,380,928 | ---- | M] () -- C:\Program Files\Launchy\Launchy.exe
MOD - [2010.11.10 20:38:40 | 000,094,208 | ---- | M] () -- C:\Program Files\Launchy\plugins\runner.dll
MOD - [2010.11.10 20:38:24 | 000,122,880 | ---- | M] () -- C:\Program Files\Launchy\plugins\weby.dll
MOD - [2010.11.10 20:38:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launchy\plugins\verby.dll
MOD - [2009.12.17 01:18:48 | 000,233,472 | ---- | M] () -- C:\Program Files\Launchy\imageformats\qmng4.dll
MOD - [2009.12.16 23:13:02 | 008,314,880 | ---- | M] () -- C:\Program Files\Launchy\QtGui4.dll
MOD - [2009.12.16 22:56:22 | 000,712,704 | ---- | M] () -- C:\Program Files\Launchy\QtNetwork4.dll
MOD - [2009.12.16 22:54:46 | 002,236,416 | ---- | M] () -- C:\Program Files\Launchy\QtCore4.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV - [2014.09.12 11:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014.02.28 10:02:37 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013.10.23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.07.19 12:12:00 | 001,690,096 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files\TightVNC\tvnserver.exe -- (tvnserver)
SRV - [2013.05.27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013.04.08 19:44:12 | 001,320,496 | ---- | M] (pdfforge GmbH) [Auto | Running] -- C:\Program Files\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2013.04.08 19:43:36 | 000,799,280 | ---- | M] (pdfforge GmbH) [Auto | Running] -- C:\Program Files\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2009.08.18 03:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - [2014.02.26 16:31:01 | 000,243,128 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2013.12.26 07:41:40 | 000,088,632 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.12.21 14:14:26 | 000,061,952 | ---- | M] (CSR, plc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bthav.sys -- (csr_a2dp)
DRV - [2009.08.18 04:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009.07.14 02:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-656602294-3190959332-3131133285-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-656602294-3190959332-3131133285-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-656602294-3190959332-3131133285-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=2.2.2-next: C:\Users\Salat\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files\PDF Architect\FFPDFArchitectExt [2014.02.26 16:42:36 | 000,000,000 | ---D | M]
 
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpckgflgdapkpabemgkielbefdildaio\1.1.36_0\
CHR - Extension: No name found = C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files\TightVNC\tvnserver.exe (GlavSoft LLC.)
O4 - HKU\S-1-5-21-656602294-3190959332-3131133285-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-656602294-3190959332-3131133285-1000..\Run: [EPSONE7E783 (Epson Stylus SX430)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIHAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-656602294-3190959332-3131133285-1000..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKU\S-1-5-21-656602294-3190959332-3131133285-1000..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-656602294-3190959332-3131133285-1000..\Run: [tsiVideo] C:\Users\Salat\AppData\Local\Temp\mdi164.dll ()
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Salat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Salat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Salat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk = C:\Program Files\Launchy\Launchy.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.15.20.199 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29EA335D-ACB8-4CF3-B78E-3E94981A759C}: DhcpNameServer = 10.15.20.199 8.8.8.8
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2014.10.20 11:07:32 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014.10.20 11:07:32 | 000,000,000 | ---D | C] -- C:\rsit
[2014.10.15 10:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014.10.15 10:22:55 | 000,272,808 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2014.10.15 10:22:47 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2014.10.15 10:22:47 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2014.10.15 10:22:47 | 000,096,680 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2014.10.15 10:22:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014.09.29 08:23:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SysInfoTools PDF Image Extractor Demo v2.0
[2014.09.29 08:23:58 | 000,000,000 | ---D | C] -- C:\Program Files\SysInfoTools PDF Image Extractor Demo v2.0
[2014.09.29 08:20:11 | 000,000,000 | ---D | C] -- C:\Program Files\Repair File
[2014.09.29 08:20:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Repair
[2014.09.29 08:19:49 | 001,073,608 | ---- | C] (File Repair                                                 ) -- C:\Users\Salat\Desktop\file-repair-setup_2.1.2.exe
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2014.10.21 13:12:47 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014.10.21 13:03:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.10.21 12:27:39 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.10.21 12:27:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.10.21 12:27:17 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys
[2014.10.21 11:19:35 | 000,010,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.10.21 11:19:35 | 000,010,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.10.21 10:31:28 | 000,653,724 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014.10.21 10:31:28 | 000,121,596 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014.09.29 08:20:11 | 000,001,153 | ---- | M] () -- C:\Users\Salat\Desktop\File Repair.lnk
[2014.09.29 08:20:00 | 001,073,608 | ---- | M] (File Repair                                                 ) -- C:\Users\Salat\Desktop\file-repair-setup_2.1.2.exe
[2014.09.26 18:42:26 | 000,096,680 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2014.09.26 18:36:21 | 000,272,808 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2014.09.26 18:36:17 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2014.09.26 18:35:34 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2014.09.23 22:41:03 | 000,001,049 | ---- | M] () -- C:\Users\Salat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014.09.23 22:40:41 | 000,001,017 | ---- | M] () -- C:\Users\Salat\Desktop\Dropbox.lnk
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2014.10.21 13:12:47 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014.09.29 08:20:11 | 000,001,153 | ---- | C] () -- C:\Users\Salat\Desktop\File Repair.lnk
[2014.04.25 10:57:03 | 000,000,600 | ---- | C] () -- C:\Users\Salat\AppData\Roaming\winscp.rnd
[2014.03.05 10:01:50 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2014.03.05 10:00:09 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2014.02.26 11:07:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2014.01.23 19:31:12 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2014.01.23 19:31:08 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2014.01.23 19:31:08 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2014.01.23 19:31:08 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2014.01.23 19:31:08 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2014.03.24 23:04:48 | 000,000,000 | ---D | M] -- C:\Users\Salat\AppData\Roaming\.ACEStream
[2014.05.29 16:06:03 | 000,000,000 | ---D | M] -- C:\Users\Salat\AppData\Roaming\ACD Systems
[2014.03.24 22:16:04 | 000,000,000 | ---D | M] -- C:\Users\Salat\AppData\Roaming\ACEStream
[2014.10.16 08:43:08 | 000,000,000 | ---D | M] -- C:\Users\Salat\AppData\Roaming\Azureus
[2014.06.18 11:14:21 | 000,000,000 | ---D | M] -- C:\Users\Salat\AppData\Roaming\BSW
[2014.07.25 11:54:13 | 000,000,000 | ---D | M] -- C:\Users\Salat\AppData\Roaming\calibre
[2014.02.26 16:33:14 | 000,000,000 | ---D | M] -- C:\Users\Salat\AppData\Roaming\DAEMON Tools Lite
[2014.10.21 12:28:18 | 000,000,000 | ---D | M] -- C:\Users\Salat\AppData\Roaming\Dropbox
[2014.04.08 09:43:19 | 000,000,000 | ---D | M] -- C:\Users\Salat\AppData\Roaming\EPSON
[2014.03.06 09:58:13 | 000,000,000 | ---D | M] -- C:\Users\Salat\AppData\Roaming\FlashFXP
[2014.07.10 20:53:17 | 000,000,000 | ---D | M] -- C:\Users\Salat\AppData\Roaming\Launchy
[2014.02.26 16:49:29 | 000,000,000 | ---D | M] -- C:\Users\Salat\AppData\Roaming\PDF Architect
[2014.07.21 16:26:13 | 000,000,000 | ---D | M] -- C:\Users\Salat\AppData\Roaming\pdfforge
[2014.02.26 18:43:37 | 000,000,000 | ---D | M] -- C:\Users\Salat\AppData\Roaming\Samsung
[2014.06.20 18:18:48 | 000,000,000 | ---D | M] -- C:\Users\Salat\AppData\Roaming\StatCrew
[2014.06.20 18:20:26 | 000,000,000 | ---D | M] -- C:\Users\Salat\AppData\Roaming\StatCrewCloudConnector
[2014.04.06 19:11:05 | 000,000,000 | ---D | M] -- C:\Users\Salat\AppData\Roaming\texstudio
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
[color=#A23BEC]<  >[/color]
[2009.07.14 06:53:46 | 000,014,638 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2014.02.26 11:18:23 | 000,000,880 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2014.02.26 11:18:24 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
 
