RTC audio PnP listener Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Uživatelský avatar
bbdra
Level 3
Level 3
Příspěvky: 467
Registrován: listopad 13
Pohlaví: Muž
Stav:
Offline

Re: RTC audio PnP listener

Příspěvekod bbdra » 28 lis 2017 03:22

Frst se freeznul, ale něco to vyčistilo, zkusím to ještě v nouzáku.


Fix result of Farbar Recovery Scan Tool (x86) Version: 27-11-2017
Ran by Adam2 (28-11-2017 02:57:33) Run:1
Running from C:\Documents and Settings\Adam2\Plocha
Loaded Profiles: Adam2 (Available Profiles: Adam2 & tester & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CloseProcesses:
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\MEGAsync\ShellExtX32.dll -> No File
SearchScopes: HKLM -> DefaultScope value is missing
S4 IntelIde; no ImagePath
C:\Documents and Settings\Adam2\Plocha\massive errors
C:\Documents and Settings\Administrator.BBDRA2-3D0A5E7C\Plocha\Massiveerror
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\MEGAsync\ShellExtX32.dll -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\MEGAsync\ShellExtX32.dll -> No File
Shortcut: C:\Documents and Settings\All Users.WINDOWS2\Nabídka Start\Programy\Hearthstone\Неаrthstone.lnk -> C:\Documents and Settings\Adam2\Data aplikací\Browsers\exe.rehcnual ateb enotshtraeh.bat (No File) <==== Cyrillic
Shortcut: C:\Documents and Settings\All Users.WINDOWS2\Plocha\Неarthstonе.lnk -> C:\Documents and Settings\Adam2\Data aplikací\Browsers\exe.rehcnual ateb enotshtraeh.bat (No File) <==== Cyrillic

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MEGA (Context menu) => key removed successfully.
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\System\CurrentControlSet\Services\IntelIde => key removed successfully.
IntelIde => service removed successfully.

Reklama
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: RTC audio PnP listener

Příspěvekod jaro3 » 28 lis 2017 09:54

Co problémy?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
bbdra
Level 3
Level 3
Příspěvky: 467
Registrován: listopad 13
Pohlaví: Muž
Stav:
Offline

Re: RTC audio PnP listener

Příspěvekod bbdra » 28 lis 2017 16:45

Pořád stejný. Ten fixlist.txt, dal by se použít v jiném SW?

28.11.2017 09.24.05 Full Scan Task completed Completion time: Today, 28.11.2017, 9:24
28.11.2017 09.24.03 Detected object (file) was deleted. C:\Documents and Settings\Adam2\Dokumenty\Downloads\Paní máša\ccsetup533.exe//CCleaner.exe File: C:\Documents and Settings\Adam2\Dokumenty\Downloads\Paní máša\ccsetup533.exe//CCleaner.exe Object name:: Backdoor.Win32.InfeCleaner.a
28.11.2017 09.23.15 Object (file) not processed. C:\Documents and Settings\Adam2\Dokumenty\Downloads\P780\Setup_WinThruster_2016.exe File: C:\Documents and Settings\Adam2\Dokumenty\Downloads\P780\Setup_WinThruster_2016.exe Object name:: Hoax.Win32.DeceptPCClean.bu Reason: Allowed by user
28.11.2017 09.23.14 Object (file) not processed. C:\AdwCleaner\Quarantine\files\onnkufttkoflzggcuzacjesaakovragm\OFFLINE\68385B83\A7CBC777\WinThruster.exe File: C:\AdwCleaner\Quarantine\files\onnkufttkoflzggcuzacjesaakovragm\OFFLINE\68385B83\A7CBC777\WinThruster.exe Object name:: Hoax.Win32.DeceptPCClean.ag Reason: Allowed by user
28.11.2017 09.23.13 Object (file) not processed. C:\AdwCleaner\Quarantine\files\onnkufttkoflzggcuzacjesaakovragm\OFFLINE\56EA7D95\9A1BC107\WinThruster64.exe File: C:\AdwCleaner\Quarantine\files\onnkufttkoflzggcuzacjesaakovragm\OFFLINE\56EA7D95\9A1BC107\WinThruster64.exe Object name:: Hoax.Win32.DeceptPCClean.ag Reason: Allowed by user
28.11.2017 09.23.11 Object (file) not processed. C:\AdwCleaner\Quarantine\files\onnkufttkoflzggcuzacjesaakovragm\OFFLINE\2AB3B381\97827A85\UpDates.exe File: C:\AdwCleaner\Quarantine\files\onnkufttkoflzggcuzacjesaakovragm\OFFLINE\2AB3B381\97827A85\UpDates.exe Object name:: Hoax.Win32.DeceptPCClean.ag Reason: Allowed by user
28.11.2017 07.00.45 Detected software that may cause harm: (file). C:\Documents and Settings\All Users\Data aplikací\RogueKiller\Quarantine\983C9A949A189FF7.vir File: C:\Documents and Settings\All Users\Data aplikací\RogueKiller\Quarantine\983C9A949A189FF7.vir Object name:: not-a-virus:HEUR:RiskTool.Win32.BitCoinMiner.gen
28.11.2017 07.00.45 Detected software that may cause harm: (file). C:\Documents and Settings\All Users\Data aplikací\RogueKiller\Quarantine\983C9A949A189FF7.vir File: C:\Documents and Settings\All Users\Data aplikací\RogueKiller\Quarantine\983C9A949A189FF7.vir Object name:: not-a-virus:HEUR:RiskTool.Win32.BitCoinMiner.gen
28.11.2017 06.40.36 Object (file) not processed. C:\Documents and Settings\Adam2\Dokumenty\Downloads\Paní máša\ccsetup533.exe//CCleaner.exe File: C:\Documents and Settings\Adam2\Dokumenty\Downloads\Paní máša\ccsetup533.exe//CCleaner.exe Object name:: Backdoor.Win32.InfeCleaner.a Reason: Postponed
28.11.2017 06.40.36 Object (file) detected. C:\Documents and Settings\Adam2\Dokumenty\Downloads\Paní máša\ccsetup533.exe//CCleaner.exe File: C:\Documents and Settings\Adam2\Dokumenty\Downloads\Paní máša\ccsetup533.exe//CCleaner.exe Object name:: Backdoor.Win32.InfeCleaner.a
28.11.2017 06.39.50 Object (file) not processed. C:\Documents and Settings\Adam2\Dokumenty\Downloads\P780\Setup_WinThruster_2016.exe File: C:\Documents and Settings\Adam2\Dokumenty\Downloads\P780\Setup_WinThruster_2016.exe Object name:: Hoax.Win32.DeceptPCClean.bu Reason: Postponed
28.11.2017 06.39.50 Object (file) detected. C:\Documents and Settings\Adam2\Dokumenty\Downloads\P780\Setup_WinThruster_2016.exe File: C:\Documents and Settings\Adam2\Dokumenty\Downloads\P780\Setup_WinThruster_2016.exe Object name:: Hoax.Win32.DeceptPCClean.bu
28.11.2017 04.37.54 Object (file) not processed. C:\AdwCleaner\Quarantine\files\onnkufttkoflzggcuzacjesaakovragm\OFFLINE\68385B83\A7CBC777\WinThruster.exe File: C:\AdwCleaner\Quarantine\files\onnkufttkoflzggcuzacjesaakovragm\OFFLINE\68385B83\A7CBC777\WinThruster.exe Object name:: Hoax.Win32.DeceptPCClean.ag Reason: Postponed
28.11.2017 04.37.54 Object (file) detected. C:\AdwCleaner\Quarantine\files\onnkufttkoflzggcuzacjesaakovragm\OFFLINE\68385B83\A7CBC777\WinThruster.exe File: C:\AdwCleaner\Quarantine\files\onnkufttkoflzggcuzacjesaakovragm\OFFLINE\68385B83\A7CBC777\WinThruster.exe Object name:: Hoax.Win32.DeceptPCClean.ag
28.11.2017 04.37.52 Object (file) not processed. C:\AdwCleaner\Quarantine\files\onnkufttkoflzggcuzacjesaakovragm\OFFLINE\56EA7D95\9A1BC107\WinThruster64.exe File: C:\AdwCleaner\Quarantine\files\onnkufttkoflzggcuzacjesaakovragm\OFFLINE\56EA7D95\9A1BC107\WinThruster64.exe Object name:: Hoax.Win32.DeceptPCClean.ag Reason: Postponed
28.11.2017 04.37.52 Object (file) detected. C:\AdwCleaner\Quarantine\files\onnkufttkoflzggcuzacjesaakovragm\OFFLINE\56EA7D95\9A1BC107\WinThruster64.exe File: C:\AdwCleaner\Quarantine\files\onnkufttkoflzggcuzacjesaakovragm\OFFLINE\56EA7D95\9A1BC107\WinThruster64.exe Object name:: Hoax.Win32.DeceptPCClean.ag
28.11.2017 04.37.49 Object (file) not processed. C:\AdwCleaner\Quarantine\files\onnkufttkoflzggcuzacjesaakovragm\OFFLINE\2AB3B381\97827A85\UpDates.exe File: C:\AdwCleaner\Quarantine\files\onnkufttkoflzggcuzacjesaakovragm\OFFLINE\2AB3B381\97827A85\UpDates.exe Object name:: Hoax.Win32.DeceptPCClean.ag Reason: Postponed
28.11.2017 04.37.49 Object (file) detected. C:\AdwCleaner\Quarantine\files\onnkufttkoflzggcuzacjesaakovragm\OFFLINE\2AB3B381\97827A85\UpDates.exe File: C:\AdwCleaner\Quarantine\files\onnkufttkoflzggcuzacjesaakovragm\OFFLINE\2AB3B381\97827A85\UpDates.exe Object name:: Hoax.Win32.DeceptPCClean.ag
28.11.2017 04.16.36 Full Scan Task started Time:: Today, 28.11.2017, 4:16

