VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

OTP seznam.cz

https://forum.viry.cz:443/viewtopic.php?t=143219

Stránka 1 z 1

OTP seznam.cz

Napsal: 25 úno 2015 11:32
od VeraM
Dobrý den, povedlo se mi nějak zavirovat počítač přes email. Zkoušel to syn, který studuje 2.ročník IT školy a nepovedlo se mu to. Kdybych neveděla tak mu zavolám co a jak. Zde posílám RSIT podle návodu. Snad je vše správně.Mám pocit, že syn udělal pouze v PC ještě větší bordel než byl. Děkuji Věra.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Administrator at 2015-02-25 11:24:23
Microsoft Windows 7 Ultimate
System drive C: has 61 GB (65%) free of 95 GB
Total RAM: 3033 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:24:37, on 25.2.2015
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
D:\Dokumenty\SkypePortable\App\Skype\Phone\Skype.exe
C:\Users\Administrator\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Administrator\Desktop\RSIT.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\bin\core.4.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [Skype] "D:\Dokumenty\SkypePortable\App\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [LecaLbaqo] regsvr32.exe "C:\ProgramData\LecaLbaqo\CefixAvuvq.syl"
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Administrator\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Administrator\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKUS\S-1-5-18\..\RunOnce: [Report] \AdwCleaner\AdwCleaner[S0].txt (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Report] \AdwCleaner\AdwCleaner[S0].txt (User 'Default user')
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanner.ikea.com/CZ/Core/ ... _Win32.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - D:\Dokumenty\SkypePortable\App\Skype\Updater\Updater.exe
O23 - Service: SAMSUNG WiselinkPro Service (WiselinkPro) - Unknown owner - C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe

--
End of file - 6177 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1025612255-1419475842-1272948856-500Core.job - C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1025612255-1419475842-1272948856-500UA.job - C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dxpuq1l9.default

prefs.js - "browser.startup.homepage" - "http://www.msn.com/?pc=UP94&ocid=UP94DHP"
prefs.js - "keyword.URL" - "http://www.bing.com/search?FORM=UP94DF&PC=UP94&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 9
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Ukazatel S-Rank - C:\Program Files\Seznam.cz\bin\core.4.dll [2012-04-16 1152024]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-12-15 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-12-15 175640]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-12-15 166936]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2010-02-25 1800464]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-09-12 959176]
"seznam-listicka-distribuce"=C:\Program Files\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [2009-11-25 95632]
"Skype"=D:\Dokumenty\SkypePortable\App\Skype\Phone\Skype.exe [2015-01-23 31087200]
"LecaLbaqo"=regsvr32.exe C:\ProgramData\LecaLbaqo\CefixAvuvq.syl []
"cz.seznam.software.autoupdate"=C:\Users\Administrator\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Users\Administrator\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2013-04-12 92664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-09-12 959176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-13 138096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Windows\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seznam Postak]
C:\Program Files\Seznam.cz\bin\postak.exe [2012-01-10 491040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2012-04-19 1199104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-12-15 226304]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LMIRescue_3994b7bb-9cd6-47a8-bba6-693482804a23]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"I:0\Dokumenty\SkypePortable\App\Skype\Phone\Skype.exe"="I:0\Dokumenty\SkypePortable\App\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"msacm.ac3filter"=ac3filter.acm
"vidc.XVID"=xvidvfw.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2015-02-25 11:24:24 ----D---- C:\Program Files\trend micro
2015-02-25 11:24:23 ----D---- C:\rsit
2015-02-24 21:08:34 ----D---- C:\Windows\temp
2015-02-24 21:07:22 ----SHD---- C:\$RECYCLE.BIN
2015-02-24 19:45:03 ----D---- C:\ProgramData\Malwarebytes
2015-02-24 19:44:50 ----D---- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-24 19:43:44 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2015-02-24 17:51:51 ----A---- C:\Windows\zip.exe
2015-02-24 17:51:51 ----A---- C:\Windows\SWSC.exe
2015-02-24 17:51:51 ----A---- C:\Windows\SWREG.exe
2015-02-24 17:51:51 ----A---- C:\Windows\sed.exe
2015-02-24 17:51:51 ----A---- C:\Windows\PEV.exe
2015-02-24 17:51:51 ----A---- C:\Windows\NIRCMD.exe
2015-02-24 17:51:51 ----A---- C:\Windows\MBR.exe
2015-02-24 17:51:51 ----A---- C:\Windows\grep.exe
2015-02-24 17:51:44 ----AD---- C:\Qoobox
2015-02-24 17:51:24 ----D---- C:\Windows\erdnt
2015-02-24 17:20:25 ----D---- C:\Users\Administrator\AppData\Roaming\Seznam.cz
2015-02-24 17:10:40 ----D---- C:\ProgramData\HitmanPro
2015-02-24 17:09:06 ----A---- C:\Windows\system32\zerobyte_files_deleted.txt
2015-02-24 17:09:05 ----A---- C:\Windows\zerobyte_files_deleted.txt
2015-02-24 17:07:45 ----D---- C:\Support
2015-02-24 17:07:22 ----A---- C:\Windows\system32\zlib.dll
2015-02-24 09:30:38 ----D---- C:\Program Files\Common Files\Adobe
2015-02-17 14:16:15 ----D---- C:\ProgramData\LecaLbaqo