[color=#A23BEC]<  >[/color]
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_a5025d31bee4647c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_df26d4d57fdef5b0\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_dfc9143c98e9a6c4\atapi.sys
 
[color=#A23BEC]< MD5 for: AUTOCHK.EXE  >[/color]
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2010.11.20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe
[2010.11.20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe
 
[color=#A23BEC]< MD5 for: CDROM.SYS  >[/color]
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
[2010.11.20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010.11.20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010.11.20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
[color=#A23BEC]< MD5 for: HAL.DLL  >[/color]
[2010.11.20 14:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\System32\hal.dll
[2010.11.20 14:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll
[2009.07.14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll
 
[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
[color=#A23BEC]< MD5 for: SERVICES.EXE  >[/color]
[2009.07.14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009.07.14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
 
[color=#A23BEC]< MD5 for: SVCHOST.EXE  >[/color]
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
 
[color=#A23BEC]< MD5 for: TCPIP.SYS  >[/color]
[2011.04.25 06:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2011.04.25 06:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009.07.14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2013.01.03 07:01:49 | 001,303,912 | ---- | M] (Microsoft Corporation) MD5=34AE5CC0C7417AB701C2AA8A7BC75417 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21415_none_b3c99dece09ecc3b\tcpip.sys
[2010.11.20 14:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2013.01.04 06:56:23 | 001,308,504 | ---- | M] (Microsoft Corporation) MD5=4A95845C5F33A4DDEB6AEF6367FB6520 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_b5becc06ddb98192\tcpip.sys
[2013.07.06 07:05:35 | 001,293,760 | ---- | M] (Microsoft Corporation) MD5=4E8B9BE71B807B3BAEDB7F4243F85E3C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_b52f2f65c4a146e5\tcpip.sys
[2013.07.06 06:57:37 | 001,309,120 | ---- | M] (Microsoft Corporation) MD5=528F7CC60391DD0FAB0344F32F051FDF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_b5721e2eddf328f9\tcpip.sys
[2013.09.07 04:06:48 | 001,309,120 | ---- | M] (Microsoft Corporation) MD5=6C4F3D92764FFA22D28061A4D9235446 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_b58e8eb0ddde6cf1\tcpip.sys
[2011.04.25 08:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2013.01.03 07:05:20 | 001,293,672 | ---- | M] (Microsoft Corporation) MD5=7C0507D2391AF5933600CBCED799F277 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_b502eb9fc4c2a304\tcpip.sys
[2011.04.25 06:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2013.01.04 06:55:21 | 001,287,528 | ---- | M] (Microsoft Corporation) MD5=BBCEAEFF1FD72A026F827CBB2F4AA8AD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.17206_none_b34bcf71c7782cb0\tcpip.sys
[2013.09.08 04:07:12 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=CA59F7C570AF70BC174F477CFE2D9EE3 -- C:\Windows\System32\drivers\tcpip.sys
[2013.09.08 04:07:12 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=CA59F7C570AF70BC174F477CFE2D9EE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_b4fa2013c4c8ebf1\tcpip.sys
[2012.10.03 18:44:01 | 001,308,040 | ---- | M] (Microsoft Corporation) MD5=D490DD0A91B4EAC3B4EE08D11EE37C31 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_b5a428d6ddce3d9a\tcpip.sys
[2013.11.26 13:07:37 | 001,309,632 | ---- | M] (Microsoft Corporation) MD5=DC08335B30D83FB61E9EFE6FDD09D40D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22525_none_b5a530b8ddcd4b8d\tcpip.sys
[2012.10.03 18:58:30 | 001,293,680 | ---- | M] (Microsoft Corporation) MD5=E23A56F843E2AEBBB209D0ACCA73C640 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_b4ef7439c4d0da52\tcpip.sys
 
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
[color=#A23BEC]<  >[/color]
 
[color=#A23BEC]< %systemroot%*.* /U /s >[/color]
[4 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]
 
[color=#A23BEC]< %APPDATA%\*. >[/color]
[2014.03.24 23:04:48 | 000,000,000 | ---D | M] -- C:\Users\Salat\AppData\Roaming\.ACEStream
[2014.05.29 16:06:03 | 000,000,000 | ---D | M] -- C:\Users\Salat\AppData\Roaming\ACD Systems
[2014.03.24 22:16:04 | 000,000,000 | ---D | M] -- C:\Users\Salat\AppData\Roaming\ACEStream
[2014.06.20 18:18:02 | 000,000,000 | ---D | M] -- C:\Users\Salat\AppData\Roaming\Adobe
[2014.05.03 10:11:47 | 000,000,000 | ---D | M] -- C:\Users\Salat\AppData\Roaming\Apple Computer
[2014.10.16 08:43:08 | 000,000,000 | ---D | M] -- C:\Users\Salat\AppData\Roaming\Azureus
[2014.06.18 11:14:21 | 000,000,000 | ---D | M] -- C:\Users\Salat\AppData\Roaming\BSW
[2014.07.25 11:54:13 | 000,000,000 | ---D | M] -- C:\Users\Salat\AppData\Roaming\calibre
[2014.02.26 16:33:14 | 000,000,000 | ---D | M] -- C:\Users\Salat\AppData\Roaming\DAEMON Tools Lite
[2014.10.21 12:28:18 | 000,000,000 | ---D | M] -- C:\Users\Salat\AppData\Roaming\Dropbox
[2014.04.08 09:43:19 | 000,000,000 | ---D | M] -- C:\Users\Salat\AppData\Roaming\EPSON
[2014.03.06 09:58:13 | 000,000,000 | ---D | M] -- C:\Users\Salat\AppData\Roaming\FlashFXP
[2014.02.26 11:14:50 | 000,000,000 | ---D | M] -- C:\Users\Salat\AppData\Roaming\Identities
[2014.07.10 20:53:17 | 000,000,000 | ---D | M] -- C:\Users\Salat\AppData\Roaming\Launchy
[2014.06.03 16:41:51 | 000,000,000 | ---D | M] -- C:\Users\Salat\AppData\Roaming\Macromedia
[2009.07.14 09:48:45 | 000,000,000 | ---D | M] -- C:\Users\Salat\AppData\Roaming\Media Center Programs
[2014.06.17 12:04:27 | 000,000,000 | --SD | M] -- C:\Users\Salat\AppData\Roaming\Microsoft
[2014.02.27 19:57:55 | 000,000,000 | ---D | M] -- C:\Users\Salat\AppData\Roaming\MiKTeX
[2014.02.26 16:49:29 | 000,000,000 | ---D | M] -- C:\Users\Salat\AppData\Roaming\PDF Architect
[2014.07.21 16:26:13 | 000,000,000 | ---D | M] -- C:\Users\Salat\AppData\Roaming\pdfforge
[2014.02.26 18:43:37 | 000,000,000 | ---D | M] -- C:\Users\Salat\AppData\Roaming\Samsung
[2014.09.24 22:26:00 | 000,000,000 | ---D | M] -- C:\Users\Salat\AppData\Roaming\Skype
[2014.06.20 18:18:48 | 000,000,000 | ---D | M] -- C:\Users\Salat\AppData\Roaming\StatCrew
[2014.06.20 18:20:26 | 000,000,000 | ---D | M] -- C:\Users\Salat\AppData\Roaming\StatCrewCloudConnector
[2014.04.06 19:11:05 | 000,000,000 | ---D | M] -- C:\Users\Salat\AppData\Roaming\texstudio
[2014.10.16 23:40:57 | 000,000,000 | ---D | M] -- C:\Users\Salat\AppData\Roaming\vlc
 
