Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Preventívka, poprosím o kontrolu

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
biblbrox
Návštěvník
Návštěvník
Příspěvky: 52
Registrován: 23 lis 2007 19:28

Preventívka, poprosím o kontrolu

#1 Příspěvek od biblbrox »

Dobrý deň prajem,

poprosím o kontrolu logu z RSIT:


Logfile of random's system information tool 1.10 (written by random/random)
Run by Dell at 2014-11-10 10:06:32
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 73 GB (36%) free of 200 GB
Total RAM: 2302 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:06:55, on 10. 11. 2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17344)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Dell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Dell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Dell\Downloads\RSIT.exe
C:\Program Files\trend micro\Dell.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [vmware-tray.exe] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [Google Update] "C:\Users\Dell\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DCService.exe - Unknown owner - C:\ProgramData\DatacardService\DCService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: VMware vCenter Converter Standalone Agent (vmware-converter-agent) - VMware, Inc. - C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
O23 - Service: VMware vCenter Converter Standalone Server (vmware-converter-server) - VMware, Inc. - C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
O23 - Service: VMware vCenter Converter Standalone Worker (vmware-converter-worker) - VMware, Inc. - C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
O23 - Service: VMware Workstation Server (VMwareHostd) - Unknown owner - C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe

--
End of file - 6828 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf2a9da140c3d0.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3562986280-4176678261-1391110089-1000Core.job - C:\Users\Dell\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3562986280-4176678261-1391110089-1000UA1ced27ec4050290.job - C:\Users\Dell\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-09-10 457712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-28 194504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-28 194504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-07-30 13797920]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-09-13 59720]
"vmware-tray.exe"=C:\Program Files\VMware\VMware Workstation\vmware-tray.exe [2013-02-26 104528]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2013-11-02 152392]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2013-05-01 421888]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21 959176]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-09-10 4085896]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Dell\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-26 107912]
"ApplePhotoStreams"=C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [2013-09-15 59720]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2013-12-15 39408]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"VIDC.VMnc"=vmnc.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-11-10 10:06:32 ----D---- C:\rsit
2014-11-10 10:06:32 ----D---- C:\Program Files\trend micro
2014-10-19 16:32:51 ----A---- C:\Windows\WORDPAD.INI
2014-10-17 14:39:08 ----A---- C:\Windows\system32\generaltel.dll
2014-10-17 14:39:08 ----A---- C:\Windows\system32\aepdu.dll
2014-10-17 14:39:07 ----A---- C:\Windows\system32\aeinv.dll
2014-10-17 14:39:03 ----A---- C:\Windows\system32\win32k.sys
2014-10-17 14:38:41 ----A---- C:\Windows\system32\rastls.dll
2014-10-17 14:38:38 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-17 14:38:38 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-10-17 14:38:38 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-10-17 14:38:37 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-17 14:38:37 ----A---- C:\Windows\system32\jsproxy.dll
2014-10-17 14:38:36 ----A---- C:\Windows\system32\wininet.dll
2014-10-17 14:38:36 ----A---- C:\Windows\system32\vbscript.dll
2014-10-17 14:38:36 ----A---- C:\Windows\system32\ieUnatt.exe
2014-10-17 14:38:36 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-10-17 14:38:36 ----A---- C:\Windows\system32\dxtmsft.dll
2014-10-17 14:38:35 ----A---- C:\Windows\system32\ieui.dll
2014-10-17 14:38:35 ----A---- C:\Windows\system32\dxtrans.dll
2014-10-17 14:38:34 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-10-17 14:38:34 ----A---- C:\Windows\system32\mshtmled.dll
2014-10-17 14:38:34 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-10-17 14:38:33 ----A---- C:\Windows\system32\jscript9diag.dll
2014-10-17 14:38:33 ----A---- C:\Windows\system32\iertutil.dll
2014-10-17 14:38:32 ----A---- C:\Windows\system32\mshtml.dll
2014-10-17 14:38:32 ----A---- C:\Windows\system32\jscript9.dll
2014-10-17 14:38:31 ----A---- C:\Windows\system32\urlmon.dll
2014-10-17 14:38:31 ----A---- C:\Windows\system32\iernonce.dll
2014-10-17 14:38:31 ----A---- C:\Windows\system32\ie4uinit.exe
2014-10-17 14:38:30 ----A---- C:\Windows\system32\msfeeds.dll
2014-10-17 14:38:30 ----A---- C:\Windows\system32\iedkcs32.dll
2014-10-17 14:38:30 ----A---- C:\Windows\system32\ieapfltr.dll
2014-10-17 14:38:29 ----A---- C:\Windows\system32\msrating.dll
2014-10-17 14:38:29 ----A---- C:\Windows\system32\iesetup.dll
2014-10-17 14:38:28 ----A---- C:\Windows\system32\ieframe.dll
2014-10-17 14:36:40 ----A---- C:\Windows\system32\mscorier.dll
2014-10-17 14:36:40 ----A---- C:\Windows\system32\dfshim.dll
2014-10-17 14:36:39 ----A---- C:\Windows\system32\mscories.dll
2014-10-17 14:36:24 ----A---- C:\Windows\system32\termsrv.dll
2014-10-17 14:36:24 ----A---- C:\Windows\system32\rdpcorets.dll
2014-10-17 14:36:24 ----A---- C:\Windows\system32\mstscax.dll
2014-10-17 14:36:24 ----A---- C:\Windows\system32\mstsc.exe
2014-10-17 14:36:23 ----A---- C:\Windows\system32\winsta.dll
2014-10-17 14:36:23 ----A---- C:\Windows\system32\winlogon.exe
2014-10-17 14:36:23 ----A---- C:\Windows\system32\TSpkg.dll
2014-10-17 14:36:23 ----A---- C:\Windows\system32\rdpcorekmts.dll
2014-10-17 14:36:23 ----A---- C:\Windows\system32\drivers\tssecsrv.sys
2014-10-17 14:36:23 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2014-10-17 14:36:23 ----A---- C:\Windows\system32\credssp.dll
2014-10-17 14:36:23 ----A---- C:\Windows\system32\aaclient.dll
2014-10-17 14:36:07 ----A---- C:\Windows\system32\msi.dll
2014-10-17 14:36:04 ----A---- C:\Windows\system32\packager.dll

