PReventívka

Zpráva

PureHate44 · #1 Příspěvek od **PureHate44** » 22 říj 2013 23:15

Logfile of random's system information tool 1.09 (written by random/random)
Run by Peter at 2013-10-23 00:11:11
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 66 GB (33%) free of 200 GB
Total RAM: 4095 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:11:18, on 23. 10. 2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16720)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Vtune\TBPANEL.exe
C:\Program Files (x86)\YoWindow\yowindow.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\SpeedVID\SpeedVID Accelerator\SpeedVidA.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Peter\AppData\Local\RadioSure\RadioSure.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Peter.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [speedvid] C:\Program Files (x86)\SpeedVID\SpeedVID Accelerator\SpeedVidA.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe /A
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Peter\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - Startup: YoWindow.lnk = C:\Program Files (x86)\YoWindow\yowindow.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset Trial Reset (.EsetTrialReset) - Unknown owner - C:\Windows\reset.exe (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10683 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe" -r
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2148
"C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe" /pid ACPW06EN
"C:\Program Files\Zune\ZuneLauncher.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files (x86)\Vtune\TBPANEL.exe" /A
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\YoWindow\yowindow.exe" -mt
"C:\Program Files (x86)\Winamp\winampa.exe"
"C:\Program Files (x86)\SpeedVID\SpeedVID Accelerator\SpeedVidA.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe" -hidden /prefetch:1
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe" /DisableUI
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto
"taskhost.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Windows\system32\prevhost.exe {914FEED8-267A-4BAA-B8AA-21E233792679} -Embedding
C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE -Embedding
C:\Windows\splwow64.exe 8192
"C:\Program Files\Windows Media Player\wmprph.exe" -Embedding
"C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -restart
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="5012.0.1669585007\1421555404" --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,9,18,21,24,26 --gpu-vendor-id=0x10de --gpu-device-id=0x0a65 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.1106 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/CookieRetentionPriorityStudy/ExperimentOn/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group14 pct:1g stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/NewMenuStyle/Compact2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-1-Percent/group_58/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/group_01/" --extension-process --disable-client-side-phishing-detection --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="5012.2.735361406\387996382" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/CookieRetentionPriorityStudy/ExperimentOn/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group14 pct:1g stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/NewMenuStyle/Compact2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-1-Percent/group_58/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/group_01/" --disable-client-side-phishing-detection --renderer-print-preview --instant-process --enable-threaded-compositing --disable-html-notifications --channel="5012.5.5399429\1054775295" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/CookieRetentionPriorityStudy/ExperimentOn/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group14 pct:1g stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/NewMenuStyle/Compact2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-1-Percent/group_58/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/group_01/" --disable-client-side-phishing-detection --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="5012.6.450444377\161175740" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="5012.7.1870444942\1533265472" --ppapi-flash-args --lang=sk --ignored=" --type=renderer " /prefetch:-632637702
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/CookieRetentionPriorityStudy/ExperimentOn/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group14 pct:1g stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/NewMenuStyle/Compact2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-1-Percent/group_58/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/group_01/" --disable-client-side-phishing-detection --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="5012.10.1487148459\1676222433" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/CookieRetentionPriorityStudy/ExperimentOn/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group14 pct:1g stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/NewMenuStyle/Compact2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-1-Percent/group_58/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/group_01/" --disable-client-side-phishing-detection --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="5012.11.1850837619\367048582" /prefetch:673131151
"C:\Users\Peter\AppData\Local\RadioSure\RadioSure.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/CookieRetentionPriorityStudy/ExperimentOn/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group14 pct:1g stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/NewMenuStyle/Compact2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-1-Percent/group_58/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/group_01/" --disable-client-side-phishing-detection --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="5012.20.771268250\1685796177" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/CookieRetentionPriorityStudy/ExperimentOn/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group14 pct:1g stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/NewMenuStyle/Compact2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-1-Percent/group_58/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/group_01/" --disable-client-side-phishing-detection --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="5012.21.1108172568\1659135747" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/CookieRetentionPriorityStudy/ExperimentOn/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group14 pct:1g stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/NewMenuStyle/Compact2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-1-Percent/group_58/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/group_01/" --disable-client-side-phishing-detection --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="5012.25.1908593071\796527427" /prefetch:673131151
"C:\Users\Peter\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3097850436-798593565-2399696651-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3097850436-798593565-2399696651-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce47307f8c751a.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA1ce7f5262bb9e30.job
C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
C:\Windows\tasks\ParetoLogic Update Version3.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0mvts0b3.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.117 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.25.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72]
"Description"=RealJukebox Netscape Plugin
"Path"=C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72]
"Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72]
"Description"=15.0.2.72
"Path"=C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.117 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
KavAntiBanner@kaspersky.ru_bak
linkfilter@kaspersky.ru_bak

C:\Program Files (x86)\Mozilla Firefox\plugins\
nppdf32.dll
npwachk.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}]
Content Blocker Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-06-17 795840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73455575-E40C-433C-9784-C78DC7761455}]
Virtual Keyboard Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2013-10-08 1060032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}]
Safe Money Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2013-06-17 518848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-03-28 49440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
URL Advisor Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2013-06-17 971456]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-02-16 425680]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}]
Content Blocker Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-06-17 651968]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73455575-E40C-433C-9784-C78DC7761455}]
Virtual Keyboard Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2013-10-08 873664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-06-28 463272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}]
Safe Money Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2013-06-17 431808]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-06-28 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
URL Advisor Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2013-06-17 781504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ACPW06EN"=C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe [2012-08-31 1231992]
"Zune Launcher"=C:\Program Files\Zune\ZuneLauncher.exe [2011-08-05 163552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=C:\Program Files (x86)\uTorrent\uTorrent.exe [2013-05-05 802136]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-08-02 4910912]
"TBPanel"=C:\Program Files (x86)\Vtune\TBPanel.exe [2011-08-02 2248704]
"Facebook Update"=C:\Users\Peter\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-13 138096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
c:\program files (x86)\daemon tools lite\dtlite.exe [2011-08-02 4910912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe /WinStart []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-06-03 19603048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
c:\program files (x86)\utorrent\utorrent.exe [2013-05-05 802136]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"=C:\Program Files (x86)\Winamp\winampa.exe [2012-06-20 74752]
"speedvid"=C:\Program Files (x86)\SpeedVID\SpeedVID Accelerator\SpeedVidA.exe [2012-10-15 6020096]
"TkBellExe"=C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-02-16 296056]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]

C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
YoWindow.lnk - C:\Program Files (x86)\YoWindow\yowindow.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2013-04-06 247296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SASCORE]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Ace Translator\AceTrans.exe"="C:\Program Files (x86)\Ace Translator\AceTrans.exe:*:Enabled:Ace Translator"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files (x86)\Ace Translator\AceTrans.exe"="C:\Program Files (x86)\Ace Translator\AceTrans.exe:*:Enabled:Ace Translator"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv

======File associations======

.inf - open - %SystemRoot%\SysWow64\NOTEPAD.EXE %1
.inf - install - %SystemRoot%\SysWow64\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - %SystemRoot%\SysWow64\WScript.exe "%1" %*
.vbs - open - %SystemRoot%\SysWow64\WScript.exe "%1" %*
.cpl - cplopen - %SystemRoot%\SysWow64\control.exe "%1",%*

======List of files/folders created in the last 1 month======

2013-10-23 00:11:11 ----D---- C:\rsit
2013-10-14 17:34:02 ----A---- C:\Windows\system32\klfphc.dll
2013-10-14 17:32:58 ----D---- C:\Windows\ELAMBKUP
2013-10-14 17:32:54 ----D---- C:\ProgramData\Kaspersky Lab
2013-10-14 17:32:54 ----D---- C:\Program Files (x86)\Kaspersky Lab
2013-10-14 17:32:26 ----A---- C:\Windows\system32\drivers\klif.sys
2013-10-14 17:32:26 ----A---- C:\Windows\system32\drivers\klflt.sys
2013-10-09 22:11:18 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-10-09 22:11:18 ----A---- C:\Windows\system32\ieui.dll
2013-10-09 22:11:17 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2013-10-09 22:11:17 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2013-10-09 22:11:17 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2013-10-09 22:11:17 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-10-09 22:11:17 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2013-10-09 22:11:17 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-09 22:11:17 ----A---- C:\Windows\system32\iesysprep.dll
2013-10-09 22:11:17 ----A---- C:\Windows\system32\iesetup.dll
2013-10-09 22:11:17 ----A---- C:\Windows\system32\iernonce.dll
2013-10-09 22:11:17 ----A---- C:\Windows\system32\ie4uinit.exe
2013-10-09 22:11:16 ----A---- C:\Windows\system32\iertutil.dll
2013-10-09 22:11:15 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-10-09 22:11:15 ----A---- C:\Windows\SYSWOW64\jscript.dll
2013-10-09 22:11:15 ----A---- C:\Windows\system32\msfeeds.dll
2013-10-09 22:11:15 ----A---- C:\Windows\system32\jscript.dll
2013-10-09 22:11:14 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-10-09 22:11:14 ----A---- C:\Windows\system32\jscript9.dll
2013-10-09 22:11:13 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-10-09 22:11:13 ----A---- C:\Windows\system32\urlmon.dll
2013-10-09 22:11:12 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-10-09 22:11:12 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-10-09 22:11:12 ----A---- C:\Windows\system32\jsproxy.dll
2013-10-09 22:11:11 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-10-09 22:11:11 ----A---- C:\Windows\system32\wininet.dll
2013-10-09 22:11:10 ----A---- C:\Windows\system32\ieframe.dll
2013-10-09 22:11:08 ----A---- C:\Windows\system32\mshtml.dll
2013-10-09 22:11:06 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-10-09 04:31:09 ----A---- C:\Windows\SYSWOW64\comctl32.dll
2013-10-09 04:31:09 ----A---- C:\Windows\system32\comctl32.dll
2013-10-09 04:31:02 ----A---- C:\Windows\system32\drivers\usbser.sys
2013-10-09 04:30:58 ----A---- C:\Windows\SYSWOW64\lpk.dll
2013-10-09 04:30:58 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2013-10-09 04:30:58 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2013-10-09 04:30:58 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2013-10-09 04:30:58 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2013-10-09 04:30:58 ----A---- C:\Windows\system32\lpk.dll
2013-10-09 04:30:58 ----A---- C:\Windows\system32\fontsub.dll
2013-10-09 04:30:58 ----A---- C:\Windows\system32\dciman32.dll
2013-10-09 04:30:58 ----A---- C:\Windows\system32\atmlib.dll
2013-10-09 04:30:58 ----A---- C:\Windows\system32\atmfd.dll
2013-10-09 04:30:56 ----A---- C:\Windows\system32\drivers\Wdf01000.sys
2013-10-09 04:30:53 ----A---- C:\Windows\system32\drivers\usbcir.sys
2013-10-09 04:30:49 ----A---- C:\Windows\system32\drivers\usbscan.sys
2013-10-09 04:30:49 ----A---- C:\Windows\system32\drivers\hidparse.sys
2013-10-09 04:30:49 ----A---- C:\Windows\system32\drivers\hidclass.sys
2013-10-09 04:30:47 ----A---- C:\Windows\SYSWOW64\WebClnt.dll
2013-10-09 04:30:47 ----A---- C:\Windows\SYSWOW64\davclnt.dll
2013-10-09 04:30:47 ----A---- C:\Windows\system32\WebClnt.dll
2013-10-09 04:30:47 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2013-10-09 04:30:47 ----A---- C:\Windows\system32\davclnt.dll
2013-10-09 04:30:45 ----A---- C:\Windows\SYSWOW64\mswsock.dll
2013-10-09 04:30:45 ----A---- C:\Windows\system32\mswsock.dll
2013-10-09 04:30:45 ----A---- C:\Windows\system32\drivers\tcpip.sys
2013-10-09 04:30:45 ----A---- C:\Windows\system32\drivers\afd.sys
2013-10-09 04:30:44 ----A---- C:\Windows\system32\win32k.sys
2013-10-09 04:30:39 ----A---- C:\Windows\system32\ntoskrnl.exe
2013-10-09 04:30:38 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2013-10-09 04:30:38 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2013-10-09 04:30:38 ----A---- C:\Windows\system32\tdh.dll
2013-10-09 04:30:38 ----A---- C:\Windows\system32\advapi32.dll
2013-10-09 04:30:37 ----A---- C:\Windows\SYSWOW64\tdh.dll
2013-10-09 04:30:37 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2013-10-09 04:30:37 ----A---- C:\Windows\system32\ntdll.dll
2013-10-09 04:30:36 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2013-10-09 04:30:33 ----A---- C:\Windows\system32\wow64.dll
2013-10-09 04:30:32 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2013-10-09 04:30:31 ----A---- C:\Windows\SYSWOW64\wow32.dll
2013-10-09 04:30:31 ----A---- C:\Windows\SYSWOW64\user.exe
2013-10-09 04:30:31 ----A---- C:\Windows\SYSWOW64\setup16.exe
2013-10-09 04:30:31 ----A---- C:\Windows\SYSWOW64\instnm.exe
2013-10-09 04:30:20 ----A---- C:\Windows\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 04:30:20 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 04:30:19 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2013-10-09 04:30:16 ----A---- C:\Windows\system32\scavengeui.dll
2013-10-09 04:30:09 ----A---- C:\Windows\system32\drivers\usbuhci.sys
2013-10-09 04:30:09 ----A---- C:\Windows\system32\drivers\usbport.sys
2013-10-09 04:30:09 ----A---- C:\Windows\system32\drivers\usbohci.sys
2013-10-09 04:30:09 ----A---- C:\Windows\system32\drivers\usbhub.sys
2013-10-09 04:30:09 ----A---- C:\Windows\system32\drivers\usbehci.sys
2013-10-09 04:30:09 ----A---- C:\Windows\system32\drivers\usbd.sys
2013-10-09 04:30:09 ----A---- C:\Windows\system32\drivers\usbccgp.sys
2013-10-08 13:49:18 ----A---- C:\Windows\system32\drivers\klmouflt.sys
2013-10-08 13:49:18 ----A---- C:\Windows\system32\drivers\klkbdflt.sys
2013-10-08 13:49:18 ----A---- C:\Windows\system32\drivers\klim6.sys
2013-10-08 13:49:18 ----A---- C:\Windows\system32\drivers\kl1.sys
2013-10-07 05:59:48 ----D---- C:\Windows\system32\ms-MY
2013-10-07 05:49:14 ----D---- C:\Program Files\Zune

======List of files/folders modified in the last 1 month======

2013-10-23 00:11:19 ----D---- C:\Windows\Prefetch
2013-10-23 00:11:14 ----D---- C:\Program Files\trend micro
2013-10-23 00:09:58 ----D---- C:\Users\Peter\AppData\Roaming\uTorrent
2013-10-22 22:41:19 ----D---- C:\Windows\temp
2013-10-22 10:53:55 ----D---- C:\Windows\SysWOW64
2013-10-22 10:53:53 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2013-10-22 10:33:04 ----D---- C:\Windows\system32\config
2013-10-21 04:15:06 ----D---- C:\Users\Peter\AppData\Roaming\Winamp
2013-10-20 17:54:23 ----SHD---- C:\System Volume Information
2013-10-20 15:40:20 ----D---- C:\Program Files\WinRAR
2013-10-20 03:57:01 ----D---- C:\Windows\inf
2013-10-19 16:48:14 ----D---- C:\Program Files (x86)\Opera
2013-10-19 13:44:48 ----D---- C:\Windows\System32
2013-10-19 13:44:48 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-10-18 18:25:08 ----D---- C:\Program Files (x86)\Game Booster Premium 2.0 Retail
2013-10-18 18:23:47 ----D---- C:\ProgramData\NVIDIA
2013-10-18 17:33:12 ----D---- C:\Users\Peter\AppData\Roaming\Skype
2013-10-17 13:37:57 ----D---- C:\Windows
2013-10-17 11:15:24 ----D---- C:\Windows\Panther
2013-10-14 17:39:52 ----D---- C:\ProgramData
2013-10-14 17:34:47 ----SHD---- C:\Windows\Installer
2013-10-14 17:34:46 ----D---- C:\Config.Msi
2013-10-14 17:34:03 ----D---- C:\Windows\system32\drivers
2013-10-14 17:34:03 ----D---- C:\Windows\system32\catroot
2013-10-14 17:34:00 ----D---- C:\Windows\system32\catroot2
2013-10-14 17:33:47 ----D---- C:\Windows\system32\DriverStore
2013-10-14 17:32:54 ----RD---- C:\Program Files (x86)
2013-10-14 09:09:59 ----D---- C:\Windows\rescache
2013-10-10 14:45:50 ----D---- C:\Windows\Microsoft.NET
2013-10-10 14:45:28 ----RSD---- C:\Windows\assembly
2013-10-10 04:10:56 ----D---- C:\Windows\winsxs
2013-10-10 04:08:22 ----D---- C:\Program Files (x86)\Internet Explorer
2013-10-10 04:08:21 ----D---- C:\Program Files\Internet Explorer
2013-10-10 04:08:20 ----D---- C:\Windows\AppPatch
2013-10-10 04:08:19 ----D---- C:\Windows\system32\en-US
2013-10-09 22:13:02 ----D---- C:\ProgramData\Microsoft Help
2013-10-09 10:30:45 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-10-09 08:40:21 ----D---- C:\Program Files\Microsoft Silverlight
2013-10-09 08:40:20 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2013-10-09 04:33:07 ----D---- C:\Windows\system32\MRT
2013-10-09 04:33:04 ----A---- C:\Windows\system32\MRT.exe
2013-10-08 15:28:28 ----SD---- C:\Users\Peter\AppData\Roaming\Microsoft
2013-10-07 13:47:12 ----RD---- C:\Program Files
2013-10-07 05:59:48 ----D---- C:\Windows\system32\sv-SE
2013-10-07 05:59:48 ----D---- C:\Windows\system32\nb-NO
2013-10-07 05:59:48 ----D---- C:\Windows\system32\hu-HU
2013-10-07 05:59:48 ----D---- C:\Windows\system32\fi-FI
2013-10-07 05:59:48 ----D---- C:\Windows\system32\el-GR
2013-10-07 05:59:48 ----D---- C:\Windows\system32\da-DK
2013-10-07 05:59:48 ----D---- C:\Windows\system32\cs-CZ
2013-10-07 05:59:47 ----D---- C:\Windows\system32\zh-TW
2013-10-07 05:59:47 ----D---- C:\Windows\system32\zh-CN
2013-10-07 05:59:47 ----D---- C:\Windows\system32\ru-RU
2013-10-07 05:59:47 ----D---- C:\Windows\system32\pt-PT
2013-10-07 05:59:47 ----D---- C:\Windows\system32\pt-BR
2013-10-07 05:59:47 ----D---- C:\Windows\system32\pl-PL
2013-10-07 05:59:47 ----D---- C:\Windows\system32\nl-NL
2013-10-07 05:59:47 ----D---- C:\Windows\system32\ko-KR
2013-10-07 05:59:47 ----D---- C:\Windows\system32\ja-JP
2013-10-07 05:59:47 ----D---- C:\Windows\system32\it-IT
2013-10-07 05:59:47 ----D---- C:\Windows\system32\fr-FR
2013-10-07 05:59:47 ----D---- C:\Windows\system32\es-ES
2013-10-07 05:59:46 ----D---- C:\Windows\system32\de-DE
2013-10-07 05:59:45 ----D---- C:\Windows\system32\drivers\UMDF
2013-10-07 05:49:15 ----SD---- C:\ProgramData\Microsoft
2013-10-07 05:48:29 ----D---- C:\Program Files\Common Files\Microsoft Shared
2013-09-25 22:24:39 ----D---- C:\Program Files\CCleaner
2013-09-25 11:43:34 ----D---- C:\Users\Peter\AppData\Roaming\vlc

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2013-10-08 7717984]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-09-01 270912]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2013-10-08 620640]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2013-10-08 29792]
R1 klpd;klpd; C:\Windows\system32\DRIVERS\klpd.sys [2013-04-12 15456]
R1 kltdi;kltdi; C:\Windows\system32\DRIVERS\kltdi.sys [2013-05-14 55904]
R1 kneps;kneps; C:\Windows\system32\DRIVERS\kneps.sys [2013-06-06 178784]
R2 acedrv11;acedrv11; \??\C:\Windows\system32\drivers\acedrv11.sys [2010-02-24 191616]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2011-02-02 314016]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2011-02-02 43680]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
R3 klkbdflt;Kaspersky Lab KLKBDFLT; C:\Windows\system32\DRIVERS\klkbdflt.sys [2013-10-08 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2013-10-08 29280]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-07-16 15416]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S0 TfFsMon;TfFsMon; C:\Windows\system32\drivers\TfFsMon.sys []
S0 TFSysMon;TfSysMon; C:\Windows\system32\drivers\TfSysMon.sys []
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 catchme;catchme; C:\Windows\system32\drivers\catchme.sys []
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2011-08-17 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2011-08-17 27136]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TBPanel;TBPanel; C:\Windows\system32\drivers\TBPanel.sys []
S3 TfNetMon;TfNetMon; C:\Windows\system32\drivers\TfNetMon.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2011-08-17 9216]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2013-08-29 33280]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2011-08-17 9216]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
S4 klflt;klflt; C:\Windows\system32\DRIVERS\klflt.sys [2013-06-08 112224]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-10 65640]
R2 AVP;Kaspersky Anti-Virus Service; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [2013-10-08 214512]
R2 Fabs;FABS - Helping agent for MAGIX media database; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-01-18 884512]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2013-08-08 76888]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
S2 .EsetTrialReset;Eset Trial Reset; C:\Windows\reset.exe /s []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-28 136176]
S2 KMService;KMService; C:\Windows\syswow64\srvany.exe [2003-04-18 8192]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-02-26 1260320]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-06-03 162408]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09 257416]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-28 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-08-20 117656]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-01-21 1255736]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service; C:\Program Files\Zune\WMZuneComm.exe [2011-08-05 306400]
S3 ZuneNetworkSvc;Zune Network Sharing Service; C:\Program Files\Zune\ZuneNss.exe [2011-08-05 8277728]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; C:\Program Files\Zune\ZuneWlanCfgSvc.exe [2011-08-05 467680]
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

-----------------EOF-----------------

PureHate44 · #2 Příspěvek od **PureHate44** » 22 říj 2013 23:16

info.txt logfile of random's system information tool 1.09 2013-10-23 00:11:22

======Uninstall list======

Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}
µTorrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL
ACDSee Pro 6-->MsiExec.exe /I{CAF674E0-808C-4CF4-8868-A755EBABA228}
Ace Translator 9.4.7-->"C:\Program Files (x86)\Ace Translator\unins000.exe"
Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{FDB3B167-F4FA-461D-976F-286304A57B2A}
Adobe Flash Player 11 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe -maintain activex
Adobe Flash Player 11 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_Plugin.exe -maintain plugin
Adobe Reader X (10.1.8) - Slovak-->MsiExec.exe /I{AC76BA86-7AD7-1051-7B44-AA1000000001}
Aktualizácia Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-041B-0000-0000000FF1CE} /uninstall {9A8C39B0-D27F-4F81-BE74-2FECF164707E}
Aktualizácia Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-041B-0000-0000000FF1CE} /uninstall {CE23B3DC-18CC-46FC-A309-81D6670F8D3D}
Aktualizácia Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-041B-0000-0000000FF1CE} /uninstall {D6DBF512-87C0-4F6A-8FB9-AC3A389D9DE5}
Aktualizácie NVIDIA 1.11.3-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{E77333C9-07B2-4E28-AE0C-E8AA5D82AD3D}\NVI2.DLL",UninstallPackage Display.Update
Apple Application Support-->MsiExec.exe /I{EE6097DD-05F4-4178-9719-D3170BF098E8}
Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
aTube Catcher 1.0-->"C:\Program Files (x86)\DsNET Corp\aTube Catcher 1.0\unins000.exe"
aTube Catcher-->C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\uninstall.exe
Battlefield 2(TM)-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
Battlefield 2: Special Forces-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{50D4CB89-AF34-4978-96DC-C3034062E901}\setup.exe" -l0x9 -removeonly
Battlefield 3™-->"C:\Program Files (x86)\Common Files\EAInstaller\Battlefield 3\Cleanup.exe" uninstall_game -autologging
Bonjour-->MsiExec.exe /X{CA0D2F09-F811-48D4-843E-C87696C6A9D9}
bwin Poker 1.0.0-->"C:\bwinPoker\unins000.exe"
bwin Poker-->"C:\Programs\bwincom\bwincomPoker\Uninstall\Setup.exe" App_Type=U
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Counter-Strike Source version 1.0.0.75-->"C:\Counter-Strike Source\unins000.exe"
CS Poker-->"C:\Program Files (x86)\CS Poker\Launcher.exe" /uninstall "C:\Users\Peter\Desktop\CS Poker.lnk"
DAEMON Tools Lite-->C:\Program Files (x86)\DAEMON Tools Lite\uninst.exe
Facebook Video Calling 1.2.0.287-->MsiExec.exe /X{B92C5909-1D37-4C51-8397-A28BB28E5DC3}
Firebird SQL Server - MAGIX Edition-->MsiExec.exe /X{6C5F8503-55D2-4398-858C-362B7A7AF51C}
FUJIFILM MyFinePix Studio 3.2-->"C:\Program Files (x86)\FUJIFILM\MyFinePix Studio\unins000.exe"
GameSpy Arcade-->C:\PROGRA~2\GAMESP~1\UNWISE.EXE C:\PROGRA~2\GAMESP~1\INSTALL.LOG
GoldWave v5.65-->"C:\Program Files (x86)\GoldWave\unstall.exe" "GoldWave v5.65" "C:\Program Files (x86)\GoldWave\unstall.log"
Google Earth-->MsiExec.exe /X{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Guitar Pro 5.2-->"C:\Program Files (x86)\Guitar Pro 5\unins000.exe"
High-Definition Video Playback 10-->MsiExec.exe /X{237CCB62-8454-43E3-B158-3ACD0134852E}
Java 7 Update 25-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217025FF}
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015F0}
Java(TM) 6 Update 26-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216026F0}
Java(TM) 6 Update 27 (64-bit)-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F86416027FF}
Java(TM) 6 Update 29-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216026FF}
JavaFX 2.1.0-->MsiExec.exe /X{1111706F-666A-4037-7777-210328764D10}
JDownloader 0.9-->C:\Program Files (x86)\JDownloader\JDUninstall.exe
Kaspersky Internet Security-->MsiExec.exe /I{6F6873E3-5C92-4049-B511-231A138DD090}
Kaspersky Internet Security-->MsiExec.exe /I{6F6873E3-5C92-4049-B511-231A138DD090} REMOVE=ALL
Ladička 1.00-->C:\Program Files (x86)\Ladicka\Uninstall.exe
Live 8.0.1-->C:\PROGRA~2\Ableton\LIVE80~1.1\Install\UNWISE.EXE C:\PROGRA~2\Ableton\LIVE80~1.1\Install\INSTALL.LOG
MAGIX Music Maker MX Production Suite Download Version-->"C:\Program Files (x86)\MAGIX\Music_Maker_MX_Production_Suite_Download_Version\mm18pro_en-II_setup.exe"
MAGIX Music Maker MX Production Suite Download Version-->MsiExec.exe /I{3D472A59-BB35-4094-95A9-C982862DFAA5}
MAGIX Screenshare-->MsiExec.exe /X{2C76CAB0-756F-433C-8C5A-748ECF075A1C}
MAGIX Speed burnR (MSI)-->MsiExec.exe /X{F6A54E3C-E1F6-4C67-863B-E17FEECE2E4E}
Marvell Miniport Driver-->C:\Program Files (x86)\Marvell\Miniport Driver\Uninst.exe
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{F2508213-9989-4E85-A078-72BE483917EF}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6E107EB7-8B55-48BF-ACCB-199F86A2CD93}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0015-041B-0000-0000000FF1CE} /uninstall {4754EB3B-ED3D-4095-A2FD-684A3058A4FF}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0016-041B-0000-0000000FF1CE} /uninstall {4754EB3B-ED3D-4095-A2FD-684A3058A4FF}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0018-041B-0000-0000000FF1CE} /uninstall {4754EB3B-ED3D-4095-A2FD-684A3058A4FF}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0019-041B-0000-0000000FF1CE} /uninstall {4754EB3B-ED3D-4095-A2FD-684A3058A4FF}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001A-041B-0000-0000000FF1CE} /uninstall {4754EB3B-ED3D-4095-A2FD-684A3058A4FF}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001B-041B-0000-0000000FF1CE} /uninstall {4754EB3B-ED3D-4095-A2FD-684A3058A4FF}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {664655D8-B9BB-455D-8A58-7EAF7B0B2862}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-002A-041B-1000-0000000FF1CE} /uninstall {8382BA92-20E3-47B6-971B-F673F0492D4E}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0044-041B-0000-0000000FF1CE} /uninstall {4754EB3B-ED3D-4095-A2FD-684A3058A4FF}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-006E-041B-0000-0000000FF1CE} /uninstall {8382BA92-20E3-47B6-971B-F673F0492D4E}
Microsoft Office Access MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0015-041B-0000-0000000FF1CE}
Microsoft Office Excel MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0016-041B-0000-0000000FF1CE}
Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0044-041B-0000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE}
Microsoft Office Outlook MUI (Slovak) 2007-->MsiExec.exe /X{90120000-001A-041B-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0018-041B-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Hungarian) 2007-->MsiExec.exe /X{90120000-001F-040E-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Slovak) 2007-->MsiExec.exe /X{90120000-002C-041B-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0405-0000-0000000FF1CE} /uninstall {0B7A4B67-2A38-42B1-9857-662FAB361E08}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {928D7B99-2BEA-49F9-83B8-20FA57860643}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {1FF96026-A04A-4C3E-B50A-BB7022654D0F}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-040E-0000-0000000FF1CE} /uninstall {0AD4BB83-13B4-4C9D-9BAC-7F64E0B2D5D7}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-041B-0000-0000000FF1CE} /uninstall {FDF9A959-241A-4662-A8DE-7DED9C22D160}
Microsoft Office Publisher MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0019-041B-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (Slovak) 2007-->MsiExec.exe /X{90120000-002A-041B-1000-0000000FF1CE}
Microsoft Office Shared MUI (Slovak) 2007-->MsiExec.exe /X{90120000-006E-041B-0000-0000000FF1CE}
Microsoft Office Word MUI (Slovak) 2007-->MsiExec.exe /X{90120000-001B-041B-0000-0000000FF1CE}
Microsoft Primary Interoperability Assemblies 2005-->MsiExec.exe /X{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Mozilla Firefox 23.0.1 (x86 en-US)-->"C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP3 Parser (KB2721691)-->MsiExec.exe /I{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}
MSXML 4.0 SP3 Parser (KB2758694)-->MsiExec.exe /I{1D95BA90-F4F8-47EC-A882-441C99D30C1E}
MSXML 4.0 SP3 Parser (KB973685)-->MsiExec.exe /I{859DFA95-E4A6-48CD-B88E-A3E483E89B44}
MSXML 4.0 SP3 Parser-->MsiExec.exe /I{196467F1-C11F-4F76-858B-5812ADC83B94}
Nero 10 Menu TemplatePack Basic-->MsiExec.exe /X{63AA3EAB-23BB-48B2-9AD0-44F878075604}
Nero 10 Movie ThemePack Basic-->MsiExec.exe /X{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}
Nero BackItUp 10 Help (CHM)-->MsiExec.exe /X{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}
Nero BackItUp 10-->MsiExec.exe /X{68AB6930-5BFF-4FF6-923B-516A91984FE6}
Nero Burning ROM 10-->MsiExec.exe /X{7A5D731D-B4B3-490E-B339-75685712BAAB}
Nero BurningROM 10 Help (CHM)-->MsiExec.exe /X{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}
Nero BurnRights 10 Help (CHM)-->MsiExec.exe /X{555868C6-49FB-484F-BB43-8980651A1B00}
Nero BurnRights 10-->MsiExec.exe /X{943CFD7D-5336-47AF-9418-E02473A5A517}
Nero Control Center 10-->MsiExec.exe /X{6DFB899F-17A2-48F0-A533-ED8D6866CF38}
Nero ControlCenter 10 Help (CHM)-->MsiExec.exe /X{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}
Nero Core Components 10-->MsiExec.exe /X{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}
Nero CoverDesigner 10 Help (CHM)-->MsiExec.exe /X{C3273C55-E1E4-41FF-8D69-0158090DB8D8}
Nero DiscSpeed 10 Help (CHM)-->MsiExec.exe /X{C18A0418-442A-4186-AF98-D08F5054A2FC}
Nero DiscSpeed 10-->MsiExec.exe /X{34490F4E-48D0-492E-8249-B48BECF0537C}
Nero Dolby Files 10-->MsiExec.exe /X{C3580AC4-C827-4332-B935-9A282ED5BB97}
Nero Express 10 Help (CHM)-->MsiExec.exe /X{33643918-7957-4839-92C7-EA96CB621A98}
Nero Express 10-->MsiExec.exe /X{70550193-1C22-445C-8FA4-564E155DB1A7}
Nero InfoTool 10 Help (CHM)-->MsiExec.exe /X{66049135-9659-4AAD-9169-9CCA269EBB3E}
Nero InfoTool 10-->MsiExec.exe /X{F412B4AF-388C-4FF5-9B2F-33DB1C536953}
Nero MediaHub 10 Help (CHM)-->MsiExec.exe /X{F467862A-D9CA-47ED-8D81-B4B3C9399272}
Nero MediaHub 10-->MsiExec.exe /X{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}
Nero Recode 10 Help (CHM)-->MsiExec.exe /X{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}
Nero Recode 10-->MsiExec.exe /X{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}
Nero RescueAgent 10 Help (CHM)-->MsiExec.exe /X{92E25238-61A3-4ACD-A407-3C480EEF47A7}
Nero RescueAgent 10-->MsiExec.exe /X{E337E787-CF61-4B7B-B84F-509202A54023}
Nero SoundTrax 10 Help (CHM)-->MsiExec.exe /X{16987E99-C95C-4513-9239-7B44A0A71DB5}
Nero SoundTrax 10-->MsiExec.exe /X{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}
Nero StartSmart 10 Help (CHM)-->MsiExec.exe /X{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}
Nero StartSmart 10-->MsiExec.exe /X{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}
Nero Vision 10 Help (CHM)-->MsiExec.exe /X{329411A0-19F3-4740-874F-17400B126F27}
Nero WaveEditor 10 Help (CHM)-->MsiExec.exe /X{7A295D8F-484B-4FFB-89AB-C1FD497591FE}
Nero-->C:\Program Files (x86)\Nero\Nero 12\Nero Burning ROM\uninstall.exe
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver-->RUNDLL32.EXE ccdcmbwux64.dll,WuUninstall
NVIDIA 3D Vision Controller Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{714B9C6C-70FC-4750-98E2-61520B906C45}\setup.exe" -runfromtemp -l0x0009 -removeonly
NVIDIA 3D Vision radič ovládača 301.42-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.NVIRUSB
NVIDIA Grafický ovládač 311.06-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{E77333C9-07B2-4E28-AE0C-E8AA5D82AD3D}\NVI2.DLL",UninstallPackage Display.Driver
NVIDIA Ovládač 3D Vision 311.06-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{E77333C9-07B2-4E28-AE0C-E8AA5D82AD3D}\NVI2.DLL",UninstallPackage Display.3DVision
NVIDIA Ovládač zvuku HD 1.3.16.0-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage HDAudio.Driver
NVIDIA PhysX-->MsiExec.exe /X{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}
NVIDIA Softvér systému s podporou technológie PhysX 9.12.0213-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.PhysX
NVIDIA Stereoscopic 3D Driver-->"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
OpenAL-->"C:\Program Files (x86)\OpenAL\OpenALwEAX.exe" /U
Opera 12.14-->"C:\Program Files (x86)\Opera\Opera.exe" /uninstall
Opera Stable 17.0.1241.45-->"C:\Program Files (x86)\Opera\Launcher.exe" /uninstall
PokerStars-->"C:\Program Files (x86)\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
ProtectDisc Driver, Version 11-->C:\Program Files (x86)\ProtectDisc Driver Installer\uninstall_v11.exe
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
QuickTime-->MsiExec.exe /I{57752979-A1C9-4C02-856B-FBB27AC4E02C}
RealNetworks - Microsoft Visual C++ 2008 Runtime-->MsiExec.exe /X{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}
RealPlayer-->C:\Program Files (x86)\Real\RealPlayer\Update\r1puninst.exe RealNetworks|RealPlayer|15.0
RealUpgrade 1.1-->MsiExec.exe /I{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FDD13F1E-9C6B-311E-A0D9-D6E172FC28FF} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DA36C2E5-6B34-3A6A-9C0A-7D1CC1C5A768} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E40184A4-4A61-3D2E-9035-CB6E1E610E07} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4736E989-32D9-3B91-90D7-C68848E118CA} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F1696E2F-4803-362F-A756-65B363483FE6} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {C8B8456C-6A12-3725-95A8-1C9FBE1E3141} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8E6848A1-B790-34FE-921A-A5319258E254} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E7F6B64E-E11F-3D1C-868D-3F1443DA5A15} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {08BB8EA1-3BA7-3AD5-8A07-22A5EC1F704E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {880A0A36-244B-3C7A-8D6B-56E694CE7883} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {9D8496AE-4030-3E92-B44E-4F81051E6C85} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {43B6E5D3-56A9-36C1-BD8B-9E1D6920FF11} /parameterfolder Client
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition -->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {D33B9EF5-3801-496A-A2D6-B7F4BE972D75}
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition -->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B145DBBB-7778-4A5D-9D2B-DA6569F02391}
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {E34960DB-2A93-45DB-A208-02650F7AB09C}
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition -->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B7727B4D-5EA3-4C11-9D30-15E47616DCAF}
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {293FB6BE-D3EB-4162-B522-F9108040B9FE}
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {2B3C041A-A7F2-4A24-968D-4BEB6A123D15}
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition -->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {EA575F57-C5D1-4B5A-B9F9-F16EEBC6B58C}
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition -->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {E949D8B9-24FD-4AB7-B427-FC42AA8BB2D9}
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition -->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {3579CE34-B225-4B19-A3AF-DE5F562A212F}
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition -->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {79850906-6D2B-4061-8EAF-EAC84173DEC5}
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition -->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8907F32C-DF89-4C2F-AEDE-0DB4B65451C0}
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition -->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {319FC809-3841-4739-A25F-FDBADF073697}
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition -->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4CCE0378-386F-4DC2-9CC1-A3710C77057D}
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition -->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {81352C19-97CF-4365-8EAE-205BCC9A2DC8}
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition -->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {686630EC-8033-4031-85C5-D8E5CD62A958}
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition -->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8F311D6C-D8DD-4C32-9457-1A129CABD1A5}
Security Update for Microsoft Office Outlook 2007 (KB2825999) 32-Bit Edition -->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7A0E1177-574A-4F26-AD24-B003699C35FA}
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AEA16A27-0B97-4670-818F-A98D06EC0A6F}
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525}
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition -->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {9D689455-5858-4AE4-A3CA-6E4149FE3F70}
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition -->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {2C57A81A-7534-4DEE-A450-7FBE86F3200D}
Skype™ 6.5-->MsiExec.exe /X{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}
SpeedVID Accelerator 1.00-->C:\Program Files (x86)\SpeedVID\SpeedVID Accelerator\Uninstall.exe
Text-To-Speech-Runtime-->MsiExec.exe /X{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}
The Punisher-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{329BF75E-4876-4687-9CAD-5AE7DE56EA22}\setup.exe" -l0x9 -removeonly
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {A45DD0BE-3CD9-3F1E-B233-B90C6983AE77} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {EFD73366-C059-3D04-9848-59072A15DB53} /parameterfolder Client
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A024FC7B-77DE-45DE-A058-1C049A17BFB3}
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CB68A5B0-3508-4193-AEB9-AF636DAECE0F}
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {CB68A5B0-3508-4193-AEB9-AF636DAECE0F}
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition-->msiexec /package {90120000-001A-041B-0000-0000000FF1CE} /uninstall {40D0CA9C-D9BB-4CA7-B174-D2316D692336}
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {11C9B057-27FF-4BC1-82F6-DC4B15E70A2E}
VC80CRTRedist - 8.0.50727.6195-->MsiExec.exe /I{933B4015-4618-4716-A828-5289FC03165F}
Virtual DJ - Atomix Productions-->C:\PROGRA~2\VIRTUA~1\UNWISE.EXE C:\PROGRA~2\VIRTUA~1\INSTALL.LOG
VLC media player 2.0.5-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Vtune 7.21-->"C:\Program Files (x86)\Vtune\unins000.exe"
Winamp-->"C:\Program Files (x86)\Winamp\UninstWA.exe"
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{9B48B0AC-C813-4174-9042-476A887592C7}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Mobile Device Updater Component-->MsiExec.exe /X{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}
WinRAR 5.00 (64-bit)-->C:\Program Files\WinRAR\uninstall.exe
World of Tanks-->"C:\Games\World_of_Tanks\unins000.exe"
YoWindow-->"C:\Program Files (x86)\YoWindow\uninstall.exe"
Zune Language Pack (CSY)-->MsiExec.exe /X{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}
Zune Language Pack (DAN)-->MsiExec.exe /X{8B112338-2B08-4851-AF84-E7CAD74CEB32}
Zune Language Pack (DEU)-->MsiExec.exe /X{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}
Zune Language Pack (ELL)-->MsiExec.exe /X{3589A659-F732-4E65-A89A-5438C332E59D}
Zune Language Pack (ESP)-->MsiExec.exe /X{6B33492E-FBBC-4EC3-8738-09E16E395A10}
Zune Language Pack (FIN)-->MsiExec.exe /X{B4870774-5F3A-46D9-9DFE-06FB5599E26B}
Zune Language Pack (FRA)-->MsiExec.exe /X{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}
Zune Language Pack (HUN)-->MsiExec.exe /X{C6BE19C6-B102-4038-B2A6-1C313872DBB4}
Zune Language Pack (CHS)-->MsiExec.exe /X{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}
Zune Language Pack (CHT)-->MsiExec.exe /X{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}
Zune Language Pack (IND)-->MsiExec.exe /X{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}
Zune Language Pack (ITA)-->MsiExec.exe /X{C5D37FFA-7483-410B-982B-91E93FD3B7DA}
Zune Language Pack (JPN)-->MsiExec.exe /X{D8A781C9-3892-4E2E-9320-480CF896CFBB}
Zune Language Pack (KOR)-->MsiExec.exe /X{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}
Zune Language Pack (MSL)-->MsiExec.exe /X{76BA306B-2AA0-47C0-AB6B-F313AB56C136}
Zune Language Pack (NLD)-->MsiExec.exe /X{6740BCB0-5863-47F4-80F4-44F394DE4FE2}
Zune Language Pack (NOR)-->MsiExec.exe /X{5DEFD397-4012-46C3-B6DA-E8013E660772}
Zune Language Pack (PLK)-->MsiExec.exe /X{8960A0A1-BB5A-479E-92CF-65AB9D684B43}
Zune Language Pack (PTB)-->MsiExec.exe /X{07EEE598-5F21-4B57-B40B-46592625B3D9}
Zune Language Pack (PTG)-->MsiExec.exe /X{5C93E291-A1CC-4E51-85C6-E194209FCDB4}
Zune Language Pack (RUS)-->MsiExec.exe /X{57C51D56-B287-4C11-9192-EC3C46EF76A4}
Zune Language Pack (SVE)-->MsiExec.exe /X{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}
Zune-->C:\Program Files\Zune\ZuneSetup.exe /x
Zune-->MsiExec.exe /X{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}

======Hosts File======

::1 localhost

======System event log======

Computer Name: Peter-PC
Event Code: 84
Message: Silo hesiel hlásilo chybu pri príkaze sila hesiel.
Record Number: 274493
Source Name: Microsoft-Windows-EnhancedStorage-EhStorCertDrv
Time Written: 20130223110828.659836-000
Event Type: Error
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: Peter-PC
Event Code: 219
Message: The driver \Driver\WUDFRd failed to load for the device USBSTOR\IEEE1667Silo&Ven_&Prod_&Rev_&Silo_102\079A0D0736904342&0&102_1.
Record Number: 274490
Source Name: Microsoft-Windows-Kernel-PnP
Time Written: 20130223110820.526371-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Peter-PC
Event Code: 7001
Message: Spustenie služby Function Discovery Provider Host, od ktorej závisí služba HomeGroup Provider, zlyhalo kvôli nasledujúcej chybe:
Služba sa nedá spustiť, pretože je vypnutá, alebo nemá priradené žiadne zapnuté zariadenia.
Record Number: 274481
Source Name: Service Control Manager
Time Written: 20130223105112.248557-000
Event Type: Error
User:

Computer Name: Peter-PC
Event Code: 7001
Message: Spustenie služby Function Discovery Provider Host, od ktorej závisí služba HomeGroup Provider, zlyhalo kvôli nasledujúcej chybe:
Služba sa nedá spustiť, pretože je vypnutá, alebo nemá priradené žiadne zapnuté zariadenia.
Record Number: 274464
Source Name: Service Control Manager
Time Written: 20130223091438.887479-000
Event Type: Error
User:

Computer Name: Peter-PC
Event Code: 12
Message: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
Record Number: 274454
Source Name: Microsoft-Windows-HAL
Time Written: 20130223084911.418928-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Peter-PC
Event Code: 100
Message: Task Scheduling Error: Continuously busy for more than a second
Record Number: 45336
Source Name: Bonjour Service
Time Written: 20120928004015.000000-000
Event Type: Error
User:

Computer Name: Peter-PC
Event Code: 100
Message: Task Scheduling Error: m->NextScheduledSPRetry 3010273
Record Number: 45335
Source Name: Bonjour Service
Time Written: 20120928004014.000000-000
Event Type: Error
User:

Computer Name: Peter-PC
Event Code: 100
Message: Task Scheduling Error: m->NextScheduledEvent 3010273
Record Number: 45334
Source Name: Bonjour Service
Time Written: 20120928004014.000000-000
Event Type: Error
User:

Computer Name: Peter-PC
Event Code: 100
Message: Task Scheduling Error: Continuously busy for more than a second
Record Number: 45333
Source Name: Bonjour Service
Time Written: 20120928004014.000000-000
Event Type: Error
User:

Computer Name: Peter-PC
Event Code: 100
Message: Task Scheduling Error: m->NextScheduledSPRetry 3009259
Record Number: 45332
Source Name: Bonjour Service
Time Written: 20120928004013.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Peter-PC
Event Code: 4902
Message: The Per-user audit policy table was created.

Number of Elements: 0
Policy ID: 0xa45a
Record Number: 34011
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120303074903.117225-000
Event Type: Audit Success
User:

Computer Name: Peter-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 0

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x4
Process Name:

Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: -
Authentication Package: -
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 34010
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120303074902.649224-000
Event Type: Audit Success
User:

Computer Name: Peter-PC
Event Code: 4608
Message: Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 34009
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120303074902.649224-000
Event Type: Audit Success
User:

Computer Name: Peter-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 34008
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120303070734.539569-000
Event Type: Audit Success
User:

Computer Name: Peter-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: PETER-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x1f4
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 34007
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120303070734.539569-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;%CommonProgramFiles%\Microsoft Shared\Windows Live;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

#3 Příspěvek od **vyosek** » 23 říj 2013 08:47

Zdravim

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

Ulozte nejlepe na plochu
Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
Probehne vytvoreni zalohy a nasledne prohledavani
Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

PureHate44 · #4 Příspěvek od **PureHate44** » 23 říj 2013 09:49

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Professional x64
Ran by Peter on st 23. 10. 2013 at 10:29:26,01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\secman.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dt soft\daemon tools toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetimsetup_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetimsetup_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_atube-catcher_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_atube-catcher_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_jdownloader_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_jdownloader_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_vlc-media-player_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_vlc-media-player_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APN_ATU3__RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APN_ATU3__RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_atube-catcher_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_atube-catcher_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_jdownloader_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_jdownloader_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_vlc-media-player_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_vlc-media-player_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6F1ED646-6554-45E9-81D7-A1EF59EEE02A}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Users\Peter\AppData\Roaming\drivercure"
Successfully deleted: [Folder] "C:\Users\Peter\AppData\Roaming\systweak"

~~~ FireFox

Emptied folder: C:\Users\Peter\AppData\Roaming\mozilla\firefox\profiles\0mvts0b3.default\minidumps [4 files]

~~~ Chrome

Successfully deleted: [Folder] C:\Users\Peter\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on st 23. 10. 2013 at 10:48:20,96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

PureHate44 · #5 Příspěvek od **PureHate44** » 23 říj 2013 09:55

# AdwCleaner v3.010 - Report created 23/10/2013 at 10:51:15
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Peter - PETER-PC
# Running from : C:\Users\Peter\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\AlawarWrapper
Folder Deleted : C:\Program Files (x86)\ExpressFiles
Folder Deleted : C:\Program Files (x86)\Common Files\ParetoLogic
Folder Deleted : C:\Users\Peter\AppData\Roaming\ExpressFiles
Folder Deleted : C:\Users\Peter\AppData\Roaming\ParetoLogic
File Deleted : C:\Windows\System32\Tasks\Express FilesUpdate
File Deleted : C:\Windows\System32\Tasks\paretologic registration3
File Deleted : C:\Windows\Tasks\paretologic update version3.job
File Deleted : C:\Windows\System32\Tasks\paretologic update version3

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKCU\Software\ExpressFiles
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKLM\Software\ExpressFiles
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ExpressFiles

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0mvts0b3.default\prefs.js ]

-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [2668 octets] - [23/10/2013 10:50:24]
AdwCleaner[S0].txt - [2558 octets] - [23/10/2013 10:51:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2618 octets] ##########

#6 Příspěvek od **vyosek** » 23 říj 2013 12:26

Poprosim o FRSTL http://forum.viry.cz/viewtopic.php?f=30&t=133101

PureHate44 · #7 Příspěvek od **PureHate44** » 24 říj 2013 10:21

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-10-2013
Ran by Peter (administrator) on PETER-PC on 24-10-2013 11:14:57
Running from C:\Users\Peter\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: 041B
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(IObit) C:\Program Files (x86)\Game Booster Premium 2.0 Retail\GameBox.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(ACD Systems) C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(BitTorrent Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
() C:\Program Files (x86)\Vtune\TBPANEL.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Repkasoft) C:\Program Files (x86)\YoWindow\yowindow.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(SpeedVID Accelerator) C:\Program Files (x86)\SpeedVID\SpeedVID Accelerator\SpeedVidA.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Peter\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\PING.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ACPW06EN] - C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe [1231992 2012-08-31] (ACD Systems)
HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKCU\...\Run: [uTorrent] - C:\Program Files (x86)\uTorrent\uTorrent.exe [802136 2013-05-05] (BitTorrent Inc.)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [4910912 2011-08-02] (DT Soft Ltd)
HKCU\...\Run: [TBPanel] - C:\Program Files (x86)\Vtune\TBPanel.exe [2248704 2011-08-02] ()
HKCU\...\Run: [Facebook Update] - C:\Users\Peter\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-01-13] (Facebook Inc.)
HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-20] (Nullsoft, Inc.)
HKLM-x32\...\Run: [speedvid] - C:\Program Files (x86)\SpeedVID\SpeedVID Accelerator\SpeedVidA.exe [6020096 2012-10-15] (SpeedVID Accelerator)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296056 2012-02-16] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YoWindow.lnk
ShortcutTarget: YoWindow.lnk -> C:\Program Files (x86)\YoWindow\yowindow.exe (Repkasoft)
BootExecute:

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1FC91D3F72B8CB01
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0DACC6F1-DA62-48D6-A97F-C21D81D9D1EC} URL = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/s ... wflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0mvts0b3.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.2.72 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.2.72 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.2.72 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.2.72 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=15.0.2.72 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Peter\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Peter\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Peter\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Peter\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: No Name - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0mvts0b3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Unity Player) - C:\Users\Peter\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Peter\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\14.0.0.4651_0
CHR Extension: (AdBlock) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0
CHR Extension: (Safe Money) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\14.0.0.4651_0
CHR Extension: (Dangerous Websites Blocker) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\14.0.0.4651_0
CHR Extension: (Virtual Keyboard) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\14.0.0.4651_0
CHR Extension: (Anti-Banner) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\14.0.0.4651_0
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-08] (Kaspersky Lab ZAO)
S3 COMSysApp; C:\Windows\SysWow64\dllhost.exe [7168 2009-07-14] (Microsoft Corporation)
S2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2003-04-18] ()
S3 msiserver; C:\Windows\SysWow64\msiexec.exe [73216 2010-11-20] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-08-08] ()
S2 WinDefend; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S4 WSearch; C:\Windows\SysWow64\SearchIndexer.exe [427520 2011-05-04] (Microsoft Corporation)
S2 .EsetTrialReset; C:\Windows\reset.exe /s [x]

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-02-02] ()
S3 catchme; No ImagePath
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [270912 2011-09-01] (DT Soft Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-10-08] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [112224 2013-06-08] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620640 2013-10-08] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-08] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-08] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178784 2013-06-06] (Kaspersky Lab ZAO)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-02-02] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 TBPanel; No ImagePath
S3 TfNetMon; No ImagePath
U4 bdselfpr;
S0 TfFsMon; system32\drivers\TfFsMon.sys [x]
S0 TFSysMon; system32\drivers\TfSysMon.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-24 11:14 - 2013-10-24 11:14 - 00015327 _____ C:\Users\Peter\Desktop\LM.bat
2013-10-24 11:11 - 2013-10-24 11:11 - 01955412 _____ (Farbar) C:\Users\Peter\Desktop\FRST64.exe
2013-10-24 11:11 - 2013-10-24 11:11 - 00000000 ____D C:\FRST
2013-10-23 23:35 - 2013-10-23 23:35 - 00112128 _____ (forum.viry.cz) C:\Users\Peter\Desktop\FRSTLauncher.exe
2013-10-23 23:32 - 2013-10-24 11:14 - 00029696 _____ C:\Users\Peter\AppData\Local\MSGBOX.EXE
2013-10-23 10:50 - 2013-10-23 10:51 - 00000000 ____D C:\AdwCleaner
2013-10-23 10:48 - 2013-10-23 10:48 - 00005946 _____ C:\Users\Peter\Desktop\JRT.txt
2013-10-23 10:30 - 2013-10-23 10:30 - 01060070 _____ C:\Users\Peter\Downloads\adwcleaner.exe
2013-10-23 10:29 - 2013-10-23 10:29 - 00000000 ____D C:\Windows\ERUNT
2013-10-23 10:28 - 2013-10-23 10:28 - 01033335 _____ (Thisisu) C:\Users\Peter\Desktop\JRT.exe
2013-10-23 10:20 - 2013-10-24 10:55 - 00000504 _____ C:\Windows\setupact.log
2013-10-23 10:20 - 2013-10-23 10:20 - 00000000 _____ C:\Windows\setuperr.log
2013-10-23 00:11 - 2013-10-23 00:11 - 00000000 ____D C:\rsit
2013-10-23 00:10 - 2013-10-23 00:11 - 00935175 _____ C:\Users\Peter\Downloads\RSITx64.exe
2013-10-20 15:40 - 2013-10-20 15:40 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-10-20 15:36 - 2013-10-20 15:36 - 00010788 _____ C:\Users\Peter\Downloads\[CzT]WinRAR_5_00_All_in_One_Edition_x86_x64_.torrent
2013-10-20 15:34 - 2013-10-20 15:34 - 00015145 _____ C:\Users\Peter\Downloads\[CzT]Nero_7_Premium_7_8_5_0_CZ_keygen.torrent
2013-10-19 13:56 - 2013-10-19 15:16 - 1487484893 _____ C:\Users\Peter\Downloads\FIFA 2013-CZ dabing + texty RELOADED.part4.rar
2013-10-19 13:55 - 2013-10-19 15:36 - 2097152000 _____ C:\Users\Peter\Downloads\FIFA 2013-CZ dabing + texty RELOADED.part3.rar
2013-10-18 15:08 - 2013-10-18 15:18 - 342883685 _____ C:\Users\Peter\Downloads\rychly prachy (PRAHA - 17.10.2013).wmv
2013-10-17 23:23 - 2013-10-17 23:23 - 00742176 _____ (MediaGet LLC) C:\Users\Peter\Downloads\zuzana-1432-czechcastingcomczechavcom2013hd_id3274202ids2s.exe
2013-10-14 18:20 - 2013-10-14 18:20 - 00231316 _____ C:\Users\Peter\Downloads\Klice.rar
2013-10-14 17:52 - 2013-10-14 17:53 - 03200814 _____ C:\Users\Peter\Downloads\K-k-15-7-13_bestarchive.softarchive.net.rar
2013-10-14 17:40 - 2013-10-14 17:40 - 00002330 _____ C:\Users\Peter\Desktop\Safe Money.lnk
2013-10-14 17:34 - 2013-10-14 17:34 - 00001124 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2013-10-14 17:34 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2013-10-14 17:32 - 2013-10-24 11:15 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-10-14 17:32 - 2013-10-14 17:32 - 00000000 ____D C:\Windows\ELAMBKUP
2013-10-14 17:32 - 2013-10-14 17:32 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-10-14 17:32 - 2013-10-08 13:49 - 00620640 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-10-14 17:32 - 2013-06-08 20:18 - 00112224 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2013-10-14 17:18 - 2013-10-14 17:26 - 253548352 _____ (Kaspersky Lab) C:\Users\Peter\Downloads\kis2014_14.0.0.4651abEN_5096.exe
2013-10-11 00:25 - 2013-10-11 00:58 - 1177568581 _____ C:\Users\Peter\Downloads\Amorovy-pohadky-komplet-vsechny-dily.rar
2013-10-10 11:26 - 2013-10-10 11:26 - 00000000 ____D C:\Users\Peter\Downloads\Simpsonovi---4-Serie-(S04---CZ)
2013-10-10 10:27 - 2013-10-10 10:51 - 846523287 _____ C:\Users\Peter\Downloads\Simpsonovi---5-Serie-(S05---CZ).part4.rar
2013-10-10 09:55 - 2013-10-10 10:26 - 1048576000 _____ C:\Users\Peter\Downloads\Simpsonovi---5-Serie-(S05---CZ).part3.rar
2013-10-09 22:11 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-09 22:11 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-09 22:11 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-09 22:11 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-09 22:11 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-09 22:11 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-09 22:11 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-09 22:11 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-09 22:11 - 2013-09-23 01:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-09 22:11 - 2013-09-23 01:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-09 22:11 - 2013-09-23 01:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-09 22:11 - 2013-09-23 01:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-09 22:11 - 2013-09-23 01:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-09 22:11 - 2013-09-23 00:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-09 22:11 - 2013-09-23 00:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-09 22:11 - 2013-09-23 00:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-09 22:11 - 2013-09-23 00:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-09 22:11 - 2013-09-23 00:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-09 22:11 - 2013-09-23 00:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-09 22:11 - 2013-09-23 00:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-09 22:11 - 2013-09-23 00:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-09 22:11 - 2013-09-23 00:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-09 22:11 - 2013-09-23 00:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-09 22:11 - 2013-09-23 00:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-09 22:11 - 2013-09-23 00:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-09 22:11 - 2013-09-23 00:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-09 22:11 - 2013-09-23 00:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-09 22:11 - 2013-09-21 05:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-09 22:11 - 2013-09-21 05:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-09 22:11 - 2013-09-21 04:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-09 22:11 - 2013-09-21 04:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-09 20:35 - 2013-10-09 21:32 - 1048576000 _____ C:\Users\Peter\Downloads\Simpsonovi---5-Serie-(S05---CZ).part2.rar
2013-10-09 20:34 - 2013-10-09 21:32 - 1048576000 _____ C:\Users\Peter\Downloads\Simpsonovi---5-Serie-(S05---CZ).part1.rar
2013-10-09 17:10 - 2013-10-09 18:03 - 1048576000 _____ C:\Users\Peter\Downloads\Simpsonovi---4-Serie-(S04---CZ).part3.rar
2013-10-09 17:10 - 2013-10-09 17:56 - 852247695 _____ C:\Users\Peter\Downloads\Simpsonovi---4-Serie-(S04---CZ).part4.rar
2013-10-09 16:04 - 2013-10-09 17:02 - 1048576000 _____ C:\Users\Peter\Downloads\Simpsonovi---4-Serie-(S04---CZ).part2.rar
2013-10-09 16:04 - 2013-10-09 16:51 - 1048576000 _____ C:\Users\Peter\Downloads\Simpsonovi---4-Serie-(S04---CZ).part1.rar
2013-10-09 04:31 - 2013-08-29 03:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbser.sys
2013-10-09 04:31 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 04:31 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 04:30 - 2013-09-14 03:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-09 04:30 - 2013-09-08 04:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-09 04:30 - 2013-09-08 04:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-09 04:30 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-09 04:30 - 2013-09-04 14:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 04:30 - 2013-09-04 14:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 04:30 - 2013-09-04 14:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 04:30 - 2013-09-04 14:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 04:30 - 2013-09-04 14:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-09 04:30 - 2013-09-04 14:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-09 04:30 - 2013-09-04 14:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 04:30 - 2013-08-29 04:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-09 04:30 - 2013-08-29 04:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-09 04:30 - 2013-08-29 04:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-09 04:30 - 2013-08-29 04:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-09 04:30 - 2013-08-29 04:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-09 04:30 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-09 04:30 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-09 04:30 - 2013-08-29 03:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-09 04:30 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-09 04:30 - 2013-08-29 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-09 04:30 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-09 04:30 - 2013-08-29 02:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-09 04:30 - 2013-08-29 02:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-09 04:30 - 2013-08-29 02:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-09 04:30 - 2013-08-29 02:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-09 04:30 - 2013-08-28 03:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 04:30 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-09 04:30 - 2013-08-01 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 04:30 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 04:30 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 04:30 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 04:30 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 04:30 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 04:30 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-09 04:30 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-09 04:30 - 2013-07-04 12:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 04:30 - 2013-07-03 06:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-09 04:30 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 04:30 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 04:30 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 04:30 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 04:30 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 04:30 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 04:30 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 04:30 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-09 04:30 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-09 04:30 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-09 04:30 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 04:30 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 04:30 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-08 13:49 - 2013-10-08 13:49 - 07717984 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2013-10-08 13:49 - 2013-10-08 13:49 - 00029792 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klim6.sys
2013-10-08 13:49 - 2013-10-08 13:49 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klmouflt.sys
2013-10-08 13:49 - 2013-10-08 13:49 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys
2013-10-07 12:13 - 2013-10-07 12:25 - 406516284 _____ C:\Users\Peter\Downloads\Stredoslováci.rar
2013-10-07 12:05 - 2013-10-07 12:05 - 00000063 _____ C:\Users\Peter\Downloads\listen (1).pls
2013-10-07 12:04 - 2013-10-07 12:04 - 00000063 _____ C:\Users\Peter\Downloads\listen.pls
2013-10-07 05:58 - 2013-10-07 05:58 - 00000000 ___RD C:\Users\Peter\Podcasts
2013-10-07 05:49 - 2013-10-07 05:51 - 00000000 ____D C:\Program Files\Zune
2013-10-07 05:49 - 2013-10-07 05:49 - 00000927 _____ C:\Users\Public\Desktop\Zune.lnk
2013-10-07 05:41 - 2013-10-07 05:44 - 105664248 _____ (Microsoft Corporation) C:\Users\Peter\Downloads\ZuneSetupPkg.exe
2013-10-06 02:52 - 2013-10-06 02:52 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2013-10-06 02:52 - 2013-10-06 02:52 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2013-10-03 21:35 - 2013-10-03 21:35 - 01684368 _____ (ESET) C:\Users\Peter\Downloads\eset_nod32_antivirus_live_installer.exe
2013-10-01 11:10 - 2013-10-01 11:11 - 18144040 _____ C:\Users\Peter\Downloads\Immortal_Hammer_-_2002_-_Ohnom_vojny_spalena_zem.rar
2013-10-01 10:58 - 2013-10-01 11:04 - 114437438 _____ C:\Users\Peter\Downloads\Immortal-Hammer---V-znamení-Perúnovho-Kruhu-(2002).rar
2013-10-01 10:31 - 2013-10-01 10:39 - 68237487 _____ C:\Users\Peter\Downloads\Immortal Hammer - Tjarnaglofi.rar
2013-09-30 19:36 - 2013-09-30 19:37 - 08892020 _____ C:\Users\Peter\Downloads\16yo_mast.avi
2013-09-29 10:51 - 2013-09-28 21:22 - 00033301 _____ C:\Users\Peter\Downloads\South.Park.S17E01.Let.Go.Let.Gov.1080p.WEB-DL.AAC2.0.H.264-YFN.srt
2013-09-29 10:51 - 2013-09-26 14:06 - 00033290 _____ C:\Users\Peter\Downloads\South.Park.S17E01.HDTV.x264-2HD.srt
2013-09-29 10:50 - 2013-09-29 10:50 - 00029720 _____ C:\Users\Peter\Downloads\1701.zip
2013-09-29 10:27 - 2013-09-29 10:35 - 256391672 _____ C:\Users\Peter\Downloads\South.Park.S17E01.HDTV.XviD-AFG.avi
2013-09-26 17:46 - 2013-09-26 17:46 - 01582904 _____ (ESET) C:\Users\Peter\Downloads\eset_smart_security_live_installer (1).exe
2013-09-26 15:35 - 2013-09-26 15:39 - 104969491 _____ C:\Users\Peter\Downloads\Zoči Voči - Milovaní - Nenávidení 2013.rar
2013-09-25 22:24 - 2013-09-25 22:24 - 04369632 _____ (Piriform Ltd) C:\Users\Peter\Downloads\ccsetup406.exe
2013-09-25 18:53 - 2013-09-26 15:44 - 00000067 _____ C:\Users\Peter\Downloads\t68.rar
2013-09-25 16:20 - 2013-09-25 16:58 - 1273591459 _____ C:\Users\Peter\Downloads\Fast And Furious 6 (2013) 720p EXTENDED 5.1CH CZ.mkv
2013-09-25 11:39 - 2013-09-25 11:42 - 106631187 _____ C:\Users\Peter\Downloads\Fast.and.Furious.6.2013.TheatricalCut.1080p.BluRay.DTS.x264.CZ-LB23-sample-002.mkv
2013-09-24 12:38 - 2013-09-26 15:45 - 00000067 _____ C:\Users\Peter\Downloads\t67.rar
2013-09-24 12:17 - 2013-09-24 12:17 - 01434842 _____ C:\Users\Peter\Downloads\Posledná výstraha - nechceme ! (2).3ga

==================== One Month Modified Files and Folders =======

2013-10-24 11:16 - 2011-02-07 10:08 - 00000000 ____D C:\Users\Peter\AppData\Roaming\uTorrent
2013-10-24 11:15 - 2013-10-14 17:32 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-10-24 11:14 - 2013-10-24 11:14 - 00015327 _____ C:\Users\Peter\Desktop\LM.bat
2013-10-24 11:14 - 2013-10-23 23:32 - 00029696 _____ C:\Users\Peter\AppData\Local\MSGBOX.EXE
2013-10-24 11:11 - 2013-10-24 11:11 - 01955412 _____ (Farbar) C:\Users\Peter\Desktop\FRST64.exe
2013-10-24 11:11 - 2013-10-24 11:11 - 00000000 ____D C:\FRST
2013-10-24 11:06 - 2011-11-17 02:07 - 01592226 _____ C:\Windows\WindowsUpdate.log
2013-10-24 11:05 - 2013-05-02 14:28 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce47307f8c751a.job
2013-10-24 10:55 - 2013-10-23 10:20 - 00000504 _____ C:\Windows\setupact.log
2013-10-24 10:55 - 2013-07-13 00:51 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1ce7f5262bb9e30.job
2013-10-24 10:55 - 2013-01-13 19:01 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3097850436-798593565-2399696651-1000UA.job
2013-10-24 10:55 - 2011-11-23 16:45 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-24 01:24 - 2012-10-23 13:00 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Winamp
2013-10-24 01:00 - 2013-08-08 13:20 - 00281152 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-10-24 01:00 - 2013-01-16 00:50 - 00281152 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-10-23 23:35 - 2013-10-23 23:35 - 00112128 _____ (forum.viry.cz) C:\Users\Peter\Desktop\FRSTLauncher.exe
2013-10-23 23:22 - 2013-01-13 19:01 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3097850436-798593565-2399696651-1000Core.job
2013-10-23 11:00 - 2009-07-14 06:45 - 00013472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-23 11:00 - 2009-07-14 06:45 - 00013472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-23 10:58 - 2011-01-20 08:56 - 00003970 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{CAE3DA1A-2B0D-4187-8269-212F226DEE23}
2013-10-23 10:57 - 2009-07-14 07:13 - 00736706 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-23 10:54 - 2011-04-21 14:57 - 00000000 ____D C:\Program Files (x86)\Game Booster Premium 2.0 Retail
2013-10-23 10:53 - 2013-04-13 08:55 - 00000494 _____ C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2013-10-23 10:53 - 2012-09-11 16:43 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-23 10:53 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-23 10:52 - 2011-10-25 16:00 - 00000000 ____D C:\Program Files\WinRAR
2013-10-23 10:51 - 2013-10-23 10:50 - 00000000 ____D C:\AdwCleaner
2013-10-23 10:48 - 2013-10-23 10:48 - 00005946 _____ C:\Users\Peter\Desktop\JRT.txt
2013-10-23 10:30 - 2013-10-23 10:30 - 01060070 _____ C:\Users\Peter\Downloads\adwcleaner.exe
2013-10-23 10:29 - 2013-10-23 10:29 - 00000000 ____D C:\Windows\ERUNT
2013-10-23 10:28 - 2013-10-23 10:28 - 01033335 _____ (Thisisu) C:\Users\Peter\Desktop\JRT.exe
2013-10-23 10:20 - 2013-10-23 10:20 - 00000000 _____ C:\Windows\setuperr.log
2013-10-23 00:11 - 2013-10-23 00:11 - 00000000 ____D C:\rsit
2013-10-23 00:11 - 2013-10-23 00:10 - 00935175 _____ C:\Users\Peter\Downloads\RSITx64.exe
2013-10-23 00:11 - 2011-02-20 22:37 - 00000000 ____D C:\Program Files\trend micro
2013-10-22 10:53 - 2013-01-16 01:00 - 00281152 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-10-20 15:40 - 2013-10-20 15:40 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-10-20 15:36 - 2013-10-20 15:36 - 00010788 _____ C:\Users\Peter\Downloads\[CzT]WinRAR_5_00_All_in_One_Edition_x86_x64_.torrent
2013-10-20 15:34 - 2013-10-20 15:34 - 00015145 _____ C:\Users\Peter\Downloads\[CzT]Nero_7_Premium_7_8_5_0_CZ_keygen.torrent
2013-10-19 16:48 - 2011-01-20 09:47 - 00000000 ____D C:\Program Files (x86)\Opera
2013-10-19 15:36 - 2013-10-19 13:55 - 2097152000 _____ C:\Users\Peter\Downloads\FIFA 2013-CZ dabing + texty RELOADED.part3.rar
2013-10-19 15:16 - 2013-10-19 13:56 - 1487484893 _____ C:\Users\Peter\Downloads\FIFA 2013-CZ dabing + texty RELOADED.part4.rar
2013-10-19 14:45 - 2013-08-12 23:45 - 00000000 ____D C:\Users\Peter\Desktop\Nový priečinok (3)
2013-10-18 17:33 - 2011-01-20 09:46 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Skype
2013-10-18 15:18 - 2013-10-18 15:08 - 342883685 _____ C:\Users\Peter\Downloads\rychly prachy (PRAHA - 17.10.2013).wmv
2013-10-17 23:23 - 2013-10-17 23:23 - 00742176 _____ (MediaGet LLC) C:\Users\Peter\Downloads\zuzana-1432-czechcastingcomczechavcom2013hd_id3274202ids2s.exe
2013-10-17 11:15 - 2012-10-08 16:49 - 00000000 ____D C:\Users\Peter\AppData\Local\CrashDumps
2013-10-17 11:15 - 2002-01-01 06:08 - 00000000 ____D C:\Windows\Panther
2013-10-15 20:59 - 2011-03-08 18:53 - 00000000 ____D C:\Users\Peter\Desktop\odpor
2013-10-14 18:20 - 2013-10-14 18:20 - 00231316 _____ C:\Users\Peter\Downloads\Klice.rar
2013-10-14 17:53 - 2013-10-14 17:52 - 03200814 _____ C:\Users\Peter\Downloads\K-k-15-7-13_bestarchive.softarchive.net.rar
2013-10-14 17:40 - 2013-10-14 17:40 - 00002330 _____ C:\Users\Peter\Desktop\Safe Money.lnk
2013-10-14 17:34 - 2013-10-14 17:34 - 00001124 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2013-10-14 17:32 - 2