Proím o kontr. logu podivne chovani PC a internetu,prohlížečů.Hlavně Firefox
Pomalé načítaní stranek,zvýšena latence a strata packetů ,
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-12-2014 02
Ran by Vladimir (administrator) on LADA-PC on 12-12-2014 14:24:50
Running from C:\Users\Vladimir\Desktop
Loaded Profile: Vladimir (Available profiles: Vladimir)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_svc.exe
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_bg.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(forum.viry.cz) C:\Users\Vladimir\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [440632 2014-08-29] (Malwarebytes Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2014-12-12] (AVAST Software)
HKU\S-1-5-21-2714417846-278132917-2001900100-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5282584 2014-11-21] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2714417846-278132917-2001900100-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-2714417846-278132917-2001900100-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-2714417846-278132917-2001900100-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2714417846-278132917-2001900100-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Winsock: Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Winsock: Catalog5 02 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog5 03 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Winsock: Catalog5 05 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Winsock: Catalog5 06 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 09 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 10 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 11 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 12 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 13 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 14 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 15 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 16 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 17 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Winsock: Catalog9 18 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0EF8F650-BFD6-45F7-A826-0D00F9ECA0A3}: [NameServer] 8.8.8.8,8.8.4.4
FireFox:
========
FF ProfilePath: C:\Users\Vladimir\AppData\Roaming\Mozilla\Firefox\Profiles\3yya6hqo.default
FF NewTab: hxxp://www.google.com/
FF DefaultSearchEngine: DuckDuckGo
FF DefaultSearchUrl: hxxp://www.google.com/search?btnG=Google+Search&q=
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: https://www.seznam.cz/
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2714417846-278132917-2001900100-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Vladimir\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Flagfox - C:\Users\Vladimir\AppData\Roaming\Mozilla\Firefox\Profiles\3yya6hqo.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-10-26]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-12]
FF Extension: No Name - wrc@avast.com [Not Found]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR Profile: C:\Users\Vladimir\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-27]
CHR Extension: (Dokumenty Google) - C:\Users\Vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-27]
CHR Extension: (Disk Google) - C:\Users\Vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-27]
CHR Extension: (YouTube) - C:\Users\Vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-27]
CHR Extension: (Vyhledávání Google) - C:\Users\Vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-27]
CHR Extension: (Tabulky Google) - C:\Users\Vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-27]
CHR Extension: (Avast Online Security) - C:\Users\Vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-22]
CHR Extension: (Peněženka Google) - C:\Users\Vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-27]
CHR Extension: (Gmail) - C:\Users\Vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-27]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-12]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-23] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-12] (AVAST Software)
S3 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915784 2014-09-17] (NVIDIA Corporation)
S3 ICCS; C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [441144 2014-08-29] (Malwarebytes Corporation)
S4 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18044744 2014-09-17] (NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files\Overwolf\OverwolfUpdater.exe [997664 2014-10-22] (Overwolf LTD)
R2 Unchecky; C:\Program Files\Unchecky\bin\unchecky_svc.exe [111208 2014-11-24] (RaMMicHaeL)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-12-12] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-12-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-12-12] (AVAST Software)
S0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-12-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-12-12] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-12-12] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-12-12] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-12-12] ()
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47896 2014-08-30] ()
S3 etdrv; C:\Windows\etdrv.sys [17488 2014-10-25] (Windows (R) 2000 DDK provider)
S3 gdrv; C:\Windows\gdrv.sys [17488 2014-10-25] (Windows (R) 2000 DDK provider)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [32928 2014-09-04] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ALSysIO; \??\C:\Users\Vladimir\AppData\Local\Temp\ALSysIO.sys [X]
U5 GVTDrv; C:\Windows\system32\Drivers\GVTDrv.sys [24944 2014-10-25] ()
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-12 14:24 - 2014-12-12 14:25 - 00013974 _____ () C:\Users\Vladimir\Desktop\FRST.txt
2014-12-12 14:24 - 2014-12-12 14:24 - 00000000 ____D () C:\FRST
2014-12-12 14:20 - 2014-12-12 14:20 - 00112640 _____ (forum.viry.cz) C:\Users\Vladimir\Desktop\FRSTLauncher.exe
2014-12-12 14:19 - 2014-12-12 14:19 - 01111040 _____ (Farbar) C:\Users\Vladimir\Desktop\FRST.exe
2014-12-12 13:36 - 2014-12-12 13:36 - 00000000 ____D () C:\Users\Vladimir\AppData\Roaming\AVAST Software
2014-12-12 13:35 - 2014-12-12 13:35 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-12 13:35 - 2014-12-12 13:35 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-12-12 13:35 - 2014-12-12 13:35 - 00002123 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-12 13:35 - 2014-12-12 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-12 13:35 - 2014-12-12 13:34 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1418387721142
2014-12-12 13:35 - 2014-12-12 13:34 - 00422760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1418387719145
2014-12-12 13:35 - 2014-12-12 13:34 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-12 13:35 - 2014-12-12 13:34 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-12-12 13:35 - 2014-12-12 13:34 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-12-12 13:35 - 2014-12-12 13:34 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-12-12 13:35 - 2014-12-12 13:34 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-12 13:35 - 2014-12-12 13:34 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-12 13:34 - 2014-12-12 13:34 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-12 13:34 - 2014-12-12 13:34 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-12 13:34 - 2014-12-12 13:34 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-12 13:31 - 2014-12-12 13:34 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-12 13:29 - 2014-12-12 13:29 - 00313862 _____ () C:\Windows\PFRO.log
2014-12-12 08:20 - 2014-12-12 08:20 - 00025172 _____ () C:\Users\Vladimir\Documents\login.p1.worldoftanks.eu.pp2
2014-12-12 07:20 - 2014-12-12 07:20 - 00069672 _____ () C:\Users\Vladimir\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-12 06:31 - 2014-12-12 13:29 - 00000280 _____ () C:\Windows\setupact.log
2014-12-12 06:31 - 2014-12-12 06:31 - 00312264 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-12 06:31 - 2014-12-12 06:31 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-12 00:04 - 2014-12-12 01:48 - 966744494 _____ () C:\Users\Vladimir\Downloads\Pravidla-vášně-2002.cz.dub.avi.5269619137351077195.part
2014-12-12 00:03 - 2014-12-12 00:45 - 736385024 _____ () C:\Users\Vladimir\Downloads\V-rukách-nepřítele-CZ.avi
2014-12-10 14:13 - 2014-12-12 13:32 - 00121888 _____ () C:\Windows\WindowsUpdate.log
2014-12-10 13:57 - 2014-12-10 13:57 - 03129691 _____ () C:\Users\Vladimir\Downloads\TL-WR741ND_V4_QIG_7106503369_CZ.odg
2014-12-10 13:24 - 2014-12-10 14:12 - 00000000 ____D () C:\Users\Vladimir\AppData\Roaming\xarp-Vladimir
2014-12-10 13:24 - 2014-12-10 13:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2014-12-10 13:23 - 2014-12-10 13:24 - 00000000 ____D () C:\Program Files\XArp
2014-12-10 13:23 - 2014-12-10 13:24 - 00000000 ____D () C:\Program Files\WinPcap
2014-12-10 13:23 - 2014-12-10 13:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XArp
2014-12-10 07:53 - 2014-12-10 07:53 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 07:24 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 06:47 - 2014-12-04 05:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 06:47 - 2014-12-04 05:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 06:47 - 2014-12-04 05:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 06:47 - 2014-12-04 05:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 06:47 - 2014-12-04 05:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 06:47 - 2014-12-04 05:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 06:47 - 2014-12-04 05:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 06:47 - 2014-12-02 00:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 06:47 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 06:47 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 06:47 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 06:47 - 2014-11-22 03:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 06:47 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 06:47 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 06:47 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 06:47 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 06:47 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 06:47 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 06:47 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 06:47 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 06:47 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-10 06:47 - 2014-11-22 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 06:47 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 06:47 - 2014-11-22 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 06:47 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 06:47 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 06:47 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 06:47 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 06:47 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 06:47 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 06:47 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 06:47 - 2014-11-22 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 06:47 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 06:47 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 06:47 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 06:47 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 06:47 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 06:47 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 06:47 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 06:47 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 06:45 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 06:45 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 06:45 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 06:45 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 06:45 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 06:45 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 06:45 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-09 17:46 - 2014-12-09 17:32 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-12-09 16:40 - 2014-12-09 16:40 - 00001426 _____ () C:\Users\Public\Desktop\LibreOffice 4.3.lnk
2014-12-09 16:40 - 2014-12-09 16:40 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3
2014-12-09 16:11 - 2014-12-10 13:31 - 00000000 ____D () C:\Users\Vladimir\AppData\Roaming\PFStaticIP
2014-12-09 16:07 - 2014-12-09 16:09 - 00000000 ____D () C:\Users\Vladimir\AppData\Roaming\PortForward.com
2014-12-09 16:07 - 2014-12-09 16:07 - 00002803 _____ () C:\Users\Public\Desktop\PortForward Network Utilities.lnk
2014-12-09 16:07 - 2014-12-09 16:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PortForward.com
2014-12-09 16:07 - 2014-12-09 16:07 - 00000000 ____D () C:\Program Files\Portforward
2014-12-09 16:06 - 2014-12-09 16:06 - 00000000 ____D () C:\Users\Vladimir\AppData\Local\Downloaded Installations
2014-12-08 14:33 - 2014-12-10 14:17 - 00000000 ____D () C:\Users\Vladimir\AppData\Roaming\Wargaming.net
2014-12-08 07:36 - 2014-12-08 12:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks - Common Test
2014-12-05 13:12 - 2014-12-07 11:34 - 00000220 _____ () C:\AdwCleanerDebug.txt
2014-12-03 08:04 - 2014-12-03 08:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-26 18:21 - 2014-12-09 17:48 - 00009548 _____ () C:\zoek-results.log
2014-11-26 18:20 - 2014-11-26 18:32 - 00000000 ____D () C:\zoek_backup
2014-11-26 17:56 - 2014-11-26 17:56 - 00000000 ____D () C:\Program Files\Comodo
2014-11-26 17:52 - 2014-11-26 17:52 - 00001162 _____ () C:\Users\Vladimir\Desktop\Format Factory.lnk
2014-11-26 17:52 - 2014-11-26 17:52 - 00000000 ____D () C:\Users\Vladimir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2014-11-25 15:34 - 2014-11-25 15:35 - 00000000 ____D () C:\Users\Vladimir\Documents\Fax
2014-11-19 07:15 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 07:15 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-16 09:51 - 2014-11-16 09:51 - 00000000 __SHD () C:\Users\Vladimir\AppData\Local\EmieBrowserModeList
2014-11-14 20:44 - 2014-12-11 17:46 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-11-14 20:44 - 2014-11-14 20:44 - 00001967 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-11-14 20:44 - 2014-11-14 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-11-12 08:22 - 2014-09-04 20:14 - 00032928 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad32v.sys
2014-11-12 08:14 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-11-12 08:14 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-11-12 08:14 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-11-12 08:13 - 2014-07-02 18:39 - 00609240 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe
2014-11-12 06:40 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 06:40 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 06:40 - 2014-10-14 02:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 06:40 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 06:40 - 2014-10-14 02:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 06:40 - 2014-10-14 02:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 06:40 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 06:40 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 06:40 - 2014-10-10 01:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 06:40 - 2014-10-03 02:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 06:40 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 06:40 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 06:40 - 2014-10-03 02:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 06:40 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 06:40 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 06:40 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 06:40 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 06:40 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 06:40 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 06:40 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 06:40 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 06:40 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 06:40 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-12 13:40 - 2014-10-25 07:09 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2014-12-12 13:36 - 2009-07-14 05:34 - 00023904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-12 13:36 - 2009-07-14 05:34 - 00023904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-12 13:34 - 2014-08-18 20:09 - 01585714 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-12 13:29 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-12 08:20 - 2014-08-18 20:22 - 00007612 _____ () C:\Users\Vladimir\AppData\Local\resmon.resmoncfg
2014-12-12 06:31 - 2014-09-12 14:51 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-11 17:34 - 2014-09-08 23:18 - 00000000 ____D () C:\Users\Vladimir\AppData\Local\Adobe
2014-12-11 17:33 - 2014-09-12 14:51 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-11 17:33 - 2014-09-12 14:51 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-11 17:10 - 2014-10-31 18:53 - 00002000 _____ () C:\Users\Vladimir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileHippo App Manager.lnk
2014-12-11 17:10 - 2014-10-31 18:53 - 00001970 _____ () C:\Users\Vladimir\Desktop\FileHippo App Manager.lnk
2014-12-11 17:10 - 2014-10-31 18:53 - 00000000 ____D () C:\Program Files\FileHippo.com
2014-12-11 10:10 - 2014-09-03 12:39 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-11 09:58 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-11 08:08 - 2014-08-20 17:54 - 00000000 ____D () C:\Users\Vladimir\AppData\Roaming\Skype
2014-12-10 12:02 - 2014-09-27 07:03 - 00002209 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-10 11:57 - 2014-08-18 22:34 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 08:32 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-12-10 07:53 - 2014-08-18 21:10 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 07:53 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 07:23 - 2014-08-18 21:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 07:20 - 2014-08-18 21:06 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 18:24 - 2014-08-18 20:12 - 00000000 ____D () C:\Users\Vladimir
2014-12-09 18:03 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2014-12-09 16:40 - 2014-10-29 16:26 - 00000000 ____D () C:\Program Files\LibreOffice 4
2014-12-08 11:45 - 2014-08-20 17:54 - 00000000 ____D () C:\ProgramData\Skype
2014-12-08 11:44 - 2014-09-05 06:28 - 00000000 ___RD () C:\Program Files\Skype
2014-12-08 07:36 - 2014-08-19 07:17 - 00000000 ____D () C:\Windows\system32\directx
2014-12-04 13:06 - 2014-09-03 12:38 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-04 13:06 - 2014-09-03 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-04 13:06 - 2014-09-03 12:38 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-04 13:00 - 2014-10-26 20:06 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-03 11:21 - 2014-10-21 14:13 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-12-03 11:21 - 2014-08-18 21:03 - 00002050 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-12-03 11:21 - 2014-08-18 21:03 - 00002038 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-12-01 12:21 - 2014-09-11 20:01 - 00000000 ____D () C:\ProgramData\Unchecky
2014-12-01 10:38 - 2014-08-19 13:34 - 00000000 ____D () C:\Users\Vladimir\AppData\Roaming\Notepad++
2014-11-26 22:05 - 2014-10-18 08:06 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-26 22:05 - 2014-10-18 08:06 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-26 17:25 - 2014-10-25 13:16 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-25 15:51 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-11-25 15:33 - 2014-09-04 15:02 - 00000000 ___RD () C:\Users\Vladimir\Documents\Notes
2014-11-21 07:23 - 2014-08-18 22:56 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-21 06:14 - 2014-09-03 12:38 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-21 06:14 - 2014-09-03 12:38 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-21 06:14 - 2014-09-03 12:38 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-14 20:54 - 2014-11-04 19:32 - 00000000 ____D () C:\Users\Vladimir\AppData\Local\Purplizer
2014-11-14 20:54 - 2014-11-04 19:12 - 00000000 ____D () C:\Users\Vladimir\AppData\Local\Overwolf
2014-11-12 08:22 - 2014-08-18 22:41 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-11-12 08:13 - 2014-08-18 22:44 - 00000000 ____D () C:\Users\Vladimir\AppData\Local\NVIDIA Corporation
2014-11-12 08:13 - 2014-08-18 22:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-11-12 07:46 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-05 00:17
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: (System) (Fixed) (Total:38.96 GB) (Free:16.78 GB) NTFS
Drive e: (Data) (Fixed) (Total:193.82 GB) (Free:122.81 GB) NTFS
Available physical RAM: 2693.89 MB
Total physical RAM: 3582.55 MB
Percentage of memory in use: 24%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 43D343D2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=39 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=193.8 GB) - (Type=07 NTFS)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Vladimir\Desktop" je 1 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ETCall.exe
C:\Program Files\GIGABYTE\ET6\ETCall.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend
"C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShadowPlay
C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
"C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
"C:\Program Files\Common Files\Java\Java Update\jusched.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Updater.exe
"C:\Program Files\Skype\Updater\Updater.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XArp
C:\Program Files\XArp\xarp.exe hide [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Vladimir^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk
C:\Users\Vladimir\AppData\Roaming\Dropbox\bin\Dropbox.exe
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Pls.o kontr. logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119556
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pls.o kontr. logu
Zdravím!