======List of files/folders modified in the last 1 month======

2014-11-10 10:06:36 ----D---- C:\Windows\Temp
2014-11-10 10:06:32 ----RD---- C:\Program Files
2014-11-10 09:56:48 ----A---- C:\Windows\system32\rpcnetp.exe
2014-11-10 08:01:35 ----D---- C:\Windows\tracing
2014-11-10 07:52:12 ----D---- C:\Windows\system32\config
2014-11-10 07:51:45 ----D---- C:\ProgramData\VMware
2014-11-10 07:50:54 ----A---- C:\Windows\system32\rpcnet.dll
2014-11-08 07:38:36 ----SHD---- C:\System Volume Information
2014-10-29 23:17:12 ----D---- C:\Windows\Minidump
2014-10-29 23:17:08 ----D---- C:\Windows
2014-10-28 18:32:36 ----D---- C:\Windows\System32
2014-10-28 18:32:36 ----D---- C:\Windows\inf
2014-10-28 18:32:36 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-10-28 06:35:00 ----N---- C:\Windows\system32\MpSigStub.exe
2014-10-27 23:47:34 ----D---- C:\Windows\system32\catroot2
2014-10-26 21:54:41 ----D---- C:\Windows\Tasks
2014-10-26 19:30:18 ----D---- C:\Windows\system32\wfp
2014-10-26 19:30:18 ----D---- C:\Windows\system32\wbem
2014-10-26 19:30:18 ----D---- C:\Windows\system32\DriverStore
2014-10-26 19:30:14 ----D---- C:\Windows\registration
2014-10-26 09:34:24 ----D---- C:\Windows\system32\Tasks
2014-10-20 18:34:05 ----SHD---- C:\Windows\Installer
2014-10-19 08:02:27 ----D---- C:\Windows\Microsoft.NET
2014-10-19 08:01:34 ----RSD---- C:\Windows\assembly
2014-10-18 19:14:22 ----D---- C:\Windows\winsxs
2014-10-18 19:11:09 ----SD---- C:\Windows\system32\CompatTel
2014-10-18 19:11:08 ----D---- C:\Windows\system32\en-US
2014-10-18 19:11:08 ----D---- C:\Program Files\Internet Explorer
2014-10-18 19:11:07 ----D---- C:\Windows\system32\sk-SK
2014-10-18 19:11:07 ----D---- C:\Windows\system32\drivers
2014-10-18 18:52:49 ----D---- C:\Windows\system32\MRT
2014-10-18 18:47:37 ----A---- C:\Windows\system32\MRT.exe
2014-10-17 14:35:56 ----D---- C:\Windows\system32\catroot

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-09-10 49944]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-09-10 192352]
R0 nvstor32;nvstor32; C:\Windows\system32\DRIVERS\nvstor32.sys [2010-03-09 214120]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 vmci;VMware VMCI Bus Driver; C:\Windows\system32\DRIVERS\vmci.sys [2012-10-24 71152]
R0 vsock;vSockets Driver; C:\Windows\system32\drivers\vsock.sys [2012-10-24 61464]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-09-10 81768]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-09-10 779536]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-09-10 414520]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2010-11-20 48128]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2010-11-20 296064]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-09-10 24184]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-09-10 67824]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-09-10 71944]
R2 Hardlock;Hardlock; C:\Windows\system32\drivers\hardlock.sys [2006-11-22 693760]
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2012-10-11 41496]
R2 NSHE;Guardant Emulator Driver; \??\C:\Windows\system32\Drivers\NSHE.SYS [2008-11-23 97792]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2009-06-25 48128]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2009-06-25 44544]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2009-06-25 38400]
R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2013-02-26 37016]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2013-02-26 26192]
R2 vmx86;VMware vmx86; \??\C:\Windows\system32\Drivers\vmx86.sys [2013-02-26 62416]
R2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared); C:\Windows\system32\drivers\vstor2-mntapi10-shared.sys [2011-07-12 22768]
R2 vstor2-mntapi20-shared;Vstor2 MntApi 2.0 Driver (shared); C:\Windows\system32\drivers\vstor2-mntapi20-shared.sys [2013-02-22 23632]
R3 athr;Dell Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-10-24 1221632]
R3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2010-05-22 70656]
R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [2010-07-13 65640]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2009-08-21 66592]
R3 NVNET;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmf6232.sys [2010-08-12 298216]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2009-06-29 17920]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-20 84992]
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2013-02-26 16664]
R3 vpcbus;Virtual PC Host Bus Service; C:\Windows\system32\DRIVERS\vpchbus.sys [2010-11-20 172416]
R3 vpcusb;USB Virtualization Connector Service; C:\Windows\system32\DRIVERS\vpcusb.sys [2010-11-20 78336]
S2 Parvdm;Parvdm; C:\Windows\system32\drivers\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 bmdrvr;Modified Clusters Tracking Driver; C:\Windows\system32\drivers\bmdrvr.sys [2013-02-22 54992]
S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [2010-03-20 101504]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2010-03-25 105984]
S3 Netaapl;Apple Mobile Device Ethernet Service; C:\Windows\system32\DRIVERS\netaapl.sys [2013-07-25 18944]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-13 347264]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-20 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2010-11-20 25600]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2012-12-13 45056]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 vmusb;VMware USB Client Driver; C:\Windows\System32\Drivers\vmusb.sys [2012-10-11 31280]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-05-08 65432]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2013-09-07 55624]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-09-10 50344]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 DCService.exe;DCService.exe; C:\ProgramData\DatacardService\DCService.exe [2010-05-08 229376]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-07-30 211488]
R2 rpcnet;Remote Procedure Call (RPC) Net; C:\Windows\system32\rpcnet.exe [2013-09-10 69792]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Workstation\vmware-authd.exe [2013-02-26 87120]
R2 VMnetDHCP;VMware DHCP Service; C:\Windows\system32\vmnetdhcp.exe [2013-02-26 357456]
R2 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2012-10-11 721048]
R2 VMware NAT Service;VMware NAT Service; C:\Windows\system32\vmnat.exe [2013-02-26 436304]
R2 vmware-converter-server;VMware vCenter Converter Standalone Server; C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2013-04-09 479824]
R2 vmware-converter-worker;VMware vCenter Converter Standalone Worker; C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2013-04-09 479824]
R2 VMwareHostd;VMware Workstation Server; C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe [2013-02-26 13242960]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2013-11-02 553288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-15 116648]
S2 vmware-converter-agent;VMware vCenter Converter Standalone Agent; C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [2013-04-09 479824]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24 267440]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-15 116648]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2013-12-15 194032]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-09-19 108032]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-12-29 1343400]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Preventívka, poprosím o kontrolu