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: RTC audio PnP listener

Příspěvekod jaro3 » 28 lis 2017 17:45

To je výpis z čeho?
Chceš udělat script smazání z jiného PC? Bylo by lepší si založit na to nové téma.

popiš problémy , které se týkají řešeného PC.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
bbdra
Level 3
Level 3
Příspěvky: 467
Registrován: listopad 13
Pohlaví: Muž
Stav:
Offline

Re: RTC audio PnP listener

Příspěvekod bbdra » 28 lis 2017 19:28

Tohle byl výpis z kaspersky internet security 2015. Udělal jsem si Full scan + rootkit scan. :-)

Chceš udělat script smazání z jiného PC?


Druhý PC sice mám, ale nevím zda by to šlo, jsou propojeny přes wifi router lan kabelem, ale zajímavý je, že tento počítač ten druhý nevidí v síti, kdežo ten druý vidí v síti oba počítače, ale když se chci připojit k tomuto PC vzdáleně přes průzkumníka, tak to po mě chce neznámé heslo(asi nějaký token či co)
viz. téma viewtopic.php?f=8&t=189520&p=1475411#p1475411

Nevím, nevím raději bych to zkusil vymazat přes nějakou utilitu, která mi nedělá problémy, mezi takové patří například utilita AVZ guard, ale nevím zda to pochopí tvůj zdrojový kód, nebo bude nutné ho nějak upravit. Mám pocit, že existuje i nějaká OTL utilita do které se píšou zdrojové kódy, v ní by to nešlo udělat?

Jinak problémy jsou:
Nedočištěný comodo internet security- je potřeba odinstalovat jeho součásti a vymazat registry.
Poškozený chromodo browser- nepřerává hudbu na soundcloudu a videa na fb.(reinstal aplikace nepomohl, problém bude jinde. Jedná se o verzi pro win xp, žádné aktualizae jsem nedělal, chyba nastala po stahování a instalaci aplikace pro správu lenovo a jiných mobilů v pc, instalace byla přerušena z důvodů její rozsáhlosti a modifikacím, nalezené nechtěné aplikace a viry, následně vyčištěno)
Nefunkční plugin Massive- Zřejmě zablokované spouštění součásti. Některé jeho součásti nejdou z pc odstranit. Tento problém mám od chvíle kdy jsem čistil PC od malwaru.

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: RTC audio PnP listener

Příspěvekod jaro3 » 28 lis 2017 21:26

To nejde z adwcleaneru vymazat karanténu? Z Rogue Killeru taky ne?

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:
C:\Documents and Settings\Adam2\Dokumenty\Downloads\Paní máša\ccsetup533.exe//CCleaner.exe
C:\Documents and Settings\Adam2\Dokumenty\Downloads\P780\Setup_WinThruster_2016.exe
C:\AdwCleaner\Quarantine\files\onnkufttkoflzggcuzacjesaakovragm
C:\Documents and Settings\All Users\Data aplikací\RogueKiller\Quarantine\983C9A949A189FF7.vir
C:\Documents and Settings\Adam2\Dokumenty\Downloads\Paní máša\ccsetup533.exe//CCleaner.exe

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

Ono je taky možné , že se nacházejí na těch vadných sektorech a proto nejdeou smazat , je jen zápis , že tam jsou , ale fakticky tam už nejsou ( jsou poškozeny).

Napiš ještě co chceš smazat..Ono s těmi disky bude stejně potíž.

ještě dáme otl:
Stáhni si OTL by OldTimer
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť “LOP“ a Kontrola na havěť “ Purity“ . Klikni na Prohledat. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt

Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
bbdra
Level 3
Level 3
Příspěvky: 467
Registrován: listopad 13
Pohlaví: Muž
Stav:
Offline

Re: RTC audio PnP listener

Příspěvekod bbdra » 02 pro 2017 09:53

jaro3 píše:To nejde z adwcleaneru vymazat karanténu? Z Rogue Killeru taky ne?

Toho roguekillera jsem přehlídl, používám totiž primárně ten 32 bitový old version. Tady ten nový mi většinonu zavaří procesor a pc se mi potom sekne. A z adw cleaneru to vymazat nejde, teda aspoň né u verze pro xpčka. Každopádně to co bylo v roguekillerovské karanténě jsem smazal. Ještě udělám FRST, ale asi se to zase freezne.

Uživatelský avatar
bbdra
Level 3
Level 3
Příspěvky: 467
Registrován: listopad 13
Pohlaví: Muž
Stav:
Offline

Re: RTC audio PnP listener

Příspěvekod bbdra » 02 pro 2017 10:17

Fix se nedokončil, klasicky se chvilku po začátku sekl.