Jak to vypadá s legalitou vašeho oper. systému?
Jak to vypadá s legalitou vašeho oper. systému?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pls.o kontr. logu
windows je legalni zděděn po upgradu na win8.1
-
Rudy
- Site Admin
- Příspěvky: 119556
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pls.o kontr. logu
OK. Zkusíme tento postup:
Stáhněte a spusťte OTL: http://oldtimer.geekstogo.com/OTL.exe . Spusťte, zaškrněte "Pro všechny uživatele", Kontrola na havěť LOP" a Kontrola na hvěť PURITY" a do dolního bílého okna zkopírujte:
Stáhněte a spusťte OTL: http://oldtimer.geekstogo.com/OTL.exe . Spusťte, zaškrněte "Pro všechny uživatele", Kontrola na havěť LOP" a Kontrola na hvěť PURITY" a do dolního bílého okna zkopírujte:
a klikněte na >Prohledat<. Dejte oba logy.CREATERESTOREPOINT
netsvcs
drivers32
savembr:0
/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop
%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5
%SystemDrive%\PhysicalMBR.bin /md5
*crack* /s
*keygen* /s
*loader* /s
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pls.o kontr. logu
OTL logfile created on: 12.12.2014 19:37:04 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vladimir\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
3,50 Gb Total Physical Memory | 2,69 Gb Available Physical Memory | 76,78% Memory free
3,50 Gb Paging File | 2,67 Gb Available in Paging File | 76,43% Paging File free
Paging file location(s): [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 38,96 Gb Total Space | 16,76 Gb Free Space | 43,02% Space Free | Partition Type: NTFS
Drive E: | 193,82 Gb Total Space | 122,80 Gb Free Space | 63,36% Space Free | Partition Type: NTFS
Computer Name: LADA-PC | User Name: Vladimir | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014.12.12 19:25:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vladimir\Desktop\OTL.exe
PRC - [2014.12.12 13:35:22 | 005,227,112 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014.12.12 13:34:54 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014.11.24 10:53:49 | 000,399,976 | ---- | M] (RaMMicHaeL) -- C:\Program Files\Unchecky\bin\unchecky_bg.exe
PRC - [2014.11.24 10:53:49 | 000,111,208 | ---- | M] (RaMMicHaeL) -- C:\Program Files\Unchecky\bin\unchecky_svc.exe
PRC - [2014.11.21 19:41:50 | 005,282,584 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
PRC - [2014.08.29 17:07:46 | 000,441,144 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
PRC - [2014.08.29 17:05:58 | 000,440,632 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
PRC - [2014.08.19 20:27:27 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2014.07.23 00:47:10 | 000,142,648 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2014.07.02 20:42:26 | 000,940,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2014.12.12 13:34:56 | 038,562,088 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014.11.22 01:03:48 | 000,043,520 | ---- | M] () -- C:\Program Files\CCleaner\Lang\lang-1029.dll
MOD - [2014.05.12 10:49:04 | 000,260,608 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_06.dll
========== Services (SafeList) ==========
SRV - [2014.12.12 13:34:54 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014.12.11 17:33:54 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.12.03 08:04:18 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014.12.03 07:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014.11.24 10:53:49 | 000,111,208 | ---- | M] (RaMMicHaeL) [Auto | Running] -- C:\Program Files\Unchecky\bin\unchecky_svc.exe -- (Unchecky)
SRV - [2014.11.22 02:55:14 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014.10.22 10:25:38 | 000,997,664 | ---- | M] (Overwolf LTD) [On_Demand | Stopped] -- C:\Program Files\Overwolf\OverwolfUpdater.exe -- (OverwolfUpdater)
SRV - [2014.09.17 03:14:57 | 001,795,912 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014.09.17 03:14:56 | 000,915,784 | ---- | M] (NVIDIA Corporation) [On_Demand | Stopped] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV - [2014.09.17 03:14:55 | 018,044,744 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV - [2014.08.29 17:07:46 | 000,441,144 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe -- (MbaeSvc)
SRV - [2014.08.18 23:29:02 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2014.07.23 00:47:10 | 000,142,648 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2014.07.02 18:39:15 | 000,413,128 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014.04.03 19:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.05.27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011.08.30 14:55:54 | 000,160,256 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Vladimir\AppData\Local\Temp\ALSysIO.sys -- (ALSysIO)
DRV - [2014.12.12 13:35:21 | 000,787,800 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsnx.sys -- (aswSnx)
DRV - [2014.12.12 13:35:19 | 000,423,784 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsp.sys -- (aswSP)
DRV - [2014.12.12 13:34:57 | 000,206,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014.12.12 13:34:57 | 000,091,496 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswStm.sys -- (aswStm)
DRV - [2014.12.12 13:34:57 | 000,081,768 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2014.12.12 13:34:57 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014.12.12 13:34:57 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014.12.12 13:34:57 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2014.10.25 17:04:44 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2014.10.25 17:03:57 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2014.09.04 20:14:38 | 000,032,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvvad32v.sys -- (nvvad_WaveExtensible)
DRV - [2014.08.30 18:45:20 | 000,047,896 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys -- (ESProtectionDriver)
DRV - [2014.07.02 21:54:57 | 010,681,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013.10.02 01:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012.08.23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.06.25 18:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009.12.30 10:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009.07.14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.07.13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2714417846-278132917-2001900100-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/
IE - HKU\S-1-5-21-2714417846-278132917-2001900100-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2714417846-278132917-2001900100-1000\..\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-2714417846-278132917-2001900100-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-2714417846-278132917-2001900100-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?btnG=Google+Search&q="
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.seznam.cz/"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:10.0.2502.149
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0
FF - prefs.js..keyword.URL: "http://www.google.com/search?btnG=Google+Search&q="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Vladimir\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014.12.12 13:34:58 | 000,000,000 | ---D | M]
[2014.08.18 20:49:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vladimir\AppData\Roaming\Mozilla\Extensions
[2014.12.10 16:51:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vladimir\AppData\Roaming\Mozilla\Firefox\Profiles\3yya6hqo.default\extensions
[2014.12.10 16:51:00 | 000,730,412 | ---- | M] () (No name found) -- C:\Users\Vladimir\AppData\Roaming\Mozilla\Firefox\Profiles\3yya6hqo.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi
[2014.12.03 08:04:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014.12.03 08:04:19 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014.12.12 13:34:58 | 000,000,000 | ---D | M] ("Avast Online Security") -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
========== Chrome ==========
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.0.2502.149_0\
O1 HOSTS File: ([2014.12.12 17:58:06 | 000,002,009 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
O1 - Hosts: 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
O1 - Hosts: 0.0.0.0 media.opencandy.com
O1 - Hosts: 0.0.0.0 cdn.opencandy.com
O1 - Hosts: 0.0.0.0 tracking.opencandy.com
O1 - Hosts: 0.0.0.0 api.opencandy.com
O1 - Hosts: 0.0.0.0 installer.betterinstaller.com
O1 - Hosts: 0.0.0.0 installer.filebulldog.com
O1 - Hosts: 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
O1 - Hosts: 0.0.0.0 inno.bisrv.com
O1 - Hosts: 0.0.0.0 nsis.bisrv.com
O1 - Hosts: 0.0.0.0 cdn.file2desktop.com
O1 - Hosts: 0.0.0.0 cdn.goateastcach.us
O1 - Hosts: 0.0.0.0 cdn.guttastatdk.us
O1 - Hosts: 0.0.0.0 cdn.inskinmedia.com
O1 - Hosts: 0.0.0.0 cdn.insta.oibundles2.com
O1 - Hosts: 0.0.0.0 cdn.insta.playbryte.com
O1 - Hosts: 0.0.0.0 cdn.llogetfastcach.us
O1 - Hosts: 0.0.0.0 cdn.montiera.com
O1 - Hosts: 0.0.0.0 cdn.msdwnld.com
O1 - Hosts: 0.0.0.0 cdn.mypcbackup.com
O1 - Hosts: 0.0.0.0 cdn.ppdownload.com
O1 - Hosts: 0.0.0.0 cdn.riceateastcach.us
O1 - Hosts: 12 more lines...
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes Anti-Exploit] C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-2714417846-278132917-2001900100-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2714417846-278132917-2001900100-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2714417846-278132917-2001900100-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0EF8F650-BFD6-45F7-A826-0D00F9ECA0A3}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0EF8F650-BFD6-45F7-A826-0D00F9ECA0A3}: NameServer = 8.8.8.8,8.8.4.4
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 30 Days ==========
[2014.12.12 19:25:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Vladimir\Desktop\OTL.exe
[2014.12.12 17:58:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014.12.12 17:51:34 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2014.12.12 17:51:34 | 000,000,000 | ---D | C] -- C:\Users\Vladimir\AppData\Local\Temp
[2014.12.12 14:24:48 | 000,000,000 | ---D | C] -- C:\FRST
[2014.12.12 14:20:26 | 000,112,640 | ---- | C] (forum.viry.cz) -- C:\Users\Vladimir\Desktop\FRSTLauncher.exe
[2014.12.12 14:19:19 | 001,111,040 | ---- | C] (Farbar) -- C:\Users\Vladimir\Desktop\FRST.exe
[2014.12.12 13:36:07 | 000,000,000 | ---D | C] -- C:\Users\Vladimir\AppData\Roaming\AVAST Software
[2014.12.12 13:35:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
[2014.12.12 13:35:09 | 000,091,496 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswStm.sys
[2014.12.12 13:35:08 | 000,423,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswsp.sys
[2014.12.12 13:35:07 | 000,070,384 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2014.12.12 13:35:04 | 000,081,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2014.12.12 13:35:01 | 000,787,800 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswsnx.sys
[2014.12.12 13:34:59 | 000,291,352 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2014.12.12 13:34:57 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014.12.12 13:34:35 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014.12.12 13:31:55 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014.12.12 07:10:48 | 000,000,000 | ---D | C] -- C:\Users\Vladimir\Documents\PPlogs
[2014.12.10 13:24:06 | 000,000,000 | ---D | C] -- C:\Users\Vladimir\AppData\Roaming\xarp-Vladimir
[2014.12.10 13:24:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2014.12.10 13:23:59 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2014.12.10 13:23:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XArp
[2014.12.10 13:23:09 | 000,000,000 | ---D | C] -- C:\Program Files\XArp
[2014.12.10 11:57:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014.12.10 07:53:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\appraiser
[2014.12.10 07:24:17 | 003,209,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2014.12.10 06:47:23 | 001,160,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aitstatic.exe
[2014.12.10 06:47:23 | 000,873,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2014.12.10 06:47:23 | 000,728,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appraiser.dll
[2014.12.10 06:47:23 | 000,159,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepic.dll
[2014.12.10 06:47:22 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\invagent.dll
[2014.12.10 06:47:21 | 000,337,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\generaltel.dll
[2014.12.10 06:47:21 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devinv.dll
[2014.12.10 06:47:21 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2014.12.10 06:47:17 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014.12.10 06:47:17 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2014.12.10 06:47:17 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014.12.10 06:47:16 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014.12.10 06:47:16 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014.12.10 06:47:15 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014.12.10 06:47:15 | 000,418,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014.12.10 06:47:15 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014.12.10 06:47:15 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014.12.10 06:47:13 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014.12.10 06:47:12 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014.12.10 06:47:11 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2014.12.10 06:47:11 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2014.12.10 06:47:09 | 004,299,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014.12.10 06:47:06 | 000,684,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014.12.10 06:47:06 | 000,342,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2014.12.10 06:47:06 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014.12.10 06:47:05 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014.12.10 06:47:05 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014.12.10 06:47:05 | 000,688,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014.12.10 06:47:04 | 002,052,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014.12.10 06:47:03 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014.12.10 06:47:03 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014.12.10 06:45:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2014.12.10 06:45:35 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\charmap.exe
[2014.12.10 06:45:10 | 000,248,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2014.12.10 06:45:10 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2014.12.10 06:45:10 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2014.12.10 06:45:10 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2014.12.09 16:40:23 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3
[2014.12.09 16:11:31 | 000,000,000 | ---D | C] -- C:\Users\Vladimir\AppData\Roaming\PFStaticIP
[2014.12.09 16:07:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PortForward.com
[2014.12.09 16:07:12 | 000,000,000 | ---D | C] -- C:\Users\Vladimir\AppData\Roaming\PortForward.com
[2014.12.09 16:07:12 | 000,000,000 | ---D | C] -- C:\Program Files\Portforward
[2014.12.09 16:06:54 | 000,000,000 | ---D | C] -- C:\Users\Vladimir\AppData\Local\Downloaded Installations
[2014.12.08 14:33:09 | 000,000,000 | ---D | C] -- C:\Users\Vladimir\AppData\Roaming\Wargaming.net
[2014.12.08 07:36:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks - Common Test
[2014.12.03 08:04:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014.11.26 18:20:32 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2014.11.26 17:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo
[2014.11.26 17:52:19 | 000,000,000 | ---D | C] -- C:\Users\Vladimir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
[2014.11.25 15:34:44 | 000,000,000 | R--D | C] -- C:\Users\Vladimir\Documents\Scanned Documents
[2014.11.25 15:34:43 | 000,000,000 | ---D | C] -- C:\Users\Vladimir\Documents\Fax
[2014.11.16 09:51:50 | 000,000,000 | -HSD | C] -- C:\Users\Vladimir\AppData\Local\EmieBrowserModeList
[2014.11.14 20:44:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2014.11.14 20:44:18 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
========== Files - Modified Within 30 Days ==========
[2014.12.12 19:38:49 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014.12.12 19:25:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vladimir\Desktop\OTL.exe