#2 Příspěvek od vyosek »

Zdravim :)

:arrow: Jen se zeptam pouzivate legalni operacni system, nejvyssi licence Ultimate zrovna neni bezna domaci verze :?:

:arrow: Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu
  • Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
  • Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
  • Zaskrtnete okenko Pro vsechny uzivatele
  • Zaskrtnete okenko Kontrola na havet "LOP"
  • Zaskrtnete okenko Kontrola na havet "Purity"
  • Stari souboru zmente z 30 dnu na 7 dnu
  • Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

  • Kód: Vybrat vše

    CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5 

*crack* /s
*keygen* /s
*loader* /s
  • Kliknete na tlacitko Prohledat
  • Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
  • Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
biblbrox
Návštěvník
Návštěvník
Příspěvky: 52
Registrován: 23 lis 2007 19:28

Re: Preventívka, poprosím o kontrolu

#3 Příspěvek od biblbrox »

Zdravím!

Notebook nie je môj a pochybujem o legálnosti OS, na spodu notebooka vidím licenciu na XP...


OTL Extras logfile created on: 10. 11. 2014 10:17:48 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dell\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17358)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

2,25 Gb Total Physical Memory | 1,06 Gb Available Physical Memory | 46,94% Memory free
4,50 Gb Paging File | 3,03 Gb Available in Paging File | 67,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195,41 Gb Total Space | 70,99 Gb Free Space | 36,33% Space Free | Partition Type: NTFS
Drive D: | 400,66 Gb Total Space | 400,06 Gb Free Space | 99,85% Space Free | Partition Type: NTFS