[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2014.03.24 22:13:53 | 000,151,609 | ---- | M] () -- C:\Users\Salat\AppData\Roaming\ACEStream\Uninstall.exe
[2014.03.18 13:36:38 | 000,027,904 | ---- | M] () -- C:\Users\Salat\AppData\Roaming\ACEStream\engine\ace_engine.exe
[2014.03.18 13:36:40 | 000,027,904 | ---- | M] () -- C:\Users\Salat\AppData\Roaming\ACEStream\engine\ace_stream.exe
[2014.03.18 14:07:16 | 000,121,464 | ---- | M] (Innovative Digital Technologies) -- C:\Users\Salat\AppData\Roaming\ACEStream\player\ace_player.exe
[2013.07.12 18:43:02 | 000,121,976 | ---- | M] (Innovative Digital Technologies) -- C:\Users\Salat\AppData\Roaming\ACEStream\player\vlc-cache-gen.exe
[2013.10.14 18:25:50 | 000,026,744 | ---- | M] () -- C:\Users\Salat\AppData\Roaming\ACEStream\updater\ace_plugin.exe
[2013.03.29 13:18:06 | 000,026,744 | ---- | M] () -- C:\Users\Salat\AppData\Roaming\ACEStream\updater\ace_update.exe
[2014.07.29 12:53:58 | 001,144,648 | ---- | M] () -- C:\Users\Salat\AppData\Roaming\Azureus\plugins\aznettor\AzureusTor.exe
[2014.03.08 21:55:40 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Salat\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
[2014.09.13 02:52:04 | 036,414,624 | ---- | M] (Dropbox, Inc.) -- C:\Users\Salat\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2014.09.13 02:55:10 | 000,262,160 | ---- | M] (Dropbox, Inc.) -- C:\Users\Salat\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
[2014.09.13 02:52:08 | 000,225,256 | ---- | M] (Dropbox, Inc.) -- C:\Users\Salat\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2014.06.20 18:17:46 | 000,054,432 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Salat\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\Tasks\*.job >[/color]
[2014.10.21 12:27:39 | 000,000,880 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2014.10.21 13:03:04 | 000,000,884 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /3 >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.* /3 >[/color]
[2014.10.21 11:19:35 | 000,010,416 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.10.21 11:19:35 | 000,010,416 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.10.21 10:31:28 | 000,121,596 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2014.10.21 10:31:28 | 000,653,724 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2014.10.21 10:31:28 | 000,781,298 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
[color=#A23BEC]<  >[/color]
 
[color=#A23BEC]< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >[/color]
"DAEMON Tools Lite" = "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun -- [2013.10.28 10:29:38 | 003,675,352 | ---- | M] (Disc Soft Ltd)
"KiesPreload" = C:\Program Files\Samsung\Kies\Kies.exe /preload -- [2014.02.14 22:55:18 | 001,564,992 | ---- | M] (Samsung)
"KiesAirMessage" = C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
"EPSONE7E783 (Epson Stylus SX430)" = C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHAE.EXE /FU "C:\Users\Salat\AppData\Local\Temp\E_S9B0E.tmp" /EF "HKCU" -- [2011.01.20 23:01:00 | 000,212,480 | ---- | M] (SEIKO EPSON CORPORATION)
"tsiVideo" = rundll32.exe C:\Users\Salat\AppData\Local\Temp\\mdi164.dll,asdasd -- [2009.07.14 03:14:31 | 000,044,544 | ---- | M] (Microsoft Corporation)
 
[color=#A23BEC]<  >[/color]
 
[color=#A23BEC]< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >[/color]
 
[color=#A23BEC]< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >[/color]
[2014.03.08 21:48:21 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=B04EE6BFF70C11D478680BB74E1D33AB -- C:\Program Files\Internet Explorer\iexplore.exe
 
[color=#A23BEC]< %PROGRAMFILES%\Opera\opera.exe /md5 >[/color]
 
[color=#A23BEC]< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >[/color]
[2014.09.04 05:01:19 | 000,852,808 | ---- | M] (Google Inc.) MD5=AC08A03D7E579E2903925736E7AB48F2 -- C:\Program Files\Google\Chrome\Application\chrome.exe
 
[color=#A23BEC]<  >[/color]
 
[color=#A23BEC]< %SystemDrive%\PhysicalMBR.bin /md5 >[/color]
[2014.10.21 13:12:47 | 000,000,512 | ---- | M] () MD5=BB1F7B0332B08F4F2FD5D95B24274FB1 -- C:\PhysicalMBR.bin
 
[color=#A23BEC]<  >[/color]
 
[color=#A23BEC]< *crack* /s >[/color]
[2014.01.17 13:59:13 | 000,634,529 | ---- | M] () -- \CAAF\Piskani\14-Info\2013-CFO-Rules-Change_BBW_Clarification_Crackback.pdf
[2013.10.03 09:47:34 | 000,634,529 | ---- | M] () -- \CAAF\Piskani\14-Info\Clarification BBW Crackback.pdf
[2014.03.06 12:55:42 | 000,000,127 | ---- | M] () -- \Program Files\R\R-3.0.3\library\survival\tests\data.cracks
 
[color=#A23BEC]< *keygen* /s >[/color]
[2013.10.13 21:00:56 | 000,004,719 | ---- | M] () -- \Program Files\eBookConverter\Kindle Converter\Lib\bnkeygen.py
[2013.10.13 21:02:36 | 000,005,918 | ---- | M] () -- \Program Files\eBookConverter\Kindle Converter\Lib\bnkeygen.pyc
[2011.12.06 13:59:30 | 000,109,056 | ---- | M] () -- \Program Files\RStudio\bin\msys_ssh\ssh-keygen.exe
[2010.04.10 05:33:46 | 000,077,824 | ---- | M] () -- \Users\Salat\AppData\Local\Temp\7ZipSfx.001\Pack\Keygen\Keygen.exe
 