[2014.12.12 18:05:10 | 000,023,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.12.12 18:05:10 | 000,023,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.12.12 18:02:16 | 000,669,150 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2014.12.12 18:02:16 | 000,654,538 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014.12.12 18:02:16 | 000,141,810 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2014.12.12 18:02:16 | 000,122,410 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014.12.12 17:58:06 | 000,002,009 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014.12.12 17:57:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.12.12 17:57:49 | 2817,433,600 | -HS- | M] () -- C:\hiberfil.sys
[2014.12.12 17:30:22 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
[2014.12.12 17:29:50 | 001,295,360 | ---- | M] () -- C:\Users\Vladimir\Desktop\zoek.exe
[2014.12.12 14:44:50 | 000,006,201 | ---- | M] () -- C:\Users\Vladimir\Desktop\Addition.rar
[2014.12.12 14:20:30 | 000,112,640 | ---- | M] (forum.viry.cz) -- C:\Users\Vladimir\Desktop\FRSTLauncher.exe
[2014.12.12 14:19:19 | 001,111,040 | ---- | M] (Farbar) -- C:\Users\Vladimir\Desktop\FRST.exe
[2014.12.12 13:35:25 | 000,002,123 | ---- | M] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2014.12.12 13:35:21 | 000,787,800 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswsnx.sys
[2014.12.12 13:35:19 | 000,423,784 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswsp.sys
[2014.12.12 13:34:57 | 000,291,352 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2014.12.12 13:34:57 | 000,206,248 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014.12.12 13:34:57 | 000,091,496 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswStm.sys
[2014.12.12 13:34:57 | 000,081,768 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2014.12.12 13:34:57 | 000,070,384 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2014.12.12 13:34:57 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2014.12.12 13:34:57 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014.12.12 13:34:57 | 000,024,184 | ---- | M] () -- C:\Windows\System32\drivers\aswHwid.sys
[2014.12.12 08:20:06 | 000,007,612 | ---- | M] () -- C:\Users\Vladimir\AppData\Local\resmon.resmoncfg
[2014.12.12 06:31:56 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.12.12 06:31:54 | 000,312,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014.12.11 17:33:54 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014.12.11 17:33:53 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014.12.11 17:10:38 | 000,001,970 | ---- | M] () -- C:\Users\Vladimir\Desktop\FileHippo App Manager.lnk
[2014.12.11 10:10:31 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014.12.10 12:02:28 | 000,002,209 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014.12.09 16:40:23 | 000,001,426 | ---- | M] () -- C:\Users\Public\Desktop\LibreOffice 4.3.lnk
[2014.12.09 16:07:13 | 000,002,803 | ---- | M] () -- C:\Users\Public\Desktop\PortForward Network Utilities.lnk
[2014.12.04 13:06:57 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014.12.04 05:38:59 | 000,337,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\generaltel.dll
[2014.12.04 05:38:45 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\invagent.dll
[2014.12.04 05:38:40 | 000,315,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devinv.dll
[2014.12.04 05:38:37 | 000,728,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\appraiser.dll
[2014.12.04 05:38:36 | 000,202,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2014.12.04 05:38:36 | 000,159,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aepic.dll
[2014.12.04 05:34:13 | 000,873,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2014.12.03 11:21:18 | 000,002,038 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2014.12.02 00:28:26 | 001,160,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aitstatic.exe
[2014.11.27 02:10:45 | 000,342,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2014.11.26 22:05:49 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.11.26 22:05:49 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.11.26 17:52:19 | 000,001,162 | ---- | M] () -- C:\Users\Vladimir\Desktop\Format Factory.lnk
[2014.11.22 03:20:44 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014.11.22 03:20:30 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014.11.22 03:07:17 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014.11.22 03:06:32 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014.11.22 03:05:02 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2014.11.22 02:59:42 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014.11.22 02:58:54 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014.11.22 02:56:40 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014.11.22 02:55:16 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014.11.22 02:55:14 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014.11.22 02:54:30 | 000,620,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014.11.22 02:48:26 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014.11.22 02:45:18 | 000,418,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014.11.22 02:40:04 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2014.11.22 02:36:14 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014.11.22 02:33:22 | 000,285,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014.11.22 02:29:26 | 004,299,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014.11.22 02:23:48 | 000,688,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014.11.22 02:23:06 | 000,684,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014.11.22 02:22:49 | 002,052,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014.11.22 02:21:57 | 001,155,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2014.11.22 01:54:44 | 000,710,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014.11.21 06:14:20 | 000,051,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014.11.21 06:14:10 | 000,075,480 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014.11.21 06:14:06 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014.11.14 20:44:21 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
========== Files Created - No Company Name ==========
[2014.12.12 19:38:49 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014.12.12 17:51:36 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2014.12.12 17:29:45 | 001,295,360 | ---- | C] () -- C:\Users\Vladimir\Desktop\zoek.exe
[2014.12.12 14:44:50 | 000,006,201 | ---- | C] () -- C:\Users\Vladimir\Desktop\Addition.rar
[2014.12.12 13:35:25 | 000,002,123 | ---- | C] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2014.12.12 13:35:08 | 000,206,248 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014.12.12 13:35:07 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2014.12.12 13:35:07 | 000,024,184 | ---- | C] () -- C:\Windows\System32\drivers\aswHwid.sys
[2014.12.12 06:31:39 | 000,312,264 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2014.12.09 16:40:23 | 000,001,426 | ---- | C] () -- C:\Users\Public\Desktop\LibreOffice 4.3.lnk
[2014.12.09 16:07:13 | 000,002,803 | ---- | C] () -- C:\Users\Public\Desktop\PortForward Network Utilities.lnk
[2014.11.26 17:52:19 | 000,001,162 | ---- | C] () -- C:\Users\Vladimir\Desktop\Format Factory.lnk
[2014.11.14 20:44:21 | 000,001,967 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2014.11.01 12:20:09 | 000,000,337 | ---- | C] () -- C:\Users\Vladimir\AppData\Local\Perfmon.PerfmonCfg
[2014.09.03 16:24:10 | 000,024,944 | ---- | C] () -- C:\Windows\System32\drivers\GVTDrv.sys
[2014.08.19 18:55:27 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2014.08.19 18:53:58 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2014.08.19 13:52:37 | 000,000,024 | -HS- | C] () -- C:\Users\Vladimir\AppData\Roaming\System5908ConfigCollection.dat
[2014.08.18 22:56:40 | 003,826,628 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2014.08.18 20:22:10 | 000,007,612 | ---- | C] () -- C:\Users\Vladimir\AppData\Local\resmon.resmoncfg
========== ZeroAccess Check ==========
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.06.25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2014.12.12 13:36:07 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\AVAST Software
[2014.09.09 10:48:42 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\Downloaded Installations
[2014.10.25 12:45:22 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\Dropbox
[2014.08.19 12:24:11 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\LibreOffice
[2014.12.01 10:38:26 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\Notepad++
[2014.08.24 09:03:04 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\Oracle
[2014.12.10 13:31:51 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\PFStaticIP
[2014.10.19 16:12:18 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\PingPlotter
[2014.12.09 16:09:21 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\PortForward.com
[2014.09.15 13:35:22 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\QuickScan
[2014.08.18 21:07:00 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\Thunderbird
[2014.09.29 10:18:48 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\Unity
[2014.08.19 10:44:00 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\VitySoft
[2014.12.10 14:17:14 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\Wargaming.net
[2014.12.10 14:12:51 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\xarp-Vladimir
========== Purity Check ==========
========== Custom Scans ==========
< >
[2009.07.14 05:53:46 | 000,032,634 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2014.09.12 14:51:21 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2014.10.18 08:06:17 | 000,000,936 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2014.10.18 08:06:18 | 000,000,940 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
< >
< MD5 for: ATAPI.SYS >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_a5025d31bee4647c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_df26d4d57fdef5b0\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_dfc9143c98e9a6c4\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2009.07.14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2010.11.20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe
[2010.11.20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe
< MD5 for: CDROM.SYS >
[2009.07.14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
[2010.11.20 09:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010.11.20 09:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010.11.20 09:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys
< MD5 for: EXPLORER.EXE >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
< MD5 for: HAL.DLL >
[2010.11.20 13:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\System32\hal.dll
[2010.11.20 13:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll
[2009.07.14 02:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll
< MD5 for: SCECLI.DLL >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
< MD5 for: SERVICES.EXE >
[2009.07.14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009.07.14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
< MD5 for: SVCHOST.EXE >
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2014.11.21 06:12:42 | 000,761,656 | ---- | M] (MalwareBytes) MD5=625BB08813743947985B0DEEFC35ED12 -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
< MD5 for: TCPIP.SYS >
[2009.07.14 02:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010.11.20 13:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2014.04.05 03:25:01 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=5579DD18546999F5D0EC39D018726C6B -- C:\Windows\System32\drivers\tcpip.sys
[2014.04.05 03:25:01 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=5579DD18546999F5D0EC39D018726C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18438_none_b513c4dfc4b513b9\tcpip.sys
[2014.08.19 20:27:39 | 001,309,120 | ---- | M] (Microsoft Corporation) MD5=6C4F3D92764FFA22D28061A4D9235446 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_b58e8eb0ddde6cf1\tcpip.sys
[2014.08.19 20:27:39 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=CA59F7C570AF70BC174F477CFE2D9EE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_b4fa2013c4c8ebf1\tcpip.sys
[2012.10.03 17:44:01 | 001,308,040 | ---- | M] (Microsoft Corporation) MD5=D490DD0A91B4EAC3B4EE08D11EE37C31 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_b5a428d6ddce3d9a\tcpip.sys
[2012.10.03 17:58:30 | 001,293,680 | ---- | M] (Microsoft Corporation) MD5=E23A56F843E2AEBBB209D0ACCA73C640 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_b4ef7439c4d0da52\tcpip.sys
[2014.04.05 03:16:21 | 001,310,144 | ---- | M] (Microsoft Corporation) MD5=EA47AB18E289333AB94397D77CA6E3A1 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22648_none_b59293a4dddacc9b\tcpip.sys
< MD5 for: USERINIT.EXE >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2014.07.16 03:56:14 | 000,304,640 | ---- | M] (Microsoft Corporation) MD5=4F37B93C14AEE313BEC52A23AFB15C2E -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_7224b2134c7555fa\winlogon.exe
[2014.07.17 02:39:27 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=52449FD429D6053B78AE564DEF303870 -- C:\Windows\System32\winlogon.exe
[2014.07.17 02:39:27 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=52449FD429D6053B78AE564DEF303870 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_71a5e34e334f9d18\winlogon.exe
[2014.11.21 06:12:42 | 000,761,656 | ---- | M] (MalwareBytes) MD5=625BB08813743947985B0DEEFC35ED12 -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2014.03.04 10:17:02 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=998507B046BA314CE8245364C686FA67 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_71da23b23327143c\winlogon.exe
[2014.03.04 11:39:02 | 000,304,640 | ---- | M] (Microsoft Corporation) MD5=D53972F87D850CD2EB4B29B60CAFDD77 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_7255f1994c4f8119\winlogon.exe
< >
< %systemroot%*.* /U /s >
[4 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2014.09.23 15:23:58 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\Adobe
[2014.12.12 13:36:07 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\AVAST Software
[2014.09.09 10:48:42 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\Downloaded Installations
[2014.10.25 12:45:22 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\Dropbox
[2014.08.18 20:12:58 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\Identities
[2014.08.19 12:24:11 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\LibreOffice
[2014.09.12 14:26:05 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\Macromedia
[2009.07.14 10:20:06 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\Media Center Programs
[2014.09.11 19:48:48 | 000,000,000 | --SD | M] -- C:\Users\Vladimir\AppData\Roaming\Microsoft
[2014.10.26 20:06:28 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\Mozilla
[2014.12.01 10:38:26 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\Notepad++
[2014.08.31 10:07:07 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\NVIDIA
[2014.08.24 09:03:04 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\Oracle
[2014.12.10 13:31:51 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\PFStaticIP
[2014.10.19 16:12:18 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\PingPlotter
[2014.12.09 16:09:21 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\PortForward.com
[2014.09.15 13:35:22 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\QuickScan
[2014.12.11 08:08:16 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\Skype
[2014.10.30 09:28:51 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\SUPERAntiSpyware.com
[2014.08.18 21:07:00 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\Thunderbird
[2014.09.29 10:18:48 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\Unity
[2014.08.19 10:44:00 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\VitySoft
[2014.12.10 14:17:14 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\Wargaming.net
[2014.09.10 14:17:37 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\WinRAR
[2014.12.10 14:12:51 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\xarp-Vladimir
< %APPDATA%\*.exe /s >
[2014.09.13 01:52:04 | 036,414,624 | ---- | M] (Dropbox, Inc.) -- C:\Users\Vladimir\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2014.09.13 01:55:10 | 000,262,160 | ---- | M] (Dropbox, Inc.) -- C:\Users\Vladimir\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
