opětovné extrémní zpomalení ntb

Zpráva

vava8 · #1 Příspěvek od **vava8** » 25 pro 2014 22:14

Dobrý večer, cca před 14-ti dny jsem u vás vyhledal pomoc a s kolegou jsme čistili ntb, kterej se bohužel během několika málo dní extrémně zpomalil.
Zkusíte mi s tím ještě pomoct? Děkuji

Ran by vasudeva (administrator) on VND on 25-12-2014 21:40:40
Running from C:\Users\vasudeva\Desktop
Loaded Profile: vasudeva (Available profiles: vasudeva)
Platform: Microsoft Windows 8 Pro (X86) OS Language: Angličtina (Spojené státy)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Microsoft Corporation) C:\Windows\sppsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(BitTorrent Inc.) C:\Users\vasudeva\AppData\Roaming\uTorrent\uTorrent.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-13] (AVAST Software)
HKU\S-1-5-21-3683556855-2863975626-802348343-1001\...\Run: [uTorrent] => C:\Users\vasudeva\AppData\Roaming\uTorrent\uTorrent.exe [1389648 2014-12-02] (BitTorrent Inc.)
HKU\S-1-5-21-3683556855-2863975626-802348343-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3683556855-2863975626-802348343-1001\...\RunOnce: [Adobe Speed Launcher] => 1419530361
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKU\S-1-5-21-3683556855-2863975626-802348343-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\vasudeva\AppData\Roaming\Mozilla\Firefox\Profiles\5c9pjj07.default
FF NewTab: hxxp://www.google.com/
FF DefaultSearchEngine: Mapy.cz
FF DefaultSearchUrl: hxxp://www.google.com/search?btnG=Google+Search&q=
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-13]
FF Extension: No Name - wrc@avast.com [Not Found]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-12-13]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-13]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-13] (AVAST Software)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [1680088 2013-10-28] (Broadcom Corporation.)
R2 SLSvc; C:\Windows\sppsvc.exe [10240 2012-08-25] (Microsoft Corporation) [File not signed]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13864 2012-07-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-12-13] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-12-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-12-13] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-12-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-12-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-12-13] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-12-13] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-12-13] ()
R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [24576 2012-07-26] (Microsoft Corporation)
S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [175320 2013-10-28] (Broadcom Corporation.)
S3 btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [144600 2013-10-28] (Broadcom Corporation.)
R3 netwlv32; C:\Windows\system32\DRIVERS\netwlv32.sys [6637056 2012-06-02] (Intel Corporation)
S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-25 21:40 - 2014-12-25 21:42 - 00006410 _____ () C:\Users\vasudeva\Desktop\FRST.txt
2014-12-25 21:36 - 2014-12-25 21:37 - 00112640 _____ (forum.viry.cz) C:\Users\vasudeva\Desktop\FRSTLauncher.exe
2014-12-25 21:33 - 2014-12-25 21:33 - 01114112 _____ (Farbar) C:\Users\vasudeva\Desktop\FRST.exe
2014-12-21 10:52 - 2014-12-21 13:52 - 00000000 ____D () C:\Users\vasudeva\Downloads\Nymphomaniac Vol. II (2013) [1080p]
2014-12-18 15:03 - 2014-12-18 15:03 - 00000562 _____ () C:\Users\vasudeva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Počítač – zástupce.lnk
2014-12-16 19:00 - 2014-12-16 19:00 - 01098789 _____ () C:\Users\vasudeva\Desktop\dokumenty jpg.rar
2014-12-16 14:43 - 2014-12-18 15:00 - 00000000 ____D () C:\Users\vasudeva\Desktop\dokumenty jpg
2014-12-15 17:25 - 2014-12-15 17:25 - 00000570 _____ () C:\Windows\PFRO.log
2014-12-15 06:10 - 2014-12-15 06:10 - 00000017 _____ () C:\Users\vasudeva\AppData\Local\resmon.resmoncfg
2014-12-14 18:15 - 2014-12-14 18:24 - 00000000 ____D () C:\Users\vasudeva\Desktop\fotos
2014-12-14 04:30 - 2014-12-15 06:20 - 00042072 _____ () C:\Windows\WindowsUpdate.log
2014-12-13 21:24 - 2014-12-13 21:24 - 00001795 _____ () C:\Users\Public\Desktop\Recuva.lnk
2014-12-13 21:24 - 2014-12-13 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2014-12-13 21:24 - 2014-12-13 21:24 - 00000000 ____D () C:\Program Files\Recuva
2014-12-13 21:23 - 2014-12-13 21:23 - 04210920 _____ (Piriform Ltd) C:\Users\vasudeva\Downloads\rcsetup151.exe
2014-12-13 21:10 - 2014-12-13 21:10 - 00000000 ____D () C:\Users\vasudeva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar
2014-12-13 21:10 - 2014-12-13 21:10 - 00000000 ____D () C:\Program Files\Convar
2014-12-13 21:09 - 2014-12-13 21:09 - 03462033 _____ () C:\Users\vasudeva\Downloads\pci_filerecovery.exe
2014-12-13 20:55 - 2014-12-13 20:55 - 00031959 _____ () C:\Users\vasudeva\Downloads\Godzilla(0000240692).zip
2014-12-13 18:57 - 2014-12-13 18:57 - 00000000 ____D () C:\Users\vasudeva\AppData\Roaming\AVAST Software
2014-12-13 18:54 - 2014-12-13 18:54 - 00002117 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-13 18:54 - 2014-12-13 18:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-13 18:53 - 2014-12-13 18:53 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-13 18:53 - 2014-12-13 18:53 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-12-13 18:53 - 2014-12-13 18:52 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-13 18:53 - 2014-12-13 18:52 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-13 18:53 - 2014-12-13 18:52 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-12-13 18:53 - 2014-12-13 18:52 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-12-13 18:53 - 2014-12-13 18:52 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-12-13 18:53 - 2014-12-13 18:52 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-13 18:53 - 2014-12-13 18:52 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-13 18:52 - 2014-12-13 18:52 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-13 18:44 - 2014-12-13 18:44 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-13 18:38 - 2014-12-13 18:44 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-13 18:37 - 2014-12-13 18:37 - 05006864 _____ (AVAST Software) C:\Users\vasudeva\Downloads\avast_free_antivirus_setup_online.exe
2014-12-13 17:58 - 2014-12-13 17:59 - 02347384 _____ (ESET) C:\Users\vasudeva\Downloads\esetsmartinstaller_csy(2).exe
2014-12-13 17:56 - 2014-12-13 17:56 - 00112107 _____ (forum.viry.cz) C:\Users\vasudeva\Downloads\VerzeOS.exe
2014-12-13 16:07 - 2014-12-13 16:08 - 02347384 _____ (ESET) C:\Users\vasudeva\Downloads\esetsmartinstaller_csy(1).exe
2014-12-13 10:16 - 2014-12-25 21:40 - 00000000 ____D () C:\FRST
2014-12-13 10:05 - 2014-12-13 10:05 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-12-13 09:25 - 2014-12-13 11:53 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-12-13 09:25 - 2014-12-13 09:25 - 00000117 _____ () C:\Windows\system32\netcfg-83132.txt
2014-12-13 09:25 - 2014-12-13 09:25 - 00000117 _____ () C:\Windows\system32\netcfg-81791.txt
2014-12-13 09:25 - 2014-12-13 09:25 - 00000117 _____ () C:\Windows\system32\netcfg-81697.txt
2014-12-13 09:25 - 2014-12-13 09:25 - 00000117 _____ () C:\Windows\system32\netcfg-81463.txt
2014-12-12 23:44 - 2014-12-12 23:44 - 00000117 _____ () C:\Windows\system32\netcfg-189490124.txt
2014-12-12 21:49 - 2014-12-12 21:49 - 00000117 _____ () C:\Windows\system32\netcfg-182562993.txt
2014-12-12 21:49 - 2014-12-12 21:49 - 00000117 _____ () C:\Windows\system32\netcfg-182561730.txt
2014-12-12 20:33 - 2014-12-13 20:59 - 00000000 ____D () C:\Users\vasudeva\Downloads\Godzilla (2014) [1080p]
2014-12-12 10:00 - 2014-12-12 10:04 - 54401068 _____ () C:\Users\vasudeva\Downloads\100907-221914.WAV
2014-12-12 09:38 - 2014-12-12 09:38 - 00000117 _____ () C:\Windows\system32\netcfg-138730285.txt
2014-12-12 09:38 - 2014-12-12 09:38 - 00000117 _____ () C:\Windows\system32\netcfg-138729380.txt
2014-12-11 08:10 - 2014-12-11 08:10 - 00000117 _____ () C:\Windows\system32\netcfg-47031774.txt
2014-12-11 08:10 - 2014-12-11 08:10 - 00000117 _____ () C:\Windows\system32\netcfg-47029902.txt
2014-12-10 19:08 - 2014-12-10 19:08 - 00000117 _____ () C:\Windows\system32\netcfg-101681.txt
2014-12-10 19:07 - 2014-12-10 19:07 - 00000117 _____ () C:\Windows\system32\netcfg-40560.txt
2014-12-10 19:04 - 2014-12-10 19:04 - 00000117 _____ () C:\Windows\system32\netcfg-80683841.txt
2014-12-10 19:04 - 2014-12-10 19:04 - 00000117 _____ () C:\Windows\system32\netcfg-80682781.txt
2014-12-09 23:07 - 2014-12-09 23:07 - 00000000 ____D () C:\Users\vasudeva\Documents\Adobe Scripts
2014-12-09 20:40 - 2014-12-09 20:40 - 00000117 _____ () C:\Windows\system32\netcfg-65941.txt
2014-12-09 20:40 - 2014-12-09 20:40 - 00000117 _____ () C:\Windows\system32\netcfg-45692.txt
2014-12-09 17:47 - 2014-12-09 17:47 - 00000117 _____ () C:\Windows\system32\netcfg-462207936.txt
2014-12-09 17:47 - 2014-12-09 17:47 - 00000117 _____ () C:\Windows\system32\netcfg-462207843.txt
2014-12-09 08:39 - 2014-12-09 08:39 - 00000117 _____ () C:\Windows\system32\netcfg-429347199.txt
2014-12-09 08:39 - 2014-12-09 08:39 - 00000117 _____ () C:\Windows\system32\netcfg-429347090.txt
2014-12-08 09:26 - 2014-12-08 09:26 - 00000117 _____ () C:\Windows\system32\netcfg-345767792.txt
2014-12-08 09:26 - 2014-12-08 09:26 - 00000117 _____ () C:\Windows\system32\netcfg-345766076.txt
2014-12-07 20:11 - 2014-12-07 20:11 - 03747323 _____ () C:\Users\vasudeva\Downloads\RQMONEY_v23.ZIP
2014-12-07 20:11 - 2014-12-07 20:11 - 00000000 ____D () C:\Users\vasudeva\Downloads\RQMONEY_v23
2014-12-07 18:15 - 2014-12-07 18:15 - 00000117 _____ () C:\Windows\system32\netcfg-291070175.txt
2014-12-07 18:15 - 2014-12-07 18:15 - 00000117 _____ () C:\Windows\system32\netcfg-291067507.txt
2014-12-07 14:46 - 2014-12-07 14:46 - 00000117 _____ () C:\Windows\system32\netcfg-278541719.txt
2014-12-07 14:46 - 2014-12-07 14:46 - 00000117 _____ () C:\Windows\system32\netcfg-278541610.txt
2014-12-07 09:23 - 2014-12-07 09:23 - 00000117 _____ () C:\Windows\system32\netcfg-259161871.txt
2014-12-07 09:23 - 2014-12-07 09:23 - 00000117 _____ () C:\Windows\system32\netcfg-259161543.txt
2014-12-06 09:45 - 2014-12-06 09:45 - 00000117 _____ () C:\Windows\system32\netcfg-174086835.txt
2014-12-06 09:45 - 2014-12-06 09:45 - 00000117 _____ () C:\Windows\system32\netcfg-174086741.txt
2014-12-05 09:07 - 2014-12-05 09:07 - 00000117 _____ () C:\Windows\system32\netcfg-85404806.txt
2014-12-05 09:07 - 2014-12-05 09:07 - 00000117 _____ () C:\Windows\system32\netcfg-85404681.txt
2014-12-04 20:14 - 2014-12-04 20:14 - 00000117 _____ () C:\Windows\system32\netcfg-39045225.txt
2014-12-04 20:14 - 2014-12-04 20:14 - 00000117 _____ () C:\Windows\system32\netcfg-39045006.txt
2014-12-04 09:24 - 2014-12-04 09:24 - 00000117 _____ () C:\Windows\system32\netcfg-60684.txt
2014-12-04 09:24 - 2014-12-04 09:24 - 00000117 _____ () C:\Windows\system32\netcfg-38579.txt
2014-12-04 09:21 - 2014-12-04 09:21 - 00000117 _____ () C:\Windows\system32\netcfg-85799317.txt
2014-12-04 09:21 - 2014-12-04 09:21 - 00000117 _____ () C:\Windows\system32\netcfg-85799036.txt
2014-12-03 19:46 - 2014-12-03 19:46 - 00000117 _____ () C:\Windows\system32\netcfg-36881444.txt
2014-12-03 19:46 - 2014-12-03 19:46 - 00000117 _____ () C:\Windows\system32\netcfg-36880461.txt
2014-12-03 09:36 - 2014-12-03 09:36 - 00000117 _____ () C:\Windows\system32\netcfg-289007.txt
2014-12-03 09:32 - 2014-12-03 09:32 - 00000117 _____ () C:\Windows\system32\netcfg-38017.txt
2014-12-03 08:52 - 2014-12-03 08:52 - 00000117 _____ () C:\Windows\system32\netcfg-83833283.txt
2014-12-03 08:52 - 2014-12-03 08:52 - 00000117 _____ () C:\Windows\system32\netcfg-83833190.txt
2014-12-02 09:47 - 2014-12-02 09:47 - 00000816 _____ () C:\Users\vasudeva\Desktop\µTorrent.lnk
2014-12-02 09:47 - 2014-12-02 09:47 - 00000796 _____ () C:\Users\vasudeva\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-12-02 09:47 - 2014-12-02 09:47 - 00000117 _____ () C:\Windows\system32\netcfg-710085.txt
2014-12-02 09:36 - 2014-12-02 09:36 - 00000117 _____ () C:\Windows\system32\netcfg-38454.txt
2014-11-27 20:21 - 2014-11-27 20:21 - 00000117 _____ () C:\Windows\system32\netcfg-23605837.txt
2014-11-27 20:21 - 2014-11-27 20:21 - 00000117 _____ () C:\Windows\system32\netcfg-23603715.txt
2014-11-27 20:14 - 2014-11-27 20:14 - 00000117 _____ () C:\Windows\system32\netcfg-23186506.txt
2014-11-27 20:12 - 2014-11-27 20:12 - 00000117 _____ () C:\Windows\system32\netcfg-23036714.txt
2014-11-27 19:47 - 2014-11-27 19:47 - 00000117 _____ () C:\Windows\system32\netcfg-21528855.txt
2014-11-27 19:47 - 2014-11-27 19:47 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-11-27 19:14 - 2014-11-27 19:14 - 00000117 _____ () C:\Windows\system32\netcfg-19559498.txt
2014-11-27 18:28 - 2014-11-27 18:28 - 00000000 ____D () C:\Users\vasudeva\Downloads\GPS-Navigace-Sygic-Aura-V11.2.6-Android-CZ-plná-verze
2014-11-27 18:27 - 2014-12-02 09:48 - 06137356 _____ () C:\Users\vasudeva\Downloads\GPS-Navigace-Sygic-Aura-V11.2.6-Android-CZ-plná-verze.rar
2014-11-27 17:25 - 2014-11-27 17:25 - 00000117 _____ () C:\Windows\system32\netcfg-13026348.txt
2014-11-27 17:00 - 2014-11-27 17:00 - 00000000 ____D () C:\Users\vasudeva\Downloads\Aura_Sygic+Mapy_14.3.2_R-118658_CZSK_Android_27.6.2014
2014-11-27 16:46 - 2014-11-27 16:46 - 00000117 _____ () C:\Windows\system32\netcfg-10678642.txt
2014-11-27 16:46 - 2014-11-27 16:46 - 00000117 _____ () C:\Windows\system32\netcfg-10672168.txt
2014-11-27 16:45 - 2014-11-27 16:45 - 00000117 _____ () C:\Windows\system32\netcfg-10666084.txt
2014-11-27 16:13 - 2014-11-27 16:20 - 230328071 _____ () C:\Users\vasudeva\Downloads\Aura_Sygic+Mapy_14.3.2_R-118658_CZSK_Android_27.6.2014.rar
2014-11-27 15:44 - 2014-11-27 15:44 - 00000117 _____ () C:\Windows\system32\netcfg-6953229.txt
2014-11-27 15:31 - 2014-11-27 15:31 - 00000117 _____ () C:\Windows\system32\netcfg-6190821.txt
2014-11-27 15:05 - 2014-11-27 15:05 - 00000156 _____ () C:\Windows\system32\netcfg-4605648.txt
2014-11-27 14:00 - 2014-11-27 14:00 - 00000117 _____ () C:\Windows\system32\netcfg-740427.txt
2014-11-27 13:49 - 2014-11-27 13:49 - 00000117 _____ () C:\Windows\system32\netcfg-50637.txt
2014-11-25 11:26 - 2014-11-25 11:26 - 00000117 _____ () C:\Windows\system32\netcfg-511622360.txt
2014-11-25 11:26 - 2014-11-25 11:26 - 00000117 _____ () C:\Windows\system32\netcfg-511620613.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-25 21:50 - 2014-10-16 08:20 - 00000000 ____D () C:\Users\vasudeva\AppData\Roaming\uTorrent
2014-12-25 21:23 - 2014-01-03 20:04 - 00000000 ____D () C:\Users\vasudeva\AppData\Roaming\vlc
2014-12-25 21:22 - 2012-07-26 07:53 - 00000000 ____D () C:\Windows\system32\sru
2014-12-25 19:47 - 2012-07-26 07:53 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-12-20 12:04 - 2012-07-26 07:04 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-19 21:53 - 2014-01-03 04:52 - 01626896 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-17 17:30 - 2014-01-03 04:50 - 00000000 ____D () C:\Users\vasudeva
2014-12-13 11:35 - 2014-01-03 05:15 - 00000000 ____D () C:\Users\vasudeva\AppData\Local\Google
2014-12-13 11:31 - 2012-07-26 05:17 - 00000194 _____ () C:\Windows\win.ini
2014-12-13 11:30 - 2012-07-26 07:53 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2014-12-13 11:00 - 2014-01-05 06:12 - 00001019 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-13 11:00 - 2014-01-03 04:51 - 00001128 _____ () C:\Users\vasudeva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-13 09:31 - 2012-07-26 07:53 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-12-13 09:23 - 2014-01-05 06:12 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-12 21:04 - 2014-01-03 05:15 - 00000000 ____D () C:\Program Files\Google
2014-12-12 13:24 - 2014-10-22 20:41 - 00000000 ____D () C:\Users\vasudeva\Desktop\plakát
2014-12-12 09:51 - 2014-01-03 17:41 - 00000000 ____D () C:\Users\vasudeva\AppData\Local\Adobe
2014-12-11 09:47 - 2014-01-05 06:12 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-09 21:00 - 2014-01-03 17:42 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-08 09:36 - 2014-01-03 04:51 - 00000000 ____D () C:\Users\vasudeva\AppData\Roaming\Adobe
2014-12-08 09:36 - 2012-07-26 05:43 - 00000000 ___RD () C:\Users\Public
2014-11-27 15:04 - 2012-07-26 07:53 - 00000000 ____D () C:\Windows\system32\NDF