[color=#A23BEC]< *loader* /s >[/color]
[2011.06.22 15:52:00 | 000,002,545 | ---- | M] () -- \CAAF\Web\Kody\caaf\_SitePublic\images\prettyPhoto\dark_rounded\loader.gif
[2011.06.22 15:52:00 | 000,002,545 | ---- | M] () -- \CAAF\Web\Kody\caaf\_SitePublic\images\prettyPhoto\dark_square\loader.gif
[2011.06.22 15:52:00 | 000,006,331 | ---- | M] () -- \CAAF\Web\Kody\caaf\_SitePublic\images\prettyPhoto\default\loader.gif
[2011.06.22 15:51:58 | 000,002,545 | ---- | M] () -- \CAAF\Web\Kody\caaf\_SitePublic\images\prettyPhoto\facebook\loader.gif
[2011.06.22 15:52:00 | 000,002,545 | ---- | M] () -- \CAAF\Web\Kody\caaf\_SitePublic\images\prettyPhoto\light_rounded\loader.gif
[2011.06.22 15:52:00 | 000,002,545 | ---- | M] () -- \CAAF\Web\Kody\caaf\_SitePublic\images\prettyPhoto\light_square\loader.gif
[2011.06.22 15:52:00 | 000,002,545 | ---- | M] () -- \CAAF\Web\web_pred_presunem\_SitePublic\images\prettyPhoto\dark_rounded\loader.gif
[2011.06.22 15:52:00 | 000,002,545 | ---- | M] () -- \CAAF\Web\web_pred_presunem\_SitePublic\images\prettyPhoto\dark_square\loader.gif
[2011.06.22 15:52:00 | 000,006,331 | ---- | M] () -- \CAAF\Web\web_pred_presunem\_SitePublic\images\prettyPhoto\default\loader.gif
[2011.06.22 15:51:58 | 000,002,545 | ---- | M] () -- \CAAF\Web\web_pred_presunem\_SitePublic\images\prettyPhoto\facebook\loader.gif
[2011.06.22 15:52:00 | 000,002,545 | ---- | M] () -- \CAAF\Web\web_pred_presunem\_SitePublic\images\prettyPhoto\light_rounded\loader.gif
[2011.06.22 15:52:00 | 000,002,545 | ---- | M] () -- \CAAF\Web\web_pred_presunem\_SitePublic\images\prettyPhoto\light_square\loader.gif
[2014.09.29 08:18:59 | 000,367,440 | ---- | M] () -- \Downloads\SoftonicDownloader_for_file-repair.exe
[1 \Downloads\*.tmp files -> \Downloads\*.tmp -> ]
[2011.06.09 15:41:18 | 000,002,054 | ---- | M] () -- \Other\instalacni_baliky\SAS\SAS Software Depot\products\cfgwizard__94170__prt__xx__sp0__1\Utilities\AppServer\Source\Groovy\com\sas\appserver\template\VelocityUnicodeFileResourceLoader.groovy
[2010.12.07 17:04:58 | 000,001,347 | ---- | M] () -- \Other\instalacni_baliky\SAS\SAS Software Depot\products\cfgwizard__94170__prt__xx__sp0__1\Utilities\webappsrv\groovy\src\com\sas\config\DirectoryResourceLoader.groovy
[2010.12.07 17:06:20 | 000,000,500 | ---- | M] () -- \Other\instalacni_baliky\SAS\SAS Software Depot\products\cfgwizard__94170__prt__xx__sp0__1\Utilities\webappsrv\groovy\src\com\sas\config\ResourceLoader.groovy
[2010.12.07 17:06:36 | 000,000,433 | ---- | M] () -- \Other\instalacni_baliky\SAS\SAS Software Depot\products\cfgwizard__94170__prt__xx__sp0__1\Utilities\webappsrv\groovy\src\com\sas\config\ResourceLoaderFilter.groovy
[2011.02.24 13:02:30 | 000,002,125 | ---- | M] () -- \Other\instalacni_baliky\SAS\SAS Software Depot\products\cfgwizard__94170__prt__xx__sp0__1\Utilities\webappsrv\groovy\src\com\sas\config\VelocityUnicodeFileResourceLoader.groovy
[2013.07.29 23:35:30 | 000,000,749 | ---- | M] () -- \Other\instalacni_baliky\SAS\SAS Software Depot\products\cfgwizard__94170__prt__xx__sp0__1\Utilities\webappsrv\groovy\src\com\sas\config\jboss\MCFClassLoader.groovy
[2010.12.03 14:50:34 | 000,000,857 | ---- | M] () -- \Other\instalacni_baliky\SAS\SAS Software Depot\products\cfgwizard__94170__prt__xx__sp0__1\Utilities\webappsrv\groovy\src\com\sas\config\jboss\docparts\JBossDeletedResourceLoaderFilter.groovy
[2010.08.03 13:12:02 | 000,000,873 | ---- | M] () -- \Other\instalacni_baliky\SAS\SAS Software Depot\products\cfgwizard__94170__prt__xx__sp0__1\Utilities\webappsrv\groovy\src\com\sas\config\weblogic\WebLogicDeletedResourceLoaderFilter.groovy
[2010.12.07 17:18:42 | 000,000,887 | ---- | M] () -- \Other\instalacni_baliky\SAS\SAS Software Depot\products\cfgwizard__94170__prt__xx__sp0__1\Utilities\webappsrv\groovy\src\com\sas\config\websphere\docparts\WebSphereDeletedResourceLoaderFilter.groovy
[2014.07.25 00:01:50 | 000,044,032 | R--- | M] () -- \Program Files\Calibre2\DLLs\PyISAPI_loader.dll
[2013.09.26 02:58:28 | 000,044,032 | ---- | M] () -- \Program Files\eBookConverter\Kindle Converter\plugin\DLLs\PyISAPI_loader.dll
[2011.05.21 12:41:00 | 000,379,444 | ---- | M] () -- \Program Files\MiKTeX 2.9\doc\luatex\luatexbase\luatexbase-loader.pdf
[2011.05.21 12:41:00 | 000,000,555 | ---- | M] () -- \Program Files\MiKTeX 2.9\doc\luatex\luatexbase\test-loader-latex.tex
[2011.05.21 12:41:00 | 000,000,548 | ---- | M] () -- \Program Files\MiKTeX 2.9\doc\luatex\luatexbase\test-loader-plain.tex
[2011.05.21 12:41:00 | 000,000,411 | ---- | M] () -- \Program Files\MiKTeX 2.9\doc\luatex\luatexbase\test-loader.lua
[2011.05.21 12:41:00 | 000,000,419 | ---- | M] () -- \Program Files\MiKTeX 2.9\doc\luatex\luatexbase\test-loader.sub.lua
[2012.04.26 17:32:56 | 000,003,848 | ---- | M] () -- \Program Files\MiKTeX 2.9\tex\generic\oberdiek\luatex-loader.sty
[2013.03.23 11:06:51 | 000,002,270 | ---- | M] () -- \Program Files\MiKTeX 2.9\tex\generic\pgfplots\oldpgfcompatib\pgfplotsoldpgfsupp_loader.code.tex
[2011.05.21 12:41:00 | 000,002,580 | ---- | M] () -- \Program Files\MiKTeX 2.9\tex\luatex\luatexbase\luatexbase-loader.sty
[2011.05.21 12:41:00 | 000,002,075 | ---- | M] () -- \Program Files\MiKTeX 2.9\tex\luatex\luatexbase\luatexbase.loader.lua