Fix result of Farbar Recovery Scan Tool (x86) Version: 30-11-2017
Ran by Adam2 (02-12-2017 09:55:52) Run:5
Running from C:\Documents and Settings\Adam2\Plocha
Loaded Profiles: Adam2 (Available Profiles: Adam2 & tester & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
StartStart
CloseProcesses:
C:\Documents and Settings\Adam2\Dokumenty\Downloads\Paní máša\ccsetup533.exe//CCleaner.exe
C:\Documents and Settings\Adam2\Dokumenty\Downloads\P780\Setup_WinThruster_2016.exe
C:\AdwCleaner\Quarantine\files\onnkufttkoflzggcuzacjesaakovragm
C:\Documents and Settings\All Users\Data aplikací\RogueKiller\Quarantine\983C9A949A189FF7.vir
C:\Documents and Settings\Adam2\Dokumenty\Downloads\Paní máša\ccsetup533.exe//CCleaner.exe

EmptyTemp:
End
*****************

StartStart => Error: No automatic fix found for this entry.
Processes closed successfully.
"C:\Documents and Settings\Adam2\Dokumenty\Downloads\Paní máša\ccsetup533.exe//CCleaner.exe" => not found.
C:\Documents and Settings\Adam2\Dokumenty\Downloads\P780\Setup_WinThruster_2016.exe => moved successfully

Uživatelský avatar
bbdra
Level 3
Level 3
Příspěvky: 467
Registrován: listopad 13
Pohlaví: Muž
Stav:
Offline

Re: RTC audio PnP listener

Příspěvekod bbdra » 02 pro 2017 10:43

OTL logfile created on: 2.12.2017 10:23:29 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Adam2\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,25 Gb Total Physical Memory | 2,70 Gb Available Physical Memory | 83,17% Memory free
5,08 Gb Paging File | 4,71 Gb Available in Paging File | 92,68% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS2 | %ProgramFiles% = C:\Program Files
Drive C: | 1863,02 Gb Total Space | 1469,94 Gb Free Space | 78,90% Space Free | Partition Type: NTFS

Computer Name: BBDRA2-3D0A5E7C | User Name: Adam2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Adam2\Plocha\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Zemana AntiMalware\ZAM.exe (Copyright 2017.)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe (Foxit Software Inc.)
PRC - C:\WINDOWS2\system32\KaraokeSer.exe (VIA Technologies, Inc.)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
PRC - C:\Program Files\Comodo\Chromodo\chromodo_updater.exe (Comodo)
PRC - C:\Program Files\NetLimiter 3\nlsvc.exe (Locktime Software)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\WINDOWS2\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll ()
MOD - C:\Program Files\NVIDIA Corporation\Update Core\detoured.dll ()


========== Services (SafeList) ==========

SRV - (AVP15.0.2) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe (Kaspersky Lab ZAO)
SRV - (ZAMSvc) -- C:\Program Files\Zemana AntiMalware\ZAM.exe (Copyright 2017.)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (FoxitReaderService) -- C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe (Foxit Software Inc.)
SRV - (KaraokeService) -- C:\WINDOWS2\system32\KaraokeSer.exe (VIA Technologies, Inc.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (NvNetworkService) -- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
SRV - (ChromodoUpdater) -- C:\Program Files\Comodo\Chromodo\chromodo_updater.exe (Comodo)
SRV - (Disc Soft Lite Bus Service) -- C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe (Disc Soft Ltd)
SRV - (nlsvc) -- C:\Program Files\NetLimiter 3\nlsvc.exe (Locktime Software)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)


========== Driver Services (SafeList) ==========

DRV - (PCIDump) -- File not found
DRV - (KLIF) -- C:\WINDOWS2\system32\drivers\klif.sys (Kaspersky Lab ZAO)
DRV - (kneps) -- C:\WINDOWS2\system32\drivers\kneps.sys (Kaspersky Lab ZAO)
DRV - (kltdi) -- C:\WINDOWS2\system32\drivers\kltdi.sys (Kaspersky Lab ZAO)
DRV - (klpd) -- C:\WINDOWS2\system32\drivers\klpd.sys (Kaspersky Lab ZAO)
DRV - (kl1) -- C:\WINDOWS2\system32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (klflt) -- C:\WINDOWS2\system32\drivers\klflt.sys (Kaspersky Lab ZAO)
DRV - (kldisk) -- C:\WINDOWS2\system32\drivers\kldisk.sys (Kaspersky Lab ZAO)
DRV - (klkbdflt) -- C:\WINDOWS2\system32\drivers\klkbdflt.sys (Kaspersky Lab ZAO)
DRV - (klmouflt) -- C:\WINDOWS2\system32\drivers\klmouflt.sys (Kaspersky Lab ZAO)
DRV - (klhk) -- C:\WINDOWS2\system32\drivers\klhk.sys (AO Kaspersky Lab)
DRV - (cm_km_w) -- C:\WINDOWS2\system32\drivers\cm_km_w.sys (Kaspersky Lab UK Ltd)
DRV - (ZAM) -- C:\WINDOWS2\system32\drivers\zam32.sys (Zemana Ltd.)
DRV - (ZAM_Guard) -- C:\WINDOWS2\system32\drivers\zamguard32.sys (Zemana Ltd.)
DRV - (dtlitescsibus) -- C:\WINDOWS2\system32\drivers\dtlitescsibus.sys (Disc Soft Ltd)
DRV - (NVHDA) -- C:\WINDOWS2\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (VIAHdAudAddService) -- C:\WINDOWS2\system32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (AMBFilt) -- C:\WINDOWS2\system32\drivers\Ambfilt.sys (Creative)
DRV - (MonFilt) -- C:\WINDOWS2\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (amdide) -- C:\WINDOWS2\system32\drivers\amdide.sys (Advanced Micro Devices Inc.)
DRV - (HWiNFO32) -- C:\WINDOWS2\system32\drivers\HWiNFO32.SYS (REALiX(tm))
DRV - (hamachi) -- C:\WINDOWS2\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (RTLE8023xp) -- C:\WINDOWS2\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (kltdf) -- C:\WINDOWS2\system32\drivers\kltdf.sys (Kaspersky Lab ZAO)
DRV - (nltdi) -- C:\Program Files\NetLimiter 3\nltdi.sys (Locktime Software)
DRV - (NLNdisPT) -- C:\WINDOWS2\system32\drivers\nlndis.sys (Locktime Software)
DRV - (NLNdisMP) -- C:\WINDOWS2\system32\drivers\nlndis.sys (Locktime Software)
DRV - (klim5) -- C:\WINDOWS2\system32\drivers\klim5.sys (Kaspersky Lab ZAO)
DRV - (MBAMProtector) -- C:\WINDOWS2\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (speedfan) -- C:\WINDOWS2\system32\speedfan.sys (Almico Software)
DRV - (SCT_SKMScan) -- C:\WINDOWS2\system32\drivers\sct_skmscan.sys (Sophos Limited)
DRV - (WinUSB) -- C:\WINDOWS2\system32\drivers\winusb.sys (Microsoft Corporation)
DRV - (usbfilter) -- C:\WINDOWS2\system32\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - (giveio) -- C:\WINDOWS2\system32\giveio.sys ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS2\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-329068152-1645522239-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS2\system32\blank.htm
IE - HKU\S-1-5-21-329068152-1645522239-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-21-329068152-1645522239-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\S-1-5-21-329068152-1645522239-839522115-1003\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS2\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-329068152-1645522239-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-329068152-1645522239-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-329068152-1645522239-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@kaspersky.com/content_blocker_663BE8: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2017.11.28 02:40:55 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@kaspersky.com/online_banking_08806E: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2017.11.28 02:40:55 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@kaspersky.com/virtual_keyboard_074028: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2017.11.28 02:40:55 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS2\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS2\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2016.11.23 01:47:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker_663BE8@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2017.11.28 02:40:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard_074028@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2017.11.28 02:40:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking_08806E@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2017.11.28 02:40:55 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - Extension: No name found = C:\Documents and Settings\Adam2\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\
CHR - Extension: No name found = C:\Documents and Settings\Adam2\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Documents and Settings\Adam2\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Documents and Settings\Adam2\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho\4.0.9.130_0\
CHR - Extension: No name found = C:\Documents and Settings\Adam2\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\
CHR - Extension: No name found = C:\Documents and Settings\Adam2\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\
CHR - Extension: No name found = C:\Documents and Settings\Adam2\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.3_0\
CHR - Extension: No name found = C:\Documents and Settings\Adam2\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\