[2014.09.13 01:52:08 | 000,225,256 | ---- | M] (Dropbox, Inc.) -- C:\Users\Vladimir\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job >
[2014.12.12 06:31:56 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2014.11.26 22:05:49 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2014.11.26 22:05:49 | 000,000,940 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
[2014.12.12 13:34:57 | 000,024,184 | ---- | M] () -- C:\Windows\system32\drivers\aswHwid.sys
[2014.12.12 13:34:57 | 000,070,384 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswMonFlt.sys
[2014.12.12 13:34:57 | 000,081,768 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswRdr2.sys
[2014.12.12 13:34:57 | 000,049,944 | ---- | M] () -- C:\Windows\system32\drivers\aswRvrt.sys
[2014.12.12 13:35:21 | 000,787,800 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswsnx.sys
[2014.12.12 13:35:19 | 000,423,784 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswsp.sys
[2014.12.12 13:34:57 | 000,091,496 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswStm.sys
[2014.12.12 13:34:57 | 000,206,248 | ---- | M] () -- C:\Windows\system32\drivers\aswVmm.sys
[2014.12.11 10:10:31 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\MBAMSwissArmy.sys
< %systemroot%\system32\*.* /3 >
[2014.12.12 18:05:10 | 000,023,904 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.12.12 18:05:10 | 000,023,904 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.12.12 13:34:57 | 000,291,352 | ---- | M] (AVAST Software) -- C:\Windows\system32\aswBoot.exe
[2014.12.11 17:33:54 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerApp.exe
[2014.12.11 17:33:53 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerCPLApp.cpl
[2014.12.12 06:31:54 | 000,312,264 | ---- | M] () -- C:\Windows\system32\FNTCACHE.DAT
[2014.12.10 07:20:20 | 109,818,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\MRT.exe
[2014.12.12 18:02:16 | 000,141,810 | ---- | M] () -- C:\Windows\system32\perfc005.dat
[2014.12.12 18:02:16 | 000,122,410 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2014.12.12 18:02:16 | 000,669,150 | ---- | M] () -- C:\Windows\system32\perfh005.dat
[2014.12.12 18:02:16 | 000,654,538 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2014.12.12 18:02:16 | 001,585,714 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI
< %SYSTEMDRIVE%\*.exe >
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CCleaner Monitoring" = "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR -- [2014.11.21 19:41:50 | 005,282,584 | ---- | M] (Piriform Ltd)
< >
< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2014.12.03 08:04:19 | 000,337,520 | ---- | M] (Mozilla Corporation) MD5=30D17877295E6E9116FE7C10ED3E3ABF -- C:\Program Files\Mozilla Firefox\firefox.exe
< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2014.11.27 02:10:46 | 000,815,280 | ---- | M] (Microsoft Corporation) MD5=A24BFBAE8B50A6780B68FF3673FAB52F -- C:\Program Files\Internet Explorer\iexplore.exe
< %PROGRAMFILES%\Opera\opera.exe /md5 >
< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2014.12.06 02:50:53 | 000,856,904 | ---- | M] (Google Inc.) MD5=5F3587E344F2990B59C941FB405CAA0F -- C:\Program Files\Google\Chrome\Application\chrome.exe
< >
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014.12.12 19:38:49 | 000,000,512 | ---- | M] () MD5=BD3BDA1033C7397178DFDC223CE3DDF2 -- C:\PhysicalMBR.bin
< >
< *crack* /s >
[2014.08.19 10:44:03 | 000,005,592 | ---- | M] () -- \Users\Vladimir\AppData\Roaming\VitySoft\FRD\plugins\crackle.frp
< *keygen* /s >
< *loader* /s >
[2014.12.12 13:34:54 | 000,072,480 | ---- | M] () -- \Program Files\AVAST Software\Avast\aswWrcIELoader32.exe
[2014.05.25 19:45:56 | 000,006,866 | ---- | M] () -- \Program Files\LibreOffice 4\program\pythonloader.py
[2014.11.10 19:54:38 | 000,000,171 | ---- | M] () -- \Program Files\LibreOffice 4\program\pythonloader.uno.ini
[2014.11.10 19:53:16 | 000,047,392 | ---- | M] () -- \Program Files\LibreOffice 4\program\pythonloaderlo.dll
[2014.11.10 13:31:48 | 000,124,430 | ---- | M] () -- \Program Files\LibreOffice 4\program\classes\libloader-1.1.6.jar
[2014.11.10 13:40:34 | 000,013,883 | ---- | M] () -- \Program Files\LibreOffice 4\program\python-core-3.3.3\lib\unittest\loader.py
[2014.11.10 13:40:34 | 000,050,271 | ---- | M] () -- \Program Files\LibreOffice 4\program\python-core-3.3.3\lib\unittest\test\test_loader.py
[2014.11.10 19:52:04 | 000,084,256 | ---- | M] () -- \Program Files\LibreOffice 4\URE\bin\javaloaderlo.dll
[2014.11.10 13:25:50 | 000,004,766 | ---- | M] () -- \Program Files\LibreOffice 4\URE\java\unoloader.jar
[2011.07.18 22:33:32 | 000,008,787 | ---- | M] () -- \Program Files\Notepad++\user.manual\sites\all\modules\fancy_login\images\ajax-loader.gif
[2014.09.17 03:14:17 | 001,169,224 | ---- | M] () -- \Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\ExtensionLoader.dll
[2013.12.20 00:37:56 | 000,065,344 | ---- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2013.12.20 00:37:44 | 000,073,536 | ---- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader.dll
[2014.10.22 10:23:30 | 000,001,657 | ---- | M] () -- \Program Files\Overwolf\0.81.34.0\Licenses\TextureLoader.txt
[2014.10.24 08:42:10 | 000,072,638 | ---- | M] () -- \Users\Vladimir\AppData\Local\Skype\Apps\login\images\loader.gif
[2014.10.24 08:42:10 | 000,003,032 | ---- | M] () -- \Users\Vladimir\AppData\Local\Skype\Apps\login\images\loader.png
[2014.10.24 08:42:10 | 000,006,012 | ---- | M] () -- \Users\Vladimir\AppData\Local\Skype\Apps\login\images\normal\loader_15fps.gif
[2014.10.24 08:42:10 | 000,021,956 | ---- | M] () -- \Users\Vladimir\AppData\Local\Skype\Apps\login\images\normal\loader_30fps.gif
[2014.10.24 08:42:10 | 000,009,772 | ---- | M] () -- \Users\Vladimir\AppData\Local\Skype\Apps\login\images\retina\loader@2x.png
[2014.12.12 18:03:50 | 000,010,874 | ---- | M] () -- \Windows\Prefetch\ASWWRCIELOADER32.EXE-BB2E4DE4.pf
[2013.08.02 02:48:15 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009.07.14 05:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2014.10.16 19:36:24 | 000,002,777 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18526_cs-cz_3540f2755b51fb60.manifest
[2014.10.16 19:36:24 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18526_cs-cz_3540f2755b51fb60_winload.exe.mui_3bc5b827
[2014.10.16 19:36:24 | 000,030,272 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18526_cs-cz_3540f2755b51fb60_winresume.exe.mui_ff8b5358
[2014.10.16 19:36:24 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18574_none_5ced2dcdcb19ba9a.manifest
[2014.10.16 19:36:24 | 000,521,384 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18574_none_5ced2dcdcb19ba9a_winload.exe_75835076
[2014.10.16 19:36:24 | 000,455,752 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18574_none_5ced2dcdcb19ba9a_winresume.exe_85cd1215
[2009.07.14 03:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 03:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2009.07.14 09:42:11 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2014.07.08 22:41:55 | 000,002,777 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18526_cs-cz_3540f2755b51fb60.manifest
[2014.07.08 22:42:00 | 000,002,777 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22736_cs-cz_35bfc13a7477b442.manifest
[2009.07.14 02:47:46 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2010.11.20 04:02:40 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2014.08.19 04:02:10 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18574_none_5ced2dcdcb19ba9a.manifest
[2014.08.19 04:09:35 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22780_none_5d67fb6ae4430e20.manifest
[2009.07.14 02:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 05:56:23 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17179_none_0a96fc99dd17f16b\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 05:44:10 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21386_none_0b12ca80f6405e48\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 05:45:15 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 02:48:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 05:46:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_0d04f7bcf35dc79a\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.03.04 11:35:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22616_none_0d44e078f32df860\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.04.12 03:03:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_0d169feaf3511c1f\api-ms-win-core-libraryloader-l1-1-0.dll
< End of report >
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vladimir\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
3,50 Gb Total Physical Memory | 2,69 Gb Available Physical Memory | 76,78% Memory free
3,50 Gb Paging File | 2,67 Gb Available in Paging File | 76,43% Paging File free
Paging file location(s): [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 38,96 Gb Total Space | 16,76 Gb Free Space | 43,02% Space Free | Partition Type: NTFS
Drive E: | 193,82 Gb Total Space | 122,80 Gb Free Space | 63,36% Space Free | Partition Type: NTFS
Computer Name: LADA-PC | User Name: Vladimir | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014.12.12 19:25:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vladimir\Desktop\OTL.exe
PRC - [2014.12.12 13:35:22 | 005,227,112 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014.12.12 13:34:54 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014.11.24 10:53:49 | 000,399,976 | ---- | M] (RaMMicHaeL) -- C:\Program Files\Unchecky\bin\unchecky_bg.exe
PRC - [2014.11.24 10:53:49 | 000,111,208 | ---- | M] (RaMMicHaeL) -- C:\Program Files\Unchecky\bin\unchecky_svc.exe
PRC - [2014.11.21 19:41:50 | 005,282,584 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
PRC - [2014.08.29 17:07:46 | 000,441,144 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
PRC - [2014.08.29 17:05:58 | 000,440,632 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
PRC - [2014.08.19 20:27:27 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2014.07.23 00:47:10 | 000,142,648 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2014.07.02 20:42:26 | 000,940,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2014.12.12 13:34:56 | 038,562,088 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014.11.22 01:03:48 | 000,043,520 | ---- | M] () -- C:\Program Files\CCleaner\Lang\lang-1029.dll
MOD - [2014.05.12 10:49:04 | 000,260,608 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_06.dll
========== Services (SafeList) ==========
SRV - [2014.12.12 13:34:54 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014.12.11 17:33:54 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.12.03 08:04:18 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014.12.03 07:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014.11.24 10:53:49 | 000,111,208 | ---- | M] (RaMMicHaeL) [Auto | Running] -- C:\Program Files\Unchecky\bin\unchecky_svc.exe -- (Unchecky)
SRV - [2014.11.22 02:55:14 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014.10.22 10:25:38 | 000,997,664 | ---- | M] (Overwolf LTD) [On_Demand | Stopped] -- C:\Program Files\Overwolf\OverwolfUpdater.exe -- (OverwolfUpdater)
SRV - [2014.09.17 03:14:57 | 001,795,912 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014.09.17 03:14:56 | 000,915,784 | ---- | M] (NVIDIA Corporation) [On_Demand | Stopped] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV - [2014.09.17 03:14:55 | 018,044,744 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV - [2014.08.29 17:07:46 | 000,441,144 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe -- (MbaeSvc)
SRV - [2014.08.18 23:29:02 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2014.07.23 00:47:10 | 000,142,648 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2014.07.02 18:39:15 | 000,413,128 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014.04.03 19:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.05.27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011.08.30 14:55:54 | 000,160,256 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Vladimir\AppData\Local\Temp\ALSysIO.sys -- (ALSysIO)
DRV - [2014.12.12 13:35:21 | 000,787,800 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsnx.sys -- (aswSnx)
DRV - [2014.12.12 13:35:19 | 000,423,784 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsp.sys -- (aswSP)
DRV - [2014.12.12 13:34:57 | 000,206,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014.12.12 13:34:57 | 000,091,496 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswStm.sys -- (aswStm)
DRV - [2014.12.12 13:34:57 | 000,081,768 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2014.12.12 13:34:57 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014.12.12 13:34:57 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014.12.12 13:34:57 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2014.10.25 17:04:44 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2014.10.25 17:03:57 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2014.09.04 20:14:38 | 000,032,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvvad32v.sys -- (nvvad_WaveExtensible)
DRV - [2014.08.30 18:45:20 | 000,047,896 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys -- (ESProtectionDriver)
DRV - [2014.07.02 21:54:57 | 010,681,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013.10.02 01:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012.08.23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.06.25 18:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009.12.30 10:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009.07.14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.07.13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2714417846-278132917-2001900100-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/
IE - HKU\S-1-5-21-2714417846-278132917-2001900100-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2714417846-278132917-2001900100-1000\..\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-2714417846-278132917-2001900100-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-2714417846-278132917-2001900100-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?btnG=Google+Search&q="
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.seznam.cz/"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:10.0.2502.149
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0
FF - prefs.js..keyword.URL: "http://www.google.com/search?btnG=Google+Search&q="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Vladimir\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014.12.12 13:34:58 | 000,000,000 | ---D | M]
[2014.08.18 20:49:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vladimir\AppData\Roaming\Mozilla\Extensions
[2014.12.10 16:51:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vladimir\AppData\Roaming\Mozilla\Firefox\Profiles\3yya6hqo.default\extensions
[2014.12.10 16:51:00 | 000,730,412 | ---- | M] () (No name found) -- C:\Users\Vladimir\AppData\Roaming\Mozilla\Firefox\Profiles\3yya6hqo.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi
[2014.12.03 08:04:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014.12.03 08:04:19 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014.12.12 13:34:58 | 000,000,000 | ---D | M] ("Avast Online Security") -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
========== Chrome ==========
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.0.2502.149_0\
O1 HOSTS File: ([2014.12.12 17:58:06 | 000,002,009 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
O1 - Hosts: 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
O1 - Hosts: 0.0.0.0 media.opencandy.com
O1 - Hosts: 0.0.0.0 cdn.opencandy.com
O1 - Hosts: 0.0.0.0 tracking.opencandy.com
O1 - Hosts: 0.0.0.0 api.opencandy.com
O1 - Hosts: 0.0.0.0 installer.betterinstaller.com
O1 - Hosts: 0.0.0.0 installer.filebulldog.com
O1 - Hosts: 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
O1 - Hosts: 0.0.0.0 inno.bisrv.com
O1 - Hosts: 0.0.0.0 nsis.bisrv.com
O1 - Hosts: 0.0.0.0 cdn.file2desktop.com
O1 - Hosts: 0.0.0.0 cdn.goateastcach.us
O1 - Hosts: 0.0.0.0 cdn.guttastatdk.us
O1 - Hosts: 0.0.0.0 cdn.inskinmedia.com
O1 - Hosts: 0.0.0.0 cdn.insta.oibundles2.com
O1 - Hosts: 0.0.0.0 cdn.insta.playbryte.com
O1 - Hosts: 0.0.0.0 cdn.llogetfastcach.us
O1 - Hosts: 0.0.0.0 cdn.montiera.com
O1 - Hosts: 0.0.0.0 cdn.msdwnld.com
O1 - Hosts: 0.0.0.0 cdn.mypcbackup.com
O1 - Hosts: 0.0.0.0 cdn.ppdownload.com
O1 - Hosts: 0.0.0.0 cdn.riceateastcach.us
O1 - Hosts: 12 more lines...