[2013.03.06 00:02:44 | 000,001,056 | ---- | M] () -- \Program Files\R\R-3.0.3\share\R\nspackloader.R
[2014.02.14 22:54:18 | 000,069,120 | ---- | M] () -- \Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.dll
[2014.04.05 10:20:09 | 000,000,121 | ---- | M] () -- \Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\6DZ8ZUP4\service.cdn.videoplaza.com\com.videoplaza.bootloader.sol
[2014.02.26 16:32:18 | 000,057,728 | ---- | M] () -- \Users\Salat\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\img\dt_dadget_loader.png
[2014.02.26 16:32:18 | 000,057,728 | ---- | M] () -- \Users\Salat\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin1\dt_dadget_loader.png
[2014.02.26 16:32:18 | 000,057,728 | ---- | M] () -- \Users\Salat\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin2\dt_dadget_loader.png
[2014.02.26 16:32:18 | 000,057,728 | ---- | M] () -- \Users\Salat\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin3\dt_dadget_loader.png
[2014.02.26 16:32:18 | 000,057,728 | ---- | M] () -- \Users\Salat\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin4\dt_dadget_loader.png
[2014.02.26 16:32:18 | 000,061,770 | ---- | M] () -- \Users\Salat\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin5\dt_dadget_loader.png
[2014.02.26 16:32:18 | 000,061,770 | ---- | M] () -- \Users\Salat\AppData\Local\Microsoft\Windows Sidebar\Gadgets\DT.gadget\skins\skin6\dt_dadget_loader.png
[2014.02.26 16:50:44 | 000,001,174 | ---- | M] () -- \Users\Salat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3ZDPMLRR\downloader[1].js
[2014.02.26 16:50:44 | 000,000,723 | ---- | M] () -- \Users\Salat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OB6TX69P\downloaderror[1].js
[2014.03.28 17:50:07 | 000,001,381 | ---- | M] () -- \Users\Salat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QS8DJKAH\ImageLoader[1].gif
[2014.03.28 17:50:06 | 000,000,969 | ---- | M] () -- \Users\Salat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QS8DJKAH\ImageLoader[2].gif
[2014.03.28 17:50:06 | 000,002,832 | ---- | M] () -- \Users\Salat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QS8DJKAH\ImageLoader[3].gif
[2014.02.18 18:46:42 | 000,072,638 | ---- | M] () -- \Users\Salat\AppData\Local\Skype\Apps\login\images\loader.gif
[2014.02.18 18:46:42 | 000,003,032 | ---- | M] () -- \Users\Salat\AppData\Local\Skype\Apps\login\images\loader.png
[2014.02.18 18:46:42 | 000,006,012 | ---- | M] () -- \Users\Salat\AppData\Local\Skype\Apps\login\images\normal\loader_15fps.gif
[2014.02.18 18:46:42 | 000,021,956 | ---- | M] () -- \Users\Salat\AppData\Local\Skype\Apps\login\images\normal\loader_30fps.gif
[2014.02.18 18:46:42 | 000,009,772 | ---- | M] () -- \Users\Salat\AppData\Local\Skype\Apps\login\images\retina\loader@2x.png
[2012.02.07 18:37:14 | 000,008,192 | ---- | M] () -- \Users\Salat\AppData\Roaming\ACEStream\engine\lib\_win32sysloader.pyd
[2012.07.23 12:11:20 | 000,000,553 | ---- | M] () -- \Users\Salat\AppData\Roaming\ACEStream\player\skins\fs\default\1024\loader.png
[2012.07.23 12:11:20 | 000,000,686 | ---- | M] () -- \Users\Salat\AppData\Roaming\ACEStream\player\skins\fs\default\1280\loader.png
[2012.07.23 12:11:20 | 000,000,686 | ---- | M] () -- \Users\Salat\AppData\Roaming\ACEStream\player\skins\fs\default\1600\loader.png
[2012.07.23 12:11:22 | 000,001,239 | ---- | M] () -- \Users\Salat\AppData\Roaming\ACEStream\player\skins\fs\default\1920\loader.png
[2012.07.23 12:11:20 | 000,000,453 | ---- | M] () -- \Users\Salat\AppData\Roaming\ACEStream\player\skins\fs\default\800\loader.png
[2012.07.23 12:11:20 | 000,000,477 | ---- | M] () -- \Users\Salat\AppData\Roaming\ACEStream\player\skins\nofs\default\playlist\loader.png
[2012.02.07 18:37:14 | 000,008,192 | ---- | M] () -- \Users\Salat\AppData\Roaming\ACEStream\updater\lib\_win32sysloader.pyd
[2009.04.13 10:06:14 | 000,002,274 | ---- | M] () -- \Users\Salat\AppData\Roaming\BSW\de\brettspielwelt\client\AppLoader$1.class
[2014.06.18 11:08:38 | 000,001,342 | ---- | M] () -- \Users\Salat\AppData\Roaming\BSW\de\brettspielwelt\client\AppLoader$ChangeBoardWorker.class
[2014.06.18 11:08:38 | 000,001,360 | ---- | M] () -- \Users\Salat\AppData\Roaming\BSW\de\brettspielwelt\client\AppLoader$ComponentChange.class
[2014.06.18 11:08:38 | 000,006,540 | ---- | M] () -- \Users\Salat\AppData\Roaming\BSW\de\brettspielwelt\client\AppLoader$PanelChangeWorker.class
[2014.06.18 11:08:38 | 000,001,178 | ---- | M] () -- \Users\Salat\AppData\Roaming\BSW\de\brettspielwelt\client\AppLoader$Worker.class
[2014.06.18 11:08:38 | 000,012,097 | ---- | M] () -- \Users\Salat\AppData\Roaming\BSW\de\brettspielwelt\client\AppLoader.class
[2014.06.18 11:08:36 | 000,010,340 | ---- | M] () -- \Users\Salat\AppData\Roaming\BSW\de\brettspielwelt\client\ClientLoader.class
[2014.06.18 11:08:35 | 000,007,271 | ---- | M] () -- \Users\Salat\AppData\Roaming\BSW\de\brettspielwelt\client\PropFileLoader.class
[2010.01.15 12:54:20 | 000,002,542 | ---- | M] () -- \Users\Salat\AppData\Roaming\BSW\de\brettspielwelt\client\StarterClassLoader.class
[2009.04.13 10:06:14 | 000,000,739 | ---- | M] () -- \Users\Salat\AppData\Roaming\BSW\de\brettspielwelt\client\mod\ClientModLoader.class