O1 HOSTS File: ([2017.11.24 00:31:29 | 000,000,027 | ---- | M]) - C:\WINDOWS2\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Virtual Keyboard Plugin) - {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {93BC2EA7-2F17-4729-948A-D2E03FFB2412} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-329068152-1645522239-839522115-1003\..\Toolbar\ShellBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS2\system32\browseui.dll (Společnost Microsoft)
O3 - HKU\S-1-5-21-329068152-1645522239-839522115-1003\..\Toolbar\WebBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS2\system32\browseui.dll (Společnost Microsoft)
O3 - HKU\S-1-5-21-329068152-1645522239-839522115-1003\..\Toolbar\WebBrowser: (&Odkazy) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS2\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe (VIA Technologies, Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NvBackend] C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [ZAM] C:\Program Files\Zemana AntiMalware\ZAM.exe (Copyright 2017.)
O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS2\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS2\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-329068152-1645522239-839522115-1003..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-329068152-1645522239-839522115-1003..\Run: [ctfmon.exe] C:\WINDOWS2\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-329068152-1645522239-839522115-1003..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-329068152-1645522239-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-329068152-1645522239-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-329068152-1645522239-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-329068152-1645522239-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-329068152-1645522239-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O9 - Extra Button: Virtual Keyboard - {5547CE1F-74E9-41E5-9CBF-5211ECC37341} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS2\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS2\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS2\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS2\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS2\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS2\system32\rsvpsp.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19E21823-6180-4C49-977C-5D3183C290D7}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS2\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS2\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS2\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS2\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS2\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS2\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS2\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS2\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS2\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS2\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS2\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS2\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS2\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS2\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS2\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS2\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS2\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS2\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS2\system32\userinit.exe) - C:\WINDOWS2\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS2\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS2\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS2\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS2\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS2\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS2\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS2\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS2\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS2\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS2\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS2\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS2\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS2\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS2\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS2\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS2\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS2\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS2\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS2\system32\browseui.dll (Společnost Microsoft)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Proces mezipaměti kategorií součástí - C:\WINDOWS2\system32\browseui.dll (Společnost Microsoft)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Adam2\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Adam2\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS2\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS2\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS2\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS2\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS2\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS2\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS2\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS2\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS2\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS2\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2015.04.30 21:28:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2017.12.02 10:23:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Adam2\Recent
[2017.12.02 10:18:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Adam2\Plocha\OTL.exe
[2017.11.28 02:57:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam2\Plocha\FRST-OlderVersion
[2017.11.28 02:23:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Nabídka Start\Programy\Kaspersky Internet Security
[2017.11.28 02:20:23 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2017.11.28 02:18:56 | 000,694,704 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS2\System32\drivers\klif.sys
[2017.11.28 02:18:56 | 000,125,656 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS2\System32\drivers\klflt.sys
[2017.11.28 02:18:55 | 000,053,168 | ---- | C] (AO Kaspersky Lab) -- C:\WINDOWS2\System32\drivers\klhk.sys
[2017.11.26 15:20:51 | 000,000,000 | ---D | C] -- C:\FRST
[2017.11.26 01:28:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam2\Plocha\massive errors
[2017.11.26 00:24:57 | 001,752,064 | ---- | C] (Farbar) -- C:\Documents and Settings\Adam2\Plocha\FRST.exe
[2017.11.24 13:53:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2017.11.24 00:30:20 | 000,000,000 | ---D | C] -- C:\WINDOWS2\temp
[2017.11.22 01:43:49 | 000,000,000 | ---D | C] -- C:\zoek
[2017.11.18 21:33:09 | 000,033,096 | ---- | C] (Sophos Limited) -- C:\WINDOWS2\System32\drivers\sct_skmscan.sys
[2017.11.18 21:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Nabídka Start\Programy\Sophos
[2017.11.18 15:54:24 | 008,261,584 | ---- | C] (Malwarebytes) -- C:\Documents and Settings\Adam2\Plocha\adwcleaner_7.0.4.0.exe
[2017.11.17 02:18:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam2\Nabídka Start\Programy\Native Instruments Massive
[2017.11.17 02:02:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Nabídka Start\Programy\FileASSASSIN
[2017.11.17 00:27:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS2\System32\GroupPolicy

========== Files - Modified Within 30 Days ==========

[2017.12.02 10:23:17 | 000,013,245 | ---- | M] () -- C:\WINDOWS2\ZAM_Guard.krnl.trace
[2017.12.02 10:23:13 | 000,025,598 | ---- | M] () -- C:\WINDOWS2\ZAM.krnl.trace
[2017.12.02 10:20:17 | 001,664,400 | ---- | M] () -- C:\WINDOWS2\System32\nvdrsdb1.bin
[2017.12.02 10:20:17 | 000,000,001 | ---- | M] () -- C:\WINDOWS2\System32\nvdrssel.bin
[2017.12.02 10:18:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adam2\Plocha\OTL.exe
[2017.12.02 10:12:16 | 001,664,400 | ---- | M] () -- C:\WINDOWS2\System32\nvdrsdb0.bin
[2017.12.02 10:04:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS2\System32\wpa.dbl
[2017.12.02 10:03:48 | 000,000,224 | ---- | M] () -- C:\WINDOWS2\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
[2017.12.02 10:03:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS2\bootstat.dat
[2017.12.02 09:55:29 | 001,752,064 | ---- | M] (Farbar) -- C:\Documents and Settings\Adam2\Plocha\FRST.exe
[2017.12.02 09:40:30 | 000,018,506 | ---- | M] () -- C:\WINDOWS2\System32\nvAppTimestamps
[2017.11.29 00:59:32 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\Adam2\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2017.11.28 02:56:32 | 000,000,664 | ---- | M] () -- C:\WINDOWS2\System32\d3d9caps.dat
[2017.11.28 02:33:39 | 000,694,704 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS2\System32\drivers\klif.sys
[2017.11.28 02:33:39 | 000,157,240 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS2\System32\drivers\kneps.sys
[2017.11.28 02:33:39 | 000,054,328 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS2\System32\drivers\kltdi.sys
[2017.11.28 02:33:39 | 000,023,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS2\System32\drivers\klpd.sys
[2017.11.28 02:33:38 | 000,155,304 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS2\System32\drivers\kl1.sys
[2017.11.28 02:33:38 | 000,125,656 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS2\System32\drivers\klflt.sys
[2017.11.28 02:33:38 | 000,054,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS2\System32\drivers\kldisk.sys
[2017.11.28 02:33:34 | 000,035,696 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS2\System32\drivers\klkbdflt.sys
[2017.11.28 02:33:34 | 000,035,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS2\System32\drivers\klmouflt.sys
[2017.11.28 02:33:33 | 000,053,168 | ---- | M] (AO Kaspersky Lab) -- C:\WINDOWS2\System32\drivers\klhk.sys
[2017.11.28 02:33:13 | 000,197,864 | ---- | M] (Kaspersky Lab UK Ltd) -- C:\WINDOWS2\System32\drivers\cm_km_w.sys
[2017.11.28 02:25:03 | 000,001,971 | ---- | M] () -- C:\Documents and Settings\Adam2\Plocha\Safe Money.lnk
[2017.11.28 02:23:02 | 000,001,871 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS2\Plocha\Kaspersky Internet Security.lnk
[2017.11.26 16:54:21 | 000,002,285 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS2\Plocha\Skype.lnk
[2017.11.26 03:06:09 | 000,016,850 | ---- | M] () -- C:\Documents and Settings\Adam2\Plocha\MemTest.zip
[2017.11.25 02:58:26 | 000,014,361 | ---- | M] () -- C:\Documents and Settings\Adam2\Plocha\delfix error.PNG
[2017.11.25 02:51:02 | 000,797,760 | ---- | M] () -- C:\Documents and Settings\Adam2\Plocha\delfix_1.013.exe
[2017.11.24 13:56:56 | 000,251,088 | ---- | M] () -- C:\WINDOWS2\System32\FNTCACHE.DAT
[2017.11.24 01:20:44 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Adam2\Plocha\MBR.dat
[2017.11.24 00:31:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS2\System32\drivers\etc\hosts
[2017.11.22 01:36:52 | 000,024,064 | ---- | M] () -- C:\WINDOWS2\zoek-delete.exe
[2017.11.22 01:36:49 | 001,313,792 | ---- | M] () -- C:\Documents and Settings\Adam2\Plocha\zoek.exe
[2017.11.21 07:03:49 | 000,024,688 | ---- | M] () -- C:\WINDOWS2\System32\drivers\TrueSight.sys
[2017.11.18 15:54:28 | 008,261,584 | ---- | M] (Malwarebytes) -- C:\Documents and Settings\Adam2\Plocha\adwcleaner_7.0.4.0.exe
[2017.11.17 02:02:48 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS2\Plocha\FileASSASSIN.lnk
[2017.11.10 01:57:09 | 078,765,438 | ---- | M] () -- C:\Documents and Settings\Adam2\Plocha\Payrex deep rmx.wav
[2017.11.05 20:48:44 | 000,493,054 | ---- | M] () -- C:\WINDOWS2\System32\perfh009.dat
[2017.11.05 20:48:44 | 000,488,758 | ---- | M] () -- C:\WINDOWS2\System32\perfh005.dat
[2017.11.05 20:48:44 | 000,083,598 | ---- | M] () -- C:\WINDOWS2\System32\perfc009.dat
[2017.11.05 20:48:43 | 000,097,396 | ---- | M] () -- C:\WINDOWS2\System32\perfc005.dat