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-25 19:47

==================== End Of Log ============================

#2 Příspěvek od **Márty84** » 25 pro 2014 22:20

Zdravim

Stahnete crystal disk info http://sourceforge.jp/projects/crystald ... 5_0_0.zip/
Spustte jako spravce. Za chvili se zobrazi vysledek.
Kliknete nahore na napis Úpravy a pak na napis Kopírovat. To co se zkopiruje (ulozi se to do pameti) mi sem vlozte (ctrl + V)

Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.

vava8 · #3 Příspěvek od **vava8** » 26 pro 2014 13:40

tak tay log z ADW

# AdwCleaner v4.106 - Report created 26/12/2014 at 13:15:59
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Live]
# Operating System : Windows 8 Pro (32 bits)
# Username : vasudeva - VND
# Running from : C:\Users\vasudeva\Desktop\adwcleaner_4.106.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16384

-\\ Mozilla Firefox v34.0.5 (x86 cs)

*************************

AdwCleaner[R1].txt - [1225 octets] - [26/12/2014 10:07:12]
AdwCleaner[S1].txt - [1158 octets] - [26/12/2014 13:15:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1218 octets] ##########

toto crystal po spuštění ntb

----------------------------------------------------------------------------
CrystalDiskInfo 5.0.0 (C) 2008-2012 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 8 Professional [6.2 Build 9200] (x86)
Date : 2014/12/26 9:57:47

-- Controller Map ----------------------------------------------------------
+ Řadiče úložiště Intel(R) ICH8M v režimu Ultra ATA - 2850 [ATA]
+ ATA Channel 0 (0)
- WDC WD3200BEVT-22ZCT0 ATA Device
- TSSTcorp CDDVDW TS-L632H ATA Device
- ATA Channel 1 (1)
+ Řadič úložiště Intel(R) ICH8M s rozhraním Serial ATA 3portový - 2828 [ATA]
- ATA Channel 0 (0)
- ATA Channel 1 (1)
- Řadič prostorů úložišť [SCSI]

-- Disk List ---------------------------------------------------------------
(1) WDC WD3200BEVT-22ZCT0 : 320,0 GB [0/2/0, pd1]

----------------------------------------------------------------------------
(1) WDC WD3200BEVT-22ZCT0
----------------------------------------------------------------------------
Model : WDC WD3200BEVT-22ZCT0
Firmware : 11.01A11
Serial Number : WD-WXE708E49155
Disk Size : 320,0 GB (8,4/137,4/320,0)
Buffer Size : 8192 KB
Queue Depth : 32
# of Sectors : 625142448
Rotation Rate : 5400 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ----
Transfer Mode : SATA/300
Power On Hours : 14281 hod.
Power On Count : 7410 krát
Temparature : 37 C (98 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, AAM, 48bit LBA, NCQ
APM Level : 0080h [ON]
AAM Level : 80FEh [OFF]

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 200 200 _51 000000000000 Počet chyb čtení
03 187 185 _21 000000000650 Čas na roztočení ploten
04 _92 _92 __0 000000001F6E Počet spuštění/zastavení
05 200 200 140 000000000000 Počet přemapovaných sektorů
07 200 200 __0 000000000000 Počet chybných hledání
09 _81 _81 __0 0000000037C9 Hodin v činnosti
0A 100 100 _51 000000000000 Počet opakovaných pokusů o roztočení ploten
0B 100 100 __0 000000000000 Počet pokusů o překalibrování
0C _93 _93 __0 000000001CF2 Počet cyklů zapnutí zařízení
C0 200 200 __0 0000000001C0 Počet vypnutí disku
C1 _71 _71 __0 00000005EC59 Počet cyklů načítání/vymazání
C2 110 _74 __0 000000000025 Teplota
C4 200 200 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 200 200 __0 000000000000 Počet podezřelých sektorů
C6 100 253 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
C8 100 253 _51 000000000000 Počet chyb při zápisu sektorů

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 427A 3FFF C837 0010 0000 003F 003F 0000 0000 0000
010: 2020 2020 2057 442D 5758 3038 3038 4534 3931 3535
020: 0000 4000 0032 3131 2E30 3131 3131 5744 4320 5744
030: 3332 3030 4245 5654 2D32 4354 4354 3020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4001 0000 0000 0007 3FFF 003F 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 0706 0706 0000 004C 0000
080: 01FE 0000 746B 7F09 6163 BC09 BC09 6163 207F 0037
090: 0037 0080 FFFE 0000 80FE 0000 0000 0000 0000 0000
100: EAB0 2542 0000 0000 0000 0000 0000 0000 5001 4EE2
110: 01D0 A397 0000 0000 0000 0000 0000 0000 0000 4010
120: 4010 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 169E 0000 0000 0000 0000 0000 0000
140: 0000 0000 0004 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 303F 303F 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 1518 0000 0000
220: 0000 0000 100E 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 99A5

toto je crystal cca po 3h

----------------------------------------------------------------------------
CrystalDiskInfo 5.0.0 (C) 2008-2012 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 8 Professional [6.2 Build 9200] (x86)
Date : 2014/12/26 13:36:59

-- Controller Map ----------------------------------------------------------
+ Řadiče úložiště Intel(R) ICH8M v režimu Ultra ATA - 2850 [ATA]
+ ATA Channel 0 (0)
- WDC WD3200BEVT-22ZCT0 ATA Device
- TSSTcorp CDDVDW TS-L632H ATA Device
- ATA Channel 1 (1)
+ Řadič úložiště Intel(R) ICH8M s rozhraním Serial ATA 3portový - 2828 [ATA]
- ATA Channel 0 (0)
- ATA Channel 1 (1)
- Řadič prostorů úložišť [SCSI]

-- Disk List ---------------------------------------------------------------
(1) WDC WD3200BEVT-22ZCT0 : 320,0 GB [0/2/0, pd1]

----------------------------------------------------------------------------
(1) WDC WD3200BEVT-22ZCT0
----------------------------------------------------------------------------
Model : WDC WD3200BEVT-22ZCT0
Firmware : 11.01A11
Serial Number : WD-WXE708E49155
Disk Size : 320,0 GB (8,4/137,4/320,0)
Buffer Size : 8192 KB
Queue Depth : 32
# of Sectors : 625142448
Rotation Rate : 5400 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ----
Transfer Mode : SATA/300
Power On Hours : 14285 hod.
Power On Count : 7410 krát
Temparature : 60 C (140 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, AAM, 48bit LBA, NCQ
APM Level : 0080h [ON]
AAM Level : 80FEh [OFF]

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 200 200 _51 000000000000 Počet chyb čtení
03 187 185 _21 000000000650 Čas na roztočení ploten
04 _92 _92 __0 000000001F6E Počet spuštění/zastavení
05 200 200 140 000000000000 Počet přemapovaných sektorů
07 100 253 __0 000000000000 Počet chybných hledání
09 _81 _81 __0 0000000037CD Hodin v činnosti
0A 100 100 _51 000000000000 Počet opakovaných pokusů o roztočení ploten
0B 100 100 __0 000000000000 Počet pokusů o překalibrování
0C _93 _93 __0 000000001CF2 Počet cyklů zapnutí zařízení
C0 200 200 __0 0000000001C0 Počet vypnutí disku
C1 _71 _71 __0 00000005EC67 Počet cyklů načítání/vymazání
C2 _87 _74 __0 00000000003C Teplota
C4 200 200 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 200 200 __0 000000000000 Počet podezřelých sektorů
C6 100 253 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
C8 100 253 _51 000000000000 Počet chyb při zápisu sektorů

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 427A 3FFF C837 0010 0000 003F 003F 0000 0000 0000
010: 2020 2020 2057 442D 5758 3038 3038 4534 3931 3535
020: 0000 4000 0032 3131 2E30 3131 3131 5744 4320 5744
030: 3332 3030 4245 5654 2D32 4354 4354 3020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4001 0000 0000 0007 3FFF 003F 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 0706 0706 0000 004C 0000
080: 01FE 0000 746B 7F09 6163 BC09 BC09 6163 207F 0037
090: 0037 0080 FFFE 0000 80FE 0000 0000 0000 0000 0000
100: EAB0 2542 0000 0000 0000 0000 0000 0000 5001 4EE2
110: 01D0 A397 0000 0000 0000 0000 0000 0000 0000 4010
120: 4010 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 169E 0000 0000 0000 0000 0000 0000
140: 0000 0000 0004 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 303F 303F 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 1518 0000 0000
220: 0000 0000 100E 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 99A5

co teď pane?

#4 Příspěvek od **Márty84** » 26 pro 2014 16:13

Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=29&t=137928 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

vava8 · #5 Příspěvek od **vava8** » 26 pro 2014 18:53

www.malwarebytes.org

Scan Date: 26. 12. 2014
Scan Time: 17:46:32
Logfile: log.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.26.08
Rootkit Database: v2014.12.23.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8
CPU: x86
File System: NTFS
User: vasudeva

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 397295
Time Elapsed: 1 hr, 2 min, 48 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.InnoApp.A, HKLM\SOFTWARE\innoApp, , [066a74f3abd1d660acc4157b57ac946c],
PUP.Optional.TornTV.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TornTv Downloader, , [3a365b0c413bfb3bc695ef72699ace32],
PUP.Optional.InnoApp.A, HKU\S-1-5-21-3683556855-2863975626-802348343-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\innoApp, , [d19f14537a020036d49b6b2538cb5ea2],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

#6 Příspěvek od **Márty84** » 26 pro 2014 18:56

Vsechny nalezy hodte do karanteny. Po restartu pc udelejte novy sken (staci sken hrozeb - threats scan). Napiste vysledek testu a podle nej zvolim dalsi postup.

vava8 · #7 Příspěvek od **vava8** » 26 pro 2014 19:33

scan hotový, vše čisté......
Před 14-ti dny čištění také pomohlo, hned následující den se vše zhoršovalo den za dnem postupně........
Teď vše o poznání rychlejší.........