[2014.06.18 11:08:36 | 000,002,657 | ---- | M] () -- \Users\Salat\AppData\Roaming\BSW\de\brettspielwelt\client\tools\ToolLoader.class
[2009.04.27 23:10:16 | 000,001,174 | ---- | M] () -- \Users\Salat\AppData\Roaming\BSW\de\brettspielwelt\client\vampire\VampireLoader.class
[2014.09.29 08:19:26 | 000,087,124 | ---- | M] () -- \Windows\Prefetch\SOFTONICDOWNLOADER_FOR_FILE-R-3806215A.pf
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009.07.14 06:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2009.07.14 06:56:40 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009.07.14 06:56:40 | 000,033,344 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winload.exe.mui_3bc5b827
[2009.07.14 06:56:40 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winresume.exe.mui_ff8b5358
[2014.03.06 18:18:17 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2014.03.06 18:18:17 | 000,508,904 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winload.exe_75835076
[2014.03.06 18:18:17 | 000,442,720 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winresume.exe_85cd1215
[2009.07.14 04:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 04:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2009.07.14 04:29:12 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009.07.14 03:47:46 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009.08.19 09:38:48 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2009.08.19 09:21:21 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20509_none_5be12f8ee6d3987e.manifest
[2010.11.20 06:02:40 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2009.07.14 03:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:45:38 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17135_none_0abe3b21dcfb1c4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:56:23 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17179_none_0a96fc99dd17f16b\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 06:43:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17206_none_0adfad15dce1def6\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:48:05 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21335_none_0b47d9d2f618b93c\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:44:10 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21386_none_0b12ca80f6405e48\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 06:39:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21416_none_0b5e7bdaf60797d8\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:40:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_0c845227da39a5ef\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:29:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_0d3906c4f3370937\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:46:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_0d04f7bcf35dc79a\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 06:43:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22209_none_0d52a9aaf32333d8\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 07:53:29 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_0d3fdb3af3327f5f\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.16 16:45:46 | 000,015,791 | R--- | M] () -- \xampp\perl\lib\AutoLoader.pm
[2013.03.12 14:01:48 | 000,025,696 | R--- | M] () -- \xampp\perl\lib\DynaLoader.pm
[2013.03.04 16:16:22 | 000,017,377 | R--- | M] () -- \xampp\perl\lib\SelfLoader.pm
[2013.03.12 14:00:00 | 000,010,589 | R--- | M] () -- \xampp\perl\lib\XSLoader.pm
[2013.03.04 16:16:22 | 000,000,490 | R--- | M] () -- \xampp\perl\lib\Locale\Maketext\GutsLoader.pm
[2005.04.28 01:55:32 | 000,005,746 | R--- | M] () -- \xampp\perl\vendor\lib\Class\Loader.pm
[2001.05.02 04:01:04 | 000,000,648 | R--- | M] () -- \xampp\perl\vendor\lib\Class\LoaderTest.pm
[2012.07.13 19:57:02 | 000,024,325 | R--- | M] () -- \xampp\perl\vendor\lib\YAML\Loader.pm
[2014.07.02 11:26:24 | 000,004,896 | ---- | M] () -- \xampp\php\pear\Crypt\RSA\MathLoader.php
[2014.07.02 11:26:38 | 000,006,565 | ---- | M] () -- \xampp\php\pear\PEAR\Autoloader.php
[2014.07.02 11:26:38 | 000,066,585 | ---- | M] () -- \xampp\php\pear\PEAR\Downloader.php
[2014.07.02 11:27:08 | 000,005,511 | ---- | M] () -- \xampp\php\pear\PHPUnit\Runner\StandardTestSuiteLoader.php
[2014.07.02 11:27:08 | 000,002,806 | ---- | M] () -- \xampp\php\pear\PHPUnit\Runner\TestSuiteLoader.php
[2014.07.02 11:27:08 | 000,003,814 | ---- | M] () -- \xampp\php\pear\PHPUnit\Util\Fileloader.php
[2014.07.02 11:27:10 | 000,004,609 | ---- | M] () -- \xampp\php\pear\PHPUnit2\Runner\StandardTestSuiteLoader.php
[2014.07.02 11:27:10 | 000,003,186 | ---- | M] () -- \xampp\php\pear\PHPUnit2\Runner\TestSuiteLoader.php
[2014.07.02 11:27:10 | 000,003,767 | ---- | M] () -- \xampp\php\pear\PHPUnit2\Util\Fileloader.php
[2014.07.02 11:27:18 | 000,000,334 | ---- | M] () -- \xampp\php\pear\Symfony\Component\Yaml\autoloader.php
[2014.07.02 11:27:58 | 000,000,673 | ---- | M] () -- \xampp\phpMyAdmin\doc\html\_static\ajax-loader.gif
[2014.07.02 11:28:44 | 000,020,714 | ---- | M] () -- \xampp\tomcat\webapps\docs\class-loader-howto.html
[2014.07.02 11:28:46 | 000,016,741 | ---- | M] () -- \xampp\tomcat\webapps\docs\config\loader.html