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes Anti-Exploit] C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-2714417846-278132917-2001900100-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2714417846-278132917-2001900100-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2714417846-278132917-2001900100-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0EF8F650-BFD6-45F7-A826-0D00F9ECA0A3}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0EF8F650-BFD6-45F7-A826-0D00F9ECA0A3}: NameServer = 8.8.8.8,8.8.4.4
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 30 Days ==========
[2014.12.12 19:25:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Vladimir\Desktop\OTL.exe
[2014.12.12 17:58:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014.12.12 17:51:34 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2014.12.12 17:51:34 | 000,000,000 | ---D | C] -- C:\Users\Vladimir\AppData\Local\Temp
[2014.12.12 14:24:48 | 000,000,000 | ---D | C] -- C:\FRST
[2014.12.12 14:20:26 | 000,112,640 | ---- | C] (forum.viry.cz) -- C:\Users\Vladimir\Desktop\FRSTLauncher.exe
[2014.12.12 14:19:19 | 001,111,040 | ---- | C] (Farbar) -- C:\Users\Vladimir\Desktop\FRST.exe
[2014.12.12 13:36:07 | 000,000,000 | ---D | C] -- C:\Users\Vladimir\AppData\Roaming\AVAST Software
[2014.12.12 13:35:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
[2014.12.12 13:35:09 | 000,091,496 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswStm.sys
[2014.12.12 13:35:08 | 000,423,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswsp.sys
[2014.12.12 13:35:07 | 000,070,384 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2014.12.12 13:35:04 | 000,081,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2014.12.12 13:35:01 | 000,787,800 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswsnx.sys
[2014.12.12 13:34:59 | 000,291,352 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2014.12.12 13:34:57 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014.12.12 13:34:35 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014.12.12 13:31:55 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014.12.12 07:10:48 | 000,000,000 | ---D | C] -- C:\Users\Vladimir\Documents\PPlogs
[2014.12.10 13:24:06 | 000,000,000 | ---D | C] -- C:\Users\Vladimir\AppData\Roaming\xarp-Vladimir
[2014.12.10 13:24:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2014.12.10 13:23:59 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2014.12.10 13:23:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XArp
[2014.12.10 13:23:09 | 000,000,000 | ---D | C] -- C:\Program Files\XArp
[2014.12.10 11:57:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014.12.10 07:53:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\appraiser
[2014.12.10 07:24:17 | 003,209,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2014.12.10 06:47:23 | 001,160,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aitstatic.exe
[2014.12.10 06:47:23 | 000,873,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2014.12.10 06:47:23 | 000,728,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appraiser.dll
[2014.12.10 06:47:23 | 000,159,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepic.dll
[2014.12.10 06:47:22 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\invagent.dll
[2014.12.10 06:47:21 | 000,337,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\generaltel.dll
[2014.12.10 06:47:21 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devinv.dll
[2014.12.10 06:47:21 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2014.12.10 06:47:17 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014.12.10 06:47:17 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2014.12.10 06:47:17 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014.12.10 06:47:16 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014.12.10 06:47:16 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014.12.10 06:47:15 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014.12.10 06:47:15 | 000,418,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014.12.10 06:47:15 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014.12.10 06:47:15 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014.12.10 06:47:13 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014.12.10 06:47:12 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014.12.10 06:47:11 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2014.12.10 06:47:11 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2014.12.10 06:47:09 | 004,299,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014.12.10 06:47:06 | 000,684,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014.12.10 06:47:06 | 000,342,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2014.12.10 06:47:06 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014.12.10 06:47:05 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014.12.10 06:47:05 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014.12.10 06:47:05 | 000,688,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014.12.10 06:47:04 | 002,052,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014.12.10 06:47:03 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014.12.10 06:47:03 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014.12.10 06:45:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2014.12.10 06:45:35 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\charmap.exe
[2014.12.10 06:45:10 | 000,248,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2014.12.10 06:45:10 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2014.12.10 06:45:10 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2014.12.10 06:45:10 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2014.12.09 16:40:23 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3
[2014.12.09 16:11:31 | 000,000,000 | ---D | C] -- C:\Users\Vladimir\AppData\Roaming\PFStaticIP
[2014.12.09 16:07:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PortForward.com
[2014.12.09 16:07:12 | 000,000,000 | ---D | C] -- C:\Users\Vladimir\AppData\Roaming\PortForward.com
[2014.12.09 16:07:12 | 000,000,000 | ---D | C] -- C:\Program Files\Portforward
[2014.12.09 16:06:54 | 000,000,000 | ---D | C] -- C:\Users\Vladimir\AppData\Local\Downloaded Installations
[2014.12.08 14:33:09 | 000,000,000 | ---D | C] -- C:\Users\Vladimir\AppData\Roaming\Wargaming.net
[2014.12.08 07:36:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks - Common Test
[2014.12.03 08:04:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014.11.26 18:20:32 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2014.11.26 17:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo
[2014.11.26 17:52:19 | 000,000,000 | ---D | C] -- C:\Users\Vladimir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
[2014.11.25 15:34:44 | 000,000,000 | R--D | C] -- C:\Users\Vladimir\Documents\Scanned Documents
[2014.11.25 15:34:43 | 000,000,000 | ---D | C] -- C:\Users\Vladimir\Documents\Fax
[2014.11.16 09:51:50 | 000,000,000 | -HSD | C] -- C:\Users\Vladimir\AppData\Local\EmieBrowserModeList
[2014.11.14 20:44:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2014.11.14 20:44:18 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
========== Files - Modified Within 30 Days ==========
[2014.12.12 19:38:49 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014.12.12 19:25:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vladimir\Desktop\OTL.exe
[2014.12.12 18:05:10 | 000,023,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.12.12 18:05:10 | 000,023,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.12.12 18:02:16 | 000,669,150 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2014.12.12 18:02:16 | 000,654,538 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014.12.12 18:02:16 | 000,141,810 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2014.12.12 18:02:16 | 000,122,410 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014.12.12 17:58:06 | 000,002,009 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014.12.12 17:57:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.12.12 17:57:49 | 2817,433,600 | -HS- | M] () -- C:\hiberfil.sys
[2014.12.12 17:30:22 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
[2014.12.12 17:29:50 | 001,295,360 | ---- | M] () -- C:\Users\Vladimir\Desktop\zoek.exe
[2014.12.12 14:44:50 | 000,006,201 | ---- | M] () -- C:\Users\Vladimir\Desktop\Addition.rar
[2014.12.12 14:20:30 | 000,112,640 | ---- | M] (forum.viry.cz) -- C:\Users\Vladimir\Desktop\FRSTLauncher.exe
[2014.12.12 14:19:19 | 001,111,040 | ---- | M] (Farbar) -- C:\Users\Vladimir\Desktop\FRST.exe
[2014.12.12 13:35:25 | 000,002,123 | ---- | M] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2014.12.12 13:35:21 | 000,787,800 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswsnx.sys
[2014.12.12 13:35:19 | 000,423,784 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswsp.sys
[2014.12.12 13:34:57 | 000,291,352 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2014.12.12 13:34:57 | 000,206,248 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014.12.12 13:34:57 | 000,091,496 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswStm.sys
[2014.12.12 13:34:57 | 000,081,768 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2014.12.12 13:34:57 | 000,070,384 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2014.12.12 13:34:57 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2014.12.12 13:34:57 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014.12.12 13:34:57 | 000,024,184 | ---- | M] () -- C:\Windows\System32\drivers\aswHwid.sys
[2014.12.12 08:20:06 | 000,007,612 | ---- | M] () -- C:\Users\Vladimir\AppData\Local\resmon.resmoncfg
[2014.12.12 06:31:56 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.12.12 06:31:54 | 000,312,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014.12.11 17:33:54 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014.12.11 17:33:53 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014.12.11 17:10:38 | 000,001,970 | ---- | M] () -- C:\Users\Vladimir\Desktop\FileHippo App Manager.lnk
[2014.12.11 10:10:31 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014.12.10 12:02:28 | 000,002,209 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014.12.09 16:40:23 | 000,001,426 | ---- | M] () -- C:\Users\Public\Desktop\LibreOffice 4.3.lnk
[2014.12.09 16:07:13 | 000,002,803 | ---- | M] () -- C:\Users\Public\Desktop\PortForward Network Utilities.lnk
[2014.12.04 13:06:57 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014.12.04 05:38:59 | 000,337,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\generaltel.dll
[2014.12.04 05:38:45 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\invagent.dll
[2014.12.04 05:38:40 | 000,315,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devinv.dll
[2014.12.04 05:38:37 | 000,728,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\appraiser.dll
[2014.12.04 05:38:36 | 000,202,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2014.12.04 05:38:36 | 000,159,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aepic.dll
[2014.12.04 05:34:13 | 000,873,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2014.12.03 11:21:18 | 000,002,038 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2014.12.02 00:28:26 | 001,160,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aitstatic.exe
[2014.11.27 02:10:45 | 000,342,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2014.11.26 22:05:49 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.11.26 22:05:49 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.11.26 17:52:19 | 000,001,162 | ---- | M] () -- C:\Users\Vladimir\Desktop\Format Factory.lnk
[2014.11.22 03:20:44 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014.11.22 03:20:30 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014.11.22 03:07:17 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014.11.22 03:06:32 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014.11.22 03:05:02 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2014.11.22 02:59:42 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014.11.22 02:58:54 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014.11.22 02:56:40 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014.11.22 02:55:16 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014.11.22 02:55:14 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014.11.22 02:54:30 | 000,620,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014.11.22 02:48:26 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014.11.22 02:45:18 | 000,418,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014.11.22 02:40:04 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2014.11.22 02:36:14 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014.11.22 02:33:22 | 000,285,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014.11.22 02:29:26 | 004,299,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014.11.22 02:23:48 | 000,688,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014.11.22 02:23:06 | 000,684,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014.11.22 02:22:49 | 002,052,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014.11.22 02:21:57 | 001,155,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2014.11.22 01:54:44 | 000,710,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014.11.21 06:14:20 | 000,051,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014.11.21 06:14:10 | 000,075,480 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014.11.21 06:14:06 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014.11.14 20:44:21 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
========== Files Created - No Company Name ==========
[2014.12.12 19:38:49 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014.12.12 17:51:36 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2014.12.12 17:29:45 | 001,295,360 | ---- | C] () -- C:\Users\Vladimir\Desktop\zoek.exe
[2014.12.12 14:44:50 | 000,006,201 | ---- | C] () -- C:\Users\Vladimir\Desktop\Addition.rar
[2014.12.12 13:35:25 | 000,002,123 | ---- | C] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2014.12.12 13:35:08 | 000,206,248 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014.12.12 13:35:07 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2014.12.12 13:35:07 | 000,024,184 | ---- | C] () -- C:\Windows\System32\drivers\aswHwid.sys
[2014.12.12 06:31:39 | 000,312,264 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2014.12.09 16:40:23 | 000,001,426 | ---- | C] () -- C:\Users\Public\Desktop\LibreOffice 4.3.lnk
[2014.12.09 16:07:13 | 000,002,803 | ---- | C] () -- C:\Users\Public\Desktop\PortForward Network Utilities.lnk
[2014.11.26 17:52:19 | 000,001,162 | ---- | C] () -- C:\Users\Vladimir\Desktop\Format Factory.lnk
[2014.11.14 20:44:21 | 000,001,967 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2014.11.01 12:20:09 | 000,000,337 | ---- | C] () -- C:\Users\Vladimir\AppData\Local\Perfmon.PerfmonCfg
[2014.09.03 16:24:10 | 000,024,944 | ---- | C] () -- C:\Windows\System32\drivers\GVTDrv.sys
[2014.08.19 18:55:27 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2014.08.19 18:53:58 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2014.08.19 13:52:37 | 000,000,024 | -HS- | C] () -- C:\Users\Vladimir\AppData\Roaming\System5908ConfigCollection.dat
[2014.08.18 22:56:40 | 003,826,628 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2014.08.18 20:22:10 | 000,007,612 | ---- | C] () -- C:\Users\Vladimir\AppData\Local\resmon.resmoncfg
========== ZeroAccess Check ==========
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.06.25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2014.12.12 13:36:07 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\AVAST Software