Computer Name: DELL-PC | User Name: Dell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11BF37A3-4D5C-44DD-94F4-1158962B1DA2}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{12858052-671F-4F04-B388-017835680035}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{13182719-A483-49AF-9922-C129C6794F47}" = lport=138 | protocol=17 | dir=in | app=system |
"{14547293-FD91-4A8C-8430-18FB2B588D16}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{182ED7B7-8E93-44CF-BF0B-1AD7C822503D}" = rport=139 | protocol=6 | dir=out | app=system |
"{1C4AD92A-4839-4174-A526-4B1C862C2C1A}" = lport=445 | protocol=6 | dir=in | app=system |
"{1D246E41-CE92-4E1E-960E-891A3F332F82}" = lport=10243 | protocol=6 | dir=in | app=system |
"{23F83B97-B5A3-4B46-A61B-1001771548B5}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{31DEEB6E-358A-433B-95CA-2B06F6270122}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3CE645B8-CDE5-4881-85C5-D7A15985F800}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{4C59E73F-E3B3-4EC9-95F8-ABF6DD1C999B}" = rport=138 | protocol=17 | dir=out | app=system |
"{4EC49C98-A754-436F-88DA-7CC39E7F7F66}" = rport=5358 | protocol=6 | dir=out | app=system |
"{509291E8-A45F-44F2-8007-9DAE735FC809}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{52DEB12C-5F4B-4F9F-8DC9-24656BA3BF0D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5534993E-31C9-48DE-AF71-926FB565E966}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{55C5B8F9-0BB3-4EEE-A3A6-066561F138DB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{58F6557C-CD0A-443D-8908-5B759EFA94A9}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=%systemroot%\system32\svchost.exe |
"{5DC2F7C9-AC10-4F54-868F-47471D322C5D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6B05857E-E115-45E8-BD25-083F5382F5B1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6EC6EDC2-AD75-4458-887A-B6CF299F359C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{722E061A-88EF-4261-A2B3-F3D2BB33D889}" = lport=2869 | protocol=6 | dir=in | app=system |
"{73B68239-EA1E-4685-A5AD-CB37C1B9526C}" = rport=5357 | protocol=6 | dir=out | app=system |
"{7D7C1C4A-C9C3-43F9-88D6-4A953B2B6D3D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{85542013-E2D9-42ED-A4D7-A862C60BFC0B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{887E9ED6-AF52-413F-9CEC-2E776208E65F}" = lport=137 | protocol=17 | dir=in | app=system |
"{8B2ED49C-B1AC-436C-842A-264785DB269D}" = lport=9089 | protocol=6 | dir=in | name=vmware vcenter converter standalone - agent |
"{8B9972FD-260F-4BBE-8E63-1594E29F8306}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{95336351-EAC2-4B70-87BD-EC6D314E6705}" = rport=445 | protocol=6 | dir=out | app=system |
"{9AAA4347-3393-438D-A441-84CDDFB696B9}" = lport=139 | protocol=6 | dir=in | app=system |
"{9FF8044D-A8F1-41D9-A0D3-7EDEC038BADB}" = rport=137 | protocol=17 | dir=out | app=system |
"{B9F2F7BB-2B46-4E24-BAE2-9709FEC0F00C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BC7AD022-D0B2-49AD-B00A-26D22F01F412}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BFF9FCAB-8B97-487C-B316-98B2899AA016}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C786696F-90C2-4CD3-8085-D0C56EF503A8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{CB1D2E43-7DB4-43D3-8598-117F4DE25BE9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D06D564A-0507-421C-B3E7-B0FF5D47EE49}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DB4AE370-BAC8-4B9A-A94D-2C8FBE337E7D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DB89E159-73AB-43AF-AD11-EF6D6F7C692A}" = lport=5357 | protocol=6 | dir=in | app=system |
"{E149E1D9-A1D4-4422-922A-528203CD91C1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E20E7ED1-C74B-4A04-B755-F00D36461091}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F1CEE7F2-6284-4F8A-8A4A-EB0173F4ED5F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F1D53BE5-319F-465E-85F1-01A79424B187}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F479EBC1-EAA9-4E82-918C-AF11D0C1987A}" = lport=5353 | protocol=17 | dir=in | app=c:\users\dell\appdata\local\google\chrome\application\chrome.exe |
"{FA28D14B-7EB0-478B-972B-1B41F8A08FB4}" = lport=444 | protocol=6 | dir=in | name=vmware vcenter converter standalone - server |
"{FE6D4695-D63F-4BA3-B573-5E0FDA254BA1}" = lport=5358 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00714E43-64E8-472A-9E84-D4834E8ABEC1}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{0465F2F7-25EA-44D5-BF58-D82A7A46E803}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0C610230-C2D7-4EC2-8C05-5296F0C32575}" = dir=in | app=c:\program files\vmware\vmware workstation\vmware-hostd.exe |
"{1EC1AEED-BB09-4754-8B93-7B70B5A0FA28}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{25D2847A-6D62-4925-BBB3-B1E67B466082}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3B7E15FB-9FFB-42F0-BEDA-FDBF779B018A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3BD06AF6-EE1E-4314-93E6-CDDC63F92B25}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{4880B766-AD4E-4127-8A46-5AB19CB3526D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{507B0AD8-A574-4840-9E3F-25A3836F85C8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{51C5BE45-5A75-403E-8D1A-9B21AC8D677E}" = dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe |
"{581677F1-494D-4A24-90E7-CA8926B3439B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{592C77CA-7454-4D56-B9DE-9293E709C20D}" = protocol=6 | dir=in | app=c:\users\dell\appdata\local\google\chrome\application\chrome.exe |
"{6072AE77-2C68-4E05-B010-FC8F89957306}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{652FC6FA-7985-4E3D-99E8-44408120740B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{663095A9-29EC-42E0-8F5E-06530F559B68}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{6B1C897C-1BC4-4DBA-A316-A17FAFE02453}" = protocol=17 | dir=in | app=c:\users\dell\appdata\roaming\dropbox\bin\dropbox.exe |
"{6C3C8D40-6016-4522-A2E5-4DBE1896CF65}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7446FC61-B3E1-4CDF-A853-5A59261BA217}" = dir=in | app=c:\program files\vmware\vmware workstation\vmware-hostd.exe |
"{7AA88975-C04A-43BB-A39E-24741DBFF83E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{81686AA2-3A7C-4084-92FB-E3D046B94E2E}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{858145E6-2716-441F-B1C7-B661C947C3E7}" = dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe |
"{8B29A88F-CA36-432B-9D30-596247179FCB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8EEB3666-DB7F-44D8-B0E5-1C9F7B84C57C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9C0971D2-3911-415A-9E99-E5F84ABCC769}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A9EC93CB-B2C5-4560-8816-4A2DBFDA1498}" = protocol=6 | dir=in | app=c:\users\dell\appdata\roaming\dropbox\bin\dropbox.exe |
"{ACF870F7-83D1-4089-97E9-B14BC13F6F0D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AF060B36-4481-43EA-B623-DE0F4DCD67F1}" = protocol=17 | dir=in | app=c:\users\dell\appdata\local\google\chrome\application\chrome.exe |
"{B94AC032-441B-430B-8442-74AB2975D1C5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D0EC6543-A1DB-48B0-942A-3FE88C904AC4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D612D8AF-5B0F-45FF-8D39-D9F3E881BB3F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DBAA42AF-27BC-46D2-A52B-6C2B6B73E62A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E2AC4DBB-CFEF-45C0-B3D8-E205ED3ACAB8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E7A601D9-A635-4943-9C12-4BEB6CABCD67}" = protocol=6 | dir=out | app=system |
"{ED898E48-4BD9-427E-A73A-10E3A511AB87}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Prostředí Windows XP Mode
"{17C3235A-A4B9-44ED-8794-54D8408F9733}" = VMware vCenter Converter Standalone
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C6FF70-690B-4DF7-8F5D-269DD3A7FD23}" = iCloud
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.07.01.00
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC76BA86-7AD7-1051-7B44-AB0000000001}" = Adobe Reader XI (11.0.08) - Slovak
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{C197BC08-3D82-4651-8886-E68C21578A38}" = iTunes
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"Hardlock Device Drivers" = Hardlock Device Drivers
"Mobile Partner" = Mobile Partner
"NVIDIA Drivers" = NVIDIA Drivers
"Totalcmd" = Total Commander (Remove or Repair)
"VMware_Workstation" = VMware Workstation

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3562986280-4176678261-1391110089-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9. 11. 2014 4:10:50 | Computer Name = Dell-PC | Source = WinMgmt | ID = 10
Description =

Error - 9. 11. 2014 4:37:12 | Computer Name = Dell-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9. 11. 2014 4:37:12 | Computer Name = Dell-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3151

Error - 9. 11. 2014 4:37:12 | Computer Name = Dell-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3151

Error - 9. 11. 2014 10:56:33 | Computer Name = Dell-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9. 11. 2014 10:56:33 | Computer Name = Dell-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2839

Error - 9. 11. 2014 10:56:33 | Computer Name = Dell-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2839

Error - 9. 11. 2014 15:00:36 | Computer Name = Dell-PC | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 38.0.2125.111 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 87c Start
Time: 01cffbf48f561890 Termination Time: 248 Application Path: C:\Users\Dell\AppData\Local\Google\Chrome\Application\chrome.exe

Report
Id: a4738979-6842-11e4-826c-005056c00008

Error - 9. 11. 2014 15:46:19 | Computer Name = Dell-PC | Source = WinMgmt | ID = 10
Description =