======List of files/folders modified in the last 1 month======

2015-02-25 11:24:24 ----RD---- C:\Program Files
2015-02-25 11:15:11 ----D---- C:\Users\Administrator\AppData\Roaming\Skype
2015-02-25 10:50:12 ----D---- C:\Windows\system32\NDF
2015-02-24 21:08:34 ----D---- C:\Windows
2015-02-24 21:05:59 ----A---- C:\Windows\system.ini
2015-02-24 21:00:41 ----D---- C:\Windows\System32
2015-02-24 21:00:40 ----D---- C:\Windows\system32\drivers
2015-02-24 21:00:40 ----D---- C:\Windows\AppPatch
2015-02-24 21:00:38 ----D---- C:\Program Files\Common Files
2015-02-24 19:45:03 ----D---- C:\ProgramData
2015-02-24 17:58:38 ----D---- C:\Windows\system32\drivers\etc
2015-02-24 17:35:37 ----D---- C:\Program Files\Google
2015-02-24 17:35:02 ----D---- C:\Windows\system32\config
2015-02-24 17:20:40 ----D---- C:\Program Files\Seznam.cz
2015-02-24 17:19:22 ----SHD---- C:\Windows\Installer
2015-02-24 17:19:06 ----D---- C:\Program Files\Skype
2015-02-24 17:19:06 ----D---- C:\Program Files\Mozilla Firefox
2015-02-24 17:17:53 ----SD---- C:\ProgramData\Microsoft
2015-02-24 17:17:53 ----D---- C:\Program Files\Microsoft
2015-02-24 17:17:34 ----D---- C:\Windows\system32\Macromed
2015-02-24 17:17:34 ----D---- C:\Windows\system32\Adobe
2015-02-24 17:10:08 ----D---- C:\Windows\SoftwareDistribution
2015-02-24 09:30:40 ----D---- C:\ProgramData\Adobe
2015-02-24 09:30:38 ----D---- C:\Program Files\Adobe
2015-02-20 11:21:26 ----D---- C:\ProgramData\Skype
2015-02-18 19:12:04 ----D---- C:\Windows\system32\LogFiles
2015-02-16 10:32:05 ----D---- C:\Windows\system32\catroot2
2015-02-10 18:05:49 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2015-02-10 11:07:15 ----D---- C:\Windows\Tasks
2015-01-27 10:36:57 ----D---- C:\Windows\inf
2015-01-27 10:36:57 ----A---- C:\Windows\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2006-07-24 36528]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2010-02-25 128376]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\Windows\system32\DRIVERS\AcpiVpc.sys [2010-01-20 23136]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2009-07-08 2506232]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-12-15 7062016]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 catchme;catchme; \??\C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys []
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-09-12 64704]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2010-02-25 723632]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [2007-01-11 113664]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-05 107912]
S2 SkypeUpdate;Skype Updater; D:\Dokumenty\SkypePortable\App\Skype\Updater\Updater.exe [2015-01-02 315488]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-10 267440]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-05 107912]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WiselinkPro;SAMSUNG WiselinkPro Service; C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2009-01-08 4136960]

-----------------EOF-----------------

Re: OTP seznam.cz

Napsal: 25 úno 2015 12:23
od Rudy
Zdravím!
Jak je na tom váš oper. systém s legalitou?

Re: OTP seznam.cz

Napsal: 25 úno 2015 12:32
od VeraM
Jezíš tak to nevím jak to zjistím? Na straně počítače mám takovou samolepku kde je napsáno Windows 7 a nějaký klíč.

Re: OTP seznam.cz

Napsal: 25 úno 2015 12:39
od Rudy
A je tam windows 7 ultimate?

Re: OTP seznam.cz

Napsal: 25 úno 2015 12:48
od VeraM
Je tam napsáno Windows7 Ultimate OEM HP. Chcete i ten kod?

Re: OTP seznam.cz

Napsal: 25 úno 2015 13:16
od Rudy
Není třeba. Zkusíme tento postup:

Stáhněte a spusťte OTL: http://oldtimer.geekstogo.com/OTL.exe . Spusťte, zaškrněte "Pro všechny uživatele", Kontrola na havěť LOP" a Kontrola na hvěť PURITY" a do dolního bílého okna zkopírujte:

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*loader* /s
a klikněte na >Prohledat<. Dejte oba logy.

Re: OTP seznam.cz

Napsal: 25 úno 2015 13:54
od VeraM
Pouze se chci zeptat jak dlouho to pojede? Mám to puštěné asi 40 minut a stále to jede. Děkuji

Re: OTP seznam.cz

Napsal: 25 úno 2015 15:04
od VeraM
Tak test dojel ale otevřel se mi pouze jen jeden textový editor. Snad jsem nic neudělala špatně.