[2014.09.09 10:48:42 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\Downloaded Installations
[2014.10.25 12:45:22 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\Dropbox
[2014.08.19 12:24:11 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\LibreOffice
[2014.12.01 10:38:26 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\Notepad++
[2014.08.24 09:03:04 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\Oracle
[2014.12.10 13:31:51 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\PFStaticIP
[2014.10.19 16:12:18 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\PingPlotter
[2014.12.09 16:09:21 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\PortForward.com
[2014.09.15 13:35:22 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\QuickScan
[2014.08.18 21:07:00 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\Thunderbird
[2014.09.29 10:18:48 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\Unity
[2014.08.19 10:44:00 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\VitySoft
[2014.12.10 14:17:14 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\Wargaming.net
[2014.12.10 14:12:51 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\xarp-Vladimir
========== Purity Check ==========
========== Custom Scans ==========
< >
[2009.07.14 05:53:46 | 000,032,634 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2014.09.12 14:51:21 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2014.10.18 08:06:17 | 000,000,936 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2014.10.18 08:06:18 | 000,000,940 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
< >
< MD5 for: ATAPI.SYS >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_a5025d31bee4647c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_df26d4d57fdef5b0\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_dfc9143c98e9a6c4\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2009.07.14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2010.11.20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe
[2010.11.20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe
< MD5 for: CDROM.SYS >
[2009.07.14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
[2010.11.20 09:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010.11.20 09:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010.11.20 09:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys
< MD5 for: EXPLORER.EXE >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
< MD5 for: HAL.DLL >
[2010.11.20 13:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\System32\hal.dll
[2010.11.20 13:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll
[2009.07.14 02:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll
< MD5 for: SCECLI.DLL >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
< MD5 for: SERVICES.EXE >
[2009.07.14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009.07.14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
< MD5 for: SVCHOST.EXE >
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2014.11.21 06:12:42 | 000,761,656 | ---- | M] (MalwareBytes) MD5=625BB08813743947985B0DEEFC35ED12 -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
< MD5 for: TCPIP.SYS >
[2009.07.14 02:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010.11.20 13:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2014.04.05 03:25:01 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=5579DD18546999F5D0EC39D018726C6B -- C:\Windows\System32\drivers\tcpip.sys
[2014.04.05 03:25:01 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=5579DD18546999F5D0EC39D018726C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18438_none_b513c4dfc4b513b9\tcpip.sys
[2014.08.19 20:27:39 | 001,309,120 | ---- | M] (Microsoft Corporation) MD5=6C4F3D92764FFA22D28061A4D9235446 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_b58e8eb0ddde6cf1\tcpip.sys
[2014.08.19 20:27:39 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=CA59F7C570AF70BC174F477CFE2D9EE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_b4fa2013c4c8ebf1\tcpip.sys
[2012.10.03 17:44:01 | 001,308,040 | ---- | M] (Microsoft Corporation) MD5=D490DD0A91B4EAC3B4EE08D11EE37C31 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_b5a428d6ddce3d9a\tcpip.sys
[2012.10.03 17:58:30 | 001,293,680 | ---- | M] (Microsoft Corporation) MD5=E23A56F843E2AEBBB209D0ACCA73C640 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_b4ef7439c4d0da52\tcpip.sys
[2014.04.05 03:16:21 | 001,310,144 | ---- | M] (Microsoft Corporation) MD5=EA47AB18E289333AB94397D77CA6E3A1 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22648_none_b59293a4dddacc9b\tcpip.sys
< MD5 for: USERINIT.EXE >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2014.07.16 03:56:14 | 000,304,640 | ---- | M] (Microsoft Corporation) MD5=4F37B93C14AEE313BEC52A23AFB15C2E -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_7224b2134c7555fa\winlogon.exe
[2014.07.17 02:39:27 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=52449FD429D6053B78AE564DEF303870 -- C:\Windows\System32\winlogon.exe
[2014.07.17 02:39:27 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=52449FD429D6053B78AE564DEF303870 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_71a5e34e334f9d18\winlogon.exe
[2014.11.21 06:12:42 | 000,761,656 | ---- | M] (MalwareBytes) MD5=625BB08813743947985B0DEEFC35ED12 -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2014.03.04 10:17:02 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=998507B046BA314CE8245364C686FA67 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_71da23b23327143c\winlogon.exe
[2014.03.04 11:39:02 | 000,304,640 | ---- | M] (Microsoft Corporation) MD5=D53972F87D850CD2EB4B29B60CAFDD77 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_7255f1994c4f8119\winlogon.exe
< >
< %systemroot%*.* /U /s >
[4 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2014.09.23 15:23:58 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\Adobe
[2014.12.12 13:36:07 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\AVAST Software
[2014.09.09 10:48:42 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\Downloaded Installations
[2014.10.25 12:45:22 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\Dropbox
[2014.08.18 20:12:58 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\Identities
[2014.08.19 12:24:11 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\LibreOffice
[2014.09.12 14:26:05 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\Macromedia
[2009.07.14 10:20:06 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\Media Center Programs
[2014.09.11 19:48:48 | 000,000,000 | --SD | M] -- C:\Users\Vladimir\AppData\Roaming\Microsoft
[2014.10.26 20:06:28 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\Mozilla
[2014.12.01 10:38:26 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\Notepad++
[2014.08.31 10:07:07 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\NVIDIA
[2014.08.24 09:03:04 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\Oracle
[2014.12.10 13:31:51 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\PFStaticIP
[2014.10.19 16:12:18 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\PingPlotter
[2014.12.09 16:09:21 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\PortForward.com
[2014.09.15 13:35:22 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\QuickScan
[2014.12.11 08:08:16 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\Skype
[2014.10.30 09:28:51 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\SUPERAntiSpyware.com
[2014.08.18 21:07:00 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\Thunderbird
[2014.09.29 10:18:48 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\Unity
[2014.08.19 10:44:00 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\VitySoft
[2014.12.10 14:17:14 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\Wargaming.net
[2014.09.10 14:17:37 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\WinRAR
[2014.12.10 14:12:51 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\xarp-Vladimir
< %APPDATA%\*.exe /s >
[2014.09.13 01:52:04 | 036,414,624 | ---- | M] (Dropbox, Inc.) -- C:\Users\Vladimir\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2014.09.13 01:55:10 | 000,262,160 | ---- | M] (Dropbox, Inc.) -- C:\Users\Vladimir\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
[2014.09.13 01:52:08 | 000,225,256 | ---- | M] (Dropbox, Inc.) -- C:\Users\Vladimir\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job >
[2014.12.12 06:31:56 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2014.11.26 22:05:49 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2014.11.26 22:05:49 | 000,000,940 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
[2014.12.12 13:34:57 | 000,024,184 | ---- | M] () -- C:\Windows\system32\drivers\aswHwid.sys
[2014.12.12 13:34:57 | 000,070,384 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswMonFlt.sys
[2014.12.12 13:34:57 | 000,081,768 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswRdr2.sys
[2014.12.12 13:34:57 | 000,049,944 | ---- | M] () -- C:\Windows\system32\drivers\aswRvrt.sys
[2014.12.12 13:35:21 | 000,787,800 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswsnx.sys
[2014.12.12 13:35:19 | 000,423,784 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswsp.sys
[2014.12.12 13:34:57 | 000,091,496 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswStm.sys
[2014.12.12 13:34:57 | 000,206,248 | ---- | M] () -- C:\Windows\system32\drivers\aswVmm.sys
[2014.12.11 10:10:31 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\MBAMSwissArmy.sys
< %systemroot%\system32\*.* /3 >
[2014.12.12 18:05:10 | 000,023,904 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.12.12 18:05:10 | 000,023,904 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.12.12 13:34:57 | 000,291,352 | ---- | M] (AVAST Software) -- C:\Windows\system32\aswBoot.exe
[2014.12.11 17:33:54 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerApp.exe
[2014.12.11 17:33:53 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerCPLApp.cpl
[2014.12.12 06:31:54 | 000,312,264 | ---- | M] () -- C:\Windows\system32\FNTCACHE.DAT
[2014.12.10 07:20:20 | 109,818,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\MRT.exe
[2014.12.12 18:02:16 | 000,141,810 | ---- | M] () -- C:\Windows\system32\perfc005.dat
[2014.12.12 18:02:16 | 000,122,410 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2014.12.12 18:02:16 | 000,669,150 | ---- | M] () -- C:\Windows\system32\perfh005.dat
[2014.12.12 18:02:16 | 000,654,538 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2014.12.12 18:02:16 | 001,585,714 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI
< %SYSTEMDRIVE%\*.exe >
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CCleaner Monitoring" = "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR -- [2014.11.21 19:41:50 | 005,282,584 | ---- | M] (Piriform Ltd)
< >
< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2014.12.03 08:04:19 | 000,337,520 | ---- | M] (Mozilla Corporation) MD5=30D17877295E6E9116FE7C10ED3E3ABF -- C:\Program Files\Mozilla Firefox\firefox.exe
< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2014.11.27 02:10:46 | 000,815,280 | ---- | M] (Microsoft Corporation) MD5=A24BFBAE8B50A6780B68FF3673FAB52F -- C:\Program Files\Internet Explorer\iexplore.exe
< %PROGRAMFILES%\Opera\opera.exe /md5 >
< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2014.12.06 02:50:53 | 000,856,904 | ---- | M] (Google Inc.) MD5=5F3587E344F2990B59C941FB405CAA0F -- C:\Program Files\Google\Chrome\Application\chrome.exe
< >
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014.12.12 19:38:49 | 000,000,512 | ---- | M] () MD5=BD3BDA1033C7397178DFDC223CE3DDF2 -- C:\PhysicalMBR.bin
< >
< *crack* /s >
[2014.08.19 10:44:03 | 000,005,592 | ---- | M] () -- \Users\Vladimir\AppData\Roaming\VitySoft\FRD\plugins\crackle.frp
< *keygen* /s >
< *loader* /s >
[2014.12.12 13:34:54 | 000,072,480 | ---- | M] () -- \Program Files\AVAST Software\Avast\aswWrcIELoader32.exe
[2014.05.25 19:45:56 | 000,006,866 | ---- | M] () -- \Program Files\LibreOffice 4\program\pythonloader.py
[2014.11.10 19:54:38 | 000,000,171 | ---- | M] () -- \Program Files\LibreOffice 4\program\pythonloader.uno.ini
[2014.11.10 19:53:16 | 000,047,392 | ---- | M] () -- \Program Files\LibreOffice 4\program\pythonloaderlo.dll
[2014.11.10 13:31:48 | 000,124,430 | ---- | M] () -- \Program Files\LibreOffice 4\program\classes\libloader-1.1.6.jar
[2014.11.10 13:40:34 | 000,013,883 | ---- | M] () -- \Program Files\LibreOffice 4\program\python-core-3.3.3\lib\unittest\loader.py
[2014.11.10 13:40:34 | 000,050,271 | ---- | M] () -- \Program Files\LibreOffice 4\program\python-core-3.3.3\lib\unittest\test\test_loader.py
[2014.11.10 19:52:04 | 000,084,256 | ---- | M] () -- \Program Files\LibreOffice 4\URE\bin\javaloaderlo.dll
[2014.11.10 13:25:50 | 000,004,766 | ---- | M] () -- \Program Files\LibreOffice 4\URE\java\unoloader.jar
[2011.07.18 22:33:32 | 000,008,787 | ---- | M] () -- \Program Files\Notepad++\user.manual\sites\all\modules\fancy_login\images\ajax-loader.gif
[2014.09.17 03:14:17 | 001,169,224 | ---- | M] () -- \Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\ExtensionLoader.dll
[2013.12.20 00:37:56 | 000,065,344 | ---- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2013.12.20 00:37:44 | 000,073,536 | ---- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader.dll
[2014.10.22 10:23:30 | 000,001,657 | ---- | M] () -- \Program Files\Overwolf\0.81.34.0\Licenses\TextureLoader.txt
[2014.10.24 08:42:10 | 000,072,638 | ---- | M] () -- \Users\Vladimir\AppData\Local\Skype\Apps\login\images\loader.gif
[2014.10.24 08:42:10 | 000,003,032 | ---- | M] () -- \Users\Vladimir\AppData\Local\Skype\Apps\login\images\loader.png
[2014.10.24 08:42:10 | 000,006,012 | ---- | M] () -- \Users\Vladimir\AppData\Local\Skype\Apps\login\images\normal\loader_15fps.gif
[2014.10.24 08:42:10 | 000,021,956 | ---- | M] () -- \Users\Vladimir\AppData\Local\Skype\Apps\login\images\normal\loader_30fps.gif
[2014.10.24 08:42:10 | 000,009,772 | ---- | M] () -- \Users\Vladimir\AppData\Local\Skype\Apps\login\images\retina\loader@2x.png
[2014.12.12 18:03:50 | 000,010,874 | ---- | M] () -- \Windows\Prefetch\ASWWRCIELOADER32.EXE-BB2E4DE4.pf
[2013.08.02 02:48:15 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009.07.14 05:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2014.10.16 19:36:24 | 000,002,777 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18526_cs-cz_3540f2755b51fb60.manifest
[2014.10.16 19:36:24 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18526_cs-cz_3540f2755b51fb60_winload.exe.mui_3bc5b827
[2014.10.16 19:36:24 | 000,030,272 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18526_cs-cz_3540f2755b51fb60_winresume.exe.mui_ff8b5358
[2014.10.16 19:36:24 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18574_none_5ced2dcdcb19ba9a.manifest
[2014.10.16 19:36:24 | 000,521,384 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18574_none_5ced2dcdcb19ba9a_winload.exe_75835076
[2014.10.16 19:36:24 | 000,455,752 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18574_none_5ced2dcdcb19ba9a_winresume.exe_85cd1215
[2009.07.14 03:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 03:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2009.07.14 09:42:11 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2014.07.08 22:41:55 | 000,002,777 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18526_cs-cz_3540f2755b51fb60.manifest
[2014.07.08 22:42:00 | 000,002,777 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22736_cs-cz_35bfc13a7477b442.manifest