Error - 10. 11. 2014 2:51:51 | Computer Name = Dell-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 30. 5. 2014 16:11:13 | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7026
Description = Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému
zlyhali pri načítaní: cdrom

Error - 30. 5. 2014 16:12:07 | Computer Name = Dell-PC | Source = DCOM | ID = 10016
Description =

Error - 31. 5. 2014 15:54:16 | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7026
Description = Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému
zlyhali pri načítaní: cdrom

Error - 31. 5. 2014 15:55:10 | Computer Name = Dell-PC | Source = DCOM | ID = 10016
Description =

Error - 31. 5. 2014 16:55:40 | Computer Name = Dell-PC | Source = DCOM | ID = 10010
Description =

Error - 1. 6. 2014 1:42:51 | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7026
Description = Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému
zlyhali pri načítaní: cdrom

Error - 1. 6. 2014 1:43:45 | Computer Name = Dell-PC | Source = DCOM | ID = 10016
Description =

Error - 1. 6. 2014 16:06:01 | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7026
Description = Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému
zlyhali pri načítaní: cdrom

Error - 1. 6. 2014 16:06:51 | Computer Name = Dell-PC | Source = DCOM | ID = 10016
Description =

Error - 1. 6. 2014 17:18:09 | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7026
Description = Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému
zlyhali pri načítaní: cdrom


< End of report >
Nahoru
biblbrox
Návštěvník
Návštěvník
Příspěvky: 52
Registrován: 23 lis 2007 19:28

Re: Preventívka, poprosím o kontrolu

#4 Příspěvek od biblbrox »

OTL logfile created on: 10. 11. 2014 10:17:48 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dell\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17358)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

2,25 Gb Total Physical Memory | 1,06 Gb Available Physical Memory | 46,94% Memory free
4,50 Gb Paging File | 3,03 Gb Available in Paging File | 67,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195,41 Gb Total Space | 70,99 Gb Free Space | 36,33% Space Free | Partition Type: NTFS
Drive D: | 400,66 Gb Total Space | 400,06 Gb Free Space | 99,85% Space Free | Partition Type: NTFS

Computer Name: DELL-PC | User Name: Dell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2014/11/10 10:14:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dell\Desktop\OTL.exe
PRC - [2014/09/10 12:19:05 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/09/10 12:15:41 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/05/08 14:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/09/10 19:42:58 | 000,069,792 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
PRC - [2013/04/09 06:37:10 | 000,479,824 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
PRC - [2013/02/26 01:28:44 | 000,357,456 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2013/02/26 01:28:30 | 000,104,528 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
PRC - [2013/02/26 01:28:26 | 000,436,304 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2013/02/26 00:54:34 | 013,242,960 | ---- | M] () -- C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe
PRC - [2013/02/26 00:30:42 | 000,087,120 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/11 15:15:28 | 000,721,048 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/05/08 12:48:36 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe
PRC - [2010/05/08 12:48:26 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe


========== Modules (No Company Name) ==========

MOD - [2014/10/22 05:04:57 | 008,910,664 | ---- | M] () -- C:\Users\Dell\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll
MOD - [2014/10/22 05:04:51 | 001,042,760 | ---- | M] () -- C:\Users\Dell\AppData\Local\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
MOD - [2014/10/22 05:04:49 | 000,211,272 | ---- | M] () -- C:\Users\Dell\AppData\Local\Google\Chrome\Application\38.0.2125.111\libegl.dll
MOD - [2014/10/22 05:04:48 | 001,681,224 | ---- | M] () -- C:\Users\Dell\AppData\Local\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
MOD - [2014/09/10 12:15:43 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/09/10 12:15:42 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
MOD - [2012/05/30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV - [2014/09/24 18:51:28 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/19 01:50:15 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/09/10 12:15:41 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/05/08 14:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/10 19:42:58 | 000,069,792 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (rpcnet)
SRV - [2013/05/27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/09 06:37:10 | 000,479,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter.exe -- (vmware-converter-worker)
SRV - [2013/04/09 06:37:10 | 000,479,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter.exe -- (vmware-converter-server)
SRV - [2013/04/09 06:33:48 | 000,479,824 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe -- (vmware-converter-agent)
SRV - [2013/02/26 01:28:44 | 000,357,456 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2013/02/26 01:28:26 | 000,436,304 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2013/02/26 00:54:34 | 013,242,960 | ---- | M] () [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)
SRV - [2013/02/26 00:30:42 | 000,087,120 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2012/10/11 15:15:28 | 000,721,048 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2011/12/29 20:10:07 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/05/08 12:48:36 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - [2014/09/10 12:19:01 | 000,414,520 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsp.sys -- (aswSP)
DRV - [2014/09/10 12:15:44 | 000,779,536 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014/09/10 12:15:44 | 000,192,352 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/09/10 12:15:44 | 000,081,768 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2014/09/10 12:15:44 | 000,071,944 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswStm.sys -- (aswStm)
DRV - [2014/09/10 12:15:44 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014/09/10 12:15:44 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014/09/10 12:15:44 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2013/07/25 15:53:46 | 000,018,944 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2013/02/26 01:28:06 | 000,026,192 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2013/02/26 01:28:04 | 000,062,416 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2013/02/26 01:27:48 | 000,037,016 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2013/02/26 01:27:46 | 000,016,664 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2013/02/22 02:28:38 | 000,054,992 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bmdrvr.sys -- (bmdrvr)
DRV - [2013/02/22 02:28:26 | 000,023,632 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vstor2-mntapi20-shared.sys -- (vstor2-mntapi20-shared)
DRV - [2012/10/24 13:16:58 | 000,061,464 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vsock.sys -- (vsock)
DRV - [2012/10/24 13:16:50 | 000,071,152 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2012/10/11 15:15:36 | 000,041,496 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2012/10/11 15:15:06 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmusb.sys -- (vmusb)
DRV - [2011/07/12 08:36:28 | 000,022,768 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vstor2-mntapi10-shared.sys -- (vstor2-mntapi10-shared)
DRV - [2010/11/20 22:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 22:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010/11/20 22:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010/11/20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 22:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2010/11/20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/20 13:30:18 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/20 13:30:18 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 11:50:40 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 11:50:38 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/08/12 12:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2010/07/13 09:56:36 | 000,065,640 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2010/05/22 14:48:20 | 000,070,656 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010/03/25 10:08:38 | 000,105,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010/03/20 11:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010/03/09 08:25:40 | 000,214,120 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2009/10/24 01:47:48 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/08/21 13:24:04 | 000,066,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/07/30 20:30:00 | 009,766,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/14 01:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/06/29 00:36:36 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2009/06/25 16:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 16:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 16:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/11/23 10:23:06 | 000,097,792 | ---- | M] (T0r0 2008) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NSHE.SYS -- (NSHE)
DRV - [2006/11/22 09:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3562986280-4176678261-1391110089-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3562986280-4176678261-1391110089-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 BF 36 04 77 E3 CC 01 [binary data]
IE - HKU\S-1-5-21-3562986280-4176678261-1391110089-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3562986280-4176678261-1391110089-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IESR02
IE - HKU\S-1-5-21-3562986280-4176678261-1391110089-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... IB_skSK566
IE - HKU\S-1-5-21-3562986280-4176678261-1391110089-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3562986280-4176678261-1391110089-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dell\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dell\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/10/26 09:33:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird


========== Chrome ==========

CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Dell\AppData\Local\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dell\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dell\AppData\Local\Google\Chrome\Application\38.0.2125.111\gcswf32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Dell\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: No name found = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: No name found = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: No name found = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.0.2204.148_0\
CHR - Extension: No name found = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [vmware-tray.exe] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKU\S-1-5-21-3562986280-4176678261-1391110089-1000..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3562986280-4176678261-1391110089-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.10.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F59C0C5-1541-47F8-9D1A-222883634193}: DhcpNameServer = 10.10.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DF79EFE-62DB-4EB4-8376-CA61FCF1FAFD}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FEF284E9-35D0-4332-A6F7-93256D5373D6}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{fb7f6d00-3b9a-11e1-a606-ef6bf80f97ac}\Shell - "" = AutoRun
O33 - MountPoints2\{fb7f6d00-3b9a-11e1-a606-ef6bf80f97ac}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.VMnc - C:\Windows\System32\vmnc.dll (VMware, Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2014/11/10 10:14:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dell\Desktop\OTL.exe
[2014/11/10 10:06:32 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014/11/10 10:06:32 | 000,000,000 | ---D | C] -- C:\rsit

========== Files - Modified Within 7 Days ==========

[2014/11/10 10:20:49 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014/11/10 10:14:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dell\Desktop\OTL.exe
[2014/11/10 10:11:05 | 000,026,352 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/10 10:11:05 | 000,026,352 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/10 09:59:00 | 000,000,942 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3562986280-4176678261-1391110089-1000UA1ced27ec4050290.job
[2014/11/10 09:58:04 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf2a9da140c3d0.job
[2014/11/10 09:56:51 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/11/10 09:56:48 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2014/11/10 09:56:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/11/10 07:50:54 | 000,069,792 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2014/11/10 07:50:39 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/10 07:50:16 | 1810,649,088 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/05 21:59:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3562986280-4176678261-1391110089-1000Core.job

========== Files Created - No Company Name ==========

[2014/11/10 10:20:49 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014/10/19 16:32:51 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2014/09/10 12:15:59 | 000,192,352 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014/09/10 12:15:57 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2014/09/10 12:15:56 | 000,024,184 | ---- | C] () -- C:\Windows\System32\drivers\aswHwid.sys
[2013/06/19 02:31:15 | 000,028,672 | ---- | C] () -- C:\Windows\System32\hlduinst.exe
[2013/05/12 18:51:47 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE
[2013/01/01 13:19:25 | 000,006,836 | ---- | C] () -- C:\Windows\System32\UNWISE.INI

========== ZeroAccess Check ==========

[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========


========== Purity Check ==========



========== Custom Scans ==========

< >
[2009/07/14 05:53:46 | 000,032,650 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2012/01/13 20:25:01 | 000,000,890 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3562986280-4176678261-1391110089-1000Core.job
[2013/09/11 12:08:47 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013/10/26 20:08:33 | 000,000,942 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3562986280-4176678261-1391110089-1000UA1ced27ec4050290.job
[2013/12/15 21:17:53 | 000,000,920 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2014/02/15 23:31:12 | 000,000,924 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf2a9da140c3d0.job

< >

< MD5 for: ATAPI.SYS >
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_a5025d31bee4647c\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_df26d4d57fdef5b0\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_dfc9143c98e9a6c4\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010/11/20 22:29:06 | 000,668,160 | ---- | M] () MD5=536543085130BD844A6EA1E80E6C216B -- C:\Windows\System32\autochk.exe
[2010/11/20 22:29:06 | 000,668,160 | ---- | M] () MD5=536543085130BD844A6EA1E80E6C216B -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2010/11/20 22:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010/11/20 22:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010/11/20 22:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010/11/20 22:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

< MD5 for: HAL.DLL >
[2010/11/20 22:29:19 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\System32\hal.dll
[2010/11/20 22:29:19 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll

< MD5 for: SCECLI.DLL >
[2010/11/20 22:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 22:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