========== Files Created - No Company Name ==========

[2017.11.28 02:25:03 | 000,001,971 | ---- | C] () -- C:\Documents and Settings\Adam2\Plocha\Safe Money.lnk
[2017.11.28 02:23:47 | 000,001,871 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS2\Plocha\Kaspersky Internet Security.lnk
[2017.11.26 03:06:44 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\Adam2\Plocha\memtest.exe
[2017.11.26 03:06:09 | 000,016,850 | ---- | C] () -- C:\Documents and Settings\Adam2\Plocha\MemTest.zip
[2017.11.25 02:58:25 | 000,014,361 | ---- | C] () -- C:\Documents and Settings\Adam2\Plocha\delfix error.PNG
[2017.11.25 02:51:02 | 000,797,760 | ---- | C] () -- C:\Documents and Settings\Adam2\Plocha\delfix_1.013.exe
[2017.11.22 01:45:31 | 000,024,064 | ---- | C] () -- C:\WINDOWS2\zoek-delete.exe
[2017.11.22 01:36:48 | 001,313,792 | ---- | C] () -- C:\Documents and Settings\Adam2\Plocha\zoek.exe
[2017.11.17 02:02:48 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS2\Plocha\FileASSASSIN.lnk
[2017.11.17 00:08:14 | 000,017,408 | ---- | C] () -- C:\WINDOWS2\System32\minimp3.exe
[2017.11.10 01:52:04 | 078,765,438 | ---- | C] () -- C:\Documents and Settings\Adam2\Plocha\Payrex deep rmx.wav
[2017.10.18 22:44:50 | 000,014,885 | ---- | C] () -- C:\Documents and Settings\Adam2\Local Settings\Data aplikací\recently-used.xbel
[2017.08.30 15:41:09 | 000,122,090 | ---- | C] () -- C:\Documents and Settings\Adam2\bitmap.png
[2017.08.30 15:39:04 | 000,116,427 | ---- | C] () -- C:\Documents and Settings\Adam2\g4957.png
[2017.06.16 16:35:13 | 000,057,244 | -H-- | C] () -- C:\WINDOWS2\System32\mlfcache.dat
[2017.06.16 15:52:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS2\System32\d3d9caps.dat
[2017.06.16 01:16:54 | 000,717,154 | -HS- | C] () -- C:\Documents and Settings\Adam2\Local Settings\Data aplikací\CSIDL_
[2017.04.13 23:56:46 | 001,441,295 | ---- | C] () -- C:\Documents and Settings\Adam2\bitmapplakát.png
[2017.04.07 12:38:21 | 000,003,722 | ---- | C] () -- C:\Documents and Settings\Adam2\advanced_ip_scanner_MAC.bin
[2017.04.07 12:38:20 | 000,000,041 | ---- | C] () -- C:\Documents and Settings\Adam2\advanced_ip_scanner_Aliases.bin
[2017.04.04 01:01:50 | 000,024,688 | ---- | C] () -- C:\WINDOWS2\System32\drivers\TrueSight.sys
[2017.03.04 11:15:46 | 001,012,993 | ---- | C] () -- C:\WINDOWS2\System32\bmaker.exe
[2016.12.20 20:24:01 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Adam2\Local Settings\Data aplikací\LumaEmu
[2016.11.22 00:19:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS2\System32\iacenc.dll
[2016.11.20 22:00:56 | 000,063,488 | ---- | C] () -- C:\Documents and Settings\Adam2\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2016.11.18 00:12:19 | 000,406,528 | ---- | C] () -- C:\WINDOWS2\System32\freetype.dll
[2016.11.18 00:08:07 | 000,515,192 | ---- | C] () -- C:\WINDOWS2\System32\QuickFontCache.dll
[2016.11.17 15:46:20 | 006,203,411 | ---- | C] () -- C:\WINDOWS2\System32\nvcoproc.bin
[2016.11.17 15:45:25 | 001,664,400 | ---- | C] () -- C:\WINDOWS2\System32\nvdrsdb1.bin
[2016.11.17 15:45:25 | 001,664,400 | ---- | C] () -- C:\WINDOWS2\System32\nvdrsdb0.bin
[2016.11.17 15:45:25 | 000,000,001 | ---- | C] () -- C:\WINDOWS2\System32\nvdrssel.bin
[2016.11.17 15:36:55 | 035,101,184 | ---- | C] () -- C:\WINDOWS2\System32\nvcompiler.dll
[2016.11.17 15:36:55 | 002,345,364 | ---- | C] () -- C:\WINDOWS2\System32\nvdata.data
[2016.11.17 14:19:44 | 000,004,293 | ---- | C] () -- C:\WINDOWS2\ODBCINST.INI
[2016.11.17 14:17:13 | 000,251,088 | ---- | C] () -- C:\WINDOWS2\System32\FNTCACHE.DAT
[2016.11.17 13:51:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS2\bootstat.dat
[2016.11.17 13:42:29 | 000,021,812 | ---- | C] () -- C:\WINDOWS2\System32\emptyregdb.dat
[2016.03.07 01:34:46 | 000,611,514 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-S-1-5-21-725345543-1078081533-839522115-1005-0.dat
[2016.02.08 00:41:43 | 000,135,418 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-S-1-5-21-725345543-1078081533-839522115-1007-0.dat
[2015.05.02 03:33:21 | 001,739,602 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-S-1-5-21-725345543-1078081533-839522115-1003-0.dat
[2015.05.02 03:33:20 | 000,165,298 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-System.dat

========== ZeroAccess Check ==========

[2017.06.16 19:36:23 | 000,000,227 | RHS- | M] () -- C:\WINDOWS2\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 08:51:56 | 001,499,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:56:05 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 08:52:06 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2016.11.05 17:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1234\Data aplikací\.minecraft
[2016.03.28 15:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1234\Data aplikací\.mono
[2016.11.05 17:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1234\Data aplikací\.technic
[2016.04.06 19:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1234\Data aplikací\Anhold7138
[2016.04.10 19:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1234\Data aplikací\Ashampoo
[2016.04.10 13:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1234\Data aplikací\Audacity
[2016.06.02 14:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1234\Data aplikací\BANDISOFT
[2016.03.15 23:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1234\Data aplikací\Battle.net
[2016.04.06 19:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1234\Data aplikací\BemisCorp201604062049
[2016.04.06 19:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1234\Data aplikací\Cabotcorp201604062047
[2016.03.11 00:23:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1234\Data aplikací\Curiolab
[2016.10.27 22:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1234\Data aplikací\DAEMON Tools Lite
[2016.03.11 17:15:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1234\Data aplikací\GFI Software
[2016.05.31 11:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1234\Data aplikací\IObit
[2016.04.06 19:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1234\Data aplikací\Level3Comm201604062048
[2016.07.12 22:26:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1234\Data aplikací\OpenOffice
[2016.06.20 21:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1234\Data aplikací\Oracle
[2016.11.03 20:35:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1234\Data aplikací\ProductData
[2016.10.31 18:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1234\Data aplikací\TS3Client
[2016.04.17 12:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1234\Data aplikací\Wargaming.net
[2016.03.10 21:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1234\Data aplikací\Windows Search
[2016.11.05 12:43:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Data aplikací\.minecraft
[2015.05.02 13:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Data aplikací\.mono
[2016.11.05 12:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Data aplikací\.technic
[2016.04.29 17:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Data aplikací\Ashampoo
[2016.10.09 15:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Data aplikací\Audacity
[2015.05.02 13:24:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Data aplikací\AVG
[2016.02.20 13:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Data aplikací\Battle.net
[2016.01.09 21:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Data aplikací\CrystalIdea Software
[2015.05.02 02:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Data aplikací\Curiolab
[2015.12.23 11:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Data aplikací\DAEMON Tools Lite
[2016.07.31 22:28:40 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Adam\Data aplikací\FlowStone
[2015.10.24 17:40:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Data aplikací\GameRanger
[2016.07.02 19:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Data aplikací\Image-Line
[2015.05.22 14:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Data aplikací\InterTrust
[2016.02.08 19:44:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Data aplikací\IObit
[2015.05.02 13:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Data aplikací\Kalypso Media
[2015.11.25 18:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Data aplikací\MAGIX
[2016.02.06 11:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Data aplikací\Mojang
[2016.01.13 19:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Data aplikací\OpenOffice
[2016.02.05 15:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Data aplikací\Oracle
[2016.11.04 10:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Data aplikací\ProductData
[2015.08.09 19:24:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Data aplikací\Spore
[2016.03.08 13:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Data aplikací\Star Stable Entertainment AB
[2015.05.23 08:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Data aplikací\Steam
[2016.10.22 21:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Data aplikací\TS3Client
[2016.03.07 01:40:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Data aplikací\VIPRE
[2016.04.11 15:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Data aplikací\Wargaming.net
[2016.02.08 21:43:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Data aplikací\Windows Desktop Search
[2016.02.08 23:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Data aplikací\Windows Search
[2017.09.30 10:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam2\Data aplikací\.minecraft
[2016.11.17 22:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam2\Data aplikací\.mono
[2017.09.17 11:53:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam2\Data aplikací\.technic
[2017.06.16 23:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam2\Data aplikací\9-lab
[2017.07.03 19:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam2\Data aplikací\AdbDriverInstaller
[2017.05.02 23:26:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam2\Data aplikací\Ashampoo
[2017.01.22 12:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam2\Data aplikací\BANDISOFT
[2016.11.17 21:11:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam2\Data aplikací\Battle.net
[2017.07.26 18:30:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam2\Data aplikací\Blue Cat Audio
[2017.06.17 21:19:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam2\Data aplikací\cdnc0onampl
[2017.07.13 01:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam2\Data aplikací\Curiolab
[2017.11.28 20:41:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam2\Data aplikací\DAEMON Tools Lite
[2017.09.24 13:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam2\Data aplikací\Daichi
[2017.06.17 21:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam2\Data aplikací\div4znnp4s1
[2017.03.06 02:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam2\Data aplikací\Foxit AgentInformation
[2017.03.06 22:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam2\Data aplikací\Foxit Software
[2017.09.17 11:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam2\Data aplikací\gg
[2017.03.14 19:27:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam2\Data aplikací\Image-Line
[2017.04.12 13:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam2\Data aplikací\inkscape
[2017.07.07 01:37:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam2\Data aplikací\IObit
[2017.10.01 21:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam2\Data aplikací\iZotope
[2017.04.06 17:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam2\Data aplikací\Locktime Software
[2017.03.04 11:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam2\Data aplikací\MAGIX
[2017.06.10 13:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam2\Data aplikací\OpenOffice
[2017.06.17 22:12:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam2\Data aplikací\WshShell
[2017.06.17 22:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam2\Data aplikací\yuycwtdzfpq
[2016.11.14 20:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Ashampoo
[2010.09.07 15:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Curiolab
[2015.11.10 15:19:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\IObit
[2016.04.29 16:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Windows Search
[2017.06.16 23:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.BBDRA2-3D0A5E7C\Data aplikací\9-lab
[2017.06.08 20:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.BBDRA2-3D0A5E7C\Data aplikací\Curiolab
[2017.06.16 00:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.BBDRA2-3D0A5E7C\Data aplikací\OpenOffice
[2015.05.02 13:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\.mono
[2016.04.10 19:15:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Ashampoo
[2016.02.20 13:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Battle.net
[2016.02.06 11:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Caphyon
[2015.05.02 13:14:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\Common Files
[2015.05.02 13:13:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
[2016.03.06 23:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Downloaded Installations
[2015.08.03 10:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Freemake
[2016.03.11 17:15:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\GFI Software
[2015.12.26 01:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\IObit
[2016.11.05 16:51:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\LogMeIn
[2015.08.24 22:01:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Logs
[2015.11.25 18:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MAGIX
[2016.06.20 21:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Oracle
[2015.08.11 17:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle
[2016.11.22 14:18:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ProductData
[2010.09.07 13:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\RogueKiller
[2016.04.12 12:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\slk
[2016.04.12 12:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\sns
[2016.11.02 23:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Sophos
[2016.11.07 00:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\StarStableOnline
[2016.03.15 10:02:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2015.12.23 11:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Ubisoft
[2016.11.17 22:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\.mono
[2017.06.16 23:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\9-lab
[2016.11.17 21:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\Battle.net
[2017.03.13 00:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\Camel Audio
[2017.01.21 18:45:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\DAEMON Tools Lite
[2017.03.06 02:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\Foxit ContentPlatform
[2017.03.06 02:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\Foxit Software
[2016.12.04 15:18:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\Freemake
[2017.07.03 18:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\IObit
[2017.04.06 17:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\Locktime
[2017.06.04 19:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\LogMeIn
[2017.03.04 11:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\MAGIX
[2017.10.01 18:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\MEGAsync
[2017.03.13 01:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\Native Instruments
[2017.06.07 23:42:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\Oracle
[2017.03.04 11:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\Pinnacle
[2017.07.07 01:32:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\ProductData
[2017.04.04 06:33:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\RogueKiller
[2017.09.03 23:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\SP_FT_Logs
[2017.09.16 23:11:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
[2017.09.16 23:11:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}
[2017.03.06 02:25:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Data aplikací\Foxit Software
[2016.01.27 02:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Data aplikací\IObit
[2016.02.10 12:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\znk\Data aplikací\IObit

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2017.06.16 19:37:01 | 000,002,020 | R-S- | M] ()(C:\Documents and Settings\All Users.WINDOWS2\Plocha\??arthston?.lnk) -- C:\Documents and Settings\All Users.WINDOWS2\Plocha\Неarthstonе.lnk
[2017.06.16 19:37:01 | 000,002,020 | R-S- | C] ()(C:\Documents and Settings\All Users.WINDOWS2\Plocha\??arthston?.lnk) -- C:\Documents and Settings\All Users.WINDOWS2\Plocha\Неarthstonе.lnk

< End of report >

Uživatelský avatar
bbdra
Level 3
Level 3
Příspěvky: 467
Registrován: listopad 13
Pohlaví: Muž
Stav:
Offline

Re: RTC audio PnP listener

Příspěvekod bbdra » 02 pro 2017 10:45

OTL Extras logfile created on: 2.12.2017 10:23:29 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Adam2\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,25 Gb Total Physical Memory | 2,70 Gb Available Physical Memory | 83,17% Memory free
5,08 Gb Paging File | 4,71 Gb Available in Paging File | 92,68% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS2 | %ProgramFiles% = C:\Program Files
Drive C: | 1863,02 Gb Total Space | 1469,94 Gb Free Space | 78,90% Space Free | Partition Type: NTFS

Computer Name: BBDRA2-3D0A5E7C | User Name: Adam2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-329068152-1645522239-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromodoHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe" = C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe:*:Enabled:NVIDIA Network Service TCP Exception (HTTPS) -- (NVIDIA Corporation)
"C:\Program Files\Hearthstone\Hearthstone.exe" = C:\Program Files\Hearthstone\Hearthstone.exe:*:Enabled:Hearthstone -- ()
"C:\WINDOWS2\system32\javaw.exe" = C:\WINDOWS2\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Oracle Corporation)
"C:\Program Files\Java\jre7\bin\javaw.exe" = C:\Program Files\Java\jre7\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Oracle Corporation)
"C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" = C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe:*:Enabled:LogMeIn Hamachi -- (LogMeIn Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Documents and Settings\Adam2\Dokumenty\Downloads\Dst\bin\dontstarve_steam.exe" = C:\Documents and Settings\Adam2\Dokumenty\Downloads\Dst\bin\dontstarve_steam.exe:*:Enabled:dontstarve_steam -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02FECEE0-16B2-43DB-BC3B-C844477FC142}" = Kaspersky Internet Security
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1045AB6F-6151-3634-8C2C-EE308AA1A6A7}" = Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23506
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java(TM) 7
"{2CA799E3-0735-4A14-9DA9-55B0160EAD3D}" = MAGIX Video easy HD
"{2E644D2D-993F-43B4-B85A-15363CA777C3}" = Advanced IP Scanner 2.4
"{2F65108E-8DF7-47B9-8ECC-49BD3BC47AAB}" = Microsoft Visual C++ 2012 Prerequisites (x86)
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}" = Skype™ 7.36
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{44D94F3A-D38C-48DF-AEF7-4CD8B078F30F}" = Blue Cat's FreqAnalyst VST (v2.2)
"{4769E972-2E92-49C5-B6F9-465EFD0C4D94}" = VirtualDJ PRO Full
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6342D881-EA0C-4402-8538-ECAE1DFB88D5}" = MAGIX Speed burnR (MSI)
"{65AD78AD-D23D-3A1E-9305-3AE65CD522C2}" = Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23506
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7308600A-5231-459C-A3E2-A637F842CACA}" = OpenOffice 4.1.3
"{7ADEEB5D-F09B-1063-C9C5-94B2A5DF6C8B}" = AMD Catalyst Install Manager
"{89E5827E-EAE7-47F2-A57F-52D92C671983}" = LogMeIn Hamachi
"{8CD50415-04B7-459E-8CBD-DA96A9CDF98E}" = Star Stable Online
"{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1" = Zemana AntiMalware
"{913923AB-3AAB-4870-8910-627C4CD82789}" = NetLimiter 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1" = Revo Uninstaller 2.0.3
"{A2DE62D8-EF1B-36CB-B461-B1E221ED8608}" = Microsoft .NET Framework 4 Extended CSY Language Pack
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7F52857-4B42-4A78-B332-8B42668E5B0B}" = Governor of Poker
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 364.51
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.10.2.40
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 141.36
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Systémový software PhysX 9.16.0318
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizace NVIDIA 2.10.2.40
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"49D9ABA9270C5BDFD7AE1BEB607D36B26BB90235" = Balíček ovladače systému Windows - MediaTek Inc. (usbser) Ports (01/05/2012 2.0000.0.1)
"8B3D7924-ED89-486B-8322-E8594065D5CB_is1" = RogueKiller version 12.11.1.0
"9-lab Removal Tool" = 9-lab Removal Tool
"Adobe Flash Player PPAPI" = Adobe Flash Player 26 PPAPI
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Camel Audio CamelCrusher" = Camel Audio CamelCrusher
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.30
"CrystalDiskInfo_is1" = CrystalDiskInfo 7.0.5
"D0E6296D177F42BB31C0200E49412003DB6C4633" = Balíček ovladače systému Windows - MediaTek Inc. (usbser) Ports (12/24/2011 2.0000.0.0)
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Exterminate It!" = Exterminate It!
"FileASSASSIN" = FileASSASSIN
"FL Studio 12" = FL Studio 12
"FL Studio ASIO" = FL Studio ASIO
"Foxit Reader_is1" = Foxit Reader
"Free MP3 Sound Recorder_is1" = Free MP3 Sound Recorder v1.9
"Hearthstone" = Hearthstone
"HWiNFO32_is1" = HWiNFO32 Version 5.38
"Chromodo" = Chromodo
"ie8" = Windows Internet Explorer 8
"IL Download Manager" = IL Download Manager
"IL Shared Libraries" = IL Shared Libraries
"Inkscape" = Inkscape 0.92.1
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platforma Ovladače zařízení
"InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}" = Kaspersky Internet Security
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verze 1.75.0.1100
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended CSY Language Pack" = Microsoft .NET Framework 4 Extended CSY Language Pack
"MX.{2CA799E3-0735-4A14-9DA9-55B0160EAD3D}" = MAGIX Video easy HD
"MX.{6342D881-EA0C-4402-8538-ECAE1DFB88D5}" = MAGIX Speed burnR (MSI)
"Native Instruments FM8" = Native Instruments FM8
"Native Instruments Massive v1.0.1.008 VSTi DXi RTAS" = Native Instruments Massive v1.0.1.008 VSTi DXi RTAS
"NetLimiter 3 3.0.0.11" = NetLimiter 3
"Ohmicide VST" = Ohm Force - Ohmicide VST
"Repair Video Master_is1" = Repair Video Master 2.61
"SpeedFan" = SpeedFan (remove only)
"Universal Extractor_is1" = Universal Extractor 1.6.1
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 5.40 (32-bit)
"winusb0200" = Microsoft WinUsb 2.0
"WOW2_is1" = Sugar Bytes WOW2 Demo 2.1.8
"XP Codec Pack" = XP Codec Pack

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 24.11.2017 21:51:32 | Computer Name = BBDRA2-3D0A5E7C | Source = Application Error | ID = 1000
Description = Chybující aplikace delfix_1.013.exe, verze 1.0.1.3, chybující modul
delfix_1.013.exe, verze 1.0.1.3, adresa chyby 0x000211de.

Error - 24.11.2017 21:51:57 | Computer Name = BBDRA2-3D0A5E7C | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace delfix_1.013.exe, verze 1.0.1.3, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 24.11.2017 21:52:15 | Computer Name = BBDRA2-3D0A5E7C | Source = Application Error | ID = 1000
Description = Chybující aplikace delfix_1.013.exe, verze 1.0.1.3, chybující modul
delfix_1.013.exe, verze 1.0.1.3, adresa chyby 0x0002153b.

Error - 24.11.2017 21:52:49 | Computer Name = BBDRA2-3D0A5E7C | Source = Application Error | ID = 1000
Description = Chybující aplikace delfix_1.013.exe, verze 1.0.1.3, chybující modul
delfix_1.013.exe, verze 1.0.1.3, adresa chyby 0x00021545.

Error - 24.11.2017 21:57:02 | Computer Name = BBDRA2-3D0A5E7C | Source = Application Error | ID = 1000
Description = Chybující aplikace delfix_1.013.exe, verze 1.0.1.3, chybující modul
delfix_1.013.exe, verze 1.0.1.3, adresa chyby 0x00021536.

Error - 25.11.2017 16:24:01 | Computer Name = BBDRA2-3D0A5E7C | Source = Application Error | ID = 1000
Description = Chybující aplikace dontstarve_steam.exe, verze 0.0.0.0, chybující
modul dontstarve_steam.exe, verze 0.0.0.0, adresa chyby 0x00021b63.

Error - 25.11.2017 16:24:31 | Computer Name = BBDRA2-3D0A5E7C | Source = Application Error | ID = 1000
Description = Chybující aplikace dontstarve_steam.exe, verze 0.0.0.0, chybující
modul dontstarve_steam.exe, verze 0.0.0.0, adresa chyby 0x00021b63.

Error - 25.11.2017 16:24:59 | Computer Name = BBDRA2-3D0A5E7C | Source = Application Error | ID = 1000
Description = Chybující aplikace dontstarve_steam.exe, verze 0.0.0.0, chybující
modul dontstarve_steam.exe, verze 0.0.0.0, adresa chyby 0x00021b63.

Error - 25.11.2017 19:55:53 | Computer Name = BBDRA2-3D0A5E7C | Source = Application Error | ID = 1000
Description = Chybující aplikace massive.exe, verze 1.0.1.8, chybující modul massive.exe,
verze 1.0.1.8, adresa chyby 0x0029e4a8.

Error - 25.11.2017 20:13:06 | Computer Name = BBDRA2-3D0A5E7C | Source = Application Error | ID = 1000
Description = Chybující aplikace massive.exe, verze 1.0.1.8, chybující modul massive.exe,
verze 1.0.1.8, adresa chyby 0x0029e4a8.

[ NetLimiter 3 Events ]
Error - 25.11.2017 21:35:30 | Computer Name = BBDRA2-3D0A5E7C | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

Error - 26.11.2017 21:40:08 | Computer Name = BBDRA2-3D0A5E7C | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

Error - 26.11.2017 21:42:56 | Computer Name = BBDRA2-3D0A5E7C | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

Error - 27.11.2017 4:05:12 | Computer Name = BBDRA2-3D0A5E7C | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

Error - 27.11.2017 21:12:17 | Computer Name = BBDRA2-3D0A5E7C | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

Error - 27.11.2017 22:11:07 | Computer Name = BBDRA2-3D0A5E7C | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

Error - 27.11.2017 22:14:43 | Computer Name = BBDRA2-3D0A5E7C | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

Error - 27.11.2017 23:09:31 | Computer Name = BBDRA2-3D0A5E7C | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

Error - 29.11.2017 14:53:49 | Computer Name = BBDRA2-3D0A5E7C | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

Error - 2.12.2017 5:03:59 | Computer Name = BBDRA2-3D0A5E7C | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

[ System Events ]
Error - 2.12.2017 5:31:47 | Computer Name = BBDRA2-3D0A5E7C | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\D má chybný blok.

Error - 2.12.2017 5:31:50 | Computer Name = BBDRA2-3D0A5E7C | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\D má chybný blok.

Error - 2.12.2017 5:31:53 | Computer Name = BBDRA2-3D0A5E7C | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\D má chybný blok.

Error - 2.12.2017 5:31:55 | Computer Name = BBDRA2-3D0A5E7C | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\D má chybný blok.

Error - 2.12.2017 5:31:58 | Computer Name = BBDRA2-3D0A5E7C | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\D má chybný blok.

Error - 2.12.2017 5:32:50 | Computer Name = BBDRA2-3D0A5E7C | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\D má chybný blok.

Error - 2.12.2017 5:32:50 | Computer Name = BBDRA2-3D0A5E7C | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\D má chybný blok.

Error - 2.12.2017 5:32:50 | Computer Name = BBDRA2-3D0A5E7C | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\D má chybný blok.

Error - 2.12.2017 5:32:50 | Computer Name = BBDRA2-3D0A5E7C | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\D má chybný blok.

Error - 2.12.2017 5:33:10 | Computer Name = BBDRA2-3D0A5E7C | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\D má chybný blok.


< End of report >

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: RTC audio PnP listener

Příspěvekod jaro3 » 02 pro 2017 14:39

Odinstaluj:
Vše od Iobit
9-lab
(pokud najdeš)


Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-329068152-1645522239-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
CHR - Extension: No name found = C:\Documents and Settings\Adam2\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\
CHR - Extension: No name found = C:\Documents and Settings\Adam2\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Documents and Settings\Adam2\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Documents and Settings\Adam2\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho\4.0.9.130_0\
CHR - Extension: No name found = C:\Documents and Settings\Adam2\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\
CHR - Extension: No name found = C:\Documents and Settings\Adam2\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\
CHR - Extension: No name found = C:\Documents and Settings\Adam2\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.3_0\
CHR - Extension: No name found = C:\Documents and Settings\Adam2\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-329068152-1645522239-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
C:\WINDOWS2\System32\d3d9caps.dat
[2017.06.16 19:36:23 | 000,000,227 | RHS- | M] () -- C:\WINDOWS2\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 08:51:56 | 001,499,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:56:05 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 08:52:06 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

:Files
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\WINDOWS\system32\*.tmp.dll
C:\WINDOWS\System32\dllcache\*.tmp
C:\WINDOWS\system32\SET*.tmp
C:\WINDOWS\system32\DUMP*.tmp
c:\windows\Tasks\*.job /s
C:\*.tmp
C:\WINDOWS\System32\drivers\*.tmp
C:\Program Files\*.tmp
C:\Documents and Settings\All Users\Data aplikací\*.tmp
C:\Documents and Settings\Adam\Data aplikací\AVG
C:\Documents and Settings\Adam\Data aplikací\IObit
C:\Documents and Settings\Adam2\Data aplikací\9-lab
C:\Documents and Settings\1234\Data aplikací\IObit
C:\Documents and Settings\Adam2\Data aplikací\IObit
C:\Documents and Settings\Adam2\Data aplikací\yuycwtdzfpq
C:\Documents and Settings\Administrator\Data aplikací\IObit
C:\Documents and Settings\Administrator.BBDRA2-3D0A5E7C\Data aplikací\9-lab
C:\Documents and Settings\All Users\Data aplikací\IObit
C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\IObit
C:\Documents and Settings\NetworkService\Data aplikací\IObit
[C:\Documents and Settings\znk\Data aplikací\IObit
C:\Documents and Settings\Adam2\Data aplikací\gg
C:\Documents and Settings\All Users\Data aplikací\slk
C:\Documents and Settings\All Users\Data aplikací\sns
C:\Documents and Settings\All Users.WINDOWS2\Data aplikací\9-lab

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" =-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" =-

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]


Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
bbdra
Level 3
Level 3
Příspěvky: 467
Registrován: listopad 13
Pohlaví: Muž
Stav:
Offline

Re: RTC audio PnP listener

Příspěvekod bbdra » 04 pro 2017 01:29

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Adam2\Data aplikací\gg\cache\org\lwjgl not found!
File\Folder C:\Documents and Settings\Adam2\Data aplikací\gg\cache\org\apache\logging\log4j\log4j-core\2.0-beta9 not found!
Folder move failed. C:\Documents and Settings\Adam2\Data aplikací\gg\cache\org\apache\logging\log4j\log4j-core\2.0-beta9 scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Adam2\Data aplikací\gg\cache\org\apache\logging\log4j\log4j-core scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Adam2\Data aplikací\gg\cache\org\apache\logging\log4j\log4j-core\2.0-beta9 scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Adam2\Data aplikací\gg\cache\org\apache\logging\log4j\log4j-core scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Adam2\Data aplikací\gg\cache\org\apache\logging\log4j scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Adam2\Data aplikací\gg\cache\org\apache\logging\log4j\log4j-core\2.0-beta9 scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Adam2\Data aplikací\gg\cache\org\apache\logging\log4j\log4j-core scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Adam2\Data aplikací\gg\cache\org\apache\logging\log4j scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Adam2\Data aplikací\gg\cache\org\apache\logging scheduled to be moved on reboot.
File\Folder C:\Documents and Settings\Adam2\Data aplikací\gg\cache\org\apache\httpcomponents not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 9 hostů