[2009.07.14 02:47:46 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2010.11.20 04:02:40 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2014.08.19 04:02:10 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18574_none_5ced2dcdcb19ba9a.manifest
[2014.08.19 04:09:35 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22780_none_5d67fb6ae4430e20.manifest
[2009.07.14 02:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 05:56:23 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.17179_none_0a96fc99dd17f16b\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 05:44:10 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21386_none_0b12ca80f6405e48\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 05:45:15 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 02:48:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 05:46:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_0d04f7bcf35dc79a\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.03.04 11:35:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22616_none_0d44e078f32df860\api-ms-win-core-libraryloader-l1-1-0.dll
[2014.04.12 03:03:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_0d169feaf3511c1f\api-ms-win-core-libraryloader-l1-1-0.dll
< End of report >
Re: Pls.o kontr. logu
OTL Extras logfile created on: 12.12.2014 19:37:04 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vladimir\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
3,50 Gb Total Physical Memory | 2,69 Gb Available Physical Memory | 76,78% Memory free
3,50 Gb Paging File | 2,67 Gb Available in Paging File | 76,43% Paging File free
Paging file location(s): [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 38,96 Gb Total Space | 16,76 Gb Free Space | 43,02% Space Free | Partition Type: NTFS
Drive E: | 193,82 Gb Total Space | 122,80 Gb Free Space | 63,36% Space Free | Partition Type: NTFS
Computer Name: LADA-PC | User Name: Vladimir | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2714417846-278132917-2001900100-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D2AC9DC-FB9B-4F88-A0B8-C6CF3E9333F2}" = lport=80 | protocol=6 | dir=in | name=war thunder |
"{1EC18BBE-A283-47B8-8CAE-E8CBCB08D3DF}" = rport=138 | protocol=17 | dir=out | app=system |
"{236B6B63-1312-4CF8-BCAA-94F27B3317C2}" = lport=20010 | protocol=17 | dir=in | name=war thunder |
"{27340168-CA12-4DB4-A46A-1CD17F6B679E}" = rport=137 | protocol=17 | dir=out | app=system |
"{303CFCB6-2635-4CFA-A113-FBB5352B25F6}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{3204E01F-77C7-4474-8FDE-86446ACFD4EE}" = lport=6881 | protocol=6 | dir=in | name=war thunder |
"{3F3D1835-D647-4628-9F52-68B15A5FA9E0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{40B08FD2-5BC1-41FF-AB3A-72B9527EEB05}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{42C7E837-ED1B-4ABE-AAF7-26B17419651B}" = lport=443 | protocol=6 | dir=in | name=war thunder |
"{4B04FEF3-C6F3-48D2-9E95-B22130AEB8C1}" = lport=27022 | protocol=6 | dir=in | name=war thunder |
"{568E7A69-9AA1-4C23-8B99-89110C6CC178}" = lport=20443 | protocol=6 | dir=in | name=war thunder |
"{5BB017AD-F139-4D71-8757-D43615144802}" = lport=33333 | protocol=6 | dir=in | name=war thunder |
"{5C64F9DE-F30E-46B1-9795-46017580DF8F}" = lport=138 | protocol=17 | dir=in | app=system |
"{5D29C8C7-AC5B-4D06-A2B4-5567AF47BD29}" = lport=3478 | protocol=17 | dir=in | name=war thunder |
"{68D0EB0E-2206-4170-AD97-4AF79B79437A}" = rport=445 | protocol=6 | dir=out | app=system |
"{6D947090-6682-4CF3-8D8B-FB54002312BF}" = lport=137 | protocol=17 | dir=in | app=system |
"{7754E6E8-C506-4E2B-84C5-C65BA9C9656E}" = lport=8090 | protocol=6 | dir=in | name=war thunder |
"{7CB3000D-E801-42CD-A0A8-0A56A4063AE7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{809AA24B-EDA4-4BD9-B3CF-9C335929EDB9}" = rport=139 | protocol=6 | dir=out | app=system |
"{8508C7C2-1170-4B12-92CC-0B2A24724E78}" = lport=445 | protocol=6 | dir=in | app=system |
"{927D3F07-E66E-44CA-A9BC-F662B5615323}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{A112D8AA-DD7C-46B0-B612-61CBACCF3A0E}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{A4A26B2F-F9B8-4230-970B-CC22C152EFC9}" = lport=443 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\netservice\nvnetworkservice.exe |
"{A641245B-22AF-4864-AA76-C2AAED0C16EC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B1AEC486-4F93-46EE-8F04-951B5884869D}" = lport=139 | protocol=6 | dir=in | app=system |
"{B2606E0E-AE7A-4463-966D-6DEAB3D0C84B}" = lport=7853 | protocol=6 | dir=in | name=war thunder |
"{B43C73CD-19EA-4563-861A-AE93E74106C9}" = lport=80 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\netservice\nvnetworkservice.exe |
"{B76295A4-4C62-4A89-A09C-D11964C8EA30}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BD51E0DA-426E-44FA-91D0-1AB26DCC8616}" = lport=7850 | protocol=6 | dir=in | name=war thunder |
"{D9079E67-4DF0-4CA7-A45A-24F0EBD32145}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"{E2FC53FE-BDAF-49DB-9988-1B2AED59DCDC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ED4BD363-0B15-4BF5-BA0D-96D5EBE59073}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{ED85DC7F-0294-47BB-B370-441A753AA34E}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{FEB81F0B-06EE-4899-BDCF-3CF8C8F8B755}" = lport=7852 | protocol=6 | dir=in | name=war thunder |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1A9CABBB-4B90-4E76-A124-D52930A04942}" = protocol=17 | dir=in | app=e:\games\world_of_tanks\wotlauncher.exe |
"{2814CF96-A124-4971-BFFC-618A0BC1B077}" = protocol=17 | dir=in | app=e:\games\warthunder\launcher.exe |
"{59CCC8C2-A2BD-4B23-9E89-D66084F09972}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5FF3084C-0A4D-494A-A1AB-08A6FFE0B42A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{74E2E5E9-2CE1-4F8E-AC2D-900AAD7A6136}" = protocol=6 | dir=in | app=c:\users\vladimir\appdata\roaming\dropbox\bin\dropbox.exe |
"{ABD47242-3A36-4D87-86DB-E9D668D94CB4}" = protocol=17 | dir=in | app=c:\users\vladimir\appdata\roaming\dropbox\bin\dropbox.exe |
"{B2D8E94A-F5E5-41E5-948D-820E7870307E}" = protocol=6 | dir=in | app=e:\games\warthunder\launcher.exe |
"{BEE8F8CB-330C-4E33-822B-CB504E0DDE94}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C0F1B21D-0DFF-46E6-8B78-BCBE1F9153D1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CA9E9891-090F-405C-9D80-811CCC5759EC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CE5117A8-D18C-4842-BD24-4D00F088CD56}" = protocol=6 | dir=in | app=e:\games\world_of_tanks\wotlauncher.exe |
"{E44B0964-13B1-4D92-ADA1-871E76CDBCB8}" = protocol=6 | dir=in | app=e:\games\world_of_tanks\worldoftanks.exe |
"{FF2EBFED-5C9C-42CB-A41D-A2230F37E0EF}" = protocol=17 | dir=in | app=e:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{03B25D46-53A8-4A73-88D0-048C4C956A04}C:\program files\gigabyte\et6\updexe.exe" = protocol=6 | dir=in | app=c:\program files\gigabyte\et6\updexe.exe |
"TCP Query User{1FC93237-A7C2-4A27-A1BE-DFD63030B8D9}E:\games\world_of_tanks_ct\worldoftanks.exe" = protocol=6 | dir=in | app=e:\games\world_of_tanks_ct\worldoftanks.exe |
"TCP Query User{56EFC90A-E0D2-4D98-8CC9-C9184ACC0B9F}C:\program files\java\jre1.8.0_20\launch4j-tmp\frd.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.8.0_20\launch4j-tmp\frd.exe |
"TCP Query User{598367EE-A278-43BD-8F5F-6A6456178038}E:\games\world_of_tanks_ct\wotlauncher.exe" = protocol=6 | dir=in | app=e:\games\world_of_tanks_ct\wotlauncher.exe |
"TCP Query User{8ED8452F-09A8-435B-9E18-851A2A97E612}C:\program files\portforward\port forward network utilities\pfportchecker.exe" = protocol=6 | dir=in | app=c:\program files\portforward\port forward network utilities\pfportchecker.exe |
"TCP Query User{A2083D1E-3D63-4218-A8FD-62F77ACA81F2}C:\program files\gigabyte\et6\gbtupd.exe" = protocol=6 | dir=in | app=c:\program files\gigabyte\et6\gbtupd.exe |
"TCP Query User{A6244A80-5E11-49EC-A96C-891DB9A436E3}C:\program files\libreoffice 4\program\soffice.bin" = protocol=6 | dir=in | app=c:\program files\libreoffice 4\program\soffice.bin |
"TCP Query User{E373946C-3C21-46CE-9278-E50F54E8EF76}E:\games\warthunder\aces.exe" = protocol=6 | dir=in | app=e:\games\warthunder\aces.exe |
"UDP Query User{0AC6C6F6-A688-44C1-BC1C-91A9467EACA8}C:\program files\java\jre1.8.0_20\launch4j-tmp\frd.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.8.0_20\launch4j-tmp\frd.exe |
"UDP Query User{368AC772-A626-4BC7-902C-6EB2B5361622}C:\program files\gigabyte\et6\updexe.exe" = protocol=17 | dir=in | app=c:\program files\gigabyte\et6\updexe.exe |
"UDP Query User{4676E9C8-17AD-4A9E-9BFB-6B0D4D054BBC}C:\program files\libreoffice 4\program\soffice.bin" = protocol=17 | dir=in | app=c:\program files\libreoffice 4\program\soffice.bin |
"UDP Query User{6BE45149-ADAE-48C9-90F8-AFC26C3B4A94}E:\games\warthunder\aces.exe" = protocol=17 | dir=in | app=e:\games\warthunder\aces.exe |
"UDP Query User{C9E4E6EE-0613-44FA-AD31-A476FEEECBF5}E:\games\world_of_tanks_ct\worldoftanks.exe" = protocol=17 | dir=in | app=e:\games\world_of_tanks_ct\worldoftanks.exe |
"UDP Query User{DDCF5010-E806-4E45-8A4E-2D595B115897}C:\program files\gigabyte\et6\gbtupd.exe" = protocol=17 | dir=in | app=c:\program files\gigabyte\et6\gbtupd.exe |
"UDP Query User{E5BCC0A5-C3D0-4977-9CF6-B34C45BF2533}C:\program files\portforward\port forward network utilities\pfportchecker.exe" = protocol=17 | dir=in | app=c:\program files\portforward\port forward network utilities\pfportchecker.exe |
"UDP Query User{E79EF0C2-0572-4686-8094-D74EE952ACCD}E:\games\world_of_tanks_ct\wotlauncher.exe" = protocol=17 | dir=in | app=e:\games\world_of_tanks_ct\wotlauncher.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series" = Canon MP540 series MP Drivers
"{123F4E9B-80E6-3A84-BDD4-3CB3AC59ABF0}" = Microsoft .NET Framework 4.5.1 (CSY)
"{1C1D0A2C-C8B4-4C2C-9877-884F8FC082B5}" = PingPlotter Standard 3.42.3s
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1" = World of Tanks
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 7.0
"{26A24AE4-039D-4CA4-87B4-2F83218025F0}" = Java 8 Update 25
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B13.1211.1
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.1.1
"{7D983A32-F645-48AB-8E38-4ACD234F40BC}" = LibreOffice 4.3.4.1
"{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX
"{88B1D36C-7B70-4C48-8D2F-AAB956ECF4C3}" = Port Forward Network Utilities
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029" = Microsoft .NET Framework 4.5.1 (čeština)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-AB0000000001}" = Adobe Reader XI (11.0.10) - Czech
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Ovladač 3D Vision 340.52
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 340.52
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Ovladače grafiky 340.52
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.1.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Ovladač řídící jednotky 3D Vision 340.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus Update 15.3.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Systémový software PhysX 9.13.1220
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizace NVIDIA 16.13.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService" = NVIDIA GeForce Experience Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 16.13.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.25
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.394
"Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
"AIDA64 Extreme_is1" = AIDA64 Extreme v4.70
"Avast" = Avast Free Antivirus
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"ESET Online Scanner" = ESET Online Scanner v3
"FileASSASSIN" = FileASSASSIN
"FileHippo.com" = FileHippo App Manager
"FormatFactory" = FormatFactory 3.5.0.0
"Google Chrome" = Google Chrome
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B13.1211.1
"jv16 PowerTools 2014" = jv16 PowerTools 2014
"Malwarebytes Anti-Exploit_is1" = Malwarebytes Anti-Exploit version 1.04.1.1012
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware verze 2.0.4.1028
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 34.0 (x86 cs)" = Mozilla Firefox 34.0 (x86 cs)
"Mozilla Thunderbird 31.3.0 (x86 cs)" = Mozilla Thunderbird 31.3.0 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Overwolf" = Overwolf
"Unchecky" = Unchecky v0.3.4
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR 5.11 (32-bit)
"XArp" = XArp 2.2.2
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2714417846-278132917-2001900100-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11.12.2014 5:23:02 | Computer Name = Lada-PC | Source = ESENT | ID = 455
Description = DllHost (1364) WebCacheLocal: Při otevírání souboru protokolu C:\Users\Vladimir\AppData\Local\Microsoft\Windows\WebCache\V010000A.log
došlo k chybě -1811.
Error - 12.12.2014 4:34:10 | Computer Name = Lada-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro c:\program files\GIGABYTE\ET6\DLLS\install_flash_player_11_active_x_64bit.exe
se nezdařilo. Závislé sestavení Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error - 12.12.2014 8:34:16 | Computer Name = Lada-PC | Source = VSS | ID = 8194
Description =
Error - 12.12.2014 8:34:21 | Computer Name = Lada-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Služba Šifrování selhala při volání OnIdentity() v objektu System
Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary fewaohfi.
System
Error: Systém nemůže nalézt uvedený soubor. .
Error - 12.12.2014 12:22:55 | Computer Name = Lada-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: Journal.exe, verze: 6.1.7601.17514, časové
razítko: 0x4ce79b8a Název chybujícího modulu: msvcrt.dll, verze: 7.0.7601.17744,
časové razítko: 0x4eeaf722 Kód výjimky: 0xc0000005 Posun chyby: 0x00009c7f ID chybujícího
procesu: 0x604 Čas spuštění chybující aplikace: 0x01d01627df4ec368 Cesta k chybující
aplikaci: C:\Program Files\Windows Journal\Journal.exe Cesta k chybujícímu modulu:
C:\Windows\system32\msvcrt.dll ID zprávy: 207cb4a8-821b-11e4-b0b6-001d7d922e91
Error - 12.12.2014 12:23:52 | Computer Name = Lada-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: Journal.exe, verze: 6.1.7601.17514, časové
razítko: 0x4ce79b8a Název chybujícího modulu: msvcrt.dll, verze: 7.0.7601.17744,
časové razítko: 0x4eeaf722 Kód výjimky: 0xc0000005 Posun chyby: 0x00009c7f ID chybujícího
procesu: 0xce0 Čas spuštění chybující aplikace: 0x01d0162804497fc8 Cesta k chybující
aplikaci: C:\Program Files\Windows Journal\Journal.exe Cesta k chybujícímu modulu:
C:\Windows\system32\msvcrt.dll ID zprávy: 425541a8-821b-11e4-b0b6-001d7d922e91
[ System Events ]
Error - 12.12.2014 8:26:47 | Computer Name = Lada-PC | Source = DCOM | ID = 10005
Description =
Error - 12.12.2014 8:26:47 | Computer Name = Lada-PC | Source = Service Control Manager | ID = 7001
Description = Služba Služba seznamu sítí závisí na službě Sledování umístění v síti
(NLA), která neuspěla při spuštění v důsledku následující chyby: %%1068
Error - 12.12.2014 8:27:47 | Computer Name = Lada-PC | Source = DCOM | ID = 10005
Description =
Error - 12.12.2014 8:29:35 | Computer Name = Lada-PC | Source = volmgr | ID = 262190
Description = Inicializace výpisu stavu systému se nezdařila.
Error - 12.12.2014 12:46:39 | Computer Name = Lada-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.
Error - 12.12.2014 12:46:40 | Computer Name = Lada-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.
Error - 12.12.2014 12:46:40 | Computer Name = Lada-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.
Error - 12.12.2014 12:46:41 | Computer Name = Lada-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.
Error - 12.12.2014 12:46:42 | Computer Name = Lada-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.
Error - 12.12.2014 12:57:48 | Computer Name = Lada-PC | Source = volmgr | ID = 262190
Description = Inicializace výpisu stavu systému se nezdařila.