< MD5 for: SERVICES.EXE >
[2009/07/14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: TCPIP.SYS >
[2011/04/25 05:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2010/11/20 22:29:20 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2011/09/29 17:17:18 | 001,303,920 | ---- | M] (Microsoft Corporation) MD5=3C1C41E317710F74CEC1E7F0D5325993 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_b5a84e10ddca7566\tcpip.sys
[2013/01/04 05:56:23 | 001,308,504 | ---- | M] (Microsoft Corporation) MD5=4A95845C5F33A4DDEB6AEF6367FB6520 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_b5becc06ddb98192\tcpip.sys
[2013/07/06 06:05:35 | 001,293,760 | ---- | M] (Microsoft Corporation) MD5=4E8B9BE71B807B3BAEDB7F4243F85E3C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_b52f2f65c4a146e5\tcpip.sys
[2013/07/06 05:57:37 | 001,309,120 | ---- | M] (Microsoft Corporation) MD5=528F7CC60391DD0FAB0344F32F051FDF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_b5721e2eddf328f9\tcpip.sys
[2014/04/05 03:25:01 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=5579DD18546999F5D0EC39D018726C6B -- C:\Windows\System32\drivers\tcpip.sys
[2014/04/05 03:25:01 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=5579DD18546999F5D0EC39D018726C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18438_none_b513c4dfc4b513b9\tcpip.sys
[2013/05/08 07:15:22 | 001,309,032 | ---- | M] (Microsoft Corporation) MD5=6088D01FAD49729EA0A5A3D9B9BA8B84 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22319_none_b5b3fe00ddc19aaa\tcpip.sys
[2011/09/29 17:03:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_b4d1ffa1c4e682b5\tcpip.sys
[2013/09/07 03:06:48 | 001,309,120 | ---- | M] (Microsoft Corporation) MD5=6C4F3D92764FFA22D28061A4D9235446 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_b58e8eb0ddde6cf1\tcpip.sys
[2011/04/25 07:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2013/01/03 06:05:20 | 001,293,672 | ---- | M] (Microsoft Corporation) MD5=7C0507D2391AF5933600CBCED799F277 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_b502eb9fc4c2a304\tcpip.sys
[2012/03/30 11:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_b52e5147c4a202d7\tcpip.sys
[2012/03/30 10:04:23 | 001,306,480 | ---- | M] (Microsoft Corporation) MD5=88FCDB9923EFECA207B3CEBD24407126 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_b583df0adde66104\tcpip.sys
[2013/09/08 03:07:12 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=CA59F7C570AF70BC174F477CFE2D9EE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_b4fa2013c4c8ebf1\tcpip.sys
[2013/05/08 06:38:00 | 001,293,672 | ---- | M] (Microsoft Corporation) MD5=D32FDAC73FCD76B85389C39BC1087F2A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18148_none_b508ef41c4bd3835\tcpip.sys
[2012/10/03 17:44:01 | 001,308,040 | ---- | M] (Microsoft Corporation) MD5=D490DD0A91B4EAC3B4EE08D11EE37C31 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_b5a428d6ddce3d9a\tcpip.sys
[2013/11/26 12:07:37 | 001,309,632 | ---- | M] (Microsoft Corporation) MD5=DC08335B30D83FB61E9EFE6FDD09D40D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22525_none_b5a530b8ddcd4b8d\tcpip.sys
[2012/10/03 17:58:30 | 001,293,680 | ---- | M] (Microsoft Corporation) MD5=E23A56F843E2AEBBB209D0ACCA73C640 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_b4ef7439c4d0da52\tcpip.sys
[2014/04/05 03:16:21 | 001,310,144 | ---- | M] (Microsoft Corporation) MD5=EA47AB18E289333AB94397D77CA6E3A1 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22648_none_b59293a4dddacc9b\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010/11/20 22:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 22:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

< MD5 for: WINLOGON.EXE >
[2014/07/16 03:56:14 | 000,304,640 | ---- | M] (Microsoft Corporation) MD5=4F37B93C14AEE313BEC52A23AFB15C2E -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_7224b2134c7555fa\winlogon.exe
[2014/07/17 02:39:27 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=52449FD429D6053B78AE564DEF303870 -- C:\Windows\System32\winlogon.exe
[2014/07/17 02:39:27 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=52449FD429D6053B78AE564DEF303870 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_71a5e34e334f9d18\winlogon.exe
[2010/11/20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2014/03/04 10:17:02 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=998507B046BA314CE8245364C686FA67 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_71da23b23327143c\winlogon.exe
[2014/03/04 11:39:02 | 000,304,640 | ---- | M] (Microsoft Corporation) MD5=D53972F87D850CD2EB4B29B60CAFDD77 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_7255f1994c4f8119\winlogon.exe

< >

< %systemroot%*.* /U /s >
[8 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\90ea0321aa072eb28243e492f8a57229\*.tmp files -> C:\Windows\SoftwareDistribution\Download\90ea0321aa072eb28243e492f8a57229\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\ba4d72e1456a4fe731912ebe8a444bea\*.tmp files -> C:\Windows\SoftwareDistribution\Download\ba4d72e1456a4fe731912ebe8a444bea\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\bbb07318df466c545ff7a440dd9dd487\*.tmp files -> C:\Windows\SoftwareDistribution\Download\bbb07318df466c545ff7a440dd9dd487\*.tmp -> ]
[15 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2013/12/15 21:20:25 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Roaming\Adobe
[2013/09/25 17:26:39 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Roaming\Apple Computer
[2014/09/10 12:19:35 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Roaming\AVAST Software
[2014/09/10 12:22:06 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Roaming\Dropbox
[2013/01/01 13:25:47 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Roaming\GHISLER
[2013/12/17 21:47:27 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Roaming\Google
[2011/12/29 20:11:44 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Roaming\Identities
[2012/01/13 20:50:15 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Roaming\Macromedia
[2010/11/21 01:46:50 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Roaming\Media Center Programs
[2013/12/15 21:20:25 | 000,000,000 | --SD | M] -- C:\Users\Dell\AppData\Roaming\Microsoft
[2013/09/22 20:28:37 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Roaming\VMware