OTL logfile created on: 25.2.2015 13:20:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,96 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 65,22% Memory free
5,92 Gb Paging File | 4,72 Gb Available in Paging File | 79,78% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 92,91 Gb Total Space | 59,99 Gb Free Space | 64,56% Space Free | Partition Type: NTFS
Drive D: | 205,08 Gb Total Space | 159,57 Gb Free Space | 77,81% Space Free | Partition Type: NTFS

Computer Name: MACHOVA-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015.02.25 13:17:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2014.09.12 10:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.04.12 09:13:24 | 000,457,208 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
PRC - [2010.02.25 17:36:24 | 001,800,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2010.02.25 17:36:24 | 000,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2009.11.25 20:42:26 | 000,095,632 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
PRC - [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2007.01.11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE


========== Modules (No Company Name) ==========

MOD - [2013.04.29 10:54:54 | 001,663,000 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Seznam.cz\bin\libfoxcub.dll
MOD - [2013.04.12 09:13:24 | 000,457,208 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
MOD - [2013.03.29 12:37:34 | 000,059,384 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Seznam.cz\bin\19365libfoxloader.dll
MOD - [2013.03.25 15:39:52 | 000,894,968 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Seznam.cz\bin\lightspeed.dll
MOD - [2012.10.24 15:42:06 | 000,247,352 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Seznam.cz\bin\unlockInstance.dll


========== Services (SafeList) ==========

SRV - [2015.02.10 18:05:49 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015.01.02 19:45:12 | 000,315,488 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Dokumenty\SkypePortable\App\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014.09.12 10:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.02.25 17:36:24 | 000,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.01.08 08:38:46 | 004,136,960 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe -- (WiselinkPro)
SRV - [2007.01.11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010.02.25 17:36:24 | 000,128,376 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2010.01.20 06:14:42 | 000,023,136 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1025612255-1419475842-1272948856-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1025612255-1419475842-1272948856-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing "
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.selectedEngine: "Bing "
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?pc=UP94&ocid=UP94DHP"
FF - prefs.js..extensions.enabledAddons: {ea614400-e918-4741-9a97-7a972ff7c30b}:3.0.8
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=UP94DF&PC=UP94&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Administrator\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.13 09:01:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011.09.30 17:53:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2015.02.24 20:03:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dxpuq1l9.default\extensions
[2014.02.26 13:27:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.11.13 09:00:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012.11.13 09:00:58 | 000,000,000 | ---D | M] (Seznam lištička) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
File not found (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXPUQ1L9.DEFAULT\EXTENSIONS\{EA614400-E918-4741-9A97-7A972FF7C30B}
[2011.09.23 05:43:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.09.23 03:01:37 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2011.09.23 03:01:37 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2011.09.23 03:01:37 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2011.09.23 03:01:37 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2011.09.23 03:01:37 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

========== Chrome ==========

CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig\1.3.14_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd\1.2.13_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim\0.0.0.4_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak\1.7.1_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2015.02.24 17:58:38 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Ukazatel S-Rank) - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\bin\core.4.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1025612255-1419475842-1272948856-500\..\Toolbar\WebBrowser: (no name) - {34AB3C4C-DA1A-4067-96F4-31452C7CFE65} - No CLSID value found.
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [seznam-listicka-distribuce] C:\Program Files\Seznam.cz\distribution\szninstall.exe ()
O4 - HKU\S-1-5-21-1025612255-1419475842-1272948856-500..\Run: [cz.seznam.software.autoupdate] C:\Users\Administrator\AppData\Roaming\Seznam.cz\szninstall.exe ()
O4 - HKU\S-1-5-21-1025612255-1419475842-1272948856-500..\Run: [cz.seznam.software.szndesktop] C:\Users\Administrator\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe ()
O4 - HKU\S-1-5-21-1025612255-1419475842-1272948856-500..\Run: [LecaLbaqo] C:\Windows\System32\regsvr32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1025612255-1419475842-1272948856-500..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKU\.DEFAULT..\RunOnce: [Report] \AdwCleaner\AdwCleaner[S0].txt File not found
O4 - HKU\S-1-5-18..\RunOnce: [Report] \AdwCleaner\AdwCleaner[S0].txt File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1025612255-1419475842-1272948856-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1025612255-1419475842-1272948856-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1025612255-1419475842-1272948856-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\S-1-5-21-1025612255-1419475842-1272948856-500\..Trusted Domains: localhost ([]http in Internet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Reg Error: Key error.)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/CZ/Core/ ... _Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7063164C-1E25-469B-915B-B5981861380D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C33C8CEA-700E-4655-A9D3-A10655FC4FEF}: DhcpNameServer = 160.218.43.200 160.218.10.200
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E985DF01-9EBB-4BEA-878D-F5FC53CEF329}: DhcpNameServer = 213.46.172.37 213.46.172.36
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2015.02.25 13:19:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2015.02.25 13:18:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\OTL.exe
[2015.02.25 11:24:24 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2015.02.25 11:24:23 | 000,000,000 | ---D | C] -- C:\rsit
[2015.02.24 21:08:34 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2015.02.24 21:07:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2015.02.24 20:25:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Impostazioni locali
[2015.02.24 19:45:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015.02.24 19:44:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2015.02.24 19:43:44 | 000,092,888 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2015.02.24 19:18:15 | 016,466,552 | ---- | C] (Malwarebytes Corp.) -- C:\Users\Administrator\Desktop\mbar-1.08.3.1004.exe
[2015.02.24 19:10:06 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\mbar
[2015.02.24 18:00:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\temp
[2015.02.24 17:51:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2015.02.24 17:51:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2015.02.24 17:51:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2015.02.24 17:51:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2015.02.24 17:51:24 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2015.02.24 17:43:44 | 005,611,903 | R--- | C] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2015.02.24 17:20:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Seznam.cz
[2015.02.24 17:10:40 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2015.02.24 17:07:45 | 000,000,000 | ---D | C] -- C:\Support
[2015.02.24 09:30:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2015.02.17 14:16:15 | 000,000,000 | ---D | C] -- C:\ProgramData\LecaLbaqo
[2010.02.25 17:29:37 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Program Files\ATF-Cleaner.exe