#8 Příspěvek od **Márty84** » 26 pro 2014 19:37

Podivame se hloubeji.

Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace

Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

vava8 · #9 Příspěvek od **vava8** » 26 pro 2014 21:46

tady to je

ComboFix 14-12-25.01 - vasudeva . 12. 2014 21:28:09.1.2 - x86
Microsoft Windows 8 Pro 6.2.9200.0.1252.1.1033.18.2046.1418 [GMT 1:00]
Running from: c:\users\vasudeva\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
.
.
((((((((((((((((((((((((( Files Created from 2014-11-26 to 2014-12-26 )))))))))))))))))))))))))))))))
.
.
2014-12-26 20:40 . 2014-12-26 20:40 -------- d-----w- c:\users\vasudeva\AppData\Local\temp
2014-12-26 20:40 . 2014-12-26 20:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-12-26 16:44 . 2014-12-26 18:07 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-26 16:43 . 2014-12-26 16:43 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-12-26 16:43 . 2014-11-21 05:14 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-12-26 16:43 . 2014-11-21 05:14 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-12-26 16:43 . 2014-11-21 05:14 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-12-26 09:04 . 2014-12-26 12:16 -------- d-----w- C:\AdwCleaner
2014-12-13 20:24 . 2014-12-13 20:24 -------- d-----w- c:\program files\Recuva
2014-12-13 20:10 . 2014-12-13 20:10 -------- d-----w- c:\program files\Convar
2014-12-13 17:57 . 2014-12-13 17:57 -------- d-----w- c:\users\vasudeva\AppData\Roaming\AVAST Software
2014-12-13 17:53 . 2014-12-13 17:53 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-12-13 17:53 . 2014-12-13 17:53 423784 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-12-13 17:53 . 2014-12-13 17:52 91496 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-12-13 17:53 . 2014-12-13 17:52 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-12-13 17:53 . 2014-12-13 17:52 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-12-13 17:53 . 2014-12-13 17:52 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-12-13 17:53 . 2014-12-13 17:52 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-12-13 17:53 . 2014-12-13 17:52 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-12-13 17:53 . 2014-12-13 17:52 291352 ----a-w- c:\windows\system32\aswBoot.exe
2014-12-13 17:52 . 2014-12-13 17:52 43152 ----a-w- c:\windows\avastSS.scr
2014-12-13 17:44 . 2014-12-13 17:44 -------- d-----w- c:\program files\AVAST Software
2014-12-13 17:38 . 2014-12-13 17:44 -------- d-----w- c:\programdata\AVAST Software
2014-12-13 10:43 . 2014-11-01 19:17 8941456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{114AA003-810A-41D7-B9E0-3C96B4AB607A}\mpengine.dll
2014-12-13 09:16 . 2014-12-25 21:02 -------- d-----w- C:\FRST
2014-12-08 08:36 . 2014-12-08 08:36 -------- d-----w- c:\users\Public\Roaming
2014-12-02 14:01 . 2014-12-02 14:01 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-30 11:24 . 2014-01-03 04:26 229000 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-12-13 17:52 723976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\vasudeva\AppData\Roaming\uTorrent\uTorrent.exe" [2014-12-02 1389648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-12-13 5227112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"disablecad"= 1 (0x1)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-12-13 91496]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 bcbtums;Bluetooth USB LD Filter;c:\windows\system32\drivers\bcbtums.sys [2013-10-28 175320]
R3 btwampfl;btwampfl;c:\windows\system32\DRIVERS\btwampfl.sys [2013-10-28 144600]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-12-13 787800]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-12-13 423784]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-12-13 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-12-13 70384]
S2 BcmBtRSupport;Bluetooth Driver Management Service;c:\windows\system32\BtwRSupportService.exe [2013-10-28 1680088]
S3 netwlv32;@netwlv32.inf, %NIC_Service_DispName_VISTA%; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netwlv32.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2012-06-02 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2012-06-02 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2012-06-02 661504]
.
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\vasudeva\AppData\Roaming\Mozilla\Firefox\Profiles\5c9pjj07.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2014-12-26 21:43:18
ComboFix-quarantined-files.txt 2014-12-26 20:43
.
Pre-Run: 83 065 393 152 bytes free
Post-Run: 82 886 881 280 bytes free
.
- - End Of File - - BDAE85BCF78B6AE66EC75E76921CFD93
A36C5E4F47E84449FF07ED3517B43A31

#10 Příspěvek od **Márty84** » 26 pro 2014 22:43

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=-

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Driver::
SkypeUpdate
SwitchBoard

Reboot::

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace

Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

vava8 · #11 Příspěvek od **vava8** » 27 pro 2014 13:04

dobrý den, tady je nový log z combofixu
v závěrečný fázi, před restartem kompu jsem musel potvrdit asi 3 popup okna, že byl odepřen přístup k nějakým windows system souborum......

ComboFix 14-12-25.01 - vasudeva . 12. 2014 12:25:26.2.2 - x86
Microsoft Windows 8 Pro 6.2.9200.0.1252.1.1033.18.2046.1238 [GMT 1:00]
Running from: c:\users\vasudeva\Desktop\ComboFix.exe
Command switches used :: c:\users\vasudeva\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
-------\Service_SwitchBoard
.
.
((((((((((((((((((((((((( Files Created from 2014-11-27 to 2014-12-27 )))))))))))))))))))))))))))))))
.
.
2014-12-27 11:37 . 2014-12-27 11:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-12-26 20:43 . 2014-12-27 11:41 -------- d-----w- c:\users\vasudeva\AppData\Local\temp
2014-12-26 16:44 . 2014-12-26 18:07 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-26 16:43 . 2014-12-26 16:43 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-12-26 16:43 . 2014-11-21 05:14 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-12-26 16:43 . 2014-11-21 05:14 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-12-26 16:43 . 2014-11-21 05:14 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-12-26 09:04 . 2014-12-26 12:16 -------- d-----w- C:\AdwCleaner
2014-12-13 20:24 . 2014-12-13 20:24 -------- d-----w- c:\program files\Recuva
2014-12-13 20:10 . 2014-12-13 20:10 -------- d-----w- c:\program files\Convar
2014-12-13 17:57 . 2014-12-13 17:57 -------- d-----w- c:\users\vasudeva\AppData\Roaming\AVAST Software
2014-12-13 17:53 . 2014-12-13 17:53 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-12-13 17:53 . 2014-12-13 17:53 423784 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-12-13 17:53 . 2014-12-13 17:52 91496 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-12-13 17:53 . 2014-12-13 17:52 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-12-13 17:53 . 2014-12-13 17:52 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-12-13 17:53 . 2014-12-13 17:52 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-12-13 17:53 . 2014-12-13 17:52 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-12-13 17:53 . 2014-12-13 17:52 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-12-13 17:53 . 2014-12-13 17:52 291352 ----a-w- c:\windows\system32\aswBoot.exe
2014-12-13 17:52 . 2014-12-13 17:52 43152 ----a-w- c:\windows\avastSS.scr
2014-12-13 17:44 . 2014-12-13 17:44 -------- d-----w- c:\program files\AVAST Software
2014-12-13 17:38 . 2014-12-13 17:44 -------- d-----w- c:\programdata\AVAST Software
2014-12-13 10:43 . 2014-11-01 19:17 8941456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{114AA003-810A-41D7-B9E0-3C96B4AB607A}\mpengine.dll
2014-12-13 09:16 . 2014-12-25 21:02 -------- d-----w- C:\FRST
2014-12-08 08:36 . 2014-12-08 08:36 -------- d-----w- c:\users\Public\Roaming
2014-12-02 14:01 . 2014-12-02 14:01 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-30 11:24 . 2014-01-03 04:26 229000 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-12-13 17:52 723976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-12-13 5227112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"disablecad"= 1 (0x1)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R3 bcbtums;Bluetooth USB LD Filter;c:\windows\system32\drivers\bcbtums.sys [2013-10-28 175320]
R3 btwampfl;btwampfl;c:\windows\system32\DRIVERS\btwampfl.sys [2013-10-28 144600]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-12-13 787800]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-12-13 423784]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-12-13 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-12-13 70384]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-12-13 91496]
S2 BcmBtRSupport;Bluetooth Driver Management Service;c:\windows\system32\BtwRSupportService.exe [2013-10-28 1680088]
S3 netwlv32;@netwlv32.inf, %NIC_Service_DispName_VISTA%; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netwlv32.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2012-06-02 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2012-06-02 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2012-06-02 661504]
.
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\vasudeva\AppData\Roaming\Mozilla\Firefox\Profiles\5c9pjj07.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
.
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\sppsvc.exe
c:\windows\system32\taskhostex.exe
c:\windows\system32\conhost.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2014-12-27 12:46:37 - machine was rebooted
ComboFix-quarantined-files.txt 2014-12-27 11:46
ComboFix2.txt 2014-12-26 20:43
.
Pre-Run: 82 892 468 224 bytes free
Post-Run: 82 632 732 672 bytes free
.
- - End Of File - - AE44CC27360B86B375FB57324C5296E4
A36C5E4F47E84449FF07ED3517B43A31

#12 Příspěvek od **Márty84** » 27 pro 2014 15:15

Jeste si dame jeden sken.

Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

vava8 · #13 Příspěvek od **vava8** » 28 pro 2014 20:42

OTL logfile created on: 28. 12. 2014 19:16:03 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\vasudeva\Desktop
Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16384)
Locale: 00000405 | Country: Czech Republic | Language: CSY | Date Format: d. M. yyyy

2,00 Gb Total Physical Memory | 1,29 Gb Available Physical Memory | 64,37% Memory free
2,37 Gb Paging File | 1,50 Gb Available in Paging File | 63,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,70 Gb Total Space | 77,21 Gb Free Space | 51,93% Space Free | Partition Type: NTFS
Drive D: | 149,04 Gb Total Space | 1,09 Gb Free Space | 0,73% Space Free | Partition Type: NTFS

Computer Name: VND | User Name: vasudeva | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/12/28 19:13:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\vasudeva\Desktop\OTL.exe
PRC - [2014/12/13 18:53:50 | 005,227,112 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/12/13 18:52:40 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/12/11 09:47:48 | 000,337,520 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/12/03 07:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/10/28 18:02:16 | 001,680,088 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\BtwRSupportService.exe
PRC - [2012/08/25 09:12:44 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\sppsvc.exe
PRC - [2012/07/26 04:50:01 | 002,114,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2012/07/26 04:20:59 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhostex.exe
PRC - [2010/03/06 03:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

========== Modules (No Company Name) ==========

MOD - [2014/12/13 18:52:48 | 038,562,088 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/12/11 09:47:46 | 003,758,192 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

========== Services (SafeList) ==========

SRV - [2014/12/13 18:52:40 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/12/12 09:50:22 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/12/11 09:47:47 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/12/03 07:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/28 18:02:16 | 001,680,088 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Windows\System32\BtwRSupportService.exe -- (BcmBtRSupport)
SRV - [2012/08/25 09:12:44 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\sppsvc.exe -- (SLSvc)
SRV - [2012/07/26 05:03:42 | 002,205,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\spool\drivers\w32x86\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/07/26 04:31:20 | 002,151,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WSService.dll -- (WSService)
SRV - [2012/07/26 04:30:33 | 000,013,864 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2012/07/26 04:20:30 | 001,536,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlidsvc.dll -- (wlidsvc)
SRV - [2012/07/26 04:20:19 | 000,051,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wiarpc.dll -- (WiaRpc)
SRV - [2012/07/26 04:20:13 | 000,226,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wcmsvc.dll -- (Wcmsvc)
SRV - [2012/07/26 04:20:11 | 000,192,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\vaultsvc.dll -- (VaultSvc)
SRV - [2012/07/26 04:20:07 | 000,113,664 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\TimeBrokerServer.dll -- (TimeBroker)
SRV - [2012/07/26 04:20:05 | 000,117,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV - [2012/07/26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2012/07/26 04:20:04 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\svsvc.dll -- (svsvc)
SRV - [2012/07/26 04:19:54 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2012/07/26 04:19:40 | 002,028,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2012/07/26 04:19:22 | 000,364,032 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofmsvc.dll -- (netprofm)
SRV - [2012/07/26 04:19:21 | 000,138,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\NcaSvc.dll -- (NcaSvc)
SRV - [2012/07/26 04:19:21 | 000,062,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV - [2012/07/26 04:18:55 | 000,349,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsm.dll -- (LSM)
SRV - [2012/07/26 04:18:47 | 000,043,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\keyiso.dll -- (KeyIso)
SRV - [2012/07/26 04:18:28 | 000,095,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\fhsvc.dll -- (fhsvc)
SRV - [2012/07/26 04:18:24 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\efssvc.dll -- (EFS)
SRV - [2012/07/26 04:18:18 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\DeviceSetupManager.dll -- (DsmSvc)
SRV - [2012/07/26 04:18:13 | 000,261,632 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\das.dll -- (DeviceAssociationService)
SRV - [2012/07/26 04:18:01 | 000,136,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\bisrv.dll -- (BrokerInfrastructure)
SRV - [2012/07/26 04:17:58 | 000,136,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV - [2012/07/26 04:17:58 | 000,109,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV - [2012/07/26 01:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicheartbeat)
SRV - [2012/07/26 01:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicvss)
SRV - [2012/07/26 01:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmictimesync)
SRV - [2012/07/26 01:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicshutdown)
SRV - [2012/07/26 01:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicrdv)
SRV - [2012/07/26 01:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmickvpexchange)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\vasudeva\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\vasudeva\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2014/12/13 18:53:45 | 000,787,800 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\Drivers\aswsnx.sys -- (aswSnx)
DRV - [2014/12/13 18:53:39 | 000,423,784 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\Drivers\aswsp.sys -- (aswSP)
DRV - [2014/12/13 18:52:53 | 000,091,496 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\aswStm.sys -- (aswStm)
DRV - [2014/12/13 18:52:52 | 000,206,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/12/13 18:52:52 | 000,081,768 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\Drivers\aswRdr2.sys -- (aswRdr)
DRV - [2014/12/13 18:52:52 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\Drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014/12/13 18:52:52 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014/12/13 18:52:52 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\aswHwid.sys -- (aswHwid)
DRV - [2013/10/28 18:02:14 | 000,175,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\bcbtums.sys -- (bcbtums)
DRV - [2012/07/26 05:17:18 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\condrv.sys -- (condrv)
DRV - [2012/07/26 04:48:44 | 000,058,608 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\acpiex.sys -- (acpiex)
DRV - [2012/07/26 04:48:33 | 000,121,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\tpm.sys -- (TPM)
DRV - [2012/07/26 04:48:29 | 000,049,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\dam.sys -- (dam)
DRV - [2012/07/26 04:42:33 | 000,068,848 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV - [2012/07/26 04:42:32 | 000,099,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV - [2012/07/26 04:42:32 | 000,070,384 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\EhStorClass.sys -- (EhStorClass)
DRV - [2012/07/26 04:42:31 | 000,085,232 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\3ware.sys -- (3ware)
DRV - [2012/07/26 04:42:19 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV - [2012/07/26 04:42:19 | 000,285,424 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV - [2012/07/26 04:42:19 | 000,267,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV - [2012/07/26 04:42:19 | 000,179,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\UCX01000.SYS -- (UCX01000)
DRV - [2012/07/26 04:42:19 | 000,080,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VerifierExt.sys -- (VerifierExt)
DRV - [2012/07/26 04:42:18 | 000,076,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\uaspstor.sys -- (UASPStor)
DRV - [2012/07/26 04:42:18 | 000,066,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\storahci.sys -- (storahci)
DRV - [2012/07/26 04:42:15 | 000,238,320 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\spaceport.sys -- (spaceport)
DRV - [2012/07/26 04:42:15 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV - [2012/07/26 04:42:15 | 000,059,120 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\mvumis.sys -- (mvumis)
DRV - [2012/07/26 04:42:15 | 000,046,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\sdstor.sys -- (sdstor)
DRV - [2012/07/26 04:42:14 | 000,024,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV - [2012/07/26 04:40:36 | 000,038,640 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV - [2012/07/26 04:40:10 | 000,256,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\clfs.sys -- (CLFS)
DRV - [2012/07/26 04:39:55 | 000,029,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\terminpt.sys -- (terminpt)
DRV - [2012/07/26 04:39:55 | 000,023,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/07/26 04:39:35 | 000,057,072 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\pdc.sys -- (pdc)
DRV - [2012/07/26 04:39:13 | 000,030,448 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\cnghwassist.sys -- (cnghwassist)
DRV - [2012/07/26 04:34:01 | 000,199,920 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\Drivers\WdFilter.sys -- (WdFilter)
DRV - [2012/07/26 04:33:00 | 000,130,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\vmbus.sys -- (vmbus)
DRV - [2012/07/26 04:33:00 | 000,042,344 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\vmstorfl.sys -- (storflt)
DRV - [2012/07/26 04:33:00 | 000,032,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\storvsc.sys -- (storvsc)
DRV - [2012/07/26 04:30:33 | 000,028,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\WdBoot.sys -- (WdBoot)
DRV - [2012/07/26 03:36:54 | 000,042,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV - [2012/07/26 03:36:49 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\mshidumdf.sys -- (mshidumdf)
DRV - [2012/07/26 03:36:36 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\HyperVideo.sys -- (HyperVideo)
DRV - [2012/07/26 03:36:35 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\BasicRender.sys -- (BasicRender)
DRV - [2012/07/26 03:35:48 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV - [2012/07/26 03:35:30 | 000,006,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\vms3cap.sys -- (s3cap)
DRV - [2012/07/26 03:35:28 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\npsvctrig.sys -- (npsvctrig)
DRV - [2012/07/26 03:35:23 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\fxppm.sys -- (FxPPM)
DRV - [2012/07/26 03:35:10 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\kdnic.sys -- (kdnic)
DRV - [2012/07/26 03:35:06 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\acpitime.sys -- (acpitime)
DRV - [2012/07/26 03:35:04 | 000,009,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\vmgencounter.sys -- (gencounter)
DRV - [2012/07/26 03:34:43 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\acpipagr.sys -- (acpipagr)
DRV - [2012/07/26 03:34:42 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV - [2012/07/26 03:34:22 | 000,018,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2012/07/26 03:34:16 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BthhfHid.sys -- (bthhfhid)
DRV - [2012/07/26 03:34:04 | 000,010,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\hyperkbd.sys -- (hyperkbd)
DRV - [2012/07/26 03:33:53 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SerCx.sys -- (SerCx)
DRV - [2012/07/26 03:33:50 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SpbCx.sys -- (SpbCx)
DRV - [2012/07/26 03:33:37 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\winusb.sys -- (WinUsb)
DRV - [2012/07/26 03:33:29 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012/07/26 03:33:16 | 000,044,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV - [2012/07/26 03:33:00 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\hidi2c.sys -- (hidi2c)
DRV - [2012/07/26 03:32:54 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/07/26 03:32:53 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\dmvsc.sys -- (dmvsc)
DRV - [2012/07/26 03:32:02 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\wpcfltr.sys -- (wpcfltr)
DRV - [2012/07/26 03:31:11 | 000,110,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV - [2012/07/26 03:30:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\mslldp.sys -- (MsLldp)
DRV - [2012/07/26 03:30:39 | 000,084,480 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\Ndu.sys -- (Ndu)
DRV - [2012/07/25 23:49:35 | 010,071,552 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012/06/29 03:00:56 | 000,290,304 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012/06/02 15:31:42 | 006,637,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\netwlv32.sys -- (netwlv32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-3683556855-2863975626-802348343-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3683556855-2863975626-802348343-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3683556855-2863975626-802348343-1001\..\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-3683556855-2863975626-802348343-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-3683556855-2863975626-802348343-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Mapy.cz"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?btnG=Google+Search&q="
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:10.0.2502.149
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0.5
FF - prefs.js..keyword.URL: "http://www.google.com/search?btnG=Google+Search&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/12/13 18:52:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2014/08/11 15:55:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vasudeva\AppData\Roaming\Mozilla\Extensions
[2014/12/13 17:43:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vasudeva\AppData\Roaming\Mozilla\Firefox\Profiles\5c9pjj07.default\extensions
[2014/12/12 21:03:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vasudeva\AppData\Roaming\Mozilla\Firefox\Profiles\gesn0cb2.default\extensions
[2014/12/12 17:22:42 | 000,008,934 | ---- | M] () (No name found) -- C:\Users\vasudeva\AppData\Roaming\Mozilla\Firefox\Profiles\gesn0cb2.default\extensions\{7b92ebda-59e4-4459-a904-440931a40b95}.xpi
[2014/01/05 06:12:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/12/11 09:47:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/12/13 18:52:58 | 000,000,000 | ---D | M] ("Avast Online Security") -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

O1 HOSTS File: ([2014/12/27 12:40:53 | 000,000,027 | ---- | M]) - C:\Windows\System32\Drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3683556855-2863975626-802348343-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3683556855-2863975626-802348343-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70B1F808-3936-42A9-B0F8-0BB75CA7A31A}: DhcpNameServer = 172.16.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4D06508-4AB5-4A3C-B3E9-28F779E91B37}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/07/26 07:52:25 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: wlidsvc - C:\Windows\System32\wlidsvc.dll (Microsoft Corporation)
NetSvcs: SystemEventsBroker - C:\Windows\System32\SystemEventsBrokerServer.dll (Microsoft Corporation)
NetSvcs: DsmSvc - C:\Windows\System32\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs: NcaSvc - C:\Windows\System32\NcaSvc.dll (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2014/12/28 19:13:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\vasudeva\Desktop\OTL.exe
[2014/12/27 12:46:47 | 000,000,000 | ---D | C] -- C:\Users\vasudeva\AppData\Local\temp
[2014/12/27 12:44:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/12/26 21:26:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/12/26 21:26:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/12/26 21:26:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2014/12/26 21:26:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/12/26 21:25:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/12/26 21:25:35 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/12/26 21:24:11 | 005,603,624 | R--- | C] (Swearware) -- C:\Users\vasudeva\Desktop\ComboFix.exe
[2014/12/26 17:44:05 | 000,114,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/12/26 17:43:48 | 000,075,480 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/12/26 17:43:48 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/12/26 17:43:48 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/12/26 17:43:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/12/26 17:39:15 | 020,447,072 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\vasudeva\Desktop\mbam-setup-2.0.4.1028.exe
[2014/12/26 10:04:16 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/12/26 09:54:53 | 000,000,000 | ---D | C] -- C:\Users\vasudeva\Desktop\Smart
[2014/12/26 09:52:30 | 001,149,912 | ---- | C] (Crystal Dew World) -- C:\Users\vasudeva\Desktop\DiskInfo.exe
[2014/12/26 09:52:19 | 000,000,000 | ---D | C] -- C:\Users\vasudeva\Desktop\CdiResource
[2014/12/25 21:36:59 | 000,112,640 | ---- | C] (forum.viry.cz) -- C:\Users\vasudeva\Desktop\FRSTLauncher.exe
[2014/12/25 21:33:29 | 001,114,112 | ---- | C] (Farbar) -- C:\Users\vasudeva\Desktop\FRST.exe
[2014/12/16 14:43:21 | 000,000,000 | ---D | C] -- C:\Users\vasudeva\Desktop\dokumenty jpg
[2014/12/14 18:15:56 | 000,000,000 | ---D | C] -- C:\Users\vasudeva\Desktop\fotos
[2014/12/13 21:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[2014/12/13 21:24:27 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2014/12/13 21:10:03 | 000,000,000 | ---D | C] -- C:\Users\vasudeva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar
[2014/12/13 21:10:03 | 000,000,000 | ---D | C] -- C:\Program Files\Convar
[2014/12/13 18:57:24 | 000,000,000 | ---D | C] -- C:\Users\vasudeva\AppData\Roaming\AVAST Software
[2014/12/13 18:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
[2014/12/13 18:53:03 | 000,787,800 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswsnx.sys
[2014/12/13 18:53:03 | 000,423,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswsp.sys
[2014/12/13 18:53:03 | 000,091,496 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswStm.sys
[2014/12/13 18:53:03 | 000,081,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2014/12/13 18:53:03 | 000,070,384 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2014/12/13 18:53:00 | 000,291,352 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2014/12/13 18:52:50 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/12/13 18:44:18 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/12/13 18:38:20 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/12/13 11:39:39 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2014/12/13 10:16:56 | 000,000,000 | ---D | C] -- C:\FRST
[2014/12/13 10:05:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2014/12/09 23:07:35 | 000,000,000 | ---D | C] -- C:\Users\vasudeva\Documents\Adobe Scripts

========== Files - Modified Within 30 Days ==========

[2014/12/28 19:19:13 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014/12/28 19:13:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\vasudeva\Desktop\OTL.exe
[2014/12/28 18:37:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/12/27 12:40:53 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014/12/27 12:39:35 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/12/27 12:39:25 | 1716,666,368 | -HS- | M] () -- C:\hiberfil.sys
[2014/12/26 21:24:26 | 005,603,624 | R--- | M] (Swearware) -- C:\Users\vasudeva\Desktop\ComboFix.exe
[2014/12/26 19:07:49 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/12/26 17:43:52 | 000,001,060 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/12/26 17:40:16 | 020,447,072 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\vasudeva\Desktop\mbam-setup-2.0.4.1028.exe
[2014/12/26 13:33:57 | 001,503,368 | ---- | M] () -- C:\Users\vasudeva\Desktop\CrystalDiskInfo5_0_0.zip
[2014/12/26 10:00:23 | 002,173,952 | ---- | M] () -- C:\Users\vasudeva\Desktop\adwcleaner_4.106.exe
[2014/12/26 09:57:35 | 000,000,261 | ---- | M] () -- C:\Users\vasudeva\Desktop\DiskInfo.ini
[2014/12/25 22:12:43 | 000,005,845 | ---- | M] () -- C:\Users\vasudeva\Desktop\Addition.rar
[2014/12/25 21:37:04 | 000,112,640 | ---- | M] (forum.viry.cz) -- C:\Users\vasudeva\Desktop\FRSTLauncher.exe
[2014/12/25 21:33:50 | 001,114,112 | ---- | M] (Farbar) -- C:\Users\vasudeva\Desktop\FRST.exe
[2014/12/19 21:53:07 | 000,693,054 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2014/12/19 21:53:07 | 000,684,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/12/19 21:53:07 | 000,140,230 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2014/12/19 21:53:07 | 000,124,968 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/12/17 18:58:12 | 000,049,214 | ---- | M] () -- C:\Users\vasudeva\Documents\vypis.pdf
[2014/12/17 17:30:47 | 000,049,214 | ---- | M] () -- C:\Users\vasudeva\pro zuno.pdf
[2014/12/16 19:00:55 | 001,098,789 | ---- | M] () -- C:\Users\vasudeva\Desktop\dokumenty jpg.rar
[2014/12/15 06:10:44 | 000,000,017 | ---- | M] () -- C:\Users\vasudeva\AppData\Local\resmon.resmoncfg
[2014/12/13 21:24:29 | 000,001,795 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
[2014/12/13 18:54:14 | 000,002,117 | ---- | M] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2014/12/13 18:53:45 | 000,787,800 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswsnx.sys
[2014/12/13 18:53:39 | 000,423,784 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswsp.sys
[2014/12/13 18:52:53 | 000,091,496 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswStm.sys
[2014/12/13 18:52:52 | 000,206,248 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014/12/13 18:52:52 | 000,081,768 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2014/12/13 18:52:52 | 000,070,384 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2014/12/13 18:52:52 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2014/12/13 18:52:52 | 000,024,184 | ---- | M] () -- C:\Windows\System32\drivers\aswHwid.sys
[2014/12/13 18:52:50 | 000,291,352 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2014/12/13 18:52:50 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/12/04 19:10:00 | 001,116,926 | ---- | M] () -- C:\Users\vasudeva\Desktop\BMW E61 Aircon Fan Replacement.pdf
[2014/12/02 09:47:34 | 000,000,816 | ---- | M] () -- C:\Users\vasudeva\Desktop\µTorrent.lnk

========== Files Created - No Company Name ==========

[2014/12/28 19:19:13 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014/12/26 21:26:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/12/26 21:26:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/12/26 21:26:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/12/26 21:26:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/12/26 21:26:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/12/26 17:43:52 | 000,001,060 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/12/26 10:00:02 | 002,173,952 | ---- | C] () -- C:\Users\vasudeva\Desktop\adwcleaner_4.106.exe
[2014/12/26 09:54:24 | 000,000,261 | ---- | C] () -- C:\Users\vasudeva\Desktop\DiskInfo.ini
[2014/12/26 09:47:21 | 001,503,368 | ---- | C] () -- C:\Users\vasudeva\Desktop\CrystalDiskInfo5_0_0.zip
[2014/12/25 22:12:42 | 000,005,845 | ---- | C] () -- C:\Users\vasudeva\Desktop\Addition.rar
[2014/12/18 15:03:26 | 000,000,562 | ---- | C] () -- C:\Users\vasudeva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Počítač – zástupce.lnk
[2014/12/17 18:58:12 | 000,049,214 | ---- | C] () -- C:\Users\vasudeva\Documents\vypis.pdf
[2014/12/17 17:30:47 | 000,049,214 | ---- | C] () -- C:\Users\vasudeva\pro zuno.pdf
[2014/12/16 19:00:54 | 001,098,789 | ---- | C] () -- C:\Users\vasudeva\Desktop\dokumenty jpg.rar
[2014/12/15 06:10:44 | 000,000,017 | ---- | C] () -- C:\Users\vasudeva\AppData\Local\resmon.resmoncfg
[2014/12/13 21:24:29 | 000,001,795 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
[2014/12/13 18:54:14 | 000,002,117 | ---- | C] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2014/12/13 18:53:03 | 000,206,248 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014/12/13 18:53:03 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2014/12/13 18:53:03 | 000,024,184 | ---- | C] () -- C:\Windows\System32\drivers\aswHwid.sys
[2014/12/05 10:29:42 | 000,224,696 | ---- | C] () -- C:\Users\vasudeva\Desktop\23122009117.jpg
[2014/12/05 10:28:34 | 000,803,581 | ---- | C] () -- C:\Users\vasudeva\Desktop\8.JPG
[2014/12/05 10:24:01 | 001,121,954 | ---- | C] () -- C:\Users\vasudeva\Desktop\P1160142.JPG
[2014/12/05 10:23:51 | 001,121,178 | ---- | C] () -- C:\Users\vasudeva\Desktop\P1160198.JPG
[2014/12/04 19:10:00 | 001,116,926 | ---- | C] () -- C:\Users\vasudeva\Desktop\BMW E61 Aircon Fan Replacement.pdf
[2014/12/02 09:47:34 | 000,000,816 | ---- | C] () -- C:\Users\vasudeva\Desktop\µTorrent.lnk
[2014/01/03 17:45:07 | 000,516,096 | ---- | C] () -- C:\Windows\UN32.EXE
[2014/01/03 17:45:07 | 000,003,839 | ---- | C] () -- C:\Windows\UN32P.INI
[2014/01/03 17:32:44 | 000,000,384 | ---- | C] () -- C:\Windows\ODBC.INI
[2014/01/03 05:21:16 | 000,693,054 | ---- | C] () -- C:\Windows\System32\perfh005.dat
[2014/01/03 05:21:16 | 000,296,594 | ---- | C] () -- C:\Windows\System32\perfi005.dat
[2014/01/03 05:21:16 | 000,140,230 | ---- | C] () -- C:\Windows\System32\perfc005.dat
[2014/01/03 05:21:16 | 000,038,682 | ---- | C] () -- C:\Windows\System32\perfd005.dat
[2014/01/03 04:43:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2014/01/03 04:43:38 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

========== ZeroAccess Check ==========

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/08/27 14:21:15 | 017,559,552 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2012/07/26 04:20:13 | 000,354,304 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/08/11 18:04:10 | 000,000,000 | ---D | M] -- C:\Users\vasudeva\AppData\Roaming\.Torrent Swapper
[2014/12/13 18:57:24 | 000,000,000 | ---D | M] -- C:\Users\vasudeva\AppData\Roaming\AVAST Software
[2014/08/11 18:04:10 | 000,000,000 | ---D | M] -- C:\Users\vasudeva\AppData\Roaming\DAEMON Tools Lite
[2014/10/21 15:56:15 | 000,000,000 | ---D | M] -- C:\Users\vasudeva\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2014/12/27 12:22:40 | 000,000,000 | ---D | M] -- C:\Users\vasudeva\AppData\Roaming\uTorrent

========== Purity Check ==========

========== Custom Scans ==========

< >
[2012/07/26 07:04:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT

< >

< MD5 for: AGP440.SYS >
[2012/07/26 04:42:31 | 000,055,536 | ---- | M] (Microsoft Corporation) MD5=73BB2C687305C4195ED7511587B041AA -- C:\Windows\erdnt\cache\AGP440.sys
[2012/07/26 04:42:31 | 000,055,536 | ---- | M] (Microsoft Corporation) MD5=73BB2C687305C4195ED7511587B041AA -- C:\Windows\System32\Drivers\AGP440.sys
[2012/07/26 04:42:31 | 000,055,536 | ---- | M] (Microsoft Corporation) MD5=73BB2C687305C4195ED7511587B041AA -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_38ff1f7a86c4c6d7\AGP440.sys
[2012/07/26 04:42:31 | 000,055,536 | ---- | M] (Microsoft Corporation) MD5=73BB2C687305C4195ED7511587B041AA -- C:\Windows\WinSxS\x86_machine.inf_31bf3856ad364e35_6.2.9200.16384_none_b6bdf91c90179e3b\AGP440.sys

< MD5 for: ATAPI.SYS >
[2012/07/26 04:42:31 | 000,022,768 | ---- | M] (Microsoft Corporation) MD5=48D8C3F2006698691F5AE0BB595FDCC8 -- C:\Windows\erdnt\cache\atapi.sys
[2012/07/26 04:42:31 | 000,022,768 | ---- | M] (Microsoft Corporation) MD5=48D8C3F2006698691F5AE0BB595FDCC8 -- C:\Windows\System32\Drivers\atapi.sys
[2012/07/26 04:42:31 | 000,022,768 | ---- | M] (Microsoft Corporation) MD5=48D8C3F2006698691F5AE0BB595FDCC8 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_79ee6a786812523f\atapi.sys
[2012/07/26 04:42:31 | 000,022,768 | ---- | M] (Microsoft Corporation) MD5=48D8C3F2006698691F5AE0BB595FDCC8 -- C:\Windows\WinSxS\x86_mshdc.inf_31bf3856ad364e35_6.2.9200.16384_none_d9e333faf2f0935d\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2012/07/26 04:20:43 | 000,792,064 | ---- | M] (Microsoft Corporation) MD5=55653D86D712641DB6930FAB64F452FF -- C:\Windows\System32\autochk.exe
[2012/07/26 04:20:43 | 000,792,064 | ---- | M] (Microsoft Corporation) MD5=55653D86D712641DB6930FAB64F452FF -- C:\Windows\WinSxS\x86_microsoft-windows-autochk_31bf3856ad364e35_6.2.9200.16384_none_de9ef92a9327e7b0\autochk.exe

< MD5 for: CDROM.SYS >
[2012/07/26 03:33:53 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=4E707EC5071DD8F5C29A7410780BD4C3 -- C:\Windows\System32\Drivers\cdrom.sys
[2012/07/26 03:33:53 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=4E707EC5071DD8F5C29A7410780BD4C3 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_a76623cebb64c613\cdrom.sys
[2012/07/26 03:33:53 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=4E707EC5071DD8F5C29A7410780BD4C3 -- C:\Windows\WinSxS\x86_cdrom.inf_31bf3856ad364e35_6.2.9200.16384_none_5c5467c3752e2f0b\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2012/07/26 04:18:10 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=42EAE3259F8F39C7E22D0F385DBFADA9 -- C:\Windows\System32\cryptsvc.dll
[2012/07/26 04:18:10 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=42EAE3259F8F39C7E22D0F385DBFADA9 -- C:\Windows\WinSxS\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.2.9200.16384_none_72aaa5456c3612aa\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2012/07/26 04:50:01 | 002,114,936 | ---- | M] (Microsoft Corporation) MD5=5B6ED1B57DBFF18D405A0260559B571E -- C:\Windows\erdnt\cache\explorer.exe
[2012/07/26 04:50:01 | 002,114,936 | ---- | M] (Microsoft Corporation) MD5=5B6ED1B57DBFF18D405A0260559B571E -- C:\Windows\explorer.exe
[2012/07/26 04:50:01 | 002,114,936 | ---- | M] (Microsoft Corporation) MD5=5B6ED1B57DBFF18D405A0260559B571E -- C:\Windows\WinSxS\x86_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_4e5fb2f34b233380\explorer.exe

< MD5 for: HAL.DLL >
[2012/07/26 05:17:18 | 000,319,216 | ---- | M] (Microsoft Corporation) MD5=4EC411F1AC6C9FB3A96C16D0C500A433 -- C:\Windows\System32\hal.dll
[2012/07/26 05:17:18 | 000,319,216 | ---- | M] (Microsoft Corporation) MD5=4EC411F1AC6C9FB3A96C16D0C500A433 -- C:\Windows\WinSxS\x86_microsoft-windows-hal_31bf3856ad364e35_6.2.9200.16384_none_a7d3fe852b10fc16\hal.dll

< MD5 for: IASTORV.SYS >
[2012/07/26 04:42:33 | 000,333,552 | ---- | M] (Intel Corporation) MD5=C444F83C318BE18719DC1FDAEFF10898 -- C:\Windows\System32\Drivers\iaStorV.sys
[2012/07/26 04:42:33 | 000,333,552 | ---- | M] (Intel Corporation) MD5=C444F83C318BE18719DC1FDAEFF10898 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_819876bbe5c3b25f\iaStorV.sys
[2012/07/26 04:42:33 | 000,333,552 | ---- | M] (Intel Corporation) MD5=C444F83C318BE18719DC1FDAEFF10898 -- C:\Windows\WinSxS\x86_iastorv.inf_31bf3856ad364e35_6.2.9200.16384_none_abbc5e59592ebf50\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2012/07/26 04:42:33 | 000,047,856 | ---- | M] (Microsoft Corporation) MD5=2E1347C9CC7DDB43183AF725135ACF0D -- C:\Windows\System32\Drivers\isapnp.sys
[2012/07/26 04:42:33 | 000,047,856 | ---- | M] (Microsoft Corporation) MD5=2E1347C9CC7DDB43183AF725135ACF0D -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_38ff1f7a86c4c6d7\isapnp.sys
[2012/07/26 04:42:33 | 000,047,856 | ---- | M] (Microsoft Corporation) MD5=2E1347C9CC7DDB43183AF725135ACF0D -- C:\Windows\WinSxS\x86_machine.inf_31bf3856ad364e35_6.2.9200.16384_none_b6bdf91c90179e3b\isapnp.sys

< MD5 for: LSASS.EXE >
[2012/07/26 05:17:16 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=747ED861374E5589EE56D28E01BDCFE1 -- C:\Windows\erdnt\cache\lsass.exe
[2012/07/26 05:17:16 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=747ED861374E5589EE56D28E01BDCFE1 -- C:\Windows\System32\lsass.exe
[2012/07/26 05:17:16 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=747ED861374E5589EE56D28E01BDCFE1 -- C:\Windows\WinSxS\x86_microsoft-windows-lsa-minwin_31bf3856ad364e35_6.2.9200.16384_none_3a16ad7e63b52be0\lsass.exe

< MD5 for: NDIS.SYS >
[2012/07/26 05:17:16 | 000,830,192 | ---- | M] (Microsoft Corporation) MD5=C1068477FA29568D8C4AC262AF594871 -- C:\Windows\erdnt\cache\ndis.sys
[2012/07/26 05:17:16 | 000,830,192 | ---- | M] (Microsoft Corporation) MD5=C1068477FA29568D8C4AC262AF594871 -- C:\Windows\System32\Drivers\ndis.sys
[2012/07/26 05:17:16 | 000,830,192 | ---- | M] (Microsoft Corporation) MD5=C1068477FA29568D8C4AC262AF594871 -- C:\Windows\WinSxS\x86_microsoft-windows-ndis-minwin_31bf3856ad364e35_6.2.9200.16384_none_56008a15f972d07e\ndis.sys

< MD5 for: NETLOGON.DLL >
[2012/07/26 04:19:22 | 000,634,368 | ---- | M] (Microsoft Corporation) MD5=EEF9DA64D7B1DD51FB8AB9EFCC560E3E -- C:\Windows\erdnt\cache\netlogon.dll
[2012/07/26 04:19:22 | 000,634,368 | ---- | M] (Microsoft Corporation) MD5=EEF9DA64D7B1DD51FB8AB9EFCC560E3E -- C:\Windows\System32\netlogon.dll
[2012/07/26 04:19:22 | 000,634,368 | ---- | M] (Microsoft Corporation) MD5=EEF9DA64D7B1DD51FB8AB9EFCC560E3E -- C:\Windows\WinSxS\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.2.9200.16384_none_fa62c3240960ad18\netlogon.dll

< MD5 for: NVRAID.SYS >
[2012/07/26 04:42:15 | 000,120,048 | ---- | M] (NVIDIA Corporation) MD5=BD23FF50A9A59AAF48052F5E7D0682B0 -- C:\Windows\System32\Drivers\nvraid.sys
[2012/07/26 04:42:15 | 000,120,048 | ---- | M] (NVIDIA Corporation) MD5=BD23FF50A9A59AAF48052F5E7D0682B0 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_7ba65ba4b222e751\nvraid.sys
[2012/07/26 04:42:15 | 000,120,048 | ---- | M] (NVIDIA Corporation) MD5=BD23FF50A9A59AAF48052F5E7D0682B0 -- C:\Windows\WinSxS\x86_nvraid.inf_31bf3856ad364e35_6.2.9200.16384_none_3685cf0890656928\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2012/07/26 04:42:15 | 000,141,552 | ---- | M] (NVIDIA Corporation) MD5=108DD54A5B1E73F583AF7DC94CCE52B8 -- C:\Windows\System32\Drivers\nvstor.sys
[2012/07/26 04:42:15 | 000,141,552 | ---- | M] (NVIDIA Corporation) MD5=108DD54A5B1E73F583AF7DC94CCE52B8 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_7ba65ba4b222e751\nvstor.sys
[2012/07/26 04:42:15 | 000,141,552 | ---- | M] (NVIDIA Corporation) MD5=108DD54A5B1E73F583AF7DC94CCE52B8 -- C:\Windows\WinSxS\x86_nvraid.inf_31bf3856ad364e35_6.2.9200.16384_none_3685cf0890656928\nvstor.sys

< MD5 for: SCECLI.DLL >
[2012/07/26 04:19:52 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=B95DC83FF580DD92F487C2F4D0854B6A -- C:\Windows\erdnt\cache\scecli.dll
[2012/07/26 04:19:52 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=B95DC83FF580DD92F487C2F4D0854B6A -- C:\Windows\System32\scecli.dll
[2012/07/26 04:19:52 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=B95DC83FF580DD92F487C2F4D0854B6A -- C:\Windows\WinSxS\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.2.9200.16384_none_34b8ee3caa8233d3\scecli.dll

< MD5 for: SMSS.EXE >
[2012/07/26 05:17:18 | 000,088,576 | ---- | M] (Microsoft Corporation) MD5=8E5870B864C38A3B766F9F0A23FB70C4 -- C:\Windows\System32\smss.exe
[2012/07/26 05:17:18 | 000,088,576 | ---- | M] (Microsoft Corporation) MD5=8E5870B864C38A3B766F9F0A23FB70C4 -- C:\Windows\WinSxS\x86_microsoft-windows-smss-minwin_31bf3856ad364e35_6.2.9200.16384_none_7b0be223ba323220\smss.exe

< MD5 for: SVCHOST.EXE >
[2012/07/26 04:20:58 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=0A175AF8B65797BD22C11903A8BFEB2D -- C:\Windows\erdnt\cache\svchost.exe
[2012/07/26 04:20:58 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=0A175AF8B65797BD22C11903A8BFEB2D -- C:\Windows\System32\svchost.exe
[2012/07/26 04:20:58 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=0A175AF8B65797BD22C11903A8BFEB2D -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_b2666581d6b482a6\svchost.exe
[2014/11/21 06:12:42 | 000,761,656 | ---- | M] (MalwareBytes) MD5=625BB08813743947985B0DEEFC35ED12 -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe

< MD5 for: TCPIP.SYS >
[2012/07/26 05:17:16 | 001,817,328 | ---- | M] (Microsoft Corporation) MD5=FF19CA1C64458F4E0F4F0FAEA22313C2 -- C:\Windows\erdnt\cache\tcpip.sys
[2012/07/26 05:17:16 | 001,817,328 | ---- | M] (Microsoft Corporation) MD5=FF19CA1C64458F4E0F4F0FAEA22313C2 -- C:\Windows\System32\Drivers\tcpip.sys
[2012/07/26 05:17:16 | 001,817,328 | ---- | M] (Microsoft Corporation) MD5=FF19CA1C64458F4E0F4F0FAEA22313C2 -- C:\Windows\WinSxS\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.2.9200.16384_none_afc91e3337cd05b7\tcpip.sys

< MD5 for: USERINIT.EXE >
[2012/07/26 04:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\erdnt\cache\userinit.exe
[2012/07/26 04:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\System32\userinit.exe
[2012/07/26 04:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_d8d3c5f6a316bccc\userinit.exe

< MD5 for: WINLOGON.EXE >
[2014/11/21 06:12:42 | 000,761,656 | ---- | M] (MalwareBytes) MD5=625BB08813743947985B0DEEFC35ED12 -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2012/07/26 04:21:01 | 000,411,648 | ---- | M] (Microsoft Corporation) MD5=C06BA1F360CEF6AB51F41B3D0D5FE92D -- C:\Windows\erdnt\cache\winlogon.exe
[2012/07/26 04:21:01 | 000,411,648 | ---- | M] (Microsoft Corporation) MD5=C06BA1F360CEF6AB51F41B3D0D5FE92D -- C:\Windows\System32\winlogon.exe
[2012/07/26 04:21:01 | 000,411,648 | ---- | M] (Microsoft Corporation) MD5=C06BA1F360CEF6AB51F41B3D0D5FE92D -- C:\Windows\WinSxS\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16384_none_6c6e0cf7a65840b6\winlogon.exe

< MD5 for: WS2_32.DLL >
[2012/07/26 05:17:16 | 000,310,784 | ---- | M] (Microsoft Corporation) MD5=B3CC9EDFD97F7087013A9A47089DF571 -- C:\Windows\erdnt\cache\ws2_32.dll
[2012/07/26 05:17:16 | 000,310,784 | ---- | M] (Microsoft Corporation) MD5=B3CC9EDFD97F7087013A9A47089DF571 -- C:\Windows\System32\ws2_32.dll
[2012/07/26 05:17:16 | 000,310,784 | ---- | M] (Microsoft Corporation) MD5=B3CC9EDFD97F7087013A9A47089DF571 -- C:\Windows\WinSxS\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.2.9200.16384_none_ef62bca39fbcca85\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[2 C:\Windows\Panther\*.tmp files -> C:\Windows\Panther\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2014/08/11 18:04:10 | 000,000,000 | ---D | M] -- C:\Users\vasudeva\AppData\Roaming\.Torrent Swapper
[2014/12/08 09:36:09 | 000,000,000 | ---D | M] -- C:\Users\vasudeva\AppData\Roaming\Adobe
[2014/10/21 15:56:15 | 000,000,000 | ---D | M] -- C:\Users\vasudeva\AppData\Roaming\Adobe Mini Bridge CS5
[2014/12/13 18:57:24 | 000,000,000 | ---D | M] -- C:\Users\vasudeva\AppData\Roaming\AVAST Software
[2014/08/11 18:04:10 | 000,000,000 | ---D | M] -- C:\Users\vasudeva\AppData\Roaming\DAEMON Tools Lite
[2014/08/11 15:57:38 | 000,000,000 | ---D | M] -- C:\Users\vasudeva\AppData\Roaming\Macromedia
[2014/09/29 18:55:32 | 000,000,000 | --SD | M] -- C:\Users\vasudeva\AppData\Roaming\Microsoft
[2014/08/11 18:04:16 | 000,000,000 | ---D | M] -- C:\Users\vasudeva\AppData\Roaming\Mozilla
[2014/10/16 13:32:12 | 000,000,000 | ---D | M] -- C:\Users\vasudeva\AppData\Roaming\Skype
[2014/10/21 15:56:15 | 000,000,000 | ---D | M] -- C:\Users\vasudeva\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2014/12/27 12:22:40 | 000,000,000 | ---D | M] -- C:\Users\vasudeva\AppData\Roaming\uTorrent
[2014/12/25 21:23:05 | 000,000,000 | ---D | M] -- C:\Users\vasudeva\AppData\Roaming\vlc
[2014/08/12 10:09:50 | 000,000,000 | ---D | M] -- C:\Users\vasudeva\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2014/12/02 09:47:34 | 001,389,648 | ---- | M] (BitTorrent Inc.) -- C:\Users\vasudeva\AppData\Roaming\uTorrent\uTorrent.exe
[2014/11/27 18:27:29 | 001,389,648 | ---- | M] (BitTorrent Inc.) -- C:\Users\vasudeva\AppData\Roaming\uTorrent\updates\3.4.2_35702.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >
[2014/12/26 19:07:49 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\MBAMSwissArmy.sys

< %systemroot%\system32\*.* /3 >

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< >

< type c:\boot.ini >> test.txt /c >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014/12/28 19:19:13 | 000,000,512 | ---- | M] () MD5=8726A7AD9D3BAEE689F0C11C9F4E3F4D -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2014/10/16 09:34:52 | 000,315,178 | ---- | M] () -- \Users\vasudeva\Downloads\Adobe Photoshop CS5 CZ\Crack\ADBE_CRACK - 32bit.rar
[2014/10/16 09:34:52 | 000,377,747 | ---- | M] () -- \Users\vasudeva\Downloads\Adobe Photoshop CS5 CZ\Crack\ADBE_CRACK - 64bit.rar

< *keygen* /s >
[2014/10/16 09:34:52 | 000,003,121 | ---- | M] () -- \Users\vasudeva\Downloads\Adobe Photoshop CS5 CZ\Crack\KeyGen-Readme.txt

< *AntiWPA* /s >

< *loader* /s >
[2014/12/12 20:56:06 | 000,001,851 | ---- | M] () -- \FRST\Quarantine\C\AdwCleaner\Quarantine\C\Users\vasudeva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk.vir
[2010/03/09 03:28:40 | 005,297,608 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\Photodownloader.exe
[2010/03/09 00:38:58 | 000,011,161 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\apd\shared_assets\bitmaps\main_window\C_LoadError.png
[2010/03/09 00:38:58 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\da_dk\Photodownloader.ini
[2010/03/09 00:39:00 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\de_de\Photodownloader.ini
[2010/03/09 00:39:00 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\en_us\Photodownloader.ini
[2010/03/09 00:39:00 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\es_es\Photodownloader.ini
[2010/03/09 00:39:00 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\fi_fi\Photodownloader.ini
[2010/03/09 00:39:00 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\fr_fr\Photodownloader.ini
[2010/03/09 00:39:00 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\it_it\Photodownloader.ini
[2010/03/09 00:39:00 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\ja_jp\Photodownloader.ini
[2010/03/09 00:39:00 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\ko_kr\Photodownloader.ini
[2010/03/09 00:39:00 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\nl_nl\Photodownloader.ini
[2010/03/09 00:39:00 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\no_no\Photodownloader.ini
[2010/03/09 00:39:00 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\pt_br\Photodownloader.ini
[2010/03/09 00:39:00 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\sv_se\Photodownloader.ini
[2010/03/09 00:39:00 | 000,000,308 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\zh_cn\Photodownloader.ini
[2010/03/09 00:39:00 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS5\apd\shared_assets\locales\zh_tw\Photodownloader.ini
[2014/12/13 18:52:14 | 000,072,480 | ---- | M] () -- \Program Files\AVAST Software\Avast\aswWrcIELoader32.exe
[2012/07/26 07:53:18 | 000,039,485 | ---- | M] () -- \Program Files\WindowsApps\Microsoft.Bing_1.2.0.137_x86__8wekyb3d8bbwe\shell\js\backgroundImageLoader.js
[2012/07/26 07:51:56 | 000,002,809 | ---- | M] () -- \Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x86__8wekyb3d8bbwe\DependencyLoader\DependencyLoader.js
[2012/07/26 07:51:56 | 000,001,583 | ---- | M] () -- \Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x86__8wekyb3d8bbwe\ModernAttachmentWell\AttachmentWellComposeDependencyLoader.js
[2012/07/26 07:51:56 | 000,001,711 | ---- | M] () -- \Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x86__8wekyb3d8bbwe\ModernAttachmentWell\AttachmentWellReadDependencyLoader.js
[2012/07/26 07:51:56 | 000,002,509 | ---- | M] () -- \Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x86__8wekyb3d8bbwe\ModernAttachmentWell\AttachmentWellShareAnythingControlDependencyLoader.js
[2012/07/26 07:51:57 | 000,002,394 | ---- | M] () -- \Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x86__8wekyb3d8bbwe\ModernPeople\appframe\BackgroundLoader.js
[2012/07/26 07:51:57 | 000,005,028 | ---- | M] () -- \Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x86__8wekyb3d8bbwe\ModernShareAnything\ShareDataLoader.js
[2012/07/26 07:53:15 | 000,049,108 | ---- | M] () -- \Program Files\WindowsApps\Microsoft.XboxLIVEGames_1.0.927.0_x86__8wekyb3d8bbwe\Framework\imageLoader.js
[2012/07/26 07:52:39 | 000,049,108 | ---- | M] () -- \Program Files\WindowsApps\Microsoft.ZuneMusic_1.0.927.0_x86__8wekyb3d8bbwe\Framework\imageLoader.js
[2012/07/26 07:52:46 | 000,049,108 | ---- | M] () -- \Program Files\WindowsApps\Microsoft.ZuneVideo_1.0.927.0_x86__8wekyb3d8bbwe\Framework\imageLoader.js
[2013/06/24 08:29:00 | 000,512,384 | ---- | M] () -- \Users\vasudeva\AppData\Local\Adobe\AIH.ac4b8f564cf150ab060c5c1751cf35bb8c35066c\downloader.dll
[2014/01/28 18:35:56 | 000,072,638 | ---- | M] () -- \Users\vasudeva\AppData\Local\Skype\Apps\login\images\loader.gif
[2014/01/28 18:35:56 | 000,003,032 | ---- | M] () -- \Users\vasudeva\AppData\Local\Skype\Apps\login\images\loader.png
[2014/01/28 18:35:56 | 000,006,012 | ---- | M] () -- \Users\vasudeva\AppData\Local\Skype\Apps\login\images\normal\loader_15fps.gif
[2014/01/28 18:35:56 | 000,021,956 | ---- | M] () -- \Users\vasudeva\AppData\Local\Skype\Apps\login\images\normal\loader_30fps.gif
[2014/01/28 18:35:56 | 000,009,772 | ---- | M] () -- \Users\vasudeva\AppData\Local\Skype\Apps\login\images\retina\loader@2x.png
[2014/06/27 09:38:15 | 000,270,341 | ---- | M] () -- \Users\vasudeva\Downloads\Aura_Sygic+Mapy_14.3.2_R-118658_CZSK_Android_27.6.2014\Aura_Sygic+Mapy_14.3.2_R-118658_CZSK_Android_27.6.2014\Map and Voices Downloader\NT 2013.09\sgcmapdownloader.txt
[2014/06/27 09:38:20 | 000,041,472 | ---- | M] () -- \Users\vasudeva\Downloads\Aura_Sygic+Mapy_14.3.2_R-118658_CZSK_Android_27.6.2014\Aura_Sygic+Mapy_14.3.2_R-118658_CZSK_Android_27.6.2014\Map and Voices Downloader\NT 2013.09\sgcmapdownloader13.exe
[2014/06/27 09:38:20 | 000,992,888 | ---- | M] () -- \Users\vasudeva\Downloads\Aura_Sygic+Mapy_14.3.2_R-118658_CZSK_Android_27.6.2014\Aura_Sygic+Mapy_14.3.2_R-118658_CZSK_Android_27.6.2014\Map and Voices Downloader\TA 2014.03\sgcmapdownloader.cry
[2014/06/27 09:38:16 | 000,045,056 | ---- | M] () -- \Users\vasudeva\Downloads\Aura_Sygic+Mapy_14.3.2_R-118658_CZSK_Android_27.6.2014\Aura_Sygic+Mapy_14.3.2_R-118658_CZSK_Android_27.6.2014\Map and Voices Downloader\TA 2014.03\sgcmapdownloader14.exe
[2012/07/26 03:46:24 | 000,003,072 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/07/26 03:46:25 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-1.dll
[2012/07/26 03:46:36 | 000,002,560 | -H-- | M] () -- \Windows\System32\api-ms-win-core-stringloader-l1-1-0.dll
[2012/07/26 04:18:20 | 000,036,352 | ---- | M] () -- \Windows\System32\dmloader.dll
[2012/07/26 07:05:26 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2014/01/03 05:18:57 | 000,004,654 | ---- | M] () -- \Windows\WinSxS\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.2.9200.16384_cs-cz_2fed7a8ace703ed6.manifest
[2014/01/03 05:18:57 | 000,030,448 | ---- | M] () -- \Windows\WinSxS\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.2.9200.16384_cs-cz_2fed7a8ace703ed6_winload.efi.mui_35ee487d
[2014/01/03 05:18:57 | 000,030,448 | ---- | M] () -- \Windows\WinSxS\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.2.9200.16384_cs-cz_2fed7a8ace703ed6_winload.exe.mui_3bc5b827
[2014/01/03 05:18:57 | 000,020,208 | ---- | M] () -- \Windows\WinSxS\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.2.9200.16384_cs-cz_2fed7a8ace703ed6_winresume.efi.mui_f412814e
[2014/01/03 05:18:58 | 000,020,208 | ---- | M] () -- \Windows\WinSxS\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.2.9200.16384_cs-cz_2fed7a8ace703ed6_winresume.exe.mui_ff8b5358
[2012/07/26 07:47:02 | 000,004,654 | ---- | M] () -- \Windows\WinSxS\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.2.9200.16384_en-us_7343c5e6b56a9b34.manifest
[2012/07/26 07:47:02 | 000,029,936 | ---- | M] () -- \Windows\WinSxS\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.2.9200.16384_en-us_7343c5e6b56a9b34_winload.efi.mui_35ee487d
[2012/07/26 07:47:02 | 000,029,936 | ---- | M] () -- \Windows\WinSxS\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.2.9200.16384_en-us_7343c5e6b56a9b34_winload.exe.mui_3bc5b827
[2012/07/26 07:47:02 | 000,020,208 | ---- | M] () -- \Windows\WinSxS\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.2.9200.16384_en-us_7343c5e6b56a9b34_winresume.efi.mui_f412814e
[2012/07/26 07:47:02 | 000,020,208 | ---- | M] () -- \Windows\WinSxS\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.2.9200.16384_en-us_7343c5e6b56a9b34_winresume.exe.mui_ff8b5358
[2012/07/26 07:52:47 | 000,005,804 | ---- | M] () -- \Windows\WinSxS\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.2.9200.16384_none_57d1c6133e0da509.manifest
[2012/07/26 07:52:47 | 001,166,728 | ---- | M] () -- \Windows\WinSxS\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.2.9200.16384_none_57d1c6133e0da509_winload.efi_75834aa0
[2012/07/26 07:52:47 | 001,063,944 | ---- | M] () -- \Windows\WinSxS\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.2.9200.16384_none_57d1c6133e0da509_winload.exe_75835076
[2012/07/26 07:52:47 | 001,034,976 | ---- | M] () -- \Windows\WinSxS\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.2.9200.16384_none_57d1c6133e0da509_winresume.efi_85cd069f
[2012/07/26 07:52:47 | 000,939,432 | ---- | M] () -- \Windows\WinSxS\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.2.9200.16384_none_57d1c6133e0da509_winresume.exe_85cd1215
[2012/07/26 07:52:25 | 000,000,592 | ---- | M] () -- \Windows\WinSxS\FileMaps\programdata_microsoft_network_downloader_7fafaef6d33e4371.cdf-ms
[2012/07/26 08:45:36 | 000,004,654 | ---- | M] () -- \Windows\WinSxS\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.2.9200.16384_cs-cz_2fed7a8ace703ed6.manifest
[2012/07/26 07:44:45 | 000,004,654 | ---- | M] () -- \Windows\WinSxS\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.2.9200.16384_en-us_7343c5e6b56a9b34.manifest
[2012/07/26 04:48:01 | 000,005,804 | ---- | M] () -- \Windows\WinSxS\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.2.9200.16384_none_57d1c6133e0da509.manifest
[2012/07/26 04:18:20 | 000,036,352 | ---- | M] () -- \Windows\WinSxS\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.2.9200.16384_none_429f27d26109941b\dmloader.dll
[2012/07/26 03:46:24 | 000,003,072 | -H-- | M] () -- \Windows\WinSxS\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.2.9200.16384_none_075cfbd74d36b7fd\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/07/26 03:46:25 | 000,003,584 | -H-- | M] () -- \Windows\WinSxS\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.2.9200.16384_none_075cfbd74d36b7fd\api-ms-win-core-libraryloader-l1-1-1.dll
[2012/07/26 03:46:36 | 000,002,560 | -H-- | M] () -- \Windows\WinSxS\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.2.9200.16384_none_075cfbd74d36b7fd\api-ms-win-core-stringloader-l1-1-0.dll