< End of report >

Soubor Extras.txt:

Kód: Vybrat vše

OTL Extras logfile created on: 21.10.2014 13:10:05 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16798)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
 
2.00 Gb Total Physical Memory | 0.70 Gb Available Physical Memory | 35.19% Memory free
4.00 Gb Paging File | 2.39 Gb Available in Paging File | 59.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 24.46 Gb Free Space | 16.41% Space Free | Partition Type: NTFS
 
Computer Name: SALAT-PC | User Name: Salat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-656602294-3190959332-3131133285-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03A1E67A-BCBB-4378-9006-2C36BC1E155A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{0CF0B665-7FB0-4ED4-A73E-66EEF354694E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{0EEC3416-FAA4-45D5-8C06-AE4C4CD7D471}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{10B78071-3A08-4FE1-9884-9561292C113E}" = rport=137 | protocol=17 | dir=out | app=system | 
"{1395EC0A-24CF-4E5C-90B7-30CD49C466C9}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{14DCB935-9882-4AD1-883B-6755A8744F54}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{19A92864-AD65-42D7-9C1C-17ACE7B3DA2C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{257980BE-1486-4C6F-A3A5-048EFCCC5138}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3545F2C3-EE76-4F7B-8620-3DEBE3ABAABD}" = lport=445 | protocol=6 | dir=in | app=system | 
"{41F0411D-46DD-4548-9F24-DC8DA9E72D0B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{43DD1F5E-F339-4351-89A5-AF9EB6D71CEB}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe | 
"{51AA437C-8592-41E8-AA70-B859787CE91A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{57C1E01D-CCBE-470D-8CD2-94CE6F8E353F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{61DF3632-753E-4C21-8B13-455F48B12595}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{685AEBD6-7B4B-4770-B0B7-CD8E4EF9E651}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6E72F4EE-E32B-4EB8-9347-F26F3BDCC660}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{726DADB0-1F57-40B6-B5EA-6AD8F843BEAB}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | 
"{7D41426F-C94B-4184-98A0-6ABED7840227}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8E9F9D27-C5DB-42FB-A208-209F285815E9}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8F82D86D-8083-4469-A19D-FEC7D33CF679}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{932B3E17-74FD-414E-8F48-25B3B9DC878B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{996B17FB-C0C9-4267-9A25-1F9EE12033A3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{BCDD3A60-E457-4002-BDB5-4654CC994FED}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C72AC171-B9CD-492F-8E58-1930D6F465E0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CE467ECA-20E3-46A5-BB4B-47D4D20C2932}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D150E093-4828-474A-ABEF-862D5663BC3F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D52AFABE-D266-444E-8729-6FB91EE5766E}" = lport=3389 | protocol=6 | dir=in | app=system | 
"{D7CB3885-D487-45BB-9335-6955C2E0D657}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{DB58BF54-9C18-48AA-97FE-FC8D0C0833CE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EA7BEC8F-30D1-493B-8D9F-CF165C64C387}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F18524F0-CA4F-42EA-8EB5-B69291D18F8B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F3D457A8-0097-4AAD-8BB7-540ACFA1D74E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0570E0CE-2CED-47DD-819F-726335BF9E84}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0D62E445-E993-407F-A428-F29730EBE0B8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{18039F62-D9B8-475C-9679-1F77094D90E7}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 
"{1898FA79-C2D6-4E7B-96B1-CD2320715F25}" = protocol=58 | dir=in | app=system | 
"{1BD2CCA7-AE8E-474B-A7DF-A9D29A12F21C}" = protocol=6 | dir=out | app=system | 
"{2CA9092F-4DD9-47B2-ADC5-ED4AF834DF7C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{3CBDAD26-F621-488E-93A3-81BA4708962F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4A438D5E-D2F5-4156-9D74-C2A3C3BA7383}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{71D0BFF2-2D2C-4846-8CA5-0926A760DB30}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 
"{7A5CDDBA-FB76-4B63-A5E1-5555C374F32C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{88E1BD18-8297-4507-AAFB-9B8254073371}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9330369C-A93B-40FA-BB0D-96BA75C76F33}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{939B5DB6-CE45-47DB-92AB-36F9E2B077EA}" = protocol=6 | dir=in | app=c:\users\salat\appdata\roaming\dropbox\bin\dropbox.exe | 
"{95AEA285-9B49-4525-8378-DAB749069B79}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{95CD963F-ECF7-4795-A82E-01044838519A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A0DFCC9F-1747-4864-B826-8A135D9DFC81}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A5A4C315-8C26-40CD-BBC7-9493A51F27AE}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 
"{B188D249-023F-415B-BEDF-BAA658405A9C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B8096970-0B58-4859-98DC-2BC6EF8E41AA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BE5BC517-06E7-49F8-B0F2-4E4CB6C008B2}" = protocol=17 | dir=in | app=c:\users\salat\appdata\roaming\dropbox\bin\dropbox.exe | 
"{C0D64612-5E19-4EED-9C1C-B83A36ECDC97}" = dir=in | app=c:\program files\tightvnc\tvnserver.exe | 
"{C9BCB27B-CCC0-4686-ADAE-834CBCF0476F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CBA45A25-CB99-4ED5-806F-1605EBD9B89B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{CCB7E70A-F492-496C-9908-A47A44E08156}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D56763BA-95C2-49FC-8137-AB93A2B0B78A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DCA1713A-1D47-48E6-B45F-6811E66E7FA1}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 
"{DD991789-F5F6-4946-AB8E-781CCCCE0876}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EB1B65F3-BDEE-4E46-ABD2-787600EC8611}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{04F7A3A4-DAB2-4AF5-B9E1-B01F932BC6A7}C:\users\salat\appdata\local\temp\7zipsfx.000\pack\keygen\keygen.exe" = protocol=6 | dir=in | app=c:\users\salat\appdata\local\temp\7zipsfx.000\pack\keygen\keygen.exe | 
"TCP Query User{1EAFFE07-9668-47EB-B300-FD362E28BE15}C:\users\salat\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\salat\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{42DAF254-AC90-4CB0-86AB-3FA033C27C29}C:\tasftp\tasftp.exe" = protocol=6 | dir=in | app=c:\tasftp\tasftp.exe | 
"TCP Query User{8BDE259C-E748-43B3-808A-274E5F20CAFE}C:\users\salat\appdata\roaming\acestream\engine\ace_engine.exe" = protocol=6 | dir=in | app=c:\users\salat\appdata\roaming\acestream\engine\ace_engine.exe | 
"UDP Query User{0CF857F4-57E0-4077-9C8E-D41B470CFC0B}C:\tasftp\tasftp.exe" = protocol=17 | dir=in | app=c:\tasftp\tasftp.exe | 
"UDP Query User{1EC9AF8F-2536-4B9E-BAF2-41B20F09AEF7}C:\users\salat\appdata\local\temp\7zipsfx.000\pack\keygen\keygen.exe" = protocol=17 | dir=in | app=c:\users\salat\appdata\local\temp\7zipsfx.000\pack\keygen\keygen.exe | 
"UDP Query User{ABB26A88-0526-4013-8112-C5562417DBF5}C:\users\salat\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\salat\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{E721F520-2677-4B30-A0ED-3069FDB771D2}C:\users\salat\appdata\roaming\acestream\engine\ace_engine.exe" = protocol=17 | dir=in | app=c:\users\salat\appdata\roaming\acestream\engine\ace_engine.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03DDB51A-B167-42EC-B91D-06FC3C402F8F}" = Football Scoreboard Pro
"{064A929A-4DE8-40CF-A901-BD40C14E4D25}" = PDF Architect
"{0EAE6A6B-5CC6-4805-AABA-254F73C5DD8A}" = Granite2
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 71
"{3FABD0E8-EEEF-4BB9-BA19-2D73F5D8D3FA}" = calibre
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{77D28FF5-242F-488A-8215-937D6A4D69E0}" = Adobe AIR
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.16
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F53DEF6-45E4-C9A8-AFD9-456CB73B0E1E}" = Stat Crew Cloud Connector
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{9BB43F0D-B6AC-B789-9534-84EA5D8128B1}" = Stat Crew
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.09)
"{C91B24F6-1629-11E2-B696-21676188709B}" = PDF Split And Merge Basic
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D903B276-81AE-4AED-AEF9-45DACFBF16CE}" = TightVNC
"{F3277FC2-73DC-4BA9-91DE-29906F28A8BF}_is1" = SysInfoTools PDF Image Extractor Demo v2.0
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"BSW" = BrettspielWelt
"DAEMON Tools Lite" = DAEMON Tools Lite
"EPSON Scanner" = EPSON Scan
"EPSON SX430 Series" = EPSON SX430 Series Printer Uninstall
"File Repair_is1" = File Repair
"Google Chrome" = Google Chrome
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"kindleConverter" = Kindle Converter
"Launchy_21344213_is1" = Launchy 2.5
"MiKTeX 2.9" = MiKTeX 2.9
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"R for Windows 3.0.3_is1" = R for Windows 3.0.3
"RStudio" = RStudio
"Stat Crew Software - Control Panel" = Stat Crew Software - Control Panel
"StatCrew" = Stat Crew
"StatCrewCloudConnector" = Stat Crew Cloud Connector
"TAS Football Conference Career Stats" = TAS Football Conference Career Stats
"TasComms32" = TasComms32
"TasFtp" = TasFtp
"TeXstudio_is1" = TeXstudio 2.5.2
"VLC media player" = VLC media player 2.1.3
"xampp" = XAMPP
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-656602294-3190959332-3131133285-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AceStream" = Ace Stream Media 2.2.2-next
"Amazon Kindle" = Amazon Kindle
"Dropbox" = Dropbox
 
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 20.10.2014 4:38:32 | Computer Name = Salat-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
 
Error - 20.10.2014 4:43:54 | Computer Name = Salat-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
 
Error - 20.10.2014 4:46:19 | Computer Name = Salat-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
 
Error - 20.10.2014 4:54:07 | Computer Name = Salat-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
 
Error - 20.10.2014 4:56:07 | Computer Name = Salat-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
 
Error - 20.10.2014 5:03:20 | Computer Name = Salat-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
 
Error - 20.10.2014 5:28:52 | Computer Name = Salat-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
 
Error - 20.10.2014 8:17:35 | Computer Name = Salat-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
 
Error - 21.10.2014 4:04:35 | Computer Name = Salat-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
 error code:  0x80070005
 
Error - 21.10.2014 5:04:37 | Computer Name = Salat-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
 error code:  0x80070005
 
Error - 21.10.2014 6:04:36 | Computer Name = Salat-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
 error code:  0x80070005
 
Error - 21.10.2014 6:12:08 | Computer Name = Salat-PC | Source = VSS | ID = 8194
Description = 
 
Error - 21.10.2014 6:27:34 | Computer Name = Salat-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
 
[ System Events ]
Error - 20.10.2014 8:35:01 | Computer Name = Salat-PC | Source = DCOM | ID = 10001
Description = 
 
Error - 20.10.2014 13:21:00 | Computer Name = Salat-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 21.10.2014 2:29:36 | Computer Name = Salat-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{29EA335D-ACB8-4CF3-B78E-3E94981A759C}
 because another computer on the network has the same name.  The server could not
 start.
 