< End of report >
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vladimir\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
3,50 Gb Total Physical Memory | 2,69 Gb Available Physical Memory | 76,78% Memory free
3,50 Gb Paging File | 2,67 Gb Available in Paging File | 76,43% Paging File free
Paging file location(s): [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 38,96 Gb Total Space | 16,76 Gb Free Space | 43,02% Space Free | Partition Type: NTFS
Drive E: | 193,82 Gb Total Space | 122,80 Gb Free Space | 63,36% Space Free | Partition Type: NTFS
Computer Name: LADA-PC | User Name: Vladimir | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2714417846-278132917-2001900100-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D2AC9DC-FB9B-4F88-A0B8-C6CF3E9333F2}" = lport=80 | protocol=6 | dir=in | name=war thunder |
"{1EC18BBE-A283-47B8-8CAE-E8CBCB08D3DF}" = rport=138 | protocol=17 | dir=out | app=system |
"{236B6B63-1312-4CF8-BCAA-94F27B3317C2}" = lport=20010 | protocol=17 | dir=in | name=war thunder |
"{27340168-CA12-4DB4-A46A-1CD17F6B679E}" = rport=137 | protocol=17 | dir=out | app=system |
"{303CFCB6-2635-4CFA-A113-FBB5352B25F6}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{3204E01F-77C7-4474-8FDE-86446ACFD4EE}" = lport=6881 | protocol=6 | dir=in | name=war thunder |
"{3F3D1835-D647-4628-9F52-68B15A5FA9E0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{40B08FD2-5BC1-41FF-AB3A-72B9527EEB05}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{42C7E837-ED1B-4ABE-AAF7-26B17419651B}" = lport=443 | protocol=6 | dir=in | name=war thunder |
"{4B04FEF3-C6F3-48D2-9E95-B22130AEB8C1}" = lport=27022 | protocol=6 | dir=in | name=war thunder |
"{568E7A69-9AA1-4C23-8B99-89110C6CC178}" = lport=20443 | protocol=6 | dir=in | name=war thunder |
"{5BB017AD-F139-4D71-8757-D43615144802}" = lport=33333 | protocol=6 | dir=in | name=war thunder |
"{5C64F9DE-F30E-46B1-9795-46017580DF8F}" = lport=138 | protocol=17 | dir=in | app=system |
"{5D29C8C7-AC5B-4D06-A2B4-5567AF47BD29}" = lport=3478 | protocol=17 | dir=in | name=war thunder |
"{68D0EB0E-2206-4170-AD97-4AF79B79437A}" = rport=445 | protocol=6 | dir=out | app=system |
"{6D947090-6682-4CF3-8D8B-FB54002312BF}" = lport=137 | protocol=17 | dir=in | app=system |
"{7754E6E8-C506-4E2B-84C5-C65BA9C9656E}" = lport=8090 | protocol=6 | dir=in | name=war thunder |
"{7CB3000D-E801-42CD-A0A8-0A56A4063AE7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{809AA24B-EDA4-4BD9-B3CF-9C335929EDB9}" = rport=139 | protocol=6 | dir=out | app=system |
"{8508C7C2-1170-4B12-92CC-0B2A24724E78}" = lport=445 | protocol=6 | dir=in | app=system |
"{927D3F07-E66E-44CA-A9BC-F662B5615323}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{A112D8AA-DD7C-46B0-B612-61CBACCF3A0E}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{A4A26B2F-F9B8-4230-970B-CC22C152EFC9}" = lport=443 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\netservice\nvnetworkservice.exe |
"{A641245B-22AF-4864-AA76-C2AAED0C16EC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B1AEC486-4F93-46EE-8F04-951B5884869D}" = lport=139 | protocol=6 | dir=in | app=system |
"{B2606E0E-AE7A-4463-966D-6DEAB3D0C84B}" = lport=7853 | protocol=6 | dir=in | name=war thunder |
"{B43C73CD-19EA-4563-861A-AE93E74106C9}" = lport=80 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\netservice\nvnetworkservice.exe |
"{B76295A4-4C62-4A89-A09C-D11964C8EA30}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BD51E0DA-426E-44FA-91D0-1AB26DCC8616}" = lport=7850 | protocol=6 | dir=in | name=war thunder |
"{D9079E67-4DF0-4CA7-A45A-24F0EBD32145}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"{E2FC53FE-BDAF-49DB-9988-1B2AED59DCDC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ED4BD363-0B15-4BF5-BA0D-96D5EBE59073}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{ED85DC7F-0294-47BB-B370-441A753AA34E}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{FEB81F0B-06EE-4899-BDCF-3CF8C8F8B755}" = lport=7852 | protocol=6 | dir=in | name=war thunder |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1A9CABBB-4B90-4E76-A124-D52930A04942}" = protocol=17 | dir=in | app=e:\games\world_of_tanks\wotlauncher.exe |
"{2814CF96-A124-4971-BFFC-618A0BC1B077}" = protocol=17 | dir=in | app=e:\games\warthunder\launcher.exe |
"{59CCC8C2-A2BD-4B23-9E89-D66084F09972}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5FF3084C-0A4D-494A-A1AB-08A6FFE0B42A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{74E2E5E9-2CE1-4F8E-AC2D-900AAD7A6136}" = protocol=6 | dir=in | app=c:\users\vladimir\appdata\roaming\dropbox\bin\dropbox.exe |
"{ABD47242-3A36-4D87-86DB-E9D668D94CB4}" = protocol=17 | dir=in | app=c:\users\vladimir\appdata\roaming\dropbox\bin\dropbox.exe |
"{B2D8E94A-F5E5-41E5-948D-820E7870307E}" = protocol=6 | dir=in | app=e:\games\warthunder\launcher.exe |
"{BEE8F8CB-330C-4E33-822B-CB504E0DDE94}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C0F1B21D-0DFF-46E6-8B78-BCBE1F9153D1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CA9E9891-090F-405C-9D80-811CCC5759EC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CE5117A8-D18C-4842-BD24-4D00F088CD56}" = protocol=6 | dir=in | app=e:\games\world_of_tanks\wotlauncher.exe |
"{E44B0964-13B1-4D92-ADA1-871E76CDBCB8}" = protocol=6 | dir=in | app=e:\games\world_of_tanks\worldoftanks.exe |
"{FF2EBFED-5C9C-42CB-A41D-A2230F37E0EF}" = protocol=17 | dir=in | app=e:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{03B25D46-53A8-4A73-88D0-048C4C956A04}C:\program files\gigabyte\et6\updexe.exe" = protocol=6 | dir=in | app=c:\program files\gigabyte\et6\updexe.exe |
"TCP Query User{1FC93237-A7C2-4A27-A1BE-DFD63030B8D9}E:\games\world_of_tanks_ct\worldoftanks.exe" = protocol=6 | dir=in | app=e:\games\world_of_tanks_ct\worldoftanks.exe |
"TCP Query User{56EFC90A-E0D2-4D98-8CC9-C9184ACC0B9F}C:\program files\java\jre1.8.0_20\launch4j-tmp\frd.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.8.0_20\launch4j-tmp\frd.exe |
"TCP Query User{598367EE-A278-43BD-8F5F-6A6456178038}E:\games\world_of_tanks_ct\wotlauncher.exe" = protocol=6 | dir=in | app=e:\games\world_of_tanks_ct\wotlauncher.exe |
"TCP Query User{8ED8452F-09A8-435B-9E18-851A2A97E612}C:\program files\portforward\port forward network utilities\pfportchecker.exe" = protocol=6 | dir=in | app=c:\program files\portforward\port forward network utilities\pfportchecker.exe |
"TCP Query User{A2083D1E-3D63-4218-A8FD-62F77ACA81F2}C:\program files\gigabyte\et6\gbtupd.exe" = protocol=6 | dir=in | app=c:\program files\gigabyte\et6\gbtupd.exe |
"TCP Query User{A6244A80-5E11-49EC-A96C-891DB9A436E3}C:\program files\libreoffice 4\program\soffice.bin" = protocol=6 | dir=in | app=c:\program files\libreoffice 4\program\soffice.bin |
"TCP Query User{E373946C-3C21-46CE-9278-E50F54E8EF76}E:\games\warthunder\aces.exe" = protocol=6 | dir=in | app=e:\games\warthunder\aces.exe |
"UDP Query User{0AC6C6F6-A688-44C1-BC1C-91A9467EACA8}C:\program files\java\jre1.8.0_20\launch4j-tmp\frd.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.8.0_20\launch4j-tmp\frd.exe |
"UDP Query User{368AC772-A626-4BC7-902C-6EB2B5361622}C:\program files\gigabyte\et6\updexe.exe" = protocol=17 | dir=in | app=c:\program files\gigabyte\et6\updexe.exe |
"UDP Query User{4676E9C8-17AD-4A9E-9BFB-6B0D4D054BBC}C:\program files\libreoffice 4\program\soffice.bin" = protocol=17 | dir=in | app=c:\program files\libreoffice 4\program\soffice.bin |
"UDP Query User{6BE45149-ADAE-48C9-90F8-AFC26C3B4A94}E:\games\warthunder\aces.exe" = protocol=17 | dir=in | app=e:\games\warthunder\aces.exe |
"UDP Query User{C9E4E6EE-0613-44FA-AD31-A476FEEECBF5}E:\games\world_of_tanks_ct\worldoftanks.exe" = protocol=17 | dir=in | app=e:\games\world_of_tanks_ct\worldoftanks.exe |
"UDP Query User{DDCF5010-E806-4E45-8A4E-2D595B115897}C:\program files\gigabyte\et6\gbtupd.exe" = protocol=17 | dir=in | app=c:\program files\gigabyte\et6\gbtupd.exe |
"UDP Query User{E5BCC0A5-C3D0-4977-9CF6-B34C45BF2533}C:\program files\portforward\port forward network utilities\pfportchecker.exe" = protocol=17 | dir=in | app=c:\program files\portforward\port forward network utilities\pfportchecker.exe |
"UDP Query User{E79EF0C2-0572-4686-8094-D74EE952ACCD}E:\games\world_of_tanks_ct\wotlauncher.exe" = protocol=17 | dir=in | app=e:\games\world_of_tanks_ct\wotlauncher.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series" = Canon MP540 series MP Drivers
"{123F4E9B-80E6-3A84-BDD4-3CB3AC59ABF0}" = Microsoft .NET Framework 4.5.1 (CSY)
"{1C1D0A2C-C8B4-4C2C-9877-884F8FC082B5}" = PingPlotter Standard 3.42.3s
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1" = World of Tanks
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 7.0
"{26A24AE4-039D-4CA4-87B4-2F83218025F0}" = Java 8 Update 25
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B13.1211.1
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.1.1
"{7D983A32-F645-48AB-8E38-4ACD234F40BC}" = LibreOffice 4.3.4.1
"{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX
"{88B1D36C-7B70-4C48-8D2F-AAB956ECF4C3}" = Port Forward Network Utilities
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029" = Microsoft .NET Framework 4.5.1 (čeština)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-AB0000000001}" = Adobe Reader XI (11.0.10) - Czech
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Ovladač 3D Vision 340.52
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 340.52
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Ovladače grafiky 340.52
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.1.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Ovladač řídící jednotky 3D Vision 340.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus Update 15.3.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Systémový software PhysX 9.13.1220
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizace NVIDIA 16.13.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService" = NVIDIA GeForce Experience Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 16.13.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.25
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.394
"Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
"AIDA64 Extreme_is1" = AIDA64 Extreme v4.70
"Avast" = Avast Free Antivirus
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"ESET Online Scanner" = ESET Online Scanner v3
"FileASSASSIN" = FileASSASSIN
"FileHippo.com" = FileHippo App Manager
"FormatFactory" = FormatFactory 3.5.0.0
"Google Chrome" = Google Chrome
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B13.1211.1
"jv16 PowerTools 2014" = jv16 PowerTools 2014
"Malwarebytes Anti-Exploit_is1" = Malwarebytes Anti-Exploit version 1.04.1.1012
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware verze 2.0.4.1028
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 34.0 (x86 cs)" = Mozilla Firefox 34.0 (x86 cs)
"Mozilla Thunderbird 31.3.0 (x86 cs)" = Mozilla Thunderbird 31.3.0 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Overwolf" = Overwolf
"Unchecky" = Unchecky v0.3.4
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR 5.11 (32-bit)
"XArp" = XArp 2.2.2
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2714417846-278132917-2001900100-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11.12.2014 5:23:02 | Computer Name = Lada-PC | Source = ESENT | ID = 455
Description = DllHost (1364) WebCacheLocal: Při otevírání souboru protokolu C:\Users\Vladimir\AppData\Local\Microsoft\Windows\WebCache\V010000A.log
došlo k chybě -1811.
Error - 12.12.2014 4:34:10 | Computer Name = Lada-PC | Source = SideBySide | ID = 16842785
Description = Generování kontextu aktivace pro c:\program files\GIGABYTE\ET6\DLLS\install_flash_player_11_active_x_64bit.exe
se nezdařilo. Závislé sestavení Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
nelze najít. Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error - 12.12.2014 8:34:16 | Computer Name = Lada-PC | Source = VSS | ID = 8194
Description =
Error - 12.12.2014 8:34:21 | Computer Name = Lada-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Služba Šifrování selhala při volání OnIdentity() v objektu System
Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary fewaohfi.
System
Error: Systém nemůže nalézt uvedený soubor. .
Error - 12.12.2014 12:22:55 | Computer Name = Lada-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: Journal.exe, verze: 6.1.7601.17514, časové
razítko: 0x4ce79b8a Název chybujícího modulu: msvcrt.dll, verze: 7.0.7601.17744,
časové razítko: 0x4eeaf722 Kód výjimky: 0xc0000005 Posun chyby: 0x00009c7f ID chybujícího
procesu: 0x604 Čas spuštění chybující aplikace: 0x01d01627df4ec368 Cesta k chybující
aplikaci: C:\Program Files\Windows Journal\Journal.exe Cesta k chybujícímu modulu:
C:\Windows\system32\msvcrt.dll ID zprávy: 207cb4a8-821b-11e4-b0b6-001d7d922e91
Error - 12.12.2014 12:23:52 | Computer Name = Lada-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: Journal.exe, verze: 6.1.7601.17514, časové
razítko: 0x4ce79b8a Název chybujícího modulu: msvcrt.dll, verze: 7.0.7601.17744,
časové razítko: 0x4eeaf722 Kód výjimky: 0xc0000005 Posun chyby: 0x00009c7f ID chybujícího
procesu: 0xce0 Čas spuštění chybující aplikace: 0x01d0162804497fc8 Cesta k chybující
aplikaci: C:\Program Files\Windows Journal\Journal.exe Cesta k chybujícímu modulu:
C:\Windows\system32\msvcrt.dll ID zprávy: 425541a8-821b-11e4-b0b6-001d7d922e91
[ System Events ]
Error - 12.12.2014 8:26:47 | Computer Name = Lada-PC | Source = DCOM | ID = 10005
Description =
Error - 12.12.2014 8:26:47 | Computer Name = Lada-PC | Source = Service Control Manager | ID = 7001
Description = Služba Služba seznamu sítí závisí na službě Sledování umístění v síti
(NLA), která neuspěla při spuštění v důsledku následující chyby: %%1068
Error - 12.12.2014 8:27:47 | Computer Name = Lada-PC | Source = DCOM | ID = 10005
Description =
Error - 12.12.2014 8:29:35 | Computer Name = Lada-PC | Source = volmgr | ID = 262190
Description = Inicializace výpisu stavu systému se nezdařila.
Error - 12.12.2014 12:46:39 | Computer Name = Lada-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.
Error - 12.12.2014 12:46:40 | Computer Name = Lada-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.
Error - 12.12.2014 12:46:40 | Computer Name = Lada-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.
Error - 12.12.2014 12:46:41 | Computer Name = Lada-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.
Error - 12.12.2014 12:46:42 | Computer Name = Lada-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.
Error - 12.12.2014 12:57:48 | Computer Name = Lada-PC | Source = volmgr | ID = 262190
Description = Inicializace výpisu stavu systému se nezdařila.
< End of report >
-
Rudy
- Site Admin
- Příspěvky: 119556
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pls.o kontr. logu
Znovu spustte OTL jako spravce
Do spodniho okna vlozte nasledujici text:
Po restartu se objevi novy log, ten sem dejte.
Do spodniho okna vlozte nasledujici text:
Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.:OTL
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2714417846-278132917-2001900100-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
:files
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
:commands
[EMPTYTEMP]
[EMPTYFLASH]
[Purity]
[CreateRestorePoint]
[Resethosts]
Po restartu se objevi novy log, ten sem dejte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pls.o kontr. logu
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2714417846-278132917-2001900100-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
========== FILES ==========
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Vladimir
->Temp folder emptied: 2405363 bytes
->Temporary Internet Files folder emptied: 7897379 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 43851929 bytes
->Google Chrome cache emptied: 6424274 bytes
->Flash cache emptied: 656 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 42 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 58,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Public
User: Vladimir
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
Restore point Set: OTL Restore Point
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 12122014_213156
Files\Folders moved on Reboot...
File move failed. C:\Users\Vladimir\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\4efb409cba728e5c8b8fb59296463130_fce8394c8fd8a83d_6229ccd76215aea1_0_0.bin scheduled to be moved on reboot.
File move failed. C:\Users\Vladimir\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\4efb409cba728e5c8b8fb59296463130_fce8394c8fd8a83d_6229ccd76215aea1_0_0.toc scheduled to be moved on reboot.
C:\Users\Vladimir\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2714417846-278132917-2001900100-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
========== FILES ==========
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Vladimir
->Temp folder emptied: 2405363 bytes
->Temporary Internet Files folder emptied: 7897379 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 43851929 bytes
->Google Chrome cache emptied: 6424274 bytes
->Flash cache emptied: 656 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 42 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 58,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Public
User: Vladimir
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
Restore point Set: OTL Restore Point
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 12122014_213156
Files\Folders moved on Reboot...
File move failed. C:\Users\Vladimir\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\4efb409cba728e5c8b8fb59296463130_fce8394c8fd8a83d_6229ccd76215aea1_0_0.bin scheduled to be moved on reboot.
File move failed. C:\Users\Vladimir\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\4efb409cba728e5c8b8fb59296463130_fce8394c8fd8a83d_6229ccd76215aea1_0_0.toc scheduled to be moved on reboot.
C:\Users\Vladimir\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
-
Rudy
- Site Admin
- Příspěvky: 119556
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pls.o kontr. logu
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pls.o kontr. logu
ano vse se zda byt vporadku
dekuji Vam moc
dekuji Vam moc
-
Rudy
- Site Admin
- Příspěvky: 119556
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pls.o kontr. logu
Rádo se stalo! 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?