< %APPDATA%\*.exe /s >
[2014/03/19 13:17:02 | 032,667,896 | ---- | M] (Dropbox, Inc.) -- C:\Users\Dell\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2014/03/19 13:18:14 | 000,244,648 | ---- | M] (Dropbox, Inc.) -- C:\Users\Dell\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
[2014/03/19 13:17:06 | 000,143,616 | ---- | M] (Dropbox, Inc.) -- C:\Users\Dell\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2014/11/10 09:56:51 | 000,000,830 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2014/11/10 07:50:39 | 000,000,920 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2014/11/10 10:34:35 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf2a9da140c3d0.job
[2014/11/05 21:59:00 | 000,000,890 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3562986280-4176678261-1391110089-1000Core.job
[2014/11/10 09:59:00 | 000,000,942 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3562986280-4176678261-1391110089-1000UA1ced27ec4050290.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2014/11/10 10:11:05 | 000,026,352 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/10 10:11:05 | 000,026,352 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/10 07:50:54 | 000,069,792 | ---- | M] (Absolute Software Corp.) -- C:\Windows\system32\rpcnet.dll
[2014/11/10 09:56:48 | 000,017,408 | ---- | M] () -- C:\Windows\system32\rpcnetp.exe

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Google Update" = "C:\Users\Dell\AppData\Local\Google\Update\GoogleUpdate.exe" /c -- [2014/10/26 21:54:33 | 000,107,912 | ---- | M] (Google Inc.)
"ApplePhotoStreams" = C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe -- [2013/09/15 13:34:06 | 000,059,720 | ---- | M] (Apple Inc.)
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -- [2013/12/15 21:18:14 | 000,039,408 | ---- | M] (Google Inc.)

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2014/10/07 03:04:46 | 000,812,736 | ---- | M] (Microsoft Corporation) MD5=F9F310F9FB7F294F00ABDD03453D8CEE -- C:\Program Files\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014/11/10 10:20:49 | 000,000,512 | ---- | M] () MD5=0292556206A2B2A13569639EB01AFBA6 -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2008/04/12 10:51:10 | 006,791,965 | ---- | M] () -- \Users\Dell\Desktop\Music\hiphop & love\LoveHipHop\By echo\Oblubene\dR.crack feat.venusa-Pod mrakom smutku.mp3

< *keygen* /s >

< *loader* /s >
[2014/09/10 12:15:41 | 000,071,968 | ---- | M] () -- \Program Files\AVAST Software\Avast\aswWrcIELoader32.exe
[2013/09/13 18:51:30 | 000,008,827 | ---- | M] () -- \Program Files\Common Files\Apple\Apple Application Support\WebKit.resources\inspector\HeapSnapshotLoader.js
[2013/09/15 13:34:08 | 000,059,720 | ---- | M] () -- \Program Files\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
[2013/09/15 13:34:08 | 001,108,296 | ---- | M] () -- \Program Files\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader_main.dll
[2013/09/14 00:50:46 | 000,008,827 | ---- | M] () -- \Program Files\Common Files\Apple\Internet Services\WebKit.resources\inspector\HeapSnapshotLoader.js
[2014/02/20 14:10:32 | 000,003,208 | ---- | M] () -- \Users\Dell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6SDNK87F\ajax-loader[1].gif
[2014/11/03 18:53:20 | 000,001,841 | ---- | M] () -- \Users\Dell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LUVH6A32\onemscomjscssloader[1].js
[2014/11/03 18:53:16 | 000,001,231 | ---- | M] () -- \Users\Dell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T0JJOQPM\oneMscomJsCssLoader[1].js
[2014/11/03 18:54:28 | 000,001,232 | ---- | M] () -- \Users\Dell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T0JJOQPM\oneMscomJsCssLoader[2].js
[2014/02/20 14:10:17 | 000,003,208 | ---- | M] () -- \Users\Dell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XU89BZPY\be1cede9.ajax-loader[1].gif
[2014/08/31 12:14:50 | 000,000,723 | ---- | M] () -- \Users\Dell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZDC1N0JT\ajax-loader[1].gif
[2013/06/20 09:56:16 | 000,000,569 | ---- | M] () -- \Users\Dell\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Etka Updates Downloader.lnk
[2012/10/04 17:40:37 | 000,003,584 | ---- | M] () -- \Windows\SoftwareDistribution\Download\3ff711bc4427dabb76ec01747e125d2d\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_0c845227da39a5ef\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 17:29:45 | 000,003,584 | ---- | M] () -- \Windows\SoftwareDistribution\Download\3ff711bc4427dabb76ec01747e125d2d\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_0d3906c4f3370937\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/02 02:48:15 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009/07/14 05:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2010/11/21 01:38:44 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2010/11/21 01:38:44 | 000,033,344 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winload.exe.mui_3bc5b827
[2010/11/21 01:38:44 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winresume.exe.mui_ff8b5358
[2010/11/20 22:31:02 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2010/11/20 22:31:02 | 000,508,904 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winload.exe_75835076
[2010/11/20 22:31:02 | 000,442,720 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953_winresume.exe_85cd1215
[2009/07/14 03:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009/07/14 03:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2010/11/21 01:37:59 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2010/11/20 22:23:54 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2009/07/14 02:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009/07/14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009/07/14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 05:15:45 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 17:40:37 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_0c845227da39a5ef\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 05:45:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/02 02:48:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 05:36:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_0d001876f3621e30\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 05:46:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_0d04f7bcf35dc79a\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/04 05:43:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22209_none_0d52a9aaf32333d8\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/02 06:53:29 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_0d3fdb3af3327f5f\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/03/04 11:35:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22616_none_0d44e078f32df860\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/04/12 03:03:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_0d169feaf3511c1f\api-ms-win-core-libraryloader-l1-1-0.dll

< End of report >
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Preventívka, poprosím o kontrolu

#5 Příspěvek od vyosek »

Ja tez na zaklade logu velmi pochybuji o legalnosti OS, pak je mi lito, ale my se tu nelegalnimi systemy nezabyvame...
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
biblbrox
Návštěvník
Návštěvník
Příspěvky: 52
Registrován: 23 lis 2007 19:28

Re: Preventívka, poprosím o kontrolu

#6 Příspěvek od biblbrox »

V poriadku, chápem. Pekný deň prajem.
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Preventívka, poprosím o kontrolu

#7 Příspěvek od vyosek »

Neni zac, pekny zbytek dne i Vam :worship:


:closed:
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Zamčeno

Zpět na „Preventivní kontroly logů“