Error - 21.10.2014 2:29:49 | Computer Name = Salat-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 21.10.2014 4:04:35 | Computer Name = Salat-PC | Source = DCOM | ID = 10001
Description = 
 
Error - 21.10.2014 6:11:44 | Computer Name = Salat-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR3.
 
Error - 21.10.2014 6:27:29 | Computer Name = Salat-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:26:05 on ?21.?10.?2014 was unexpected.
 
Error - 21.10.2014 6:27:21 | Computer Name = Salat-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 21.10.2014 6:27:21 | Computer Name = Salat-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 21.10.2014 6:28:34 | Computer Name = Salat-PC | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >

#6 Příspěvek od **Rudy** » 21 říj 2014 17:47

Znovu spustte OTL jako spravce
Do spodniho okna vlozte nasledujici text:

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-656602294-3190959332-3131133285-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE10SR
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
CHR - Extension: No name found = C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpckgflgdapkpabemgkielbefdildaio\1.1.36_0\
CHR - Extension: No name found = C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
O13 - gopher Prefix: missing
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

:files
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Users\Salat\AppData\Roaming\pdfforge
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[Purity]
[CreateRestorePoint]

Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

Salat23 · #7 Příspěvek od **Salat23** » 22 říj 2014 10:06

Posílám log:

Kód: Vybrat vše

All processes killed
========== OTL ==========
Service VGPU stopped successfully!
Service VGPU deleted successfully!
File System32\drivers\rdvgkmd.sys not found.
Service tsusbhub stopped successfully!
Service tsusbhub deleted successfully!
File system32\drivers\tsusbhub.sys not found.
Service Synth3dVsc stopped successfully!
Service Synth3dVsc deleted successfully!
File System32\drivers\synth3dvsc.sys not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-656602294-3190959332-3131133285-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\_platform_specific\x86-32_ folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\_platform_specific folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\_metadata folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\images folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\audio folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0 folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpckgflgdapkpabemgkielbefdildaio\1.1.36_0\_locales\ru folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpckgflgdapkpabemgkielbefdildaio\1.1.36_0\_locales\en_US folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpckgflgdapkpabemgkielbefdildaio\1.1.36_0\_locales folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpckgflgdapkpabemgkielbefdildaio\1.1.36_0\userscripts folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpckgflgdapkpabemgkielbefdildaio\1.1.36_0\lib\ts folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpckgflgdapkpabemgkielbefdildaio\1.1.36_0\lib\jquery folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpckgflgdapkpabemgkielbefdildaio\1.1.36_0\lib\cufon folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpckgflgdapkpabemgkielbefdildaio\1.1.36_0\lib folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpckgflgdapkpabemgkielbefdildaio\1.1.36_0\icons folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpckgflgdapkpabemgkielbefdildaio\1.1.36_0\css folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpckgflgdapkpabemgkielbefdildaio\1.1.36_0 folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_metadata folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_TW folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_CN folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\vi folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\uk folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\tr folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\th folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sv folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sr folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sl folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sk folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ru folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ro folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_PT folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_BR folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pl folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nl folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nb folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lv folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lt folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ko folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ja folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\it folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\id folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hu folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hr folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hi folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fr folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fil folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fi folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\et folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es_419 folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en_GB folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\el folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\de folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\da folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\cs folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ca folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\bg folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\html folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\css folder moved successfully.
C:\Users\Salat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0 folder moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
FastUserSwitchingCompatibility removed from NetSvcs value successfully!
Nla removed from NetSvcs value successfully!
Ntmssvc removed from NetSvcs value successfully!
NWCWorkstation removed from NetSvcs value successfully!
Nwsapagent removed from NetSvcs value successfully!
SRService removed from NetSvcs value successfully!
WmdmPmSp removed from NetSvcs value successfully!
LogonHours removed from NetSvcs value successfully!
PCAudit removed from NetSvcs value successfully!
helpsvc removed from NetSvcs value successfully!
uploadmgr removed from NetSvcs value successfully!
========== FILES ==========
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Users\Salat\AppData\Roaming\pdfforge\Images2PDF folder moved successfully.
C:\Users\Salat\AppData\Roaming\pdfforge folder moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 57311 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Guest
 
User: Public
 
User: Salat
->Temp folder emptied: 4315917239 bytes
->Temporary Internet Files folder emptied: 68592218 bytes
->Java cache emptied: 265454 bytes
->Google Chrome cache emptied: 90653854 bytes
->Flash cache emptied: 60260 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 36086810 bytes
RecycleBin emptied: 211559 bytes
 
Total Files Cleaned = 4 303.00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Guest
 
User: Public
 
User: Salat
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0.00 mb
 
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 10222014_105510

Files\Folders moved on Reboot...
C:\Users\Salat\AppData\Local\Temp\mdi164.dll moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#8 Příspěvek od **Rudy** » 22 říj 2014 17:42

Smazáno. Nastala nějaká změna?

Salat23 · #9 Příspěvek od **Salat23** » 23 říj 2014 14:32

Zdá se mi, že notebook reaguje rychleji, ale náhlé vypínání se stále objevuje

.

#10 Příspěvek od **Rudy** » 23 říj 2014 18:32

Dtáhněte, nainstalujte a spusťte Speedfan: http://www.stahuj.centrum.cz/utility_a_ ... /speedfan/ a během chodu sledujte teploty CPU a GPU. Neměly by trvale překračovat 75°C.

VIRY.CZ

Prosím o kontrolu logu - náhlé restarty a vypínání notebooku

Prosím o kontrolu logu - náhlé restarty a vypínání notebooku

Re: Prosím o kontrolu logu - náhlé restarty a vypínání noteb

Re: Prosím o kontrolu logu - náhlé restarty a vypínání noteb

Re: Prosím o kontrolu logu - náhlé restarty a vypínání noteb

Re: Prosím o kontrolu logu - náhlé restarty a vypínání noteb

Re: Prosím o kontrolu logu - náhlé restarty a vypínání noteb

Re: Prosím o kontrolu logu - náhlé restarty a vypínání noteb

Re: Prosím o kontrolu logu - náhlé restarty a vypínání noteb

Re: Prosím o kontrolu logu - náhlé restarty a vypínání noteb

Re: Prosím o kontrolu logu - náhlé restarty a vypínání noteb