< *minodlogin* /s >

< *tnod* /s >

< *AutoKMS* /s >

< *activator* /s >

< *serial* /s >
[2014/08/03 21:10:31 | 000,001,170 | ---- | M] () -- \Users\vasudeva\AppData\Roaming\Microsoft\Office\Naposledy otevřené\Serialising galore.LNK
[2014/01/07 01:34:25 | 002,785,280 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\293cfe2c05a8ee921726927fd00ea81c\System.Runtime.Serialization.ni.dll
[2014/01/07 01:34:25 | 000,001,308 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\293cfe2c05a8ee921726927fd00ea81c\System.Runtime.Serialization.ni.dll.aux
[2012/07/26 07:50:48 | 000,001,032 | ---- | M] () -- \Windows\inf\c_multiportserial.inf
[2012/07/26 07:03:33 | 000,004,224 | ---- | M] () -- \Windows\inf\c_multiportserial.PNF
[2012/07/12 04:00:56 | 000,027,760 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\v4.0_4.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2012/07/12 03:02:06 | 000,132,656 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2012/07/12 03:02:06 | 000,022,024 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Json\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Json.dll
[2012/07/12 03:02:06 | 000,022,048 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Primitives.dll
[2012/07/12 04:00:56 | 000,113,704 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.RunTime.Serialization.resources\v4.0_4.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.resources.dll
[2012/07/12 03:02:06 | 000,022,016 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Xml\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Xml.dll
[2012/07/12 03:02:06 | 001,050,096 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2012/07/12 03:02:08 | 000,036,320 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
[2012/07/12 03:02:08 | 000,022,496 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.XmlSerializer\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Xml.XmlSerializer.dll
[2012/07/12 03:02:06 | 001,050,096 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2012/07/12 03:02:06 | 000,132,656 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2012/07/12 03:02:06 | 000,022,024 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Json.dll
[2012/07/12 03:02:06 | 000,022,048 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Primitives.dll
[2012/07/12 03:02:06 | 000,022,016 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Xml.dll
[2012/07/12 03:02:08 | 000,036,320 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll
[2012/07/12 03:02:08 | 000,022,496 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.XmlSerializer.dll
[2012/07/12 04:00:56 | 000,027,760 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2012/07/12 04:00:56 | 000,113,704 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\cs\System.RunTime.Serialization.resources.dll
[2012/07/26 04:19:54 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2012/07/26 07:42:04 | 000,005,120 | ---- | M] () -- \Windows\System32\cs-CZ\serialui.dll.mui
[2012/07/26 03:38:16 | 000,086,528 | ---- | M] () -- \Windows\System32\Drivers\serial.sys
[2012/07/26 06:56:30 | 000,009,728 | ---- | M] () -- \Windows\System32\Drivers\cs-CZ\serial.sys.mui
[2012/07/26 07:46:01 | 000,010,240 | ---- | M] () -- \Windows\System32\Drivers\en-US\serial.sys.mui
[2012/07/26 07:46:01 | 000,000,232 | ---- | M] () -- \Windows\System32\DriverStore\en-US\c_multiportserial.inf_loc
[2012/07/25 21:39:56 | 000,001,032 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\c_multiportserial.inf_x86_45188a76c7257c7d\c_multiportserial.inf
[2012/06/02 15:33:57 | 001,068,032 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\mdmmotsm.inf_x86_c1415d9789c54b89\smserial.sys
[2012/07/26 03:38:16 | 000,086,528 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_x86_3c8042e217b9363f\serial.sys
[2012/07/26 07:46:22 | 000,005,120 | ---- | M] () -- \Windows\System32\en-US\serialui.dll.mui
[2012/07/26 04:40:05 | 000,002,301 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.json_b03f5f7f11d50a3a_4.0.9200.16384_none_4133a81e70d69dc1.manifest
[2012/07/26 04:45:32 | 000,002,325 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.primitives_b03f5f7f11d50a3a_4.0.9200.16384_none_bd2cf9cf998cc8b9.manifest
[2012/07/26 04:43:53 | 000,002,265 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.2.9200.16384_none_dd235adf680f4fc6.manifest
[2012/07/26 08:41:22 | 000,001,569 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_4.0.9200.16384_cs-cz_04bd693af2668cc0.manifest
[2012/07/26 07:45:15 | 000,000,508 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_4.0.9200.16384_en-us_5fd9e3512e11d7d2.manifest
[2012/07/26 08:41:22 | 000,001,643 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.2.9200.16384_cs-cz_6acea198775b6fe0.manifest
[2012/07/26 07:45:13 | 000,000,548 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.2.9200.16384_en-us_c5eb1baeb306baf2.manifest
[2012/07/26 04:40:13 | 000,002,297 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization.xml_b03f5f7f11d50a3a_4.0.9200.16384_none_ec5267dfb07eac70.manifest
[2012/07/26 04:40:38 | 000,002,730 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization_b77a5c561934e089_4.0.9200.16384_none_a755581c0ac16dd9.manifest
[2012/07/26 04:45:31 | 000,002,018 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.2.9200.16384_none_0d6690798fb650f9.manifest
[2012/07/26 04:46:59 | 000,002,382 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.xml.serialization_b77a5c561934e089_4.0.9200.16384_none_39f3d82244d5cd7e.manifest
[2012/07/26 04:44:37 | 000,002,265 | ---- | M] () -- \Windows\WinSxS\Manifests\msil_system.xml.xmlserializer_b03f5f7f11d50a3a_4.0.9200.16384_none_1c0994e6b8e022d1.manifest
[2012/07/26 09:06:58 | 000,001,127 | ---- | M] () -- \Windows\WinSxS\Manifests\x86_c_multiportserial.inf-languagepack_31bf3856ad364e35_6.2.9200.16384_cs-cz_cef019cb7f428331.manifest
[2012/07/26 07:43:44 | 000,001,150 | ---- | M] () -- \Windows\WinSxS\Manifests\x86_c_multiportserial.inf-languagepack_31bf3856ad364e35_6.2.9200.16384_en-us_12466527663cdf8f.manifest
[2012/07/26 07:44:16 | 000,001,850 | ---- | M] () -- \Windows\WinSxS\Manifests\x86_c_multiportserial.inf.resources_31bf3856ad364e35_6.2.9200.16384_en-us_41d797bc80b31338.manifest
[2012/07/26 04:56:56 | 000,001,509 | ---- | M] () -- \Windows\WinSxS\Manifests\x86_c_multiportserial.inf_31bf3856ad364e35_6.2.9200.16384_none_9d9db5d67bb37d4c.manifest
[2012/07/26 05:17:15 | 000,002,622 | ---- | M] () -- \Windows\WinSxS\Manifests\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.2.9200.16384_none_0e6098ff7e11b3d6.manifest
[2012/07/26 04:47:42 | 000,009,890 | ---- | M] () -- \Windows\WinSxS\Manifests\x86_microsoft-windows-serial-classextension_31bf3856ad364e35_6.2.9200.16384_none_32bfbe112a9a51ad.manifest
[2012/07/26 04:54:02 | 000,000,450 | ---- | M] () -- \Windows\WinSxS\Manifests\x86_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.2.9200.16384_none_2967dec8d7dcbc59.manifest
[2012/07/26 04:40:08 | 000,002,299 | ---- | M] () -- \Windows\WinSxS\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.2.9200.16384_none_12413c46d08ceb3b.manifest
[2012/07/12 03:02:06 | 000,132,656 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_4.0.9200.16384_none_ed024caf4eb39c5b\System.Runtime.Serialization.Formatters.Soap.dll
[2012/07/12 04:00:56 | 000,027,760 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_4.0.9200.16384_cs-cz_a62b631b484ba554\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2012/07/12 03:02:06 | 000,022,024 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.json_b03f5f7f11d50a3a_4.0.9200.16384_none_4133a81e70d69dc1\System.Runtime.Serialization.Json.dll
[2012/07/12 03:02:06 | 000,022,048 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.primitives_b03f5f7f11d50a3a_4.0.9200.16384_none_bd2cf9cf998cc8b9\System.Runtime.Serialization.Primitives.dll
[2012/07/06 03:02:29 | 000,970,752 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.ref_b77a5c561934e089_6.2.9200.16384_none_dd235adf680f4fc6\System.Runtime.Serialization.dll
[2012/07/12 04:00:56 | 000,113,704 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.resources_b77a5c561934e089_4.0.9200.16384_cs-cz_04bd693af2668cc0\System.RunTime.Serialization.resources.dll
[2012/06/12 19:31:20 | 000,090,112 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.resources_b77a5c561934e089_6.2.9200.16384_cs-cz_6acea198775b6fe0\System.RunTime.Serialization.Resources.dll
[2012/07/12 03:02:06 | 000,022,016 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization.xml_b03f5f7f11d50a3a_4.0.9200.16384_none_ec5267dfb07eac70\System.Runtime.Serialization.Xml.dll
[2012/07/12 03:02:06 | 001,050,096 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization_b77a5c561934e089_4.0.9200.16384_none_a755581c0ac16dd9\System.Runtime.Serialization.dll
[2012/07/06 03:02:28 | 000,970,752 | ---- | M] () -- \Windows\WinSxS\msil_system.runtime.serialization_b77a5c561934e089_6.2.9200.16384_none_0d6690798fb650f9\System.Runtime.Serialization.dll
[2012/07/12 03:02:08 | 000,036,320 | ---- | M] () -- \Windows\WinSxS\msil_system.xml.serialization_b77a5c561934e089_4.0.9200.16384_none_39f3d82244d5cd7e\System.Xml.Serialization.dll
[2012/07/12 03:02:08 | 000,022,496 | ---- | M] () -- \Windows\WinSxS\msil_system.xml.xmlserializer_b03f5f7f11d50a3a_4.0.9200.16384_none_1c0994e6b8e022d1\System.Xml.XmlSerializer.dll
[2012/07/26 07:46:01 | 000,000,232 | ---- | M] () -- \Windows\WinSxS\x86_c_multiportserial.inf.resources_31bf3856ad364e35_6.2.9200.16384_en-us_41d797bc80b31338\c_multiportserial.inf_loc
[2012/07/25 21:39:56 | 000,001,032 | ---- | M] () -- \Windows\WinSxS\x86_c_multiportserial.inf_31bf3856ad364e35_6.2.9200.16384_none_9d9db5d67bb37d4c\c_multiportserial.inf
[2012/06/02 15:33:57 | 001,068,032 | ---- | M] () -- \Windows\WinSxS\x86_mdmmotsm.inf_31bf3856ad364e35_6.2.9200.16384_none_776c492cfaaa57e6\smserial.sys
[2012/07/26 07:42:04 | 000,005,120 | ---- | M] () -- \Windows\WinSxS\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.2.9200.16384_cs-cz_4b15ed72b511893d\serialui.dll.mui
[2012/07/26 07:46:22 | 000,005,120 | ---- | M] () -- \Windows\WinSxS\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.2.9200.16384_en-us_8e6c38ce9c0be59b\serialui.dll.mui
[2012/07/26 04:19:54 | 000,015,360 | ---- | M] () -- \Windows\WinSxS\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.2.9200.16384_none_f1acad6ef011817a\serialui.dll
[2012/06/12 19:31:20 | 000,090,112 | ---- | M] () -- \Windows\WinSxS\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.2.9200.16384_cs-cz_5a1f1e7223e59e1c\System.RunTime.Serialization.Resources.dll
[2012/07/26 06:56:30 | 000,009,728 | ---- | M] () -- \Windows\WinSxS\x86_msports.inf.resources_31bf3856ad364e35_6.2.9200.16384_cs-cz_c1612e671da328e6\serial.sys.mui
[2012/07/26 07:46:01 | 000,010,240 | ---- | M] () -- \Windows\WinSxS\x86_msports.inf.resources_31bf3856ad364e35_6.2.9200.16384_en-us_04b779c3049d8544\serial.sys.mui
[2012/07/26 03:38:16 | 000,086,528 | ---- | M] () -- \Windows\WinSxS\x86_msports.inf_31bf3856ad364e35_6.2.9200.16384_none_f542bc9289c508f4\serial.sys
[2012/07/12 04:00:56 | 000,027,760 | ---- | M] () -- \Windows\WinSxS\x86_netfx4clientcorecomp.resources_31bf3856ad364e35_6.2.9200.16384_cs-cz_0f5b29c71a5a48cf\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2012/07/12 04:00:56 | 000,113,704 | ---- | M] () -- \Windows\WinSxS\x86_netfx4clientcorecomp.resources_31bf3856ad364e35_6.2.9200.16384_cs-cz_0f5b29c71a5a48cf\System.RunTime.Serialization.resources.dll
[2012/07/06 03:02:28 | 000,970,752 | ---- | M] () -- \Windows\WinSxS\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.2.9200.16384_none_12413c46d08ceb3b\System.Runtime.Serialization.dll

< *w7lxe* /s >

========== Files - Unicode (All) ==========
[2014/12/18 14:22:37 | 000,000,693 | ---- | M] ()(C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows Store\Cache Medium IL\0\0-DiscoveryForLicensing-https???go.microsoft.com?fwlink??LinkID=254853&clcid=0x409.dat) -- C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows Store\Cache Medium IL\0\0-DiscoveryForLicensing-https∺∯∯go.microsoft.com∯fwlink∯∿LinkID=254853&clcid=0x409.dat

< End of report >

vava8 · #14 Příspěvek od **vava8** » 28 pro 2014 20:43

OTL Extras logfile created on: 28. 12. 2014 19:16:03 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\vasudeva\Desktop
Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16384)
Locale: 00000405 | Country: Czech Republic | Language: CSY | Date Format: d. M. yyyy

2,00 Gb Total Physical Memory | 1,29 Gb Available Physical Memory | 64,37% Memory free
2,37 Gb Paging File | 1,50 Gb Available in Paging File | 63,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,70 Gb Total Space | 77,21 Gb Free Space | 51,93% Space Free | Partition Type: NTFS
Drive D: | 149,04 Gb Total Space | 1,09 Gb Free Space | 0,73% Space Free | Partition Type: NTFS

Computer Name: VND | User Name: vasudeva | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3683556855-2863975626-802348343-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{135E5B38-E0FC-44EC-A25B-0AFC7DFFA96B}" = rport=2869 | protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{139960E5-490F-430D-893D-7114EF4B0B18}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\dashost.exe |
"{573DD225-843C-4381-8DBD-9691E9CEACD6}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{62037747-07D7-4D9C-827D-64D9BA1A1EAB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7B6A19C3-FB84-412D-A2D0-275BB402E0B4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A68294CC-44C2-472B-82EF-D74CB5E0018E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C2BE9C4C-754F-47BE-B258-C4FAF7ED553F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C362A471-5F95-40F1-810A-B4ABBF4A2732}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C9B929A3-8389-4469-8473-043254A1FEFA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CC384999-5BBB-40B9-AD1B-CD250BD59C28}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2707E649-AC3B-4AFD-B140-49D52486DDFB}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x86__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{5A0FC93F-9CA3-45F6-BC6F-74796902736B}" = protocol=6 | dir=in | app=c:\users\vasudeva\appdata\roaming\utorrent\utorrent.exe |
"{77C2D87D-0E8C-482E-A214-64BC5D93F597}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{94834711-0AC6-48C8-8F16-E14AC4E30D72}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{B2184F9C-C2B7-469E-BA2A-70B7AA5FB058}" = protocol=17 | dir=in | app=c:\users\vasudeva\appdata\roaming\utorrent\utorrent.exe |
"{B23DC74E-F7A0-44D5-B508-33E0F6A3AA83}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{B6D03C98-4B29-45E3-9821-A69B0FA873B7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BB9F3D43-39AA-414C-999F-5F43D771802E}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{E87C4EB6-6F4C-4E7F-8385-633B5F0CA2DD}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{F407C197-CE03-4099-B94C-8A10BEBA27BF}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{13D87B39-2A3B-4675-A0D9-B8B01EA2F8E3}_is1" = NEF to JPG
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
"{81E76DE9-BBCB-449C-91BB-6E4E5436D496}" = Adobe Audition 1.0
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0405-0000-0000000FF1CE}" = Sada Compatibility Pack pro systém Office 2007
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A39EA3C8-7BF3-4FA7-9A67-3D3611BAE59E}_is1" = Convert MOV to AVI 1.0
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1029-7B44-AB0000000001}" = Adobe Reader XI (11.0.10) - Czech
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"Adobe AIR" = Adobe AIR
"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
"Avast" = Avast Free Antivirus
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware verze 2.0.4.1028
"Mozilla Firefox 34.0.5 (x86 cs)" = Mozilla Firefox 34.0.5 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Recuva" = Recuva
"VLC media player" = VLC media player 2.1.2
"WinRAR archiver" = WinRAR 5.01 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3683556855-2863975626-802348343-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7. 12. 2014 8:23:57 | Computer Name = vnd | Source = Application Error | ID = 1000
Description = Název chybující aplikace: SettingSyncHost.exe, verze: 6.2.9200.16384,
casové razítko: 0x50109982 Název chybujícího modulu: SLCHook.dll_unloaded, verze:
0.0.0.0, casové razítko: 0x50848ad4 Kód výjimky: 0xc0000005 Posun chyby: 0x72c5321e
ID
chybujícího procesu: 0x13c0 Cas spuštení chybující aplikace: 0x01d01218a852f8da Cesta
k chybující aplikaci: C:\Windows\System32\SettingSyncHost.exe Cesta k chybujícímu
modulu: SLCHook.dll ID zprávy: e9d8ff41-7e0b-11e4-b00f-001d72cd4584 Úplný název chybujícího
balícku: ID aplikace související s chybujícím balíckem:

Error - 9. 12. 2014 15:41:54 | Computer Name = vnd | Source = Application Hang | ID = 1002
Description = Program firefox.exe verze 33.1.0.5423 prestal spolupracovat se systémem
Windows a byl ukoncen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Centrum akcí. ID procesu:
e9c Cas spuštení: 01d013e802490d45 Cas ukoncení: 16 Cesta k aplikaci: C:\Program Files\Mozilla
Firefox\firefox.exe ID hlášení: 6a6ac910-7fdb-11e4-b010-001d72cd4584 Úplný název
chybujícího balícku: ID aplikace související s chybujícím balíckem:

Error - 9. 12. 2014 15:59:34 | Computer Name = vnd | Source = MsiInstaller | ID = 1024
Description =

Error - 12. 12. 2014 15:59:47 | Computer Name = vnd | Source = Application Error | ID = 1000
Description = Název chybující aplikace: plugin-container.exe, verze: 34.0.5.5443,
casové razítko: 0x5475dd5d Název chybujícího modulu: mozalloc.dll, verze: 34.0.5.5443,
casové razítko: 0x5475d664 Kód výjimky: 0x80000003 Posun chyby: 0x00001425 ID chybujícího
procesu: 0xf30 Cas spuštení chybující aplikace: 0x01d01641d494a3e5 Cesta k chybující
aplikaci: C:\Program Files\Mozilla Firefox\plugin-container.exe Cesta k chybujícímu
modulu: C:\Program Files\Mozilla Firefox\mozalloc.dll ID zprávy: 6c42d3aa-8239-11e4-b011-001d72cd4584
Úplný
název chybujícího balícku: ID aplikace související s chybujícím balíckem:

Error - 12. 12. 2014 16:00:16 | Computer Name = vnd | Source = MsiInstaller | ID = 11309
Description =

Error - 12. 12. 2014 16:04:52 | Computer Name = vnd | Source = MsiInstaller | ID = 11309
Description =

Error - 12. 12. 2014 16:48:56 | Computer Name = vnd | Source = Application Error | ID = 1000
Description = Název chybující aplikace: plugin-container.exe, verze: 34.0.5.5443,
casové razítko: 0x5475dd5d Název chybujícího modulu: mozalloc.dll, verze: 34.0.5.5443,
casové razítko: 0x5475d664 Kód výjimky: 0x80000003 Posun chyby: 0x00001425 ID chybujícího
procesu: 0xbb4 Cas spuštení chybující aplikace: 0x01d0164c7795a2b8 Cesta k chybující
aplikaci: C:\Program Files\Mozilla Firefox\plugin-container.exe Cesta k chybujícímu
modulu: C:\Program Files\Mozilla Firefox\mozalloc.dll ID zprávy: 49c5b510-8240-11e4-b011-001d72cd4584
Úplný
název chybujícího balícku: ID aplikace související s chybujícím balíckem:

Error - 13. 12. 2014 6:08:17 | Computer Name = vnd | Source = Application Error | ID = 1000
Description = Název chybující aplikace: plugin-container.exe, verze: 34.0.5.5443,
casové razítko: 0x5475dd5d Název chybujícího modulu: mozalloc.dll, verze: 34.0.5.5443,
casové razítko: 0x5475d664 Kód výjimky: 0x80000003 Posun chyby: 0x00001425 ID chybujícího
procesu: 0x6a8 Cas spuštení chybující aplikace: 0x01d016bc85bbf519 Cesta k chybující
aplikaci: C:\Program Files\Mozilla Firefox\plugin-container.exe Cesta k chybujícímu
modulu: C:\Program Files\Mozilla Firefox\mozalloc.dll ID zprávy: f4df7b69-82af-11e4-b013-001d72cd4584
Úplný
název chybujícího balícku: ID aplikace související s chybujícím balíckem:

Error - 19. 12. 2014 16:49:20 | Computer Name = vnd | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Aplikaci windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel
se nepovedlo aktivovat, protože došlo k chybe: -2147009284. Další informace najdete
v protokolu Microsoft-Windows-TWinUI/Operational.

Error - 26. 12. 2014 4:58:37 | Computer Name = vnd | Source = Application Hang | ID = 1002
Description = Program WINWORD.EXE verze 11.0.5604.0 prestal spolupracovat se systémem
Windows a byl ukoncen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Centrum akcí. ID procesu:
b5c Cas spuštení: 01d020ea07101e32 Cas ukoncení: 370 Cesta k aplikaci: C:\Program
Files\Microsoft Office\OFFICE11\WINWORD.EXE ID hlášení: 55e64792-8cdd-11e4-b017-001d72cd4584

Úplný
název chybujícího balícku: ID aplikace související s chybujícím balíckem:

[ System Events ]
Error - 26. 12. 2014 16:33:40 | Computer Name = vnd | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je oznacena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožnuje použití interaktivní služby. Tato služba
nebude fungovat správne.

Error - 26. 12. 2014 16:40:41 | Computer Name = vnd | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je oznacena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožnuje použití interaktivní služby. Tato služba
nebude fungovat správne.

Error - 26. 12. 2014 17:30:42 | Computer Name = vnd | Source = DCOM | ID = 10016
Description =

Error - 27. 12. 2014 7:25:05 | Computer Name = vnd | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je oznacena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožnuje použití interaktivní služby. Tato služba
nebude fungovat správne.

Error - 27. 12. 2014 7:30:19 | Computer Name = vnd | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je oznacena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožnuje použití interaktivní služby. Tato služba
nebude fungovat správne.

Error - 27. 12. 2014 7:37:24 | Computer Name = vnd | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je oznacena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožnuje použití interaktivní služby. Tato služba
nebude fungovat správne.

Error - 27. 12. 2014 7:37:50 | Computer Name = vnd | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je oznacena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožnuje použití interaktivní služby. Tato služba
nebude fungovat správne.

Error - 27. 12. 2014 7:39:42 | Computer Name = vnd | Source = EventLog | ID = 6008
Description = Predchozí vypnutí systému (12:33:40 PM, ?12/?27/?2014) bylo neocekávané.

Error - 27. 12. 2014 7:39:23 | Computer Name = vnd | Source = Microsoft-Windows-Kernel-General | ID = 6
Description =

Error - 27. 12. 2014 9:05:21 | Computer Name = vnd | Source = DCOM | ID = 10016
Description =

< End of rep

#15 Příspěvek od **Márty84** » 29 pro 2014 02:53

Napiste mi velikost adresare plochy (C:\Users\vasudeva\Plocha)

Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne

Znovu spustte OTL jako spravce
Do spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[Purity]
[ClearAllRestorePoints]

:services
AdobeFlashPlayerUpdateSvc
AdobeARMservice

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:otl
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3683556855-2863975626-802348343-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
FF - prefs.js..browser.search.isUS: false
[2014/12/12 17:22:42 | 000,008,934 | ---- | M] () (No name found) -- C:\Users\vasudeva\AppData\Roaming\Mozilla\Firefox\Profiles\gesn0cb2.default\extensions\{7b92ebda-59e4-4459-a904-440931a40b95}.xpi
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2014/12/26 17:39:15 | 020,447,072 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\vasudeva\Desktop\mbam-setup-2.0.4.1028.exe
[2 C:\Windows\Panther\*.tmp files -> C:\Windows\Panther\*.tmp -> ]

Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

VIRY.CZ

opětovné extrémní zpomalení ntb

opětovné extrémní zpomalení ntb

Re: opětovné extrémní zpomalení ntb

Re: opětovné extrémní zpomalení ntb

Re: opětovné extrémní zpomalení ntb

Re: opětovné extrémní zpomalení ntb

Re: opětovné extrémní zpomalení ntb

Re: opětovné extrémní zpomalení ntb

Re: opětovné extrémní zpomalení ntb

Re: opětovné extrémní zpomalení ntb

Re: opětovné extrémní zpomalení ntb

Re: opětovné extrémní zpomalení ntb

Re: opětovné extrémní zpomalení ntb

Re: opětovné extrémní zpomalení ntb

Re: opětovné extrémní zpomalení ntb

Re: opětovné extrémní zpomalení ntb