========== Files - Modified Within 30 Days ==========

[2015.02.25 13:24:39 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2015.02.25 13:17:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\OTL.exe
[2015.02.25 13:17:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2015.02.25 13:15:54 | 000,005,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015.02.25 13:15:54 | 000,005,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015.02.25 13:12:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015.02.25 12:43:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015.02.25 11:30:06 | 000,001,014 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1025612255-1419475842-1272948856-500UA.job
[2015.02.25 11:30:00 | 000,000,992 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1025612255-1419475842-1272948856-500Core.job
[2015.02.25 11:21:28 | 001,107,968 | ---- | M] () -- C:\Users\Administrator\Desktop\RSIT.exe
[2015.02.25 11:13:53 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015.02.25 11:13:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015.02.25 11:13:30 | 2384,932,864 | -HS- | M] () -- C:\hiberfil.sys
[2015.02.24 19:43:44 | 000,092,888 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2015.02.24 19:07:08 | 016,466,552 | ---- | M] (Malwarebytes Corp.) -- C:\Users\Administrator\Desktop\mbar-1.08.3.1004.exe
[2015.02.24 17:58:38 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2015.02.24 17:51:15 | 005,611,903 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2015.02.24 17:07:22 | 000,053,248 | ---- | M] () -- C:\Windows\System32\zlib.dll
[2015.02.24 17:02:23 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat
[2015.02.24 10:41:59 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015.02.24 09:30:44 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2015.02.10 18:05:49 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2015.02.10 18:05:49 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2015.01.27 10:36:57 | 000,625,936 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2015.01.27 10:36:57 | 000,610,094 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2015.01.27 10:36:57 | 000,120,008 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2015.01.27 10:36:57 | 000,104,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2015.02.25 13:24:39 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2015.02.25 11:23:47 | 001,107,968 | ---- | C] () -- C:\Users\Administrator\Desktop\RSIT.exe
[2015.02.24 17:51:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2015.02.24 17:51:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2015.02.24 17:51:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2015.02.24 17:51:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2015.02.24 17:51:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2015.02.24 17:07:22 | 000,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2015.02.24 09:30:44 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2015.02.24 09:30:44 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2010.09.29 19:13:34 | 000,009,216 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.02 19:14:33 | 000,000,017 | ---- | C] () -- C:\Users\Administrator\AppData\Local\resmon.resmoncfg
[2010.02.25 18:14:07 | 000,001,302 | ---- | C] () -- C:\Users\Administrator\IronPortable – zástupce.lnk

========== ZeroAccess Check ==========

[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010.02.18 08:34:01 | 012,867,072 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010.02.25 17:49:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org
[2011.08.05 09:19:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Opera
[2012.03.19 09:18:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Origin
[2015.02.25 11:19:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Seznam.cz
[2014.03.18 12:44:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Unity
[2013.10.06 12:34:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Uschovna

========== Purity Check ==========



========== Custom Scans ==========

< >
[2009.07.14 05:53:46 | 000,032,574 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2010.07.19 20:08:29 | 000,000,936 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2010.07.19 20:08:29 | 000,000,940 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.04.03 17:19:29 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.06.26 19:03:40 | 000,000,992 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1025612255-1419475842-1272948856-500Core.job
[2012.06.26 19:03:40 | 000,001,014 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1025612255-1419475842-1272948856-500UA.job

< >

< MD5 for: ATAPI.SYS >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\erdnt\cache\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.04.22 06:24:04 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=80C40F7FDFC376E4C5FEEC28B41C119E -- C:\Windows.old\Windows\System32\drivers\atapi.sys
[2009.04.22 06:24:04 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=80C40F7FDFC376E4C5FEEC28B41C119E -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_b27d5421375ad1cd\atapi.sys
[2009.04.22 06:24:04 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=80C40F7FDFC376E4C5FEEC28B41C119E -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7100.0_none_4e2b207b769f9fe5\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.07.14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\System32\autochk.exe
[2009.07.14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009.04.22 06:18:45 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=DCE8C59D84D5923D0CA54EF116DD8138 -- C:\Windows.old\Windows\System32\autochk.exe
[2009.04.22 06:18:45 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=DCE8C59D84D5923D0CA54EF116DD8138 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7100.0_none_52e6e5ab16d6f438\autochk.exe

< MD5 for: CDROM.SYS >
[2009.07.14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009.07.14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009.07.14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
[2009.04.22 04:08:50 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=EDF617E3CE277E60B8DDC2B6E99B1D54 -- C:\Windows.old\Windows\System32\drivers\cdrom.sys
[2009.04.22 04:08:50 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=EDF617E3CE277E60B8DDC2B6E99B1D54 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_979e56719b05c594\cdrom.sys
[2009.04.22 04:08:50 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=EDF617E3CE277E60B8DDC2B6E99B1D54 -- C:\Windows.old\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7100.0_none_d09c5443f8dd3b93\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\erdnt\cache\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.04.22 06:19:02 | 002,607,616 | ---- | M] (Microsoft Corporation) MD5=C133788B393EEC01439AD997D24E66ED -- C:\Windows.old\Windows\explorer.exe
[2009.04.22 06:19:02 | 002,607,616 | ---- | M] (Microsoft Corporation) MD5=C133788B393EEC01439AD997D24E66ED -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7100.0_none_c2a79f73ced24008\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: HAL.DLL >
[2009.04.22 06:24:20 | 000,194,128 | ---- | M] (Microsoft Corporation) MD5=826E8635457E8215C87DB6300DFC8F35 -- C:\Windows.old\Windows\System32\hal.dll
[2009.04.22 06:24:20 | 000,194,128 | ---- | M] (Microsoft Corporation) MD5=826E8635457E8215C87DB6300DFC8F35 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7100.0_none_1c1beb05aec0089e\hal.dll
[2009.07.14 02:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\System32\hal.dll
[2009.07.14 02:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll

< MD5 for: SCECLI.DLL >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\erdnt\cache\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2009.04.22 06:21:47 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=686BAFE6AF35AF1C8D5EB536A8500430 -- C:\Windows.old\Windows\System32\scecli.dll
[2009.04.22 06:21:47 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=686BAFE6AF35AF1C8D5EB536A8500430 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7100.0_none_a900dabd2e31405b\scecli.dll

< MD5 for: SERVICES.EXE >
[2009.07.14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\erdnt\cache\services.exe
[2009.07.14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009.07.14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009.04.22 06:19:27 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=77474E495E99CCE05AD2720E6FA85A35 -- C:\Windows.old\Windows\System32\services.exe
[2009.04.22 06:19:27 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=77474E495E99CCE05AD2720E6FA85A35 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7100.0_none_4052b8c9225ed253\services.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.04.22 06:19:35 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5F1FE2F551E74B069C436152F06CCFDC -- C:\Windows.old\Windows\System32\svchost.exe
[2009.04.22 06:19:35 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5F1FE2F551E74B069C436152F06CCFDC -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7100.0_none_26ae52025a638f2e\svchost.exe

< MD5 for: TCPIP.SYS >
[2009.07.14 02:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\erdnt\cache\tcpip.sys
[2009.07.14 02:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\System32\drivers\tcpip.sys
[2009.07.14 02:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2009.04.22 06:23:55 | 001,267,280 | ---- | M] (Microsoft Corporation) MD5=4EB1831B5C67AFF9CFFA5269A3905505 -- C:\Windows.old\Windows\System32\drivers\tcpip.sys
[2009.04.22 06:23:55 | 001,267,280 | ---- | M] (Microsoft Corporation) MD5=4EB1831B5C67AFF9CFFA5269A3905505 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7100.0_none_24110ab3bb7c123f\tcpip.sys

< MD5 for: USERINIT.EXE >
[2009.04.22 06:19:37 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=50771CA86FF1ADAF5FD1920F8CB5665E -- C:\Windows.old\Windows\System32\userinit.exe
[2009.04.22 06:19:37 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=50771CA86FF1ADAF5FD1920F8CB5665E -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7100.0_none_4d1bb27726c5c954\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\erdnt\cache\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\erdnt\cache\winlogon.exe
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2009.04.22 06:19:40 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=B9CFF761509E6C95E964B29B279D7721 -- C:\Windows.old\Windows\System32\winlogon.exe
[2009.04.22 06:19:40 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=B9CFF761509E6C95E964B29B279D7721 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7100.0_none_e0b5f9782a074d3e\winlogon.exe

< >

< %systemroot%*.* /U /s >
[3 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[8 C:\Windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\*.tmp files -> C:\Windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >
[2010.04.14 17:32:21 | 027,386,256 | ---- | M] ( ) -- C:\AdbeRdr930_en_US.exe
[2011.05.11 14:02:25 | 020,608,512 | ---- | M] (Microsoft Corporation) -- C:\IE9-Setup-Seven32.exe
[2008.10.17 18:41:42 | 001,695,744 | ---- | M] () -- C:\ImationLock.exe
[2009.12.16 18:29:46 | 138,400,584 | ---- | M] (Microsoft Corporation) -- C:\wlsetup-all.exe
[2009.12.16 18:27:45 | 001,158,984 | ---- | M] (Microsoft Corporation) -- C:\wlsetup-custom.exe

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2012.09.23 09:17:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2010.04.28 13:46:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Apple Computer
[2011.10.13 12:32:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ArcSoft
[2014.08.16 15:50:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\dvdcss
[2010.02.25 16:31:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Identities
[2010.03.02 19:45:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Macromedia
[2009.07.14 08:48:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Media Center Programs
[2012.12.25 18:40:06 | 000,000,000 | --SD | M] -- C:\Users\Administrator\AppData\Roaming\Microsoft
[2011.09.30 17:53:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla
[2010.02.25 17:49:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org
[2011.08.05 09:19:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Opera
[2012.03.19 09:18:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Origin
[2015.02.25 11:19:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Seznam.cz
[2015.02.25 14:14:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Skype
[2011.04.13 16:47:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\skypePM
[2014.03.18 12:44:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Unity
[2013.10.06 12:34:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Uschovna
[2015.01.08 18:46:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\vlc
[2010.04.13 13:53:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2012.03.18 19:08:12 | 000,010,134 | R--- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2013.05.16 14:25:04 | 001,062,472 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Seznam.cz\szninstall.exe
[2013.05.16 14:26:24 | 002,589,256 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Seznam.cz\sznsetup.exe
[2013.04.16 12:52:34 | 000,055,808 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Seznam.cz\bin\ffkill.exe
[2013.04.29 11:53:34 | 000,045,560 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
[2013.04.12 09:13:24 | 000,457,208 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
[2013.04.12 09:10:22 | 000,092,664 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2015.02.25 13:43:00 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2015.02.25 11:30:00 | 000,000,992 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1025612255-1419475842-1272948856-500Core.job
[2015.02.25 14:30:07 | 000,001,014 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1025612255-1419475842-1272948856-500UA.job
[2015.02.25 11:13:53 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2015.02.25 14:12:00 | 000,000,940 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >
[2015.02.24 19:43:44 | 000,092,888 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbamchameleon.sys

< %systemroot%\system32\*.* /3 >
[2015.02.25 14:15:55 | 000,005,872 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015.02.25 14:15:55 | 000,005,872 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015.02.24 17:09:06 | 000,000,029 | ---- | M] () -- C:\Windows\system32\zerobyte_files_deleted.txt
[2015.02.24 17:07:22 | 000,053,248 | ---- | M] () -- C:\Windows\system32\zlib.dll

< %SYSTEMDRIVE%\*.exe >
[2010.04.14 17:32:21 | 027,386,256 | ---- | M] ( ) -- C:\AdbeRdr930_en_US.exe
[2011.05.11 14:02:25 | 020,608,512 | ---- | M] (Microsoft Corporation) -- C:\IE9-Setup-Seven32.exe
[2008.10.17 18:41:42 | 001,695,744 | ---- | M] () -- C:\ImationLock.exe
[2009.12.16 18:29:46 | 138,400,584 | ---- | M] (Microsoft Corporation) -- C:\wlsetup-all.exe
[2009.12.16 18:27:45 | 001,158,984 | ---- | M] (Microsoft Corporation) -- C:\wlsetup-custom.exe

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"OM2_Monitor" = "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -- [2009.11.25 20:42:26 | 000,095,632 | ---- | M] (OLYMPUS IMAGING CORP.)
"Skype" = "D:\Dokumenty\SkypePortable\App\Skype\Phone\Skype.exe" /minimized /regrun -- [2015.01.23 14:40:42 | 031,087,200 | R--- | M] (Skype Technologies S.A.)
"LecaLbaqo" = regsvr32.exe "C:\ProgramData\LecaLbaqo\CefixAvuvq.syl" -- [2009.07.14 02:14:30 | 000,014,848 | ---- | M] (Microsoft Corporation)
"cz.seznam.software.autoupdate" = "C:\Users\Administrator\AppData\Roaming\Seznam.cz\szninstall.exe" -c -- [2013.05.16 14:25:04 | 001,062,472 | ---- | M] ()
"cz.seznam.software.szndesktop" = "C:\Users\Administrator\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q -- [2013.04.12 09:10:22 | 000,092,664 | ---- | M] ()

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2011.09.23 05:43:04 | 000,924,632 | ---- | M] (Mozilla Corporation) MD5=C5011D2FD82CE4876A0EB9D2A27ADDAA -- C:\Program Files\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2011.05.11 14:05:29 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Program Files\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >
[2011.08.05 09:19:15 | 000,947,056 | ---- | M] (Opera Software) MD5=1BE8F8E2758C352280990A170DDD696D -- C:\Program Files\Opera\opera.exe

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2015.02.17 23:45:00 | 000,843,592 | ---- | M] (Google Inc.) MD5=B9D6D7E6E5C4FCD8DD7F88EC9D563085 -- C:\Program Files\Google\Chrome\Application\chrome.exe

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2015.02.25 13:24:39 | 000,000,512 | ---- | M] () MD5=37EFFA147EBA97524B039A437514B425 -- C:\PhysicalMBR.bin

< >

< *crack* /s >

< *keygen* /s >

< *loader* /s >
[2012.04.19 08:47:30 | 000,006,081 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.py
[2012.04.13 12:00:14 | 000,020,992 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.uno.dll
[2012.04.19 08:50:38 | 000,000,171 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.uno.ini
[2012.04.13 12:00:00 | 000,029,696 | ---- | M] () -- \Program Files\OpenOffice.org 3\URE\bin\javaloader.uno.dll
[2012.04.19 04:08:12 | 000,003,867 | ---- | M] () -- \Program Files\OpenOffice.org 3\URE\java\unoloader.jar
[2008.06.20 19:13:32 | 000,044,032 | ---- | M] () -- \Program Files\WinRAR\RarExtLoader.exe
[2013.08.28 01:15:54 | 000,006,643 | ---- | M] () -- \Users\Administrator\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.3.114\js\downloader.js
[2013.11.18 02:56:38 | 000,006,643 | ---- | M] () -- \Users\Administrator\AppData\Local\Microsoft\BingBar\Apps\FacebookLike_08e57417866d4faa981702780b0d36c4\7.3.132\js\downloader.js
[2013.11.18 02:56:38 | 000,006,643 | ---- | M] () -- \Users\Administrator\AppData\Local\Microsoft\BingBar\Apps\fbsharedservices_bb9c6e8b961d477e9ec95f9698bde610\7.3.132\js\downloader.js
[2013.11.18 02:56:38 | 000,006,643 | ---- | M] () -- \Users\Administrator\AppData\Local\Microsoft\BingBar\Apps\Featured_ce53daa069a4a3ad2e3d7d81081f340d\7.3.132\js\downloader.js
[2013.08.26 21:59:30 | 000,006,643 | ---- | M] () -- \Users\Administrator\AppData\Local\Microsoft\BingBar\Apps\Chat_cf57b0088a3b4f61a0bfaad0ba784240\7.3.109\js\downloader.js
[2014.12.15 17:26:30 | 000,072,638 | ---- | M] () -- \Users\Administrator\AppData\Local\Skype\Apps\login\images\loader.gif
[2014.12.15 17:26:30 | 000,003,032 | ---- | M] () -- \Users\Administrator\AppData\Local\Skype\Apps\login\images\loader.png
[2014.12.15 17:26:30 | 000,006,012 | ---- | M] () -- \Users\Administrator\AppData\Local\Skype\Apps\login\images\normal\loader_15fps.gif
[2014.12.15 17:26:30 | 000,021,956 | ---- | M] () -- \Users\Administrator\AppData\Local\Skype\Apps\login\images\normal\loader_30fps.gif
[2014.12.15 17:26:30 | 000,009,772 | ---- | M] () -- \Users\Administrator\AppData\Local\Skype\Apps\login\images\retina\loader@2x.png
[2013.03.29 12:37:34 | 000,059,384 | ---- | M] () -- \Users\Administrator\AppData\Roaming\Seznam.cz\bin\19365libfoxloader.dll
[2013.04.15 12:32:10 | 000,060,416 | ---- | M] () -- \Users\Administrator\AppData\Roaming\Seznam.cz\bin\19368libfoxloader-x64.dll
[2015.02.24 17:20:37 | 000,000,165 | ---- | M] () -- \Users\Administrator\AppData\Roaming\Seznam.cz\conf\szndesktop.d\libfoxloader.conf
[2013.03.25 15:27:20 | 000,000,665 | ---- | M] () -- \Users\Administrator\AppData\Roaming\Seznam.cz\uninstall\cz_seznam_software_libfoxloader_3_1_2.install.bat
[2013.03.25 15:27:26 | 000,000,117 | ---- | M] () -- \Users\Administrator\AppData\Roaming\Seznam.cz\uninstall\cz_seznam_software_libfoxloader_3_1_2.uninstall.bat
File not found -- \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\AppData\Local\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\AppData\Local\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\AppData\Local\Temp\*.tmp -> ]
File not found -- \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Documents and Settings\Administrator\Local Settings\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Documents and Settings\Administrator\Local Settings\Temp\*.tmp files -> \Windows.old\Documents and Settings\Administrator\Local Settings\Temp\*.tmp -> ]
[2009.01.21 14:30:04 | 000,003,072 | ---- | M] () -- \Windows.old\Program Files\Nokia\Nokia PC Suite 7\Lang\MapLoader_cze.NLR
[2009.09.16 22:33:50 | 000,006,308 | ---- | M] () -- \Windows.old\Program Files\OpenOffice.org 3\Basis\program\pythonloader.py
[2009.09.16 15:22:08 | 000,022,528 | ---- | M] () -- \Windows.old\Program Files\OpenOffice.org 3\Basis\program\pythonloader.uno.dll
[2009.09.17 20:12:18 | 000,000,171 | ---- | M] () -- \Windows.old\Program Files\OpenOffice.org 3\Basis\program\pythonloader.uno.ini
[2009.09.11 16:36:38 | 000,029,696 | ---- | M] () -- \Windows.old\Program Files\OpenOffice.org 3\URE\bin\javaloader.uno.dll
[2009.09.16 15:00:48 | 000,003,872 | ---- | M] () -- \Windows.old\Program Files\OpenOffice.org 3\URE\java\unoloader.jar
[2008.06.20 19:13:32 | 000,044,032 | ---- | M] () -- \Windows.old\Program Files\WinRAR\RarExtLoader.exe
File not found -- \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\AppData\Local\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\AppData\Local\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\AppData\Local\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\AppData\Local\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\AppData\Local\Temp\*.tmp files -> \Windows.old\Users\Administrator\AppData\Local\Temp\*.tmp -> ]
File not found -- \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\Local Settings\Application Data\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\Local Settings\Application Data\Temp\*.tmp files -> \Windows.old\Users\Administrator\Local Settings\Application Data\Temp\*.tmp -> ]
[2009.11.09 15:37:51 | 000,690,176 | ---- | M] () -- \Windows.old\Users\Administrator\Local Settings\Temp\EpsonInkjetDriverDownloader.EXE
[32 \Windows.old\Users\Administrator\Local Settings\Temp\*.tmp files -> \Windows.old\Users\Administrator\Local Settings\Temp\*.tmp -> ]
[2009.04.22 06:00:53 | 000,003,584 | -H-- | M] () -- \Windows.old\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.04.22 06:20:16 | 000,038,400 | ---- | M] () -- \Windows.old\Windows\System32\dmloader.dll
[2009.04.22 09:27:33 | 000,003,532 | ---- | M] () -- \Windows.old\Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2009.11.05 15:55:04 | 000,002,879 | ---- | M] () -- \Windows.old\Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7100.0_cs-cz_a435670b521f4b5e.manifest
[2009.11.05 15:55:04 | 000,034,896 | ---- | M] () -- \Windows.old\Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7100.0_cs-cz_a435670b521f4b5e_winload.exe.mui_3bc5b827
[2009.11.05 15:55:04 | 000,030,288 | ---- | M] () -- \Windows.old\Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7100.0_cs-cz_a435670b521f4b5e_winresume.exe.mui_ff8b5358
[2009.04.22 10:01:06 | 000,002,879 | ---- | M] () -- \Windows.old\Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7100.0_en-us_e78bb2673919a7bc.manifest
[2009.04.22 10:01:06 | 000,033,344 | ---- | M] () -- \Windows.old\Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7100.0_en-us_e78bb2673919a7bc_winload.exe.mui_3bc5b827
[2009.04.22 10:01:06 | 000,029,760 | ---- | M] () -- \Windows.old\Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7100.0_en-us_e78bb2673919a7bc_winresume.exe.mui_ff8b5358
[2009.04.22 07:07:04 | 000,004,213 | ---- | M] () -- \Windows.old\Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7100.0_none_cc19b293c1bcb191.manifest
[2009.04.22 07:07:04 | 000,507,056 | ---- | M] () -- \Windows.old\Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7100.0_none_cc19b293c1bcb191_winload.exe_75835076
[2009.04.22 07:07:04 | 000,441,896 | ---- | M] () -- \Windows.old\Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7100.0_none_cc19b293c1bcb191_winresume.exe_85cd1215
[2009.04.22 07:07:01 | 000,002,886 | ---- | M] () -- \Windows.old\Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7100.0_none_dc26209aa631b5fb.manifest
[2009.04.22 07:07:01 | 000,017,488 | ---- | M] () -- \Windows.old\Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7100.0_none_dc26209aa631b5fb_spldr.sys_98bd87a0
[2009.04.21 22:46:10 | 000,002,879 | ---- | M] () -- \Windows.old\Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7100.0_cs-cz_a435670b521f4b5e.manifest
[2009.04.22 07:26:38 | 000,002,879 | ---- | M] () -- \Windows.old\Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7100.0_en-us_e78bb2673919a7bc.manifest
[2009.04.22 06:39:42 | 000,004,213 | ---- | M] () -- \Windows.old\Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7100.0_none_cc19b293c1bcb191.manifest
[2009.04.22 06:43:35 | 000,002,886 | ---- | M] () -- \Windows.old\Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7100.0_none_dc26209aa631b5fb.manifest
[2009.04.22 06:20:16 | 000,038,400 | ---- | M] () -- \Windows.old\Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7100.0_none_b6e71452e4b8a0a3\dmloader.dll
[2009.04.22 06:00:53 | 000,003,584 | -H-- | M] () -- \Windows.old\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7100.0_none_7ba4e857d0e5c485\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009.07.14 05:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2010.02.25 16:40:08 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2010.02.25 16:40:08 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winload.exe.mui_3bc5b827
[2010.02.25 16:40:08 | 000,030,272 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winresume.exe.mui_ff8b5358
[2009.07.14 05:56:40 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009.07.14 05:56:40 | 000,033,344 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winload.exe.mui_3bc5b827
[2009.07.14 05:56:40 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winresume.exe.mui_ff8b5358
[2010.02.25 16:42:56 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2010.02.25 16:42:56 | 000,507,568 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed_winload.exe_75835076
[2010.02.25 16:42:56 | 000,442,920 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed_winresume.exe_85cd1215
[2009.07.14 03:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 03:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2009.07.13 18:54:50 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2009.07.14 03:29:12 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009.07.14 02:47:46 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009.08.19 08:38:48 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16411_none_5b44c087cdc549ed.manifest
[2009.08.19 08:21:21 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20509_none_5be12f8ee6d3987e.manifest
[2009.07.14 02:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 776 bytes -> D:\Dokumenty\so war Lindenfels.eml:OECustomProperty

< End of report >

Re: OTP seznam.cz

Napsal: 25 úno 2015 19:13
od Rudy
Znovu spustte OTL jako spravce
Do spodniho okna vlozte nasledujici text:
:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1025612255-1419475842-1272948856-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
FF - prefs.js..browser.search.defaultenginename: "Bing "
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.selectedEngine: "Bing "
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=UP94DF&PC=UP94&q="
FF - user.js - File not found
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig\1.3.14_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd\1.2.13_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim\0.0.0.4_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak\1.7.1_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1025612255-1419475842-1272948856-500\..\Toolbar\WebBrowser: (no name) - {34AB3C4C-DA1A-4067-96F4-31452C7CFE65} - No CLSID value found.
O4 - HKU\S-1-5-21-1025612255-1419475842-1272948856-500..\Run: [LecaLbaqo] C:\Windows\System32\regsvr32.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [Report] \AdwCleaner\AdwCleaner[S0].txt File not found
O4 - HKU\S-1-5-18..\RunOnce: [Report] \AdwCleaner\AdwCleaner[S0].txt File not found
@Alternate Data Stream - 776 bytes -> D:\Dokumenty\so war Lindenfels.eml:OECustomProperty

:files
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1025612255-1419475842-1272948856-500UA.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1025612255-1419475842-1272948856-500Core.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
c:\\Users\Administrator\AppData\Local\Microsoft\BingBar
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[Purity]
[CreateRestorePoint]
Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz