zdravim.stale mi vyhazduje avg tento vir a neda sa liecit.hlasi ze je na D:/system volume infotmation/restore-........ co mi nezni velmi dobre.strasne mi to spomalilo pc.poradte pls
Logfile of random's system information tool 1.09 (written by random/random)
Run by scarto at 2012-05-02 12:47:24
Microsoft Windows 7 Ultimate
System drive C: has 26 GB (51%) free of 50 GB
Total RAM: 2047 MB (41% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:47:48, on 2. 5. 2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\AVG\AVG9\avgui.exe
C:\Program Files\trend micro\scarto.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = astroburn-search.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2963671731-3287637191-3992571313-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2963671731-3287637191-3992571313-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: GamePark klient 2.lnk = C:\Program Files\GamePark2\gpcl.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
O23 - Service: AirLiveUSB - Realtek - C:\Program Files (x86)\AirLive WL1600USB\AirLive WL1600USB Wireless Lan Utility\RtlService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater10.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9852 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
"C:\Program Files (x86)\AVG\AVG9\avgchsva.exe"
"C:\Program Files (x86)\AVG\AVG9\avgrsa.exe"
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
/pipeName=8b5e653b-a692-4b25-a793-a75539b30253 /coreSdkOptions=30 /logConfFile="C:\ProgramData\avg9\temp\bc82d657-0d2e-4f72-85a9-576a8b0a1da1-19c-oopp.tmp" /loggerName=AVG.RS.Core /binaryPath="C:\Program Files (x86)\AVG\AVG9\" /tempPath="C:\ProgramData\avg9\temp\"
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\AirLive WL1600USB\AirLive WL1600USB Wireless Lan Utility\RtlService.exe"
"C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe"
"C:\Program Files (x86)\AirLive WL1600USB\AirLive WL1600USB Wireless Lan Utility\RtWlan.exe" /H
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe"
"taskhost.exe"
"C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\AVG\AVG9\avgam.exe"
"C:\Program Files (x86)\AVG\AVG9\avgnsa.exe"
WLIDSvcM.exe 1688
"C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\AVG\AVG9\avgtray.exe"
"C:\Program Files (x86)\AVG Secure Search\vprot.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe"
{65FADBB2-1381-46F9-8D67-724000013C01}
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
/pipeName=75c6b2c6-b167-4026-a030-730200f86784 /coreSdkOptions=18 /logConfFile="C:\ProgramData\avg9\temp\cd36fe0d-570a-4f32-8279-4d594d1cdb87-8a0-oopp.tmp" /loggerName=AVG.NS.Core /tempPath="C:\ProgramData\avg9\temp\"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=192.14b757a0.1966154447 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" E7CF176E110C211B -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" 192 "\\.\pipe\gecko-crash-server-pipe.192" plugin
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
"C:\Program Files (x86)\AVG\AVG9\avgui.exe"
"D:\Downloads\preberanie\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
=========Mozilla firefox=========
ProfilePath - C:\Users\scarto\AppData\Roaming\Mozilla\Firefox\Profiles\su1k3wa9.default
prefs.js - "browser.startup.homepage" - "http://www.astroburn-search.com/startpage"
prefs.js - "keyword.URL" - "http://isearch.avg.com/search?cid=%7B63 ... &sap=ku&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=1.0.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
nppdf32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
C:\Program Files (x86)\Mozilla Firefox\searchplugins\
atlas-sk.xml
avg-secure-search.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml
C:\Users\scarto\AppData\Roaming\Mozilla\Firefox\Profiles\su1k3wa9.default\extensions\
{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
C:\Users\scarto\AppData\Roaming\Mozilla\Firefox\Profiles\su1k3wa9.default\searchplugins\
absearch-search.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll [2011-10-29 2334560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-12-14 49440]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-10 62376]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG\AVG9\avgssie.dll [2011-10-29 1623392]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll [2012-03-07 1869152]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10 3834016]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-12-14 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EFEED92A-A33D-4873-BA8F-32BAA631E54D} - Astroburn Toolbar - C:\Program Files (x86)\Astroburn Toolbar\ABToolbar64.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll [2012-03-07 1869152]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorShield"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe []
"SpywareTerminatorUpdater"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-08-02 4910912]
"KiesHelper"=C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [2012-04-04 954256]
"KiesPDLR"=C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2012-04-04 21392]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"=C:\PROGRA~2\AVG\AVG9\avgtray.exe [2012-01-26 2077536]
"vProt"=C:\Program Files (x86)\AVG Secure Search\vprot.exe [2012-03-07 982880]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"ROC_roc_dec12"=C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe [2012-01-23 928096]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2010-11-10 35736]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-10 932288]
"KiesTrayAgent"=C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [2012-04-04 3521424]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
GamePark klient 2.lnk - C:\Program Files\GamePark2\gpcl.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrssta.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2012-05-02 12:47:25 ----D---- C:\Program Files\trend micro
2012-05-02 12:47:24 ----D---- C:\rsit
2012-04-26 10:44:50 ----D---- C:\ProgramData\Mozilla
2012-04-26 10:44:49 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2012-04-09 22:11:22 ----D---- C:\Users\scarto\AppData\Roaming\StreamTorrent
2012-04-09 22:11:19 ----D---- C:\Program Files (x86)\StreamTorrent 1.0
2012-04-09 20:57:19 ----D---- C:\Users\scarto\AppData\Roaming\Temp
2012-04-09 20:54:16 ----A---- C:\Windows\system32\drivers\ssudmdm.sys
2012-04-09 20:54:16 ----A---- C:\Windows\system32\drivers\ssudbus.sys
2012-04-09 20:53:15 ----D---- C:\Windows\SYSWOW64\System32
2012-04-09 20:47:46 ----A---- C:\Windows\SYSWOW64\dgderapi.dll
======List of files/folders modified in the last 1 month======
2012-05-02 12:47:36 ----D---- C:\Windows\Prefetch
2012-05-02 12:47:25 ----RD---- C:\Program Files
2012-05-02 12:47:25 ----D---- C:\Windows\Temp
2012-05-02 12:06:59 ----D---- C:\Windows\system32\drivers\Avg
2012-05-02 12:02:55 ----D---- C:\ProgramData\NVIDIA
2012-04-29 12:54:45 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2012-04-29 12:27:34 ----SHD---- C:\System Volume Information
2012-04-26 13:14:36 ----D---- C:\Users\scarto\AppData\Roaming\Skype
2012-04-26 10:44:50 ----AHD---- C:\ProgramData
2012-04-26 10:44:49 ----RD---- C:\Program Files (x86)
2012-04-26 10:44:46 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-04-25 23:03:40 ----D---- C:\Windows\system32\config
2012-04-18 05:05:06 ----D---- C:\Windows\system32\catroot2
2012-04-14 15:53:26 ----D---- C:\Users\scarto\AppData\Roaming\vlc
2012-04-10 11:53:01 ----RSD---- C:\Windows\assembly
2012-04-10 11:53:01 ----D---- C:\Windows\Microsoft.NET
2012-04-10 02:57:14 ----D---- C:\Windows\system32\catroot
2012-04-09 20:56:06 ----D---- C:\Windows\inf
2012-04-09 20:55:17 ----D---- C:\Windows\system32\drivers
2012-04-09 20:54:27 ----D---- C:\Windows\system32\DriverStore
2012-04-09 20:53:15 ----D---- C:\Windows\SysWOW64
2012-04-09 20:53:12 ----SHD---- C:\Windows\Installer
2012-04-09 20:51:42 ----D---- C:\Windows\System32
2012-04-09 20:51:42 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-04-09 20:48:25 ----D---- C:\Program Files (x86)\Samsung
2012-04-09 20:47:33 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-04-09 20:47:19 ----D---- C:\Windows
2012-04-09 20:47:19 ----D---- C:\ProgramData\Samsung
2012-04-09 20:46:52 ----D---- C:\Users\scarto\AppData\Roaming\Samsung
2012-04-07 15:27:21 ----D---- C:\Users\scarto\AppData\Roaming\BitTorrent
2012-04-03 12:15:31 ----D---- C:\Windows\system32\wdi
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AvgRkx64;avgrkx64.sys; C:\Windows\System32\Drivers\avgrkx64.sys [2011-10-29 56008]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 AvgLdx64;AVG AVI Loader Driver x64; C:\Windows\System32\Drivers\avgldx64.sys [2011-10-29 269904]
R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64; C:\Windows\System32\Drivers\avgmfx64.sys [2011-10-29 35664]
R1 AvgTdiA;AVG Network Redirector x64; C:\Windows\System32\Drivers\avgtdia.sys [2011-10-29 317520]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-29 270912]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver; C:\Windows\system32\DRIVERS\rtlprot.sys [2007-04-23 31016]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2005-03-29 8192]
R3 RTL8187;AirLive WL1600USB; C:\Windows\system32\DRIVERS\RTL8187.sys [2008-06-27 399360]
S0 TfFsMon;TfFsMon; C:\Windows\system32\drivers\TfFsMon.sys []
S0 TFSysMon;TfSysMon; C:\Windows\system32\drivers\TfSysMon.sys []
S3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-09-08 10203648]
S3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-09-08 310784]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-09-08 10203648]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2012-02-24 99384]
S3 DRHARD;DRHARD; \??\C:\Windows\system32\DRIVERS\DRHARD.SYS []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2012-02-24 203320]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 TfNetMon;TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys []
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AirLiveUSB;AirLiveUSB; C:\Program Files (x86)\AirLive WL1600USB\AirLive WL1600USB Wireless Lan Utility\RtlService.exe [2007-07-27 36864]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-09-08 204288]
R2 avg9wd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2011-10-29 308136]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-10-15 1640768]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2011-12-27 75064]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R2 TeamViewer7;TeamViewer 7; C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-07 918880]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
R3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2011-10-27 718384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu. stále hlásí trojan.Generic.27.BKPD
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosím o kontrolu logu. stále hlásí trojan.Generic.27.BK
Zdravim a pekny vecer preji 
Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu
Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu
- Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
- Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
- Zaskrtnete okenko Pro vsechny uzivatele
- Zaskrtnete okenko Kontrola na havet "LOP"
- Zaskrtnete okenko Kontrola na havet "Purity"
- Stari souboru zmente z 30 dnu na 7 dnu
- Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize
Kód: Vybrat vše
CREATERESTOREPOINT netsvcs drivers32 savembr:0 /md5start atapi.sys autochk.exe cdrom.sys explorer.exe hal.dll scecli.dll svchost.exe tcpip.sys userinit.exe winlogon.exe /md5stop %systemroot%*.* /U /s %SYSTEMDRIVE%\*.exe %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %systemroot%\system32\drivers\*.sys /3 %systemroot%\system32\*.* /3 %SYSTEMDRIVE%\*.exe HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 %PROGRAMFILES%\Opera\opera.exe /md5 %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 %SystemDrive%\PhysicalMBR.bin /md5 *crack* /s *keygen* /s *loader* /s- Kliknete na tlacitko Prohledat
- Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím o kontrolu logu. stále hlásí trojan.Generic.27.BK
OTL logfile created on: 4. 5. 2012 22:39:49 - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\scarto\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy
2,00 Gb Total Physical Memory | 0,87 Gb Available Physical Memory | 43,32% Memory free
4,00 Gb Paging File | 2,36 Gb Available in Paging File | 59,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 24,98 Gb Free Space | 51,16% Space Free | Partition Type: NTFS
Drive D: | 184,05 Gb Total Space | 34,94 Gb Free Space | 18,98% Space Free | Partition Type: NTFS
Drive F: | 5,13 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: SCARTO-PC | User Name: scarto | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2012/05/04 22:36:19 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\scarto\Desktop\OTL.exe
PRC - [2012/04/26 10:44:46 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/04/04 07:05:28 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/04/04 07:05:16 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/03/07 19:02:25 | 000,918,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
PRC - [2012/03/07 19:02:23 | 000,982,880 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/02/18 23:10:17 | 000,904,192 | ---- | M] (Share-rapid.com) -- C:\Users\scarto\Desktop\SRDownloader.exe
PRC - [2012/01/26 20:23:37 | 004,109,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgui.exe
PRC - [2012/01/26 20:23:37 | 002,077,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2011/12/27 23:28:44 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/12/14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011/10/29 21:41:45 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2011/10/29 21:41:43 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgam.exe
PRC - [2011/10/27 11:34:30 | 000,718,384 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2011/10/15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/08/02 09:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2007/12/03 15:44:06 | 000,823,296 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\AirLive WL1600USB\AirLive WL1600USB Wireless Lan Utility\RtWLan.exe
PRC - [2007/07/27 11:49:46 | 000,036,864 | ---- | M] (Realtek) -- C:\Program Files (x86)\AirLive WL1600USB\AirLive WL1600USB Wireless Lan Utility\RtlService.exe
========== Modules (No Company Name) ==========
MOD - [2012/04/26 10:44:46 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/04/09 20:54:08 | 000,115,137 | ---- | M] () -- C:\Users\scarto\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
MOD - [2012/04/09 20:53:09 | 017,632,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3989b4ca6cf904061992daec9e7d5644\PresentationFramework.ni.dll
MOD - [2012/04/09 20:52:42 | 000,450,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\42221dddc2b53dc24f14e9c285d1de8f\PresentationFramework.Aero.ni.dll
MOD - [2012/04/04 07:05:28 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012/03/07 19:02:23 | 000,982,880 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/01/22 13:47:55 | 001,159,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\6a6f4be744ed5bc5273cbcf0fcf303e3\System.Management.ni.dll
MOD - [2012/01/22 13:46:31 | 000,758,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e30ded9b9c19a264a974b1cc40d7d2cc\System.Runtime.Remoting.ni.dll
MOD - [2012/01/22 13:46:23 | 001,776,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\035910922f160d304fb834aae41f45a6\System.Xaml.ni.dll
MOD - [2012/01/22 09:48:53 | 013,006,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\17e020ae92d7fab33bcc1c98b25019d0\System.Windows.Forms.ni.dll
MOD - [2012/01/22 09:48:29 | 001,651,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\dd57bc19f5807c6dbe8f88d4a23277f6\System.Drawing.ni.dll
MOD - [2012/01/22 09:47:31 | 011,057,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\3963e9ce8d44f50e8367e92a8e3e42e6\PresentationCore.ni.dll
MOD - [2012/01/22 09:47:20 | 003,779,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\d17606e813f01376bd0def23726ecc62\WindowsBase.ni.dll
MOD - [2012/01/22 09:47:10 | 005,571,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e997d0200c25f7db6bd32313d50b729d\System.Xml.ni.dll
MOD - [2012/01/22 09:47:01 | 007,025,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\713647b987b140a17e3c4ffe4c721f85\System.Core.ni.dll
MOD - [2012/01/22 09:46:50 | 009,000,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\964da027ebca3b263a05cadb8eaa20a3\System.ni.dll
MOD - [2012/01/22 09:46:41 | 014,415,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\246f1a5abb686b9dcdf22d3505b08cea\mscorlib.ni.dll
MOD - [2011/10/29 22:03:27 | 008,522,400 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/15 01:54:26 | 000,265,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011/09/08 19:29:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/26 10:44:46 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/07 19:02:25 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2011/12/27 23:28:44 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/12/14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/11/10 15:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/10/29 21:41:45 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2011/10/27 11:34:30 | 000,718,384 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/10/15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/07/27 11:49:46 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\AirLive WL1600USB\AirLive WL1600USB Wireless Lan Utility\RtlService.exe -- (AirLiveUSB)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/02/24 11:14:42 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2012/02/24 11:14:42 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011/10/29 21:41:47 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2011/10/29 21:41:47 | 000,035,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2011/10/29 21:41:44 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2011/10/29 21:41:43 | 000,056,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (AvgRkx64)
DRV:64bit: - [2011/10/29 20:42:48 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/09/08 20:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/09/08 20:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/09/08 18:52:40 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009/07/14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/08/28 13:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/06/27 03:40:36 | 000,399,360 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8187.sys -- (RTL8187)
DRV:64bit: - [2007/04/23 13:15:48 | 000,031,016 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RtlProt.sys -- (RtlProt)
DRV:64bit: - [2005/03/29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2963671731-3287637191-3992571313-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = astroburn-search.com
IE - HKU\S-1-5-21-2963671731-3287637191-3992571313-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B1 DC 70 94 68 96 CC 01 [binary data]
IE - HKU\S-1-5-21-2963671731-3287637191-3992571313-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-2963671731-3287637191-3992571313-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-2963671731-3287637191-3992571313-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-2963671731-3287637191-3992571313-1000\..\SearchScopes\{5F970FDE-702B-4ef9-920C-5F2848A5AF26}: "URL" = http://www.astroburn-search.com/search/ ... earchTerms}
IE - HKU\S-1-5-21-2963671731-3287637191-3992571313-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={F83E ... 2011-12-07 09:30:46&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2963671731-3287637191-3992571313-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.astroburn-search.com/startpage"
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B63 ... &sap=ku&q="
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2011/10/29 21:49:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.2.0.3\ [2012/03/07 19:03:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/26 10:44:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/25 18:52:55 | 000,000,000 | ---D | M]
[2011/10/29 20:30:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\scarto\AppData\Roaming\mozilla\Extensions
[2012/05/02 13:36:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\scarto\AppData\Roaming\mozilla\Firefox\Profiles\su1k3wa9.default\extensions
[2012/03/01 22:10:59 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\scarto\AppData\Roaming\mozilla\Firefox\Profiles\su1k3wa9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/10/30 10:34:14 | 000,002,071 | ---- | M] () -- C:\Users\scarto\AppData\Roaming\Mozilla\Firefox\Profiles\su1k3wa9.default\searchplugins\absearch-search.xml
[2012/01/22 20:47:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/22 20:47:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/03/07 19:03:34 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\10.2.0.3
() (No name found) -- C:\USERS\SCARTO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SU1K3WA9.DEFAULT\EXTENSIONS\{71BFCCE7-421D-4042-95D4-A585A821CBCA}.XPI
[2012/04/26 10:44:46 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/16 15:36:03 | 000,001,583 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\atlas-sk.xml
[2012/03/07 19:02:23 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/16 15:36:03 | 000,001,380 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\azet-sk.xml
[2012/02/16 15:36:03 | 000,001,479 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\dunaj-sk.xml
[2012/02/16 15:36:03 | 000,001,473 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\slovnik-sk.xml
[2012/02/16 15:36:03 | 000,001,104 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-sk.xml
[2012/02/16 15:36:03 | 000,000,830 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\zoznam-sk.xml
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Astroburn Toolbar) - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - C:\Program Files (x86)\Astroburn Toolbar\ABToolbar64.dll File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-2963671731-3287637191-3992571313-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-2963671731-3287637191-3992571313-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-2963671731-3287637191-3992571313-1000\..\Toolbar\WebBrowser: (Astroburn Toolbar) - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - C:\Program Files (x86)\Astroburn Toolbar\ABToolbar64.dll File not found
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe File not found
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2963671731-3287637191-3992571313-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2963671731-3287637191-3992571313-1000..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-2963671731-3287637191-3992571313-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-2963671731-3287637191-3992571313-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2963671731-3287637191-3992571313-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/f ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.17.110.7 172.17.110.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB53D56B-5C6B-4EC8-B614-AC7E261DB731}: DhcpNameServer = 172.17.110.7 172.17.110.6
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/05/01 23:35:42 | 000,000,069 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{d373feaf-025a-11e1-ab96-001e8ce0dba0}\Shell - "" = AutoRun
O33 - MountPoints2\{d373feaf-025a-11e1-ab96-001e8ce0dba0}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2012/05/01 23:35:42 | 001,188,799 | R--- | M] (Rebellion )
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 7 Days ==========
[2012/05/04 22:36:08 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\scarto\Desktop\OTL.exe
[2012/05/04 15:47:47 | 000,000,000 | ---D | C] -- C:\Users\scarto\AppData\Local\SniperV2
[2012/05/04 13:48:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rebellion
[2012/05/02 12:47:25 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012/05/02 12:47:24 | 000,000,000 | ---D | C] -- C:\rsit
[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 7 Days ==========
[2012/05/04 22:41:49 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012/05/04 22:36:19 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\scarto\Desktop\OTL.exe
[2012/05/04 21:59:34 | 000,001,280 | ---- | M] () -- C:\Users\scarto\AppData\Local\SRDownloader.nast
[2012/05/04 21:28:04 | 000,017,418 | ---- | M] () -- C:\Users\scarto\AppData\Local\SRDownloader.err
[2012/05/04 20:41:17 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/04 20:41:17 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/04 20:33:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/04 20:33:30 | 1609,916,416 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/04 13:48:27 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\Sniper Elite V2.lnk
[2012/05/04 12:50:18 | 097,104,481 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2012/05/03 12:25:23 | 000,214,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/05/03 12:25:23 | 000,214,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/05/02 18:15:23 | 000,000,680 | ---- | M] () -- C:\Users\scarto\Desktop\radiopartyy.m3u
[2012/04/30 18:02:20 | 000,489,482 | ---- | M] () -- C:\Users\scarto\Desktop\lkdsakldklsa.png
[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/05/04 22:41:49 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012/05/04 13:48:27 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\Sniper Elite V2.lnk
[2012/05/02 18:15:23 | 000,000,680 | ---- | C] () -- C:\Users\scarto\Desktop\radiopartyy.m3u
[2012/04/30 18:02:19 | 000,489,482 | ---- | C] () -- C:\Users\scarto\Desktop\lkdsakldklsa.png
[2012/03/14 11:57:33 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/03/14 11:57:33 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/01/31 01:15:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/01/28 13:13:59 | 000,017,418 | ---- | C] () -- C:\Users\scarto\AppData\Local\SRDownloader.err
[2012/01/15 14:46:43 | 000,001,280 | ---- | C] () -- C:\Users\scarto\AppData\Local\SRDownloader.nast
[2011/12/27 23:28:50 | 000,214,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/12/27 23:28:44 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/12/26 03:25:54 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/12/24 15:12:43 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\StartupManager.dll
[2011/11/30 01:29:53 | 001,481,728 | ---- | C] () -- C:\Windows\SysWow64\LegitCheckControl.dll
[2011/11/30 01:29:53 | 000,190,976 | ---- | C] () -- C:\Windows\SysWow64\WgaLogon.dll
[2011/11/30 01:29:52 | 000,323,072 | ---- | C] () -- C:\Windows\SysWow64\WgaTray.exe
[2011/11/24 19:35:44 | 000,003,584 | ---- | C] () -- C:\Users\scarto\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/12 12:13:34 | 000,000,293 | ---- | C] () -- C:\Windows\game.ini
[2011/10/31 12:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/10/31 12:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/10/31 12:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/10/31 12:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/10/29 20:19:54 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2011/10/29 19:48:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/10/15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/14 11:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/03/17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
========== LOP Check ==========
[2012/04/07 15:27:21 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\BitTorrent
[2011/12/26 22:17:26 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\BSplayer
[2011/12/26 19:28:48 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\BSplayer Pro
[2011/10/29 20:44:17 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\DAEMON Tools Lite
[2011/11/15 01:27:35 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\DC++
[2011/12/27 20:58:40 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\ERS Game Studios
[2011/11/13 11:26:44 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\GHISLER
[2012/01/13 01:22:02 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\Happy Artist Studio
[2012/03/23 19:41:35 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\JLC's Software
[2011/12/06 19:46:20 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\Nokia
[2011/12/06 18:33:43 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\PC Suite
[2012/04/09 20:46:52 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\Samsung
[2011/11/13 12:21:03 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\SEGA Corporation
[2012/04/09 22:11:22 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\StreamTorrent
[2012/01/22 21:07:42 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\TeamViewer
[2012/04/09 23:33:40 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\Temp
[2012/04/18 14:27:27 | 000,032,512 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< >
< >
< MD5 for: ATAPI.SYS >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\SysWOW64\autochk.exe
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009/07/14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\SysNative\autochk.exe
[2009/07/14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
< MD5 for: CDROM.SYS >
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\drivers\cdrom.sys
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
< MD5 for: EXPLORER.EXE >
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\SysWOW64\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\explorer.exe
[2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
< MD5 for: HAL.DLL >
[2009/07/14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\SysNative\hal.dll
[2009/07/14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
< MD5 for: SCECLI.DLL >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: TCPIP.SYS >
[2009/07/14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\SysNative\drivers\tcpip.sys
[2009/07/14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
< MD5 for: USERINIT.EXE >
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\SysNative\winlogon.exe
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
< >
< %systemroot%*.* /U /s >
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[2 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[8 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[8 C:\Windows\SysWOW64\*.tmp files -> C:\Windows\SysWOW64\*.tmp -> ]
[228 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2012/01/25 18:53:12 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\Adobe
[2011/10/29 20:21:58 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\ATI
[2012/04/07 15:27:21 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\BitTorrent
[2011/12/26 22:17:26 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\BSplayer
[2011/12/26 19:28:48 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\BSplayer Pro
[2011/10/29 20:44:17 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\DAEMON Tools Lite
[2011/11/15 01:27:35 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\DC++
[2011/12/27 20:58:40 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\ERS Game Studios
[2011/11/13 11:26:44 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\GHISLER
[2012/01/13 01:22:02 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\Happy Artist Studio
[2011/10/29 20:05:44 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\Identities
[2011/10/29 20:24:55 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\InstallShield
[2011/11/13 11:45:47 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\InstallShield Installation Information
[2012/03/23 19:41:35 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\JLC's Software
[2011/12/24 14:31:12 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\Lavasoft
[2011/10/29 22:03:32 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\Macromedia
[2009/07/14 09:54:31 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\Media Center Programs
[2012/02/16 15:29:04 | 000,000,000 | --SD | M] -- C:\Users\scarto\AppData\Roaming\Microsoft
[2011/10/29 20:30:35 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\Mozilla
[2011/12/06 19:46:20 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\Nokia
[2012/02/19 11:26:24 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\NVIDIA
[2011/12/06 18:33:43 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\PC Suite
[2012/04/09 20:46:52 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\Samsung
[2011/11/13 12:21:03 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\SEGA Corporation
[2012/04/26 13:14:36 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\Skype
[2012/04/09 22:11:22 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\StreamTorrent
[2012/01/22 21:07:42 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\TeamViewer
[2012/04/09 23:33:40 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\Temp
[2012/04/14 15:53:26 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\vlc
[2011/11/13 03:44:48 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\Winamp
[2011/10/29 22:01:02 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\WinRAR
< %APPDATA%\*.exe /s >
[2009/08/11 22:21:26 | 000,087,552 | ---- | M] () -- C:\Users\scarto\AppData\Roaming\BSplayer\AC3 Filter\ac3config.exe
[2009/08/11 22:21:30 | 000,090,112 | ---- | M] () -- C:\Users\scarto\AppData\Roaming\BSplayer\AC3 Filter\spdif_test.exe
[2010/03/22 15:52:04 | 000,697,690 | ---- | M] () -- C:\Users\scarto\AppData\Roaming\BSplayer\AC3 Filter\unins000.exe
[2010/02/23 18:01:52 | 001,185,871 | ---- | M] () -- C:\Users\scarto\AppData\Roaming\BSplayer\FFDShow\unins000.exe
[2010/08/14 11:42:54 | 000,113,152 | ---- | M] () -- C:\Users\scarto\AppData\Roaming\BSplayer\Haali media splitter\dsmux.exe
[2010/08/14 11:45:10 | 000,358,400 | ---- | M] () -- C:\Users\scarto\AppData\Roaming\BSplayer\Haali media splitter\gdsmux.exe
[2010/08/14 11:42:06 | 000,137,728 | ---- | M] () -- C:\Users\scarto\AppData\Roaming\BSplayer\Haali media splitter\mkv2vfr.exe
[2010/09/30 16:30:22 | 000,042,305 | ---- | M] () -- C:\Users\scarto\AppData\Roaming\BSplayer\Haali media splitter\uninstall.exe
[2012/04/09 20:50:33 | 003,154,792 | ---- | M] (Microsoft Corporation) -- C:\Users\scarto\AppData\Roaming\Samsung\Kies\UpdateTemp\NDP40-KB2461678-x64.exe
[2012/03/07 00:36:32 | 000,943,504 | ---- | M] (Samsung) -- C:\Users\scarto\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\Kies.exe
[2012/03/07 00:36:34 | 000,278,928 | ---- | M] () -- C:\Users\scarto\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe
[2012/02/01 00:17:02 | 000,308,224 | ---- | M] (Samsung) -- C:\Users\scarto\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesLogger.exe
[2012/03/07 00:36:32 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\scarto\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe
[2012/01/31 01:16:12 | 000,290,816 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\scarto\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceDataService.exe
[2012/01/31 01:16:12 | 000,693,248 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\scarto\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceManager.exe
[2012/03/07 00:36:38 | 000,067,472 | ---- | M] (Samsung) -- C:\Users\scarto\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe
[2012/02/03 00:43:58 | 000,106,408 | ---- | M] () -- C:\Users\scarto\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentInstaller.exe
[2012/02/03 00:43:58 | 000,101,288 | ---- | M] () -- C:\Users\scarto\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentUpdate.exe
[2012/03/07 00:36:40 | 000,131,984 | ---- | M] () -- C:\Users\scarto\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2012/03/07 00:36:42 | 000,021,392 | ---- | M] () -- C:\Users\scarto\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe
[2012/03/07 00:36:42 | 003,570,312 | ---- | M] (Freeware) -- C:\Users\scarto\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe
[2012/01/31 01:15:38 | 024,123,656 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\scarto\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
[2012/03/07 00:36:44 | 000,371,088 | ---- | M] (ml) -- C:\Users\scarto\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
[2012/04/04 07:05:32 | 000,371,088 | ---- | M] (ml) -- C:\Users\scarto\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 03:15:28 | 010,973,696 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll
[8 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
[8 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2012/05/03 12:25:23 | 000,214,520 | ---- | M] () -- C:\Windows\system32\PnkBstrB.exe
[2012/05/03 12:25:23 | 000,214,520 | ---- | M] () -- C:\Windows\system32\PnkBstrB.xtr
[8 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"DAEMON Tools Lite" = "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun -- [2011/08/02 09:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd)
"KiesHelper" = C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s -- [2012/04/04 07:05:14 | 000,954,256 | ---- | M] (Samsung)
"KiesPDLR" = C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe -- [2012/04/04 07:05:28 | 000,021,392 | ---- | M] ()
< >
< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2012/04/26 10:44:46 | 000,924,600 | ---- | M] (Mozilla Corporation) MD5=4F69AABB5D82AA4EF6DFF7871212ADF6 -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2009/07/14 03:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
< %PROGRAMFILES%\Opera\opera.exe /md5 >
< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
< >
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012/05/04 22:41:49 | 000,000,512 | ---- | M] () MD5=3259C852B82D63836E3E6C9E7CABE757 -- C:\PhysicalMBR.bin
< >
< *crack* /s >
[2012/01/23 20:28:05 | 002,139,481 | ---- | M] () -- \Users\scarto\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0HSWNZE8\safeCrackers[1].swf
[2012/01/23 20:28:06 | 000,323,196 | ---- | M] () -- \Users\scarto\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DG8KNEG8\safeCrackersSounds[1].swf
[2012/03/28 23:50:50 | 000,000,681 | ---- | M] () -- \Users\scarto\AppData\Roaming\Microsoft\Windows\Recent\Crack.lnk
[2012/03/14 12:06:16 | 000,000,457 | ---- | M] () -- \Users\scarto\AppData\Roaming\Microsoft\Windows\Recent\dbpatch_v1.2_cracked.zip.lnk
[2012/03/23 19:22:46 | 000,000,684 | ---- | M] () -- \Users\scarto\AppData\Roaming\Microsoft\Windows\Recent\DIRT 3 Crack.rar.lnk
[2012/03/15 23:42:04 | 000,000,795 | ---- | M] () -- \Users\scarto\AppData\Roaming\Microsoft\Windows\Recent\Mass.Effect.3-Crack.rar.lnk
[2012/03/06 15:55:57 | 000,001,469 | ---- | M] () -- \Users\scarto\AppData\Roaming\Microsoft\Windows\Recent\UltimatePortable.Ultimate.Voice.Recorder.v5.75.2.S60v3.SymbianOS9.1.Unsigned.Cracked-illusion.sis.lnk
[2008/11/27 09:27:30 | 000,407,688 | ---- | M] () -- \Users\scarto\Desktop\nokia\instal\Lonely.Cat.Games.X-plore.v1.20.S60v3.SymbianOS9.1.Cracked-BiNPDA.sis
[2010/05/14 04:07:06 | 000,371,424 | ---- | M] () -- \Users\scarto\Desktop\nokia\instal\Picobros_CrackedScreenTrick_1_0_0.sis
[2009/10/13 09:14:14 | 000,175,080 | ---- | M] () -- \Users\scarto\Desktop\nokia\Others\Tektronic.Stopwatch.Plus.v1.02.290.S60v3.S60v5.SymbianOS9.x.Unsigned.Cracked-DiL-repack_rudko_no licence manager.sis
[2011/11/24 18:33:11 | 027,437,051 | ---- | M] () -- \Users\scarto\Downloads\samsung galaxy\letsgolf2tnb_v1.0.3_cracked_twingo.apk
[2011/11/24 20:42:07 | 005,498,047 | ---- | M] () -- \Users\scarto\Downloads\samsung galaxy\moderncombat2blackpegasustnb_v1.0.2_cracked_twingo.apk
[2011/11/24 20:43:55 | 009,532,355 | ---- | M] () -- \Users\scarto\Downloads\samsung galaxy\novatnb_v4.0.5_cracked_twingo.apk
< *keygen* /s >
< *loader* /s >
[2010/04/19 01:03:12 | 000,003,604 | ---- | M] () -- \Program Files (x86)\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libs\loader.js
[2009/05/31 04:21:00 | 000,071,008 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2009/05/31 19:21:00 | 000,073,568 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader64.dll
[2012/03/30 12:24:00 | 000,069,120 | ---- | M] () -- \Program Files (x86)\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.dll
[2012/04/04 07:05:26 | 000,183,696 | ---- | M] () -- \Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2008/06/20 19:13:32 | 000,044,032 | ---- | M] () -- \Program Files (x86)\WinRAR\RarExtLoader.exe
[2011/11/16 13:29:38 | 000,006,494 | ---- | M] () -- \ProgramData\AVG Secure Search\10.0.0.7\modules\skin\ajax-loader.gif
[2011/11/16 13:29:38 | 000,000,729 | ---- | M] () -- \ProgramData\AVG Secure Search\10.0.0.7\modules\skin\loader.gif
[2012/02/21 17:04:52 | 000,006,494 | ---- | M] () -- \ProgramData\AVG Secure Search\10.2.0.3\modules\skin\ajax-loader.gif
[2012/02/21 17:04:52 | 000,000,729 | ---- | M] () -- \ProgramData\AVG Secure Search\10.2.0.3\modules\skin\loader.gif
[2011/12/07 10:31:20 | 000,006,494 | ---- | M] () -- \ProgramData\AVG Secure Search\9.0.0.18\modules\skin\ajax-loader.gif
[2011/12/07 10:31:20 | 000,000,729 | ---- | M] () -- \ProgramData\AVG Secure Search\9.0.0.18\modules\skin\loader.gif
[2011/11/16 13:29:38 | 000,006,494 | ---- | M] () -- \Users\All Users\AVG Secure Search\10.0.0.7\modules\skin\ajax-loader.gif
[2011/11/16 13:29:38 | 000,000,729 | ---- | M] () -- \Users\All Users\AVG Secure Search\10.0.0.7\modules\skin\loader.gif
[2012/02/21 17:04:52 | 000,006,494 | ---- | M] () -- \Users\All Users\AVG Secure Search\10.2.0.3\modules\skin\ajax-loader.gif
[2012/02/21 17:04:52 | 000,000,729 | ---- | M] () -- \Users\All Users\AVG Secure Search\10.2.0.3\modules\skin\loader.gif
[2011/12/07 10:31:20 | 000,006,494 | ---- | M] () -- \Users\All Users\AVG Secure Search\9.0.0.18\modules\skin\ajax-loader.gif
[2011/12/07 10:31:20 | 000,000,729 | ---- | M] () -- \Users\All Users\AVG Secure Search\9.0.0.18\modules\skin\loader.gif
[2012/05/04 21:28:04 | 000,017,418 | ---- | M] () -- \Users\scarto\AppData\Local\SRDownloader.err
[2012/05/04 22:51:31 | 000,001,096 | ---- | M] () -- \Users\scarto\AppData\Local\SRDownloader.nast
[2012/01/24 04:19:18 | 000,003,951 | ---- | M] () -- \Users\scarto\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WP9MC7VM\ajax-loader[1].gif
[2012/04/01 16:35:38 | 000,040,808 | ---- | M] () -- \Users\scarto\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WP9MC7VM\universaldownloader-prefetch[1].txt
[2012/01/19 22:01:57 | 000,205,505 | ---- | M] () -- \Users\scarto\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RHL18GNL\fw2_loader[2].swf
[2012/03/22 19:37:41 | 000,001,122 | ---- | M] () -- \Users\scarto\AppData\Roaming\Microsoft\Windows\Recent\Dirt.3.Complete.Edition.2012.FiGHTCLUB.by.Colly.of.PowerUploaders.iso.lnk
[2012/05/04 13:40:37 | 000,000,631 | ---- | M] () -- \Users\scarto\AppData\Roaming\Microsoft\Windows\Recent\Sniper.Elite.V2-SKIDROW.by.M19.of.PowerUploaders.lnk
[2012/04/01 23:02:42 | 000,000,625 | ---- | M] () -- \Users\scarto\AppData\Roaming\Microsoft\Windows\Recent\Vessel.2012.SKIDROW.by.Colly.of.PowerUploaders.lnk
[2012/02/21 21:53:48 | 000,069,120 | ---- | M] () -- \Users\scarto\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\Common\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.dll
[2012/03/07 00:36:40 | 000,131,984 | ---- | M] () -- \Users\scarto\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2012/04/09 20:51:56 | 000,028,638 | ---- | M] () -- \Users\scarto\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\CabFile\Common\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.dll.cab
[2012/04/09 20:51:45 | 000,076,981 | ---- | M] () -- \Users\scarto\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\CabFile\External\FirmwareUpdate\BinaryLoaderMgr.exe.cab
[2012/02/18 23:10:17 | 000,904,192 | ---- | M] () -- \Users\scarto\Desktop\SRDownloader.exe
[2012/05/04 22:36:32 | 000,021,022 | ---- | M] () -- \Windows\Prefetch\RAREXTLOADER.EXE-4B76CB3C.pf
[2012/05/04 20:42:42 | 000,035,828 | ---- | M] () -- \Windows\Prefetch\SRDOWNLOADER.EXE-B4B7D5D2.pf
[2009/07/14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[8 \Windows\System32\*.tmp files -> \Windows\System32\*.tmp -> ]
[2009/07/14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[8 \Windows\SysWOW64\*.tmp files -> \Windows\SysWOW64\*.tmp -> ]
[2012/03/07 19:03:34 | 000,006,494 | ---- | M] () -- \Windows\Temp\avg@toolbar\modules\skin\ajax-loader.gif
[2012/03/07 19:03:34 | 000,000,729 | ---- | M] () -- \Windows\Temp\avg@toolbar\modules\skin\loader.gif
[2009/07/14 03:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009/07/14 03:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 09:44:39 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a.manifest
[2009/07/14 09:44:39 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winload.efi.mui_35ee487d
[2009/07/14 09:44:39 | 000,033,344 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winload.exe.mui_3bc5b827
[2009/07/14 09:44:39 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winresume.efi.mui_f412814e
[2009/07/14 09:44:39 | 000,029,760 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winresume.exe.mui_ff8b5358
[2009/07/14 04:58:45 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef.manifest
[2009/07/14 04:58:45 | 000,641,088 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef_winload.efi_75834aa0
[2009/07/14 04:58:45 | 000,604,192 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef_winload.exe_75835076
[2009/07/14 04:58:45 | 000,557,136 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef_winresume.efi_85cd069f
[2009/07/14 04:58:45 | 000,518,352 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef_winresume.exe_85cd1215
[2009/07/14 04:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009/07/14 04:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2009/07/14 09:43:41 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a.manifest
[2009/07/14 04:13:42 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef.manifest
[2009/07/14 04:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009/07/14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM
@Alternate Data Stream - 189 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:54380FEC
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
< End of report >
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\scarto\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy
2,00 Gb Total Physical Memory | 0,87 Gb Available Physical Memory | 43,32% Memory free
4,00 Gb Paging File | 2,36 Gb Available in Paging File | 59,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 24,98 Gb Free Space | 51,16% Space Free | Partition Type: NTFS
Drive D: | 184,05 Gb Total Space | 34,94 Gb Free Space | 18,98% Space Free | Partition Type: NTFS
Drive F: | 5,13 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: SCARTO-PC | User Name: scarto | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2012/05/04 22:36:19 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\scarto\Desktop\OTL.exe
PRC - [2012/04/26 10:44:46 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/04/04 07:05:28 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/04/04 07:05:16 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/03/07 19:02:25 | 000,918,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
PRC - [2012/03/07 19:02:23 | 000,982,880 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/02/18 23:10:17 | 000,904,192 | ---- | M] (Share-rapid.com) -- C:\Users\scarto\Desktop\SRDownloader.exe
PRC - [2012/01/26 20:23:37 | 004,109,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgui.exe
PRC - [2012/01/26 20:23:37 | 002,077,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2011/12/27 23:28:44 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/12/14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011/10/29 21:41:45 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2011/10/29 21:41:43 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgam.exe
PRC - [2011/10/27 11:34:30 | 000,718,384 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2011/10/15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/08/02 09:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2007/12/03 15:44:06 | 000,823,296 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\AirLive WL1600USB\AirLive WL1600USB Wireless Lan Utility\RtWLan.exe
PRC - [2007/07/27 11:49:46 | 000,036,864 | ---- | M] (Realtek) -- C:\Program Files (x86)\AirLive WL1600USB\AirLive WL1600USB Wireless Lan Utility\RtlService.exe
========== Modules (No Company Name) ==========
MOD - [2012/04/26 10:44:46 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/04/09 20:54:08 | 000,115,137 | ---- | M] () -- C:\Users\scarto\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
MOD - [2012/04/09 20:53:09 | 017,632,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3989b4ca6cf904061992daec9e7d5644\PresentationFramework.ni.dll
MOD - [2012/04/09 20:52:42 | 000,450,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\42221dddc2b53dc24f14e9c285d1de8f\PresentationFramework.Aero.ni.dll
MOD - [2012/04/04 07:05:28 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012/03/07 19:02:23 | 000,982,880 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/01/22 13:47:55 | 001,159,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\6a6f4be744ed5bc5273cbcf0fcf303e3\System.Management.ni.dll
MOD - [2012/01/22 13:46:31 | 000,758,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e30ded9b9c19a264a974b1cc40d7d2cc\System.Runtime.Remoting.ni.dll
MOD - [2012/01/22 13:46:23 | 001,776,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\035910922f160d304fb834aae41f45a6\System.Xaml.ni.dll
MOD - [2012/01/22 09:48:53 | 013,006,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\17e020ae92d7fab33bcc1c98b25019d0\System.Windows.Forms.ni.dll
MOD - [2012/01/22 09:48:29 | 001,651,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\dd57bc19f5807c6dbe8f88d4a23277f6\System.Drawing.ni.dll
MOD - [2012/01/22 09:47:31 | 011,057,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\3963e9ce8d44f50e8367e92a8e3e42e6\PresentationCore.ni.dll
MOD - [2012/01/22 09:47:20 | 003,779,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\d17606e813f01376bd0def23726ecc62\WindowsBase.ni.dll
MOD - [2012/01/22 09:47:10 | 005,571,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e997d0200c25f7db6bd32313d50b729d\System.Xml.ni.dll
MOD - [2012/01/22 09:47:01 | 007,025,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\713647b987b140a17e3c4ffe4c721f85\System.Core.ni.dll
MOD - [2012/01/22 09:46:50 | 009,000,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\964da027ebca3b263a05cadb8eaa20a3\System.ni.dll
MOD - [2012/01/22 09:46:41 | 014,415,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\246f1a5abb686b9dcdf22d3505b08cea\mscorlib.ni.dll
MOD - [2011/10/29 22:03:27 | 008,522,400 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/15 01:54:26 | 000,265,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011/09/08 19:29:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/26 10:44:46 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/07 19:02:25 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2011/12/27 23:28:44 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/12/14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/11/10 15:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/10/29 21:41:45 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2011/10/27 11:34:30 | 000,718,384 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/10/15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/07/27 11:49:46 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\AirLive WL1600USB\AirLive WL1600USB Wireless Lan Utility\RtlService.exe -- (AirLiveUSB)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/02/24 11:14:42 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2012/02/24 11:14:42 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011/10/29 21:41:47 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2011/10/29 21:41:47 | 000,035,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2011/10/29 21:41:44 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2011/10/29 21:41:43 | 000,056,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (AvgRkx64)
DRV:64bit: - [2011/10/29 20:42:48 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/09/08 20:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/09/08 20:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/09/08 18:52:40 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009/07/14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/08/28 13:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/06/27 03:40:36 | 000,399,360 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8187.sys -- (RTL8187)
DRV:64bit: - [2007/04/23 13:15:48 | 000,031,016 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RtlProt.sys -- (RtlProt)
DRV:64bit: - [2005/03/29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2963671731-3287637191-3992571313-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = astroburn-search.com
IE - HKU\S-1-5-21-2963671731-3287637191-3992571313-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B1 DC 70 94 68 96 CC 01 [binary data]
IE - HKU\S-1-5-21-2963671731-3287637191-3992571313-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-2963671731-3287637191-3992571313-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-2963671731-3287637191-3992571313-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-2963671731-3287637191-3992571313-1000\..\SearchScopes\{5F970FDE-702B-4ef9-920C-5F2848A5AF26}: "URL" = http://www.astroburn-search.com/search/ ... earchTerms}
IE - HKU\S-1-5-21-2963671731-3287637191-3992571313-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={F83E ... 2011-12-07 09:30:46&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2963671731-3287637191-3992571313-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.astroburn-search.com/startpage"
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B63 ... &sap=ku&q="
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2011/10/29 21:49:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.2.0.3\ [2012/03/07 19:03:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/26 10:44:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/25 18:52:55 | 000,000,000 | ---D | M]
[2011/10/29 20:30:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\scarto\AppData\Roaming\mozilla\Extensions
[2012/05/02 13:36:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\scarto\AppData\Roaming\mozilla\Firefox\Profiles\su1k3wa9.default\extensions
[2012/03/01 22:10:59 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\scarto\AppData\Roaming\mozilla\Firefox\Profiles\su1k3wa9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/10/30 10:34:14 | 000,002,071 | ---- | M] () -- C:\Users\scarto\AppData\Roaming\Mozilla\Firefox\Profiles\su1k3wa9.default\searchplugins\absearch-search.xml
[2012/01/22 20:47:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/22 20:47:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/03/07 19:03:34 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\10.2.0.3
() (No name found) -- C:\USERS\SCARTO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SU1K3WA9.DEFAULT\EXTENSIONS\{71BFCCE7-421D-4042-95D4-A585A821CBCA}.XPI
[2012/04/26 10:44:46 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/16 15:36:03 | 000,001,583 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\atlas-sk.xml
[2012/03/07 19:02:23 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/16 15:36:03 | 000,001,380 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\azet-sk.xml
[2012/02/16 15:36:03 | 000,001,479 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\dunaj-sk.xml
[2012/02/16 15:36:03 | 000,001,473 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\slovnik-sk.xml
[2012/02/16 15:36:03 | 000,001,104 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-sk.xml
[2012/02/16 15:36:03 | 000,000,830 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\zoznam-sk.xml
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Astroburn Toolbar) - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - C:\Program Files (x86)\Astroburn Toolbar\ABToolbar64.dll File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-2963671731-3287637191-3992571313-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-2963671731-3287637191-3992571313-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-2963671731-3287637191-3992571313-1000\..\Toolbar\WebBrowser: (Astroburn Toolbar) - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - C:\Program Files (x86)\Astroburn Toolbar\ABToolbar64.dll File not found
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe File not found
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2963671731-3287637191-3992571313-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2963671731-3287637191-3992571313-1000..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-2963671731-3287637191-3992571313-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-2963671731-3287637191-3992571313-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2963671731-3287637191-3992571313-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/f ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.17.110.7 172.17.110.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB53D56B-5C6B-4EC8-B614-AC7E261DB731}: DhcpNameServer = 172.17.110.7 172.17.110.6
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/05/01 23:35:42 | 000,000,069 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{d373feaf-025a-11e1-ab96-001e8ce0dba0}\Shell - "" = AutoRun
O33 - MountPoints2\{d373feaf-025a-11e1-ab96-001e8ce0dba0}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2012/05/01 23:35:42 | 001,188,799 | R--- | M] (Rebellion )
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 7 Days ==========
[2012/05/04 22:36:08 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\scarto\Desktop\OTL.exe
[2012/05/04 15:47:47 | 000,000,000 | ---D | C] -- C:\Users\scarto\AppData\Local\SniperV2
[2012/05/04 13:48:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rebellion
[2012/05/02 12:47:25 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012/05/02 12:47:24 | 000,000,000 | ---D | C] -- C:\rsit
[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 7 Days ==========
[2012/05/04 22:41:49 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012/05/04 22:36:19 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\scarto\Desktop\OTL.exe
[2012/05/04 21:59:34 | 000,001,280 | ---- | M] () -- C:\Users\scarto\AppData\Local\SRDownloader.nast
[2012/05/04 21:28:04 | 000,017,418 | ---- | M] () -- C:\Users\scarto\AppData\Local\SRDownloader.err
[2012/05/04 20:41:17 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/04 20:41:17 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/04 20:33:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/04 20:33:30 | 1609,916,416 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/04 13:48:27 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\Sniper Elite V2.lnk
[2012/05/04 12:50:18 | 097,104,481 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2012/05/03 12:25:23 | 000,214,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/05/03 12:25:23 | 000,214,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/05/02 18:15:23 | 000,000,680 | ---- | M] () -- C:\Users\scarto\Desktop\radiopartyy.m3u
[2012/04/30 18:02:20 | 000,489,482 | ---- | M] () -- C:\Users\scarto\Desktop\lkdsakldklsa.png
[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/05/04 22:41:49 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012/05/04 13:48:27 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\Sniper Elite V2.lnk
[2012/05/02 18:15:23 | 000,000,680 | ---- | C] () -- C:\Users\scarto\Desktop\radiopartyy.m3u
[2012/04/30 18:02:19 | 000,489,482 | ---- | C] () -- C:\Users\scarto\Desktop\lkdsakldklsa.png
[2012/03/14 11:57:33 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/03/14 11:57:33 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/01/31 01:15:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/01/28 13:13:59 | 000,017,418 | ---- | C] () -- C:\Users\scarto\AppData\Local\SRDownloader.err
[2012/01/15 14:46:43 | 000,001,280 | ---- | C] () -- C:\Users\scarto\AppData\Local\SRDownloader.nast
[2011/12/27 23:28:50 | 000,214,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/12/27 23:28:44 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/12/26 03:25:54 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/12/24 15:12:43 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\StartupManager.dll
[2011/11/30 01:29:53 | 001,481,728 | ---- | C] () -- C:\Windows\SysWow64\LegitCheckControl.dll
[2011/11/30 01:29:53 | 000,190,976 | ---- | C] () -- C:\Windows\SysWow64\WgaLogon.dll
[2011/11/30 01:29:52 | 000,323,072 | ---- | C] () -- C:\Windows\SysWow64\WgaTray.exe
[2011/11/24 19:35:44 | 000,003,584 | ---- | C] () -- C:\Users\scarto\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/12 12:13:34 | 000,000,293 | ---- | C] () -- C:\Windows\game.ini
[2011/10/31 12:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/10/31 12:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/10/31 12:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/10/31 12:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/10/29 20:19:54 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2011/10/29 19:48:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/10/15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/14 11:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/03/17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
========== LOP Check ==========
[2012/04/07 15:27:21 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\BitTorrent
[2011/12/26 22:17:26 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\BSplayer
[2011/12/26 19:28:48 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\BSplayer Pro
[2011/10/29 20:44:17 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\DAEMON Tools Lite
[2011/11/15 01:27:35 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\DC++
[2011/12/27 20:58:40 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\ERS Game Studios
[2011/11/13 11:26:44 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\GHISLER
[2012/01/13 01:22:02 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\Happy Artist Studio
[2012/03/23 19:41:35 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\JLC's Software
[2011/12/06 19:46:20 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\Nokia
[2011/12/06 18:33:43 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\PC Suite
[2012/04/09 20:46:52 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\Samsung
[2011/11/13 12:21:03 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\SEGA Corporation
[2012/04/09 22:11:22 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\StreamTorrent
[2012/01/22 21:07:42 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\TeamViewer
[2012/04/09 23:33:40 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\Temp
[2012/04/18 14:27:27 | 000,032,512 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< >
< >
< MD5 for: ATAPI.SYS >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\SysWOW64\autochk.exe
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009/07/14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\SysNative\autochk.exe
[2009/07/14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
< MD5 for: CDROM.SYS >
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\drivers\cdrom.sys
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
< MD5 for: EXPLORER.EXE >
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\SysWOW64\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\explorer.exe
[2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
< MD5 for: HAL.DLL >
[2009/07/14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\SysNative\hal.dll
[2009/07/14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
< MD5 for: SCECLI.DLL >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: TCPIP.SYS >
[2009/07/14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\SysNative\drivers\tcpip.sys
[2009/07/14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
< MD5 for: USERINIT.EXE >
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\SysNative\winlogon.exe
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
< >
< %systemroot%*.* /U /s >
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[2 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[8 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[8 C:\Windows\SysWOW64\*.tmp files -> C:\Windows\SysWOW64\*.tmp -> ]
[228 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2012/01/25 18:53:12 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\Adobe
[2011/10/29 20:21:58 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\ATI
[2012/04/07 15:27:21 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\BitTorrent
[2011/12/26 22:17:26 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\BSplayer
[2011/12/26 19:28:48 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\BSplayer Pro
[2011/10/29 20:44:17 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\DAEMON Tools Lite
[2011/11/15 01:27:35 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\DC++
[2011/12/27 20:58:40 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\ERS Game Studios
[2011/11/13 11:26:44 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\GHISLER
[2012/01/13 01:22:02 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\Happy Artist Studio
[2011/10/29 20:05:44 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\Identities
[2011/10/29 20:24:55 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\InstallShield
[2011/11/13 11:45:47 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\InstallShield Installation Information
[2012/03/23 19:41:35 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\JLC's Software
[2011/12/24 14:31:12 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\Lavasoft
[2011/10/29 22:03:32 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\Macromedia
[2009/07/14 09:54:31 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\Media Center Programs
[2012/02/16 15:29:04 | 000,000,000 | --SD | M] -- C:\Users\scarto\AppData\Roaming\Microsoft
[2011/10/29 20:30:35 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\Mozilla
[2011/12/06 19:46:20 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\Nokia
[2012/02/19 11:26:24 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\NVIDIA
[2011/12/06 18:33:43 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\PC Suite
[2012/04/09 20:46:52 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\Samsung
[2011/11/13 12:21:03 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\SEGA Corporation
[2012/04/26 13:14:36 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\Skype
[2012/04/09 22:11:22 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\StreamTorrent
[2012/01/22 21:07:42 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\TeamViewer
[2012/04/09 23:33:40 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\Temp
[2012/04/14 15:53:26 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\vlc
[2011/11/13 03:44:48 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\Winamp
[2011/10/29 22:01:02 | 000,000,000 | ---D | M] -- C:\Users\scarto\AppData\Roaming\WinRAR
< %APPDATA%\*.exe /s >
[2009/08/11 22:21:26 | 000,087,552 | ---- | M] () -- C:\Users\scarto\AppData\Roaming\BSplayer\AC3 Filter\ac3config.exe
[2009/08/11 22:21:30 | 000,090,112 | ---- | M] () -- C:\Users\scarto\AppData\Roaming\BSplayer\AC3 Filter\spdif_test.exe
[2010/03/22 15:52:04 | 000,697,690 | ---- | M] () -- C:\Users\scarto\AppData\Roaming\BSplayer\AC3 Filter\unins000.exe
[2010/02/23 18:01:52 | 001,185,871 | ---- | M] () -- C:\Users\scarto\AppData\Roaming\BSplayer\FFDShow\unins000.exe
[2010/08/14 11:42:54 | 000,113,152 | ---- | M] () -- C:\Users\scarto\AppData\Roaming\BSplayer\Haali media splitter\dsmux.exe
[2010/08/14 11:45:10 | 000,358,400 | ---- | M] () -- C:\Users\scarto\AppData\Roaming\BSplayer\Haali media splitter\gdsmux.exe
[2010/08/14 11:42:06 | 000,137,728 | ---- | M] () -- C:\Users\scarto\AppData\Roaming\BSplayer\Haali media splitter\mkv2vfr.exe
[2010/09/30 16:30:22 | 000,042,305 | ---- | M] () -- C:\Users\scarto\AppData\Roaming\BSplayer\Haali media splitter\uninstall.exe
[2012/04/09 20:50:33 | 003,154,792 | ---- | M] (Microsoft Corporation) -- C:\Users\scarto\AppData\Roaming\Samsung\Kies\UpdateTemp\NDP40-KB2461678-x64.exe
[2012/03/07 00:36:32 | 000,943,504 | ---- | M] (Samsung) -- C:\Users\scarto\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\Kies.exe
[2012/03/07 00:36:34 | 000,278,928 | ---- | M] () -- C:\Users\scarto\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe
[2012/02/01 00:17:02 | 000,308,224 | ---- | M] (Samsung) -- C:\Users\scarto\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesLogger.exe
[2012/03/07 00:36:32 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\scarto\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe
[2012/01/31 01:16:12 | 000,290,816 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\scarto\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceDataService.exe
[2012/01/31 01:16:12 | 000,693,248 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\scarto\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceManager.exe
[2012/03/07 00:36:38 | 000,067,472 | ---- | M] (Samsung) -- C:\Users\scarto\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe
[2012/02/03 00:43:58 | 000,106,408 | ---- | M] () -- C:\Users\scarto\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentInstaller.exe
[2012/02/03 00:43:58 | 000,101,288 | ---- | M] () -- C:\Users\scarto\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentUpdate.exe
[2012/03/07 00:36:40 | 000,131,984 | ---- | M] () -- C:\Users\scarto\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2012/03/07 00:36:42 | 000,021,392 | ---- | M] () -- C:\Users\scarto\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe
[2012/03/07 00:36:42 | 003,570,312 | ---- | M] (Freeware) -- C:\Users\scarto\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe
[2012/01/31 01:15:38 | 024,123,656 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\scarto\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
[2012/03/07 00:36:44 | 000,371,088 | ---- | M] (ml) -- C:\Users\scarto\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
[2012/04/04 07:05:32 | 000,371,088 | ---- | M] (ml) -- C:\Users\scarto\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 03:15:28 | 010,973,696 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll
[8 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
[8 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2012/05/03 12:25:23 | 000,214,520 | ---- | M] () -- C:\Windows\system32\PnkBstrB.exe
[2012/05/03 12:25:23 | 000,214,520 | ---- | M] () -- C:\Windows\system32\PnkBstrB.xtr
[8 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"DAEMON Tools Lite" = "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun -- [2011/08/02 09:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd)
"KiesHelper" = C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s -- [2012/04/04 07:05:14 | 000,954,256 | ---- | M] (Samsung)
"KiesPDLR" = C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe -- [2012/04/04 07:05:28 | 000,021,392 | ---- | M] ()
< >
< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2012/04/26 10:44:46 | 000,924,600 | ---- | M] (Mozilla Corporation) MD5=4F69AABB5D82AA4EF6DFF7871212ADF6 -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2009/07/14 03:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
< %PROGRAMFILES%\Opera\opera.exe /md5 >
< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
< >
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012/05/04 22:41:49 | 000,000,512 | ---- | M] () MD5=3259C852B82D63836E3E6C9E7CABE757 -- C:\PhysicalMBR.bin
< >
< *crack* /s >
[2012/01/23 20:28:05 | 002,139,481 | ---- | M] () -- \Users\scarto\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0HSWNZE8\safeCrackers[1].swf
[2012/01/23 20:28:06 | 000,323,196 | ---- | M] () -- \Users\scarto\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DG8KNEG8\safeCrackersSounds[1].swf
[2012/03/28 23:50:50 | 000,000,681 | ---- | M] () -- \Users\scarto\AppData\Roaming\Microsoft\Windows\Recent\Crack.lnk
[2012/03/14 12:06:16 | 000,000,457 | ---- | M] () -- \Users\scarto\AppData\Roaming\Microsoft\Windows\Recent\dbpatch_v1.2_cracked.zip.lnk
[2012/03/23 19:22:46 | 000,000,684 | ---- | M] () -- \Users\scarto\AppData\Roaming\Microsoft\Windows\Recent\DIRT 3 Crack.rar.lnk
[2012/03/15 23:42:04 | 000,000,795 | ---- | M] () -- \Users\scarto\AppData\Roaming\Microsoft\Windows\Recent\Mass.Effect.3-Crack.rar.lnk
[2012/03/06 15:55:57 | 000,001,469 | ---- | M] () -- \Users\scarto\AppData\Roaming\Microsoft\Windows\Recent\UltimatePortable.Ultimate.Voice.Recorder.v5.75.2.S60v3.SymbianOS9.1.Unsigned.Cracked-illusion.sis.lnk
[2008/11/27 09:27:30 | 000,407,688 | ---- | M] () -- \Users\scarto\Desktop\nokia\instal\Lonely.Cat.Games.X-plore.v1.20.S60v3.SymbianOS9.1.Cracked-BiNPDA.sis
[2010/05/14 04:07:06 | 000,371,424 | ---- | M] () -- \Users\scarto\Desktop\nokia\instal\Picobros_CrackedScreenTrick_1_0_0.sis
[2009/10/13 09:14:14 | 000,175,080 | ---- | M] () -- \Users\scarto\Desktop\nokia\Others\Tektronic.Stopwatch.Plus.v1.02.290.S60v3.S60v5.SymbianOS9.x.Unsigned.Cracked-DiL-repack_rudko_no licence manager.sis
[2011/11/24 18:33:11 | 027,437,051 | ---- | M] () -- \Users\scarto\Downloads\samsung galaxy\letsgolf2tnb_v1.0.3_cracked_twingo.apk
[2011/11/24 20:42:07 | 005,498,047 | ---- | M] () -- \Users\scarto\Downloads\samsung galaxy\moderncombat2blackpegasustnb_v1.0.2_cracked_twingo.apk
[2011/11/24 20:43:55 | 009,532,355 | ---- | M] () -- \Users\scarto\Downloads\samsung galaxy\novatnb_v4.0.5_cracked_twingo.apk
< *keygen* /s >
< *loader* /s >
[2010/04/19 01:03:12 | 000,003,604 | ---- | M] () -- \Program Files (x86)\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libs\loader.js
[2009/05/31 04:21:00 | 000,071,008 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2009/05/31 19:21:00 | 000,073,568 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader64.dll
[2012/03/30 12:24:00 | 000,069,120 | ---- | M] () -- \Program Files (x86)\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.dll
[2012/04/04 07:05:26 | 000,183,696 | ---- | M] () -- \Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2008/06/20 19:13:32 | 000,044,032 | ---- | M] () -- \Program Files (x86)\WinRAR\RarExtLoader.exe
[2011/11/16 13:29:38 | 000,006,494 | ---- | M] () -- \ProgramData\AVG Secure Search\10.0.0.7\modules\skin\ajax-loader.gif
[2011/11/16 13:29:38 | 000,000,729 | ---- | M] () -- \ProgramData\AVG Secure Search\10.0.0.7\modules\skin\loader.gif
[2012/02/21 17:04:52 | 000,006,494 | ---- | M] () -- \ProgramData\AVG Secure Search\10.2.0.3\modules\skin\ajax-loader.gif
[2012/02/21 17:04:52 | 000,000,729 | ---- | M] () -- \ProgramData\AVG Secure Search\10.2.0.3\modules\skin\loader.gif
[2011/12/07 10:31:20 | 000,006,494 | ---- | M] () -- \ProgramData\AVG Secure Search\9.0.0.18\modules\skin\ajax-loader.gif
[2011/12/07 10:31:20 | 000,000,729 | ---- | M] () -- \ProgramData\AVG Secure Search\9.0.0.18\modules\skin\loader.gif
[2011/11/16 13:29:38 | 000,006,494 | ---- | M] () -- \Users\All Users\AVG Secure Search\10.0.0.7\modules\skin\ajax-loader.gif
[2011/11/16 13:29:38 | 000,000,729 | ---- | M] () -- \Users\All Users\AVG Secure Search\10.0.0.7\modules\skin\loader.gif
[2012/02/21 17:04:52 | 000,006,494 | ---- | M] () -- \Users\All Users\AVG Secure Search\10.2.0.3\modules\skin\ajax-loader.gif
[2012/02/21 17:04:52 | 000,000,729 | ---- | M] () -- \Users\All Users\AVG Secure Search\10.2.0.3\modules\skin\loader.gif
[2011/12/07 10:31:20 | 000,006,494 | ---- | M] () -- \Users\All Users\AVG Secure Search\9.0.0.18\modules\skin\ajax-loader.gif
[2011/12/07 10:31:20 | 000,000,729 | ---- | M] () -- \Users\All Users\AVG Secure Search\9.0.0.18\modules\skin\loader.gif
[2012/05/04 21:28:04 | 000,017,418 | ---- | M] () -- \Users\scarto\AppData\Local\SRDownloader.err
[2012/05/04 22:51:31 | 000,001,096 | ---- | M] () -- \Users\scarto\AppData\Local\SRDownloader.nast
[2012/01/24 04:19:18 | 000,003,951 | ---- | M] () -- \Users\scarto\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WP9MC7VM\ajax-loader[1].gif
[2012/04/01 16:35:38 | 000,040,808 | ---- | M] () -- \Users\scarto\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WP9MC7VM\universaldownloader-prefetch[1].txt
[2012/01/19 22:01:57 | 000,205,505 | ---- | M] () -- \Users\scarto\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RHL18GNL\fw2_loader[2].swf
[2012/03/22 19:37:41 | 000,001,122 | ---- | M] () -- \Users\scarto\AppData\Roaming\Microsoft\Windows\Recent\Dirt.3.Complete.Edition.2012.FiGHTCLUB.by.Colly.of.PowerUploaders.iso.lnk
[2012/05/04 13:40:37 | 000,000,631 | ---- | M] () -- \Users\scarto\AppData\Roaming\Microsoft\Windows\Recent\Sniper.Elite.V2-SKIDROW.by.M19.of.PowerUploaders.lnk
[2012/04/01 23:02:42 | 000,000,625 | ---- | M] () -- \Users\scarto\AppData\Roaming\Microsoft\Windows\Recent\Vessel.2012.SKIDROW.by.Colly.of.PowerUploaders.lnk
[2012/02/21 21:53:48 | 000,069,120 | ---- | M] () -- \Users\scarto\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\Common\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.dll
[2012/03/07 00:36:40 | 000,131,984 | ---- | M] () -- \Users\scarto\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2012/04/09 20:51:56 | 000,028,638 | ---- | M] () -- \Users\scarto\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\CabFile\Common\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.dll.cab
[2012/04/09 20:51:45 | 000,076,981 | ---- | M] () -- \Users\scarto\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\CabFile\External\FirmwareUpdate\BinaryLoaderMgr.exe.cab
[2012/02/18 23:10:17 | 000,904,192 | ---- | M] () -- \Users\scarto\Desktop\SRDownloader.exe
[2012/05/04 22:36:32 | 000,021,022 | ---- | M] () -- \Windows\Prefetch\RAREXTLOADER.EXE-4B76CB3C.pf
[2012/05/04 20:42:42 | 000,035,828 | ---- | M] () -- \Windows\Prefetch\SRDOWNLOADER.EXE-B4B7D5D2.pf
[2009/07/14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[8 \Windows\System32\*.tmp files -> \Windows\System32\*.tmp -> ]
[2009/07/14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[8 \Windows\SysWOW64\*.tmp files -> \Windows\SysWOW64\*.tmp -> ]
[2012/03/07 19:03:34 | 000,006,494 | ---- | M] () -- \Windows\Temp\avg@toolbar\modules\skin\ajax-loader.gif
[2012/03/07 19:03:34 | 000,000,729 | ---- | M] () -- \Windows\Temp\avg@toolbar\modules\skin\loader.gif
[2009/07/14 03:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009/07/14 03:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/14 09:44:39 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a.manifest
[2009/07/14 09:44:39 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winload.efi.mui_35ee487d
[2009/07/14 09:44:39 | 000,033,344 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winload.exe.mui_3bc5b827
[2009/07/14 09:44:39 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winresume.efi.mui_f412814e
[2009/07/14 09:44:39 | 000,029,760 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winresume.exe.mui_ff8b5358
[2009/07/14 04:58:45 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef.manifest
[2009/07/14 04:58:45 | 000,641,088 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef_winload.efi_75834aa0
[2009/07/14 04:58:45 | 000,604,192 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef_winload.exe_75835076
[2009/07/14 04:58:45 | 000,557,136 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef_winresume.efi_85cd069f
[2009/07/14 04:58:45 | 000,518,352 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef_winresume.exe_85cd1215
[2009/07/14 04:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009/07/14 04:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2009/07/14 09:43:41 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a.manifest
[2009/07/14 04:13:42 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef.manifest
[2009/07/14 04:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009/07/14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009/07/14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM
@Alternate Data Stream - 189 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:54380FEC
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
< End of report >
Re: Prosím o kontrolu logu. stále hlásí trojan.Generic.27.BK
OTL Extras logfile created on: 4. 5. 2012 22:39:49 - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\scarto\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy
2,00 Gb Total Physical Memory | 0,87 Gb Available Physical Memory | 43,32% Memory free
4,00 Gb Paging File | 2,36 Gb Available in Paging File | 59,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 24,98 Gb Free Space | 51,16% Space Free | Partition Type: NTFS
Drive D: | 184,05 Gb Total Space | 34,94 Gb Free Space | 18,98% Space Free | Partition Type: NTFS
Drive F: | 5,13 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: SCARTO-PC | User Name: scarto | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2963671731-3287637191-3992571313-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1E6F4D28-C508-4927-93ED-5791DFEEDAC2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{22C12BE8-D153-4558-8AD9-88704142ECD7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2BEFC39E-CFE7-4507-A56A-812361EA21B0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{307F0C41-6074-4EB0-8913-1C214E8EFF9C}" = rport=445 | protocol=6 | dir=out | app=system |
"{3BBF681C-78A3-43C0-8E8A-1B5BDFA2DCD7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4E1E3832-3FF3-4847-BB87-C6887E507394}" = lport=10243 | protocol=6 | dir=in | app=system |
"{53B8A5FC-7268-444D-A782-AD280C330545}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5BA4D2A0-6D82-4EAF-A3E5-4A6CCDAD221E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{75D06AA1-19F6-43A7-A58D-765FB105C44D}" = rport=139 | protocol=6 | dir=out | app=system |
"{89B76052-89F0-490B-A6E3-34C87CC99CEC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{91A491E2-A093-44CC-A8F5-5D1360E3F6E3}" = rport=137 | protocol=17 | dir=out | app=system |
"{A1E6F686-1753-4594-9A57-A83585EF3929}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B7B05DA8-325A-4791-B007-C6B832703114}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BBAFCA12-ACD4-492C-8EF9-1EEF7839EECE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D308E1B0-A21E-45A5-9340-4C417D66E130}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D489491C-33F3-436B-A004-BA33B24B8317}" = lport=139 | protocol=6 | dir=in | app=system |
"{DF48E566-44B7-4481-8181-2E49BA5AD3BF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E1F53AEF-B4A0-467F-ADA7-7F21E03E6D38}" = lport=445 | protocol=6 | dir=in | app=system |
"{EC2788DF-1805-4888-9536-CB3835E5E536}" = rport=138 | protocol=17 | dir=out | app=system |
"{F469064F-066F-4C82-877C-AA3C937DD1A4}" = lport=137 | protocol=17 | dir=in | app=system |
"{FA6CD61C-4CFD-433F-8B0E-F39302FAD9A7}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E6D91B-3B09-4C21-83DF-843A9A5CBF5E}" = protocol=6 | dir=out | app=system |
"{03E12F29-9A85-4148-A216-CBD23604DBFA}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{069ED055-2976-4039-A5E1-786173942211}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1B0BD491-4900-41C5-A795-001824162946}" = protocol=17 | dir=in | app=d:\program files (x86)\bittorrent\bittorrent.exe |
"{1BCA628F-1711-4F50-A20B-B376C5078046}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\rayman origins\gu.exe |
"{1E59912B-A80C-4694-991A-30B361B6254E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2030C2BA-260E-42CA-A745-1996E24118C1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2878B6C2-4B17-457D-81AC-A2280934E249}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2A60DE94-C260-435E-BF8F-D88E14340410}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{3748CA32-81E1-4DB0-B19F-3A90E579C9E9}" = protocol=6 | dir=in | app=d:\program files (x86)\bittorrent\bittorrent.exe |
"{3ECC40D5-8198-4141-B557-3B99848AFD62}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3F85148F-A829-4574-82F9-5773C8C50F94}" = dir=in | app=c:\program files (x86)\avg\avg9\avgam.exe |
"{4405FEBF-6869-4851-BE25-FECB343E38C8}" = dir=in | app=c:\program files (x86)\avg\avg9\avgupd.exe |
"{447E3BE8-C43B-4F70-A994-47E026415F81}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{4ABD9C8C-07C2-4E44-AE62-BDB31F51D64F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4CF1B36B-8E10-44BD-B384-5483D1CF7CF6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{50B1B4EF-F6D1-450B-A16D-418C476D1296}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\rayman origins\rayman origins.exe |
"{5950DA4D-5383-4D7A-996E-A5CF4F1E13A2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{704D1710-15F9-4848-8254-8F7A8025C004}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{72F8B1FA-9347-433F-9F28-FAC13DD57CB0}" = protocol=17 | dir=in | app=d:\program files (x86)\codemasters\dirt 3\dirt3_game.exe |
"{7F2152A5-7C48-4825-AF62-BA5372342E1D}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\rayman origins\gu.exe |
"{816F7930-DE62-4160-A847-AF8A4A3D1175}" = protocol=6 | dir=in | app=d:\program files (x86)\codemasters\dirt 3\dirt3_game.exe |
"{8AC74ED8-81B0-4364-8BE3-2F22CA8A6EAD}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\rayman origins\rayman origins.exe |
"{8EB197F3-D0F2-4F80-A67E-885D66CEEDE6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9F8DDA8A-7557-4ED5-A203-E351C3CA36F0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AFD941D6-4B8B-436D-9BD8-29F821AF7286}" = dir=in | app=c:\program files (x86)\avg\avg9\avgdiagex.exe |
"{C62A6DE1-34D1-44C1-9A8C-41A129BD55B1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C8756EEF-E3BD-4327-A7C4-5FEE07A730A8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D2864856-8CF4-48FB-A059-8B14968D743A}" = dir=in | app=c:\program files (x86)\avg\avg9\avgnsa.exe |
"{D28C4E51-78F5-4D1C-9FF3-E29680FB2FEF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D2FDD9B6-BDAF-453A-8C90-A999BFAEA3B0}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{D77545E9-B20D-4474-8813-D9228A79E015}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D934FCEB-0544-4D14-A79B-7A8F377B817A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DBC8FC02-4BCE-4748-96B9-0116D47B6611}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{E8C76CFD-254F-4D98-AB94-00A9D90617F3}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{EE1F0B5B-ACCC-4777-BCC0-045EE7B5FA68}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F666538E-AF47-469D-950C-38BC4F1D2C28}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FD3C16E9-DC4A-40DE-8C4D-671A4BFC0280}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{0F664289-63DA-4A6E-8AF2-775B0F1EB4B1}D:\program files (x86)\robot entertainment\orcs must die!\build\release\orcsmustdie.exe" = protocol=6 | dir=in | app=d:\program files (x86)\robot entertainment\orcs must die!\build\release\orcsmustdie.exe |
"TCP Query User{141B2D63-2E87-4F62-BE16-048C42DEA58D}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
"TCP Query User{30C2E1A7-D6C9-4F36-ABDF-5C1FB4489F84}D:\program files (x86)\sega\renegade ops\renegadeops.exe" = protocol=6 | dir=in | app=d:\program files (x86)\sega\renegade ops\renegadeops.exe |
"TCP Query User{32B71E89-CEC2-430C-A5BD-0F2B35B82A0E}D:\program files (x86)\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=d:\program files (x86)\dc++\dcplusplus.exe |
"TCP Query User{4BBE3A19-F408-405F-8C2C-2BE443B25DBD}D:\program files (x86)\ubisoft\rayman origins\rayman origins.exe" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\rayman origins\rayman origins.exe |
"TCP Query User{58384DF5-E2B3-45BE-B374-A0FD78DC2627}D:\games\mass effect 3\binaries\win32\masseffect3.exe" = protocol=6 | dir=in | app=d:\games\mass effect 3\binaries\win32\masseffect3.exe |
"TCP Query User{68CD5FF8-E037-480C-91F9-BCE131080C33}D:\program files (x86)\rochard\rochard.exe" = protocol=6 | dir=in | app=d:\program files (x86)\rochard\rochard.exe |
"TCP Query User{754FEED7-5CBF-4367-AA4C-5D46A5F711DE}D:\program files (x86)\doublesix games\all zombies must die!\binaries\win32\shippingpc-bzb2game.exe" = protocol=6 | dir=in | app=d:\program files (x86)\doublesix games\all zombies must die!\binaries\win32\shippingpc-bzb2game.exe |
"TCP Query User{7675206A-F9BF-480C-9E76-81E4EE95B755}D:\program files (x86)\biart\deep black reloaded\deepblack.exe" = protocol=6 | dir=in | app=d:\program files (x86)\biart\deep black reloaded\deepblack.exe |
"TCP Query User{93C43D92-92D0-4FAF-8544-E5D192B47092}C:\users\scarto\downloads\novoline\spiel-11-18\gameunp.exe" = protocol=6 | dir=in | app=c:\users\scarto\downloads\novoline\spiel-11-18\gameunp.exe |
"TCP Query User{971F8DFA-BFC1-4A8B-B12C-C26943D99F91}D:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=d:\program files\activision\call of duty 2\cod2mp_s.exe |
"TCP Query User{A0D74377-DA5E-49DA-A290-BEC8A8F4C06D}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{B54E79DD-AEC1-4268-8949-9CD8DBCF6115}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{B76A9FB7-53BA-48C8-A7FE-394D1FD555E3}D:\program files (x86)\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=d:\program files (x86)\activision\call of duty 2\cod2mp_s.exe |
"TCP Query User{C7400814-138B-42D0-8D6C-76FEAFC8270C}C:\users\scarto\appdata\roaming\jlc's software\internet tv\update.exe" = protocol=6 | dir=in | app=c:\users\scarto\appdata\roaming\jlc's software\internet tv\update.exe |
"TCP Query User{D50F669E-2084-4528-BAA7-5252D21713E6}C:\users\scarto\appdata\local\temp\ir_ext_temp_0\autorun.exe" = protocol=6 | dir=in | app=c:\users\scarto\appdata\local\temp\ir_ext_temp_0\autorun.exe |
"TCP Query User{F0151BEA-5D96-4420-AF8E-C85CBBB803BE}D:\repack by maj3r\half-life 2d the orange box\the orange box\left 4 dead 2d\left 4 dead 2d\left 4 dead 2d\counterstrike2d.exe" = protocol=6 | dir=in | app=d:\repack by maj3r\half-life 2d the orange box\the orange box\left 4 dead 2d\left 4 dead 2d\left 4 dead 2d\counterstrike2d.exe |
"UDP Query User{01A727AD-8022-4D1D-8E80-B70EDFF4832B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{2AC07F40-4B2B-4A3C-A317-BC434EC5DF91}D:\program files (x86)\biart\deep black reloaded\deepblack.exe" = protocol=17 | dir=in | app=d:\program files (x86)\biart\deep black reloaded\deepblack.exe |
"UDP Query User{39805F50-7ABA-4AEA-82E0-EDEAD4D17F27}D:\program files (x86)\sega\renegade ops\renegadeops.exe" = protocol=17 | dir=in | app=d:\program files (x86)\sega\renegade ops\renegadeops.exe |
"UDP Query User{435F4ABA-4192-40ED-BDCE-9EBB43CC404A}C:\users\scarto\appdata\local\temp\ir_ext_temp_0\autorun.exe" = protocol=17 | dir=in | app=c:\users\scarto\appdata\local\temp\ir_ext_temp_0\autorun.exe |
"UDP Query User{4D58D47C-A98D-4293-9698-8C02F5E1571D}D:\program files (x86)\ubisoft\rayman origins\rayman origins.exe" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\rayman origins\rayman origins.exe |
"UDP Query User{5237E261-0544-47B0-958A-D1F9970CDDB3}D:\program files (x86)\rochard\rochard.exe" = protocol=17 | dir=in | app=d:\program files (x86)\rochard\rochard.exe |
"UDP Query User{5257090A-5587-4D9F-AEFB-23BF9EDABA53}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{5BFF0515-427E-438F-B967-07D237371C69}D:\repack by maj3r\half-life 2d the orange box\the orange box\left 4 dead 2d\left 4 dead 2d\left 4 dead 2d\counterstrike2d.exe" = protocol=17 | dir=in | app=d:\repack by maj3r\half-life 2d the orange box\the orange box\left 4 dead 2d\left 4 dead 2d\left 4 dead 2d\counterstrike2d.exe |
"UDP Query User{655B7C44-ED64-495D-ADE8-D77E6BB74D92}D:\program files (x86)\robot entertainment\orcs must die!\build\release\orcsmustdie.exe" = protocol=17 | dir=in | app=d:\program files (x86)\robot entertainment\orcs must die!\build\release\orcsmustdie.exe |
"UDP Query User{6F227CB8-D29F-440E-AAE4-532780C9A3FC}D:\program files (x86)\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=d:\program files (x86)\activision\call of duty 2\cod2mp_s.exe |
"UDP Query User{94E9C3B5-09BE-4628-B21D-07F51C314F72}D:\games\mass effect 3\binaries\win32\masseffect3.exe" = protocol=17 | dir=in | app=d:\games\mass effect 3\binaries\win32\masseffect3.exe |
"UDP Query User{9D662078-F4BD-446B-9D4E-7493E651900E}C:\users\scarto\downloads\novoline\spiel-11-18\gameunp.exe" = protocol=17 | dir=in | app=c:\users\scarto\downloads\novoline\spiel-11-18\gameunp.exe |
"UDP Query User{B9AA4C12-7357-413A-BC3F-275238FA4DE0}D:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=d:\program files\activision\call of duty 2\cod2mp_s.exe |
"UDP Query User{CBAD6E39-6E1B-4BDF-8DCC-3FFD49D4101A}C:\users\scarto\appdata\roaming\jlc's software\internet tv\update.exe" = protocol=17 | dir=in | app=c:\users\scarto\appdata\roaming\jlc's software\internet tv\update.exe |
"UDP Query User{DD20F140-7323-49DD-A43E-6256C68BFA30}D:\program files (x86)\doublesix games\all zombies must die!\binaries\win32\shippingpc-bzb2game.exe" = protocol=17 | dir=in | app=d:\program files (x86)\doublesix games\all zombies must die!\binaries\win32\shippingpc-bzb2game.exe |
"UDP Query User{DE257236-DE21-4188-AC65-C7052C2E778F}D:\program files (x86)\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=d:\program files (x86)\dc++\dcplusplus.exe |
"UDP Query User{FDC783BA-C631-41B0-898B-7375BC85571D}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java(TM) 6 Update 29 (64-bit)
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{52E5D8A7-B129-4A29-AD4B-EBB749DCC3A3}_is1" = GamePark klient 2.0.9.0
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Ovládač 3D Vision 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafický ovládač 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision radič ovládača 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Softvér systému s podporou technológie PhysX 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizácie NVIDIA 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DDC742CC-2382-4E49-8B59-A6EC368F94D4}" = PC Connectivity Solution 64-bit components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Registry Easy_is1" = Registry Easy v5.6
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}" = PC Connectivity Solution
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{879E1A85-4B17-48CF-8D73-6CC09F46497E}_is1" = Connon Fodder 3 version 1.0
"{90120000-0020-0405-0000-0000000FF1CE}" = Sada Compatibility Pack pro systém Office 2007
"{90850405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BE686891-3C56-4714-AFEF-341A7867BA80}" = AirLive Wireless 11g Wireless Driver and Utility
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{DE491AB9-1D47-4FED-A8F5-4D4325B2EB4B}" = Rayman Origins
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All Zombies Must Die!_is1" = All Zombies Must Die!
"Astroburn Lite" = Astroburn Lite
"AVG9Uninstall" = AVG 9.0
"BitTorrent" = BitTorrent
"BSPlayerf" = BS.Player FREE
"BulletProofSoft Startup Repair For Windows_is1" = BulletProofSoft Startup Repair For Windows 1.0.0.0
"DAEMON Tools Lite" = DAEMON Tools Lite
"GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"Mozilla Firefox 12.0 (x86 sk)" = Mozilla Firefox 12.0 (x86 sk)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"pcsx2-r4600" = PCSX2 - Playstation 2 Emulator
"Rage_is1" = Rage
"Shoot Many Robots (c) Demiurge Studios_is1" = Shoot Many Robots (c) Demiurge Studios version 1
"SkyDrift_is1" = SkyDrift
"Sniper Elite V2_is1" = Sniper Elite V2
"StreamTorrent 1.0" = StreamTorrent 1.0
"TeamViewer 7" = TeamViewer 7
"Totalcmd" = Total Commander (Remove or Repair)
"Vessel_is1" = Vessel
"VLC media player" = VLC media player 1.0.2
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"Xlsx Viewer Free_is1" = Xlsx Viewer Free 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 9. 4. 2012 14:51:42 | Computer Name = scarto-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.
Error - 10. 4. 2012 6:39:33 | Computer Name = scarto-PC | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
Multiple
requestedPrivileges elements are not allowed in manifest.
Error - 13. 4. 2012 10:13:53 | Computer Name = scarto-PC | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
Multiple
requestedPrivileges elements are not allowed in manifest.
Error - 14. 4. 2012 16:59:33 | Computer Name = scarto-PC | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
Multiple
requestedPrivileges elements are not allowed in manifest.
Error - 19. 4. 2012 10:04:55 | Computer Name = scarto-PC | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
Multiple
requestedPrivileges elements are not allowed in manifest.
Error - 19. 4. 2012 10:23:18 | Computer Name = scarto-PC | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
Multiple
requestedPrivileges elements are not allowed in manifest.
Error - 21. 4. 2012 15:11:09 | Computer Name = scarto-PC | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
Multiple
requestedPrivileges elements are not allowed in manifest.
Error - 25. 4. 2012 5:11:42 | Computer Name = scarto-PC | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
Multiple
requestedPrivileges elements are not allowed in manifest.
Error - 29. 4. 2012 6:24:25 | Computer Name = scarto-PC | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
Multiple
requestedPrivileges elements are not allowed in manifest.
Error - 30. 4. 2012 10:01:43 | Computer Name = scarto-PC | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
Multiple
requestedPrivileges elements are not allowed in manifest.
[ System Events ]
Error - 14. 3. 2012 17:24:18 | Computer Name = scarto-PC | Source = Service Control Manager | ID = 7026
Description = Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému
zlyhali pri načítaní: TfFsMon TFSysMon
Error - 15. 3. 2012 5:20:25 | Computer Name = scarto-PC | Source = Service Control Manager | ID = 7026
Description = Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému
zlyhali pri načítaní: TfFsMon TFSysMon
Error - 15. 3. 2012 13:18:38 | Computer Name = scarto-PC | Source = Service Control Manager | ID = 7026
Description = Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému
zlyhali pri načítaní: TfFsMon TFSysMon
Error - 15. 3. 2012 17:27:47 | Computer Name = scarto-PC | Source = Service Control Manager | ID = 7026
Description = Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému
zlyhali pri načítaní: TfFsMon TFSysMon
Error - 16. 3. 2012 4:58:50 | Computer Name = scarto-PC | Source = Service Control Manager | ID = 7026
Description = Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému
zlyhali pri načítaní: TfFsMon TFSysMon
Error - 16. 3. 2012 18:51:01 | Computer Name = scarto-PC | Source = Service Control Manager | ID = 7026
Description = Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému
zlyhali pri načítaní: TfFsMon TFSysMon
Error - 17. 3. 2012 6:27:20 | Computer Name = scarto-PC | Source = Service Control Manager | ID = 7026
Description = Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému
zlyhali pri načítaní: TfFsMon TFSysMon
Error - 17. 3. 2012 18:02:15 | Computer Name = scarto-PC | Source = Service Control Manager | ID = 7026
Description = Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému
zlyhali pri načítaní: TfFsMon TFSysMon
Error - 18. 3. 2012 6:37:57 | Computer Name = scarto-PC | Source = Service Control Manager | ID = 7026
Description = Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému
zlyhali pri načítaní: TfFsMon TFSysMon
Error - 18. 3. 2012 12:02:06 | Computer Name = scarto-PC | Source = Service Control Manager | ID = 7026
Description = Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému
zlyhali pri načítaní: TfFsMon TFSysMon
< End of report >
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\scarto\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy
2,00 Gb Total Physical Memory | 0,87 Gb Available Physical Memory | 43,32% Memory free
4,00 Gb Paging File | 2,36 Gb Available in Paging File | 59,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 24,98 Gb Free Space | 51,16% Space Free | Partition Type: NTFS
Drive D: | 184,05 Gb Total Space | 34,94 Gb Free Space | 18,98% Space Free | Partition Type: NTFS
Drive F: | 5,13 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: SCARTO-PC | User Name: scarto | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2963671731-3287637191-3992571313-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1E6F4D28-C508-4927-93ED-5791DFEEDAC2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{22C12BE8-D153-4558-8AD9-88704142ECD7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2BEFC39E-CFE7-4507-A56A-812361EA21B0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{307F0C41-6074-4EB0-8913-1C214E8EFF9C}" = rport=445 | protocol=6 | dir=out | app=system |
"{3BBF681C-78A3-43C0-8E8A-1B5BDFA2DCD7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4E1E3832-3FF3-4847-BB87-C6887E507394}" = lport=10243 | protocol=6 | dir=in | app=system |
"{53B8A5FC-7268-444D-A782-AD280C330545}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5BA4D2A0-6D82-4EAF-A3E5-4A6CCDAD221E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{75D06AA1-19F6-43A7-A58D-765FB105C44D}" = rport=139 | protocol=6 | dir=out | app=system |
"{89B76052-89F0-490B-A6E3-34C87CC99CEC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{91A491E2-A093-44CC-A8F5-5D1360E3F6E3}" = rport=137 | protocol=17 | dir=out | app=system |
"{A1E6F686-1753-4594-9A57-A83585EF3929}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B7B05DA8-325A-4791-B007-C6B832703114}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BBAFCA12-ACD4-492C-8EF9-1EEF7839EECE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D308E1B0-A21E-45A5-9340-4C417D66E130}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D489491C-33F3-436B-A004-BA33B24B8317}" = lport=139 | protocol=6 | dir=in | app=system |
"{DF48E566-44B7-4481-8181-2E49BA5AD3BF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E1F53AEF-B4A0-467F-ADA7-7F21E03E6D38}" = lport=445 | protocol=6 | dir=in | app=system |
"{EC2788DF-1805-4888-9536-CB3835E5E536}" = rport=138 | protocol=17 | dir=out | app=system |
"{F469064F-066F-4C82-877C-AA3C937DD1A4}" = lport=137 | protocol=17 | dir=in | app=system |
"{FA6CD61C-4CFD-433F-8B0E-F39302FAD9A7}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E6D91B-3B09-4C21-83DF-843A9A5CBF5E}" = protocol=6 | dir=out | app=system |
"{03E12F29-9A85-4148-A216-CBD23604DBFA}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{069ED055-2976-4039-A5E1-786173942211}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1B0BD491-4900-41C5-A795-001824162946}" = protocol=17 | dir=in | app=d:\program files (x86)\bittorrent\bittorrent.exe |
"{1BCA628F-1711-4F50-A20B-B376C5078046}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\rayman origins\gu.exe |
"{1E59912B-A80C-4694-991A-30B361B6254E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2030C2BA-260E-42CA-A745-1996E24118C1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2878B6C2-4B17-457D-81AC-A2280934E249}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2A60DE94-C260-435E-BF8F-D88E14340410}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{3748CA32-81E1-4DB0-B19F-3A90E579C9E9}" = protocol=6 | dir=in | app=d:\program files (x86)\bittorrent\bittorrent.exe |
"{3ECC40D5-8198-4141-B557-3B99848AFD62}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3F85148F-A829-4574-82F9-5773C8C50F94}" = dir=in | app=c:\program files (x86)\avg\avg9\avgam.exe |
"{4405FEBF-6869-4851-BE25-FECB343E38C8}" = dir=in | app=c:\program files (x86)\avg\avg9\avgupd.exe |
"{447E3BE8-C43B-4F70-A994-47E026415F81}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{4ABD9C8C-07C2-4E44-AE62-BDB31F51D64F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4CF1B36B-8E10-44BD-B384-5483D1CF7CF6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{50B1B4EF-F6D1-450B-A16D-418C476D1296}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\rayman origins\rayman origins.exe |
"{5950DA4D-5383-4D7A-996E-A5CF4F1E13A2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{704D1710-15F9-4848-8254-8F7A8025C004}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{72F8B1FA-9347-433F-9F28-FAC13DD57CB0}" = protocol=17 | dir=in | app=d:\program files (x86)\codemasters\dirt 3\dirt3_game.exe |
"{7F2152A5-7C48-4825-AF62-BA5372342E1D}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\rayman origins\gu.exe |
"{816F7930-DE62-4160-A847-AF8A4A3D1175}" = protocol=6 | dir=in | app=d:\program files (x86)\codemasters\dirt 3\dirt3_game.exe |
"{8AC74ED8-81B0-4364-8BE3-2F22CA8A6EAD}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\rayman origins\rayman origins.exe |
"{8EB197F3-D0F2-4F80-A67E-885D66CEEDE6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9F8DDA8A-7557-4ED5-A203-E351C3CA36F0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AFD941D6-4B8B-436D-9BD8-29F821AF7286}" = dir=in | app=c:\program files (x86)\avg\avg9\avgdiagex.exe |
"{C62A6DE1-34D1-44C1-9A8C-41A129BD55B1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C8756EEF-E3BD-4327-A7C4-5FEE07A730A8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D2864856-8CF4-48FB-A059-8B14968D743A}" = dir=in | app=c:\program files (x86)\avg\avg9\avgnsa.exe |
"{D28C4E51-78F5-4D1C-9FF3-E29680FB2FEF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D2FDD9B6-BDAF-453A-8C90-A999BFAEA3B0}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{D77545E9-B20D-4474-8813-D9228A79E015}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D934FCEB-0544-4D14-A79B-7A8F377B817A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DBC8FC02-4BCE-4748-96B9-0116D47B6611}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{E8C76CFD-254F-4D98-AB94-00A9D90617F3}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{EE1F0B5B-ACCC-4777-BCC0-045EE7B5FA68}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F666538E-AF47-469D-950C-38BC4F1D2C28}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FD3C16E9-DC4A-40DE-8C4D-671A4BFC0280}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{0F664289-63DA-4A6E-8AF2-775B0F1EB4B1}D:\program files (x86)\robot entertainment\orcs must die!\build\release\orcsmustdie.exe" = protocol=6 | dir=in | app=d:\program files (x86)\robot entertainment\orcs must die!\build\release\orcsmustdie.exe |
"TCP Query User{141B2D63-2E87-4F62-BE16-048C42DEA58D}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
"TCP Query User{30C2E1A7-D6C9-4F36-ABDF-5C1FB4489F84}D:\program files (x86)\sega\renegade ops\renegadeops.exe" = protocol=6 | dir=in | app=d:\program files (x86)\sega\renegade ops\renegadeops.exe |
"TCP Query User{32B71E89-CEC2-430C-A5BD-0F2B35B82A0E}D:\program files (x86)\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=d:\program files (x86)\dc++\dcplusplus.exe |
"TCP Query User{4BBE3A19-F408-405F-8C2C-2BE443B25DBD}D:\program files (x86)\ubisoft\rayman origins\rayman origins.exe" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\rayman origins\rayman origins.exe |
"TCP Query User{58384DF5-E2B3-45BE-B374-A0FD78DC2627}D:\games\mass effect 3\binaries\win32\masseffect3.exe" = protocol=6 | dir=in | app=d:\games\mass effect 3\binaries\win32\masseffect3.exe |
"TCP Query User{68CD5FF8-E037-480C-91F9-BCE131080C33}D:\program files (x86)\rochard\rochard.exe" = protocol=6 | dir=in | app=d:\program files (x86)\rochard\rochard.exe |
"TCP Query User{754FEED7-5CBF-4367-AA4C-5D46A5F711DE}D:\program files (x86)\doublesix games\all zombies must die!\binaries\win32\shippingpc-bzb2game.exe" = protocol=6 | dir=in | app=d:\program files (x86)\doublesix games\all zombies must die!\binaries\win32\shippingpc-bzb2game.exe |
"TCP Query User{7675206A-F9BF-480C-9E76-81E4EE95B755}D:\program files (x86)\biart\deep black reloaded\deepblack.exe" = protocol=6 | dir=in | app=d:\program files (x86)\biart\deep black reloaded\deepblack.exe |
"TCP Query User{93C43D92-92D0-4FAF-8544-E5D192B47092}C:\users\scarto\downloads\novoline\spiel-11-18\gameunp.exe" = protocol=6 | dir=in | app=c:\users\scarto\downloads\novoline\spiel-11-18\gameunp.exe |
"TCP Query User{971F8DFA-BFC1-4A8B-B12C-C26943D99F91}D:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=d:\program files\activision\call of duty 2\cod2mp_s.exe |
"TCP Query User{A0D74377-DA5E-49DA-A290-BEC8A8F4C06D}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{B54E79DD-AEC1-4268-8949-9CD8DBCF6115}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{B76A9FB7-53BA-48C8-A7FE-394D1FD555E3}D:\program files (x86)\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=d:\program files (x86)\activision\call of duty 2\cod2mp_s.exe |
"TCP Query User{C7400814-138B-42D0-8D6C-76FEAFC8270C}C:\users\scarto\appdata\roaming\jlc's software\internet tv\update.exe" = protocol=6 | dir=in | app=c:\users\scarto\appdata\roaming\jlc's software\internet tv\update.exe |
"TCP Query User{D50F669E-2084-4528-BAA7-5252D21713E6}C:\users\scarto\appdata\local\temp\ir_ext_temp_0\autorun.exe" = protocol=6 | dir=in | app=c:\users\scarto\appdata\local\temp\ir_ext_temp_0\autorun.exe |
"TCP Query User{F0151BEA-5D96-4420-AF8E-C85CBBB803BE}D:\repack by maj3r\half-life 2d the orange box\the orange box\left 4 dead 2d\left 4 dead 2d\left 4 dead 2d\counterstrike2d.exe" = protocol=6 | dir=in | app=d:\repack by maj3r\half-life 2d the orange box\the orange box\left 4 dead 2d\left 4 dead 2d\left 4 dead 2d\counterstrike2d.exe |
"UDP Query User{01A727AD-8022-4D1D-8E80-B70EDFF4832B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{2AC07F40-4B2B-4A3C-A317-BC434EC5DF91}D:\program files (x86)\biart\deep black reloaded\deepblack.exe" = protocol=17 | dir=in | app=d:\program files (x86)\biart\deep black reloaded\deepblack.exe |
"UDP Query User{39805F50-7ABA-4AEA-82E0-EDEAD4D17F27}D:\program files (x86)\sega\renegade ops\renegadeops.exe" = protocol=17 | dir=in | app=d:\program files (x86)\sega\renegade ops\renegadeops.exe |
"UDP Query User{435F4ABA-4192-40ED-BDCE-9EBB43CC404A}C:\users\scarto\appdata\local\temp\ir_ext_temp_0\autorun.exe" = protocol=17 | dir=in | app=c:\users\scarto\appdata\local\temp\ir_ext_temp_0\autorun.exe |
"UDP Query User{4D58D47C-A98D-4293-9698-8C02F5E1571D}D:\program files (x86)\ubisoft\rayman origins\rayman origins.exe" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\rayman origins\rayman origins.exe |
"UDP Query User{5237E261-0544-47B0-958A-D1F9970CDDB3}D:\program files (x86)\rochard\rochard.exe" = protocol=17 | dir=in | app=d:\program files (x86)\rochard\rochard.exe |
"UDP Query User{5257090A-5587-4D9F-AEFB-23BF9EDABA53}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{5BFF0515-427E-438F-B967-07D237371C69}D:\repack by maj3r\half-life 2d the orange box\the orange box\left 4 dead 2d\left 4 dead 2d\left 4 dead 2d\counterstrike2d.exe" = protocol=17 | dir=in | app=d:\repack by maj3r\half-life 2d the orange box\the orange box\left 4 dead 2d\left 4 dead 2d\left 4 dead 2d\counterstrike2d.exe |
"UDP Query User{655B7C44-ED64-495D-ADE8-D77E6BB74D92}D:\program files (x86)\robot entertainment\orcs must die!\build\release\orcsmustdie.exe" = protocol=17 | dir=in | app=d:\program files (x86)\robot entertainment\orcs must die!\build\release\orcsmustdie.exe |
"UDP Query User{6F227CB8-D29F-440E-AAE4-532780C9A3FC}D:\program files (x86)\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=d:\program files (x86)\activision\call of duty 2\cod2mp_s.exe |
"UDP Query User{94E9C3B5-09BE-4628-B21D-07F51C314F72}D:\games\mass effect 3\binaries\win32\masseffect3.exe" = protocol=17 | dir=in | app=d:\games\mass effect 3\binaries\win32\masseffect3.exe |
"UDP Query User{9D662078-F4BD-446B-9D4E-7493E651900E}C:\users\scarto\downloads\novoline\spiel-11-18\gameunp.exe" = protocol=17 | dir=in | app=c:\users\scarto\downloads\novoline\spiel-11-18\gameunp.exe |
"UDP Query User{B9AA4C12-7357-413A-BC3F-275238FA4DE0}D:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=d:\program files\activision\call of duty 2\cod2mp_s.exe |
"UDP Query User{CBAD6E39-6E1B-4BDF-8DCC-3FFD49D4101A}C:\users\scarto\appdata\roaming\jlc's software\internet tv\update.exe" = protocol=17 | dir=in | app=c:\users\scarto\appdata\roaming\jlc's software\internet tv\update.exe |
"UDP Query User{DD20F140-7323-49DD-A43E-6256C68BFA30}D:\program files (x86)\doublesix games\all zombies must die!\binaries\win32\shippingpc-bzb2game.exe" = protocol=17 | dir=in | app=d:\program files (x86)\doublesix games\all zombies must die!\binaries\win32\shippingpc-bzb2game.exe |
"UDP Query User{DE257236-DE21-4188-AC65-C7052C2E778F}D:\program files (x86)\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=d:\program files (x86)\dc++\dcplusplus.exe |
"UDP Query User{FDC783BA-C631-41B0-898B-7375BC85571D}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java(TM) 6 Update 29 (64-bit)
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{52E5D8A7-B129-4A29-AD4B-EBB749DCC3A3}_is1" = GamePark klient 2.0.9.0
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Ovládač 3D Vision 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafický ovládač 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision radič ovládača 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Softvér systému s podporou technológie PhysX 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizácie NVIDIA 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DDC742CC-2382-4E49-8B59-A6EC368F94D4}" = PC Connectivity Solution 64-bit components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Registry Easy_is1" = Registry Easy v5.6
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}" = PC Connectivity Solution
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{879E1A85-4B17-48CF-8D73-6CC09F46497E}_is1" = Connon Fodder 3 version 1.0
"{90120000-0020-0405-0000-0000000FF1CE}" = Sada Compatibility Pack pro systém Office 2007
"{90850405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BE686891-3C56-4714-AFEF-341A7867BA80}" = AirLive Wireless 11g Wireless Driver and Utility
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{DE491AB9-1D47-4FED-A8F5-4D4325B2EB4B}" = Rayman Origins
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All Zombies Must Die!_is1" = All Zombies Must Die!
"Astroburn Lite" = Astroburn Lite
"AVG9Uninstall" = AVG 9.0
"BitTorrent" = BitTorrent
"BSPlayerf" = BS.Player FREE
"BulletProofSoft Startup Repair For Windows_is1" = BulletProofSoft Startup Repair For Windows 1.0.0.0
"DAEMON Tools Lite" = DAEMON Tools Lite
"GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"Mozilla Firefox 12.0 (x86 sk)" = Mozilla Firefox 12.0 (x86 sk)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"pcsx2-r4600" = PCSX2 - Playstation 2 Emulator
"Rage_is1" = Rage
"Shoot Many Robots (c) Demiurge Studios_is1" = Shoot Many Robots (c) Demiurge Studios version 1
"SkyDrift_is1" = SkyDrift
"Sniper Elite V2_is1" = Sniper Elite V2
"StreamTorrent 1.0" = StreamTorrent 1.0
"TeamViewer 7" = TeamViewer 7
"Totalcmd" = Total Commander (Remove or Repair)
"Vessel_is1" = Vessel
"VLC media player" = VLC media player 1.0.2
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"Xlsx Viewer Free_is1" = Xlsx Viewer Free 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 9. 4. 2012 14:51:42 | Computer Name = scarto-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01B
language ID. The first DWORD in the Data section contains the Win32 error code.
Error - 10. 4. 2012 6:39:33 | Computer Name = scarto-PC | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
Multiple
requestedPrivileges elements are not allowed in manifest.
Error - 13. 4. 2012 10:13:53 | Computer Name = scarto-PC | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
Multiple
requestedPrivileges elements are not allowed in manifest.
Error - 14. 4. 2012 16:59:33 | Computer Name = scarto-PC | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
Multiple
requestedPrivileges elements are not allowed in manifest.
Error - 19. 4. 2012 10:04:55 | Computer Name = scarto-PC | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
Multiple
requestedPrivileges elements are not allowed in manifest.
Error - 19. 4. 2012 10:23:18 | Computer Name = scarto-PC | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
Multiple
requestedPrivileges elements are not allowed in manifest.
Error - 21. 4. 2012 15:11:09 | Computer Name = scarto-PC | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
Multiple
requestedPrivileges elements are not allowed in manifest.
Error - 25. 4. 2012 5:11:42 | Computer Name = scarto-PC | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
Multiple
requestedPrivileges elements are not allowed in manifest.
Error - 29. 4. 2012 6:24:25 | Computer Name = scarto-PC | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
Multiple
requestedPrivileges elements are not allowed in manifest.
Error - 30. 4. 2012 10:01:43 | Computer Name = scarto-PC | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
Multiple
requestedPrivileges elements are not allowed in manifest.
[ System Events ]
Error - 14. 3. 2012 17:24:18 | Computer Name = scarto-PC | Source = Service Control Manager | ID = 7026
Description = Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému
zlyhali pri načítaní: TfFsMon TFSysMon
Error - 15. 3. 2012 5:20:25 | Computer Name = scarto-PC | Source = Service Control Manager | ID = 7026
Description = Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému
zlyhali pri načítaní: TfFsMon TFSysMon
Error - 15. 3. 2012 13:18:38 | Computer Name = scarto-PC | Source = Service Control Manager | ID = 7026
Description = Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému
zlyhali pri načítaní: TfFsMon TFSysMon
Error - 15. 3. 2012 17:27:47 | Computer Name = scarto-PC | Source = Service Control Manager | ID = 7026
Description = Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému
zlyhali pri načítaní: TfFsMon TFSysMon
Error - 16. 3. 2012 4:58:50 | Computer Name = scarto-PC | Source = Service Control Manager | ID = 7026
Description = Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému
zlyhali pri načítaní: TfFsMon TFSysMon
Error - 16. 3. 2012 18:51:01 | Computer Name = scarto-PC | Source = Service Control Manager | ID = 7026
Description = Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému
zlyhali pri načítaní: TfFsMon TFSysMon
Error - 17. 3. 2012 6:27:20 | Computer Name = scarto-PC | Source = Service Control Manager | ID = 7026
Description = Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému
zlyhali pri načítaní: TfFsMon TFSysMon
Error - 17. 3. 2012 18:02:15 | Computer Name = scarto-PC | Source = Service Control Manager | ID = 7026
Description = Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému
zlyhali pri načítaní: TfFsMon TFSysMon
Error - 18. 3. 2012 6:37:57 | Computer Name = scarto-PC | Source = Service Control Manager | ID = 7026
Description = Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému
zlyhali pri načítaní: TfFsMon TFSysMon
Error - 18. 3. 2012 12:02:06 | Computer Name = scarto-PC | Source = Service Control Manager | ID = 7026
Description = Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému
zlyhali pri načítaní: TfFsMon TFSysMon
< End of report >
Re: Prosím o kontrolu logu. stále hlásí trojan.Generic.27.BK
Spustte znovu OTL
- Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
- Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize
Kód: Vybrat vše
:commands [CLEARALLRESTOREPOINTS] [RESETHOSTS] [EMPTYTEMP] [EMPTYFLASH] :otl IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-21-2963671731-3287637191-3992571313-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = astroburn-search.com IE - HKU\S-1-5-21-2963671731-3287637191-3992571313-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B1 DC 70 94 68 96 CC 01 [binary data] IE - HKU\S-1-5-21-2963671731-3287637191-3992571313-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-21-2963671731-3287637191-3992571313-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKU\S-1-5-21-2963671731-3287637191-3992571313-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2963671731-3287637191-3992571313-1000\..\SearchScopes\{5F970FDE-702B-4ef9-920C-5F2848A5AF26}: "URL" = http://www.astroburn-search.com/search/web?q={searchTerms} IE - HKU\S-1-5-21-2963671731-3287637191-3992571313-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={F83ECE74-CF14-4ED8-A4A9-7BC910D5B1F3}&mid=8aee1015cf4ebc43f9eda0d4636df635-43a0d9fd8e9b79f3e7ec828ecb8fbaf0d474caa3&lang=sk&ds=AVG&pr=pa&d=2011-12-07 09:30:46&v=10.0.0.7&sap=dsp&q={searchTerms} FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.startup.homepage: "http://www.astroburn-search.com/startpage" FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B6377b34d-d73d-476d-a07f-7aa2b64a13f2%7D&mid=8aee1015cf4ebc43f9eda0d4636df635-43a0d9fd8e9b79f3e7ec828ecb8fbaf0d474caa3&ds=AVG&v=10.2.0.3&lang=sk&pr=pa&d=2011-12-07%2009%3A30%3A46&sap=ku&q=" FF - user.js - File not found [2011/10/30 10:34:14 | 000,002,071 | ---- | M] () -- C:\Users\scarto\AppData\Roaming\Mozilla\Firefox\Profiles\su1k3wa9.default\searchplugins\absearch-search.xml O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKU\S-1-5-21-2963671731-3287637191-3992571313-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKU\S-1-5-21-2963671731-3287637191-3992571313-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O3:64bit: - HKU\S-1-5-21-2963671731-3287637191-3992571313-1000\..\Toolbar\WebBrowser: (Astroburn Toolbar) - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - C:\Program Files (x86)\Astroburn Toolbar\ABToolbar64.dll File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2963671731-3287637191-3992571313-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O33 - MountPoints2\{d373feaf-025a-11e1-ab96-001e8ce0dba0}\Shell - "" = AutoRun [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ] [2 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ] [8 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [8 C:\Windows\SysWOW64\*.tmp files -> C:\Windows\SysWOW64\*.tmp -> ] @Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM @Alternate Data Stream - 189 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:54380FEC @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84 :reg [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SpywareTerminatorShield"=- "SpywareTerminatorUpdater"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"=- [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"=- "Adobe Reader Speed Launcher"=- "Adobe ARM"=- :files %windir%\system32\*.tmp.dll /s %windir%\system32\SET*.tmp /s %windir%\*.tmp- Nasledne kliknete na Opravit
- PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím o kontrolu logu. stále hlásí trojan.Generic.27.BK
ospravedlnujem sa za neskoru odpoved ale bol som zaneprazdneny.takze tu je ten log..
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: scarto
->Temp folder emptied: 165117186 bytes
->Temporary Internet Files folder emptied: 101826624 bytes
->Java cache emptied: 58614224 bytes
->FireFox cache emptied: 790223643 bytes
->Flash cache emptied: 61838 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 6475968 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 42898151 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50453 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1 111,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Public
User: scarto
->Flash cache emptied: 0 bytes
User: UpdatusUser
Total Flash Files Cleaned = 0,00 mb
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
HKU\S-1-5-21-2963671731-3287637191-3992571313-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-2963671731-3287637191-3992571313-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2963671731-3287637191-3992571313-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
HKEY_USERS\S-1-5-21-2963671731-3287637191-3992571313-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2963671731-3287637191-3992571313-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2963671731-3287637191-3992571313-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5F970FDE-702B-4ef9-920C-5F2848A5AF26}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5F970FDE-702B-4ef9-920C-5F2848A5AF26}\ not found.
Registry key HKEY_USERS\S-1-5-21-2963671731-3287637191-3992571313-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename
Prefs.js: "http://www.astroburn-search.com/startpage" removed from browser.startup.homepage
Prefs.js: "http://isearch.avg.com/search?cid=%7B63 ... &sap=ku&q=" removed from keyword.URL
C:\Users\scarto\AppData\Roaming\Mozilla\Firefox\Profiles\su1k3wa9.default\searchplugins\absearch-search.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\S-1-5-21-2963671731-3287637191-3992571313-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\S-1-5-21-2963671731-3287637191-3992571313-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
64bit-Registry value HKEY_USERS\S-1-5-21-2963671731-3287637191-3992571313-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EFEED92A-A33D-4873-BA8F-32BAA631E54D} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EFEED92A-A33D-4873-BA8F-32BAA631E54D}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2963671731-3287637191-3992571313-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ deleted successfully.
File Protocol\Handler\viprotocol - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d373feaf-025a-11e1-ab96-001e8ce0dba0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d373feaf-025a-11e1-ab96-001e8ce0dba0}\ not found.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder deleted successfully.
ADS C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:54380FEC deleted successfully.
ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SpywareTerminatorShield not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SpywareTerminatorUpdater not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
OTL by OldTimer - Version 3.2.42.2 log created on 05062012_112342
Files\Folders moved on Reboot...
C:\Users\scarto\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: scarto
->Temp folder emptied: 165117186 bytes
->Temporary Internet Files folder emptied: 101826624 bytes
->Java cache emptied: 58614224 bytes
->FireFox cache emptied: 790223643 bytes
->Flash cache emptied: 61838 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 6475968 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 42898151 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50453 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1 111,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Public
User: scarto
->Flash cache emptied: 0 bytes
User: UpdatusUser
Total Flash Files Cleaned = 0,00 mb
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
HKU\S-1-5-21-2963671731-3287637191-3992571313-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-2963671731-3287637191-3992571313-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2963671731-3287637191-3992571313-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
HKEY_USERS\S-1-5-21-2963671731-3287637191-3992571313-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2963671731-3287637191-3992571313-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2963671731-3287637191-3992571313-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5F970FDE-702B-4ef9-920C-5F2848A5AF26}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5F970FDE-702B-4ef9-920C-5F2848A5AF26}\ not found.
Registry key HKEY_USERS\S-1-5-21-2963671731-3287637191-3992571313-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename
Prefs.js: "http://www.astroburn-search.com/startpage" removed from browser.startup.homepage
Prefs.js: "http://isearch.avg.com/search?cid=%7B63 ... &sap=ku&q=" removed from keyword.URL
C:\Users\scarto\AppData\Roaming\Mozilla\Firefox\Profiles\su1k3wa9.default\searchplugins\absearch-search.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\S-1-5-21-2963671731-3287637191-3992571313-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\S-1-5-21-2963671731-3287637191-3992571313-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
64bit-Registry value HKEY_USERS\S-1-5-21-2963671731-3287637191-3992571313-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EFEED92A-A33D-4873-BA8F-32BAA631E54D} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EFEED92A-A33D-4873-BA8F-32BAA631E54D}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2963671731-3287637191-3992571313-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ deleted successfully.
File Protocol\Handler\viprotocol - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d373feaf-025a-11e1-ab96-001e8ce0dba0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d373feaf-025a-11e1-ab96-001e8ce0dba0}\ not found.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder deleted successfully.
ADS C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:54380FEC deleted successfully.
ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SpywareTerminatorShield not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SpywareTerminatorUpdater not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
OTL by OldTimer - Version 3.2.42.2 log created on 05062012_112342
Files\Folders moved on Reboot...
C:\Users\scarto\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
Re: Prosím o kontrolu logu. stále hlásí trojan.Generic.27.BK
Havet se usadila v bodech obnoveni - smazte je dle navodu kolegy riffa http://www.viry.cz/forum/viewtopic.php?f=11&t=47040 T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
- Stahnete a spustte
- Pro potvrzeni volby mackejte A, Enter
- Po pouziti utilitu smazte
- Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
OTC http://oldtimer.geekstogo.com/OTC.exe
- Stahnete a spustte
- Kliknete na CleanUp a potvrdte YES
- Program uklidi a restartuje PC
TFC http://oldtimer.geekstogo.com/TFC.exe
- Stahnete a spustte
- Kliknete na Start a potvrdte OK
- Program uklidi a restartuje pc
- Po pouziti utilitu smazte
Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478Panel čistič
- Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
- dejte Hledej problémy
- nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
- postup opakujte dokud nebude bez problemu - vetsinou cca 3x
- Zde muzete odinstalovat nepotrebne programy
Napiste co PC"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím o kontrolu logu. stále hlásí trojan.Generic.27.BK
pc v pohode avg nenasiel ziadnu hrozbu v system volume information cize 
ide sviznejsie.hry som neskusal.slo hlavne o ten malware.
dakujem pekne za pomoc pri rieseni problemu
ide sviznejsie.hry som neskusal.slo hlavne o ten malware.
dakujem pekne za pomoc pri rieseni problemu
Re: Prosím o kontrolu logu. stále hlásí trojan.Generic.27.BK
Nemate zac, rad jsem pomohl Zase nekdy 
Zase nekdy "Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím o kontrolu logu. stále hlásí trojan.Generic.27.BK
zdravim,tak po dnesnom naplanovanom teste mi antivirus znova detekoval trojan.Generic.27.BKPD.myslel som ze uz je to v poriadku no opak je pravdou.mate este nejaky napad?
Re: Prosím o kontrolu logu. stále hlásí trojan.Generic.27.BK
Muzete dat presne umisteni nalezu? pripadne umel s nim neco udelat (smazat, lecit apod)...
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím o kontrolu logu. stále hlásí trojan.Generic.27.BK
da sa to liecit ale po dalsom restarte pc je to tam znova
"D:\System Volume Information\_restore{595AF15C-3D0A-454B-AFE3-E2DE7D088A09}\RP44\A0004074.msi:\setup.cab:\CookingAcademy.exe";"Trójsky kôň Generic27.BKPD";"Objekt je neprístupný."
"D:\System Volume Information\_restore{595AF15C-3D0A-454B-AFE3-E2DE7D088A09}\RP44\A0004074.msi:\setup.cab";"Trójsky kôň Generic27.BKPD";"Objekt je neprístupný."
"D:\System Volume Information\_restore{595AF15C-3D0A-454B-AFE3-E2DE7D088A09}\RP44\A0004074.msi";"Trójsky kôň Generic27.BKPD";"Objekt je neprístupný."
"D:\System Volume Information\_restore{595AF15C-3D0A-454B-AFE3-E2DE7D088A09}\RP44\A0004074.msi:\setup.cab:\CookingAcademy.exe";"Trójsky kôň Generic27.BKPD";"Objekt je neprístupný."
"D:\System Volume Information\_restore{595AF15C-3D0A-454B-AFE3-E2DE7D088A09}\RP44\A0004074.msi:\setup.cab";"Trójsky kôň Generic27.BKPD";"Objekt je neprístupný."
"D:\System Volume Information\_restore{595AF15C-3D0A-454B-AFE3-E2DE7D088A09}\RP44\A0004074.msi";"Trójsky kôň Generic27.BKPD";"Objekt je neprístupný."
Re: Prosím o kontrolu logu. stále hlásí trojan.Generic.27.BK
Tak tohle je ta nejmensi hrozba Havet se usadila v bodech obnoveni - smazte je dle navodu kolegy riffa http://www.viry.cz/forum/viewtopic.php?f=11&t=47040"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím o kontrolu logu. stále hlásí trojan.Generic.27.BK
ale to uz som raz urobil a nepomohlo to
Re: Prosím o kontrolu logu. stále hlásí trojan.Generic.27.BK
Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe
- Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
- Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize
Kód: Vybrat vše
:Commands [ClearAllRestorePoints] [Reboot]- Kliknete na cervene tlacitko MoveIt!
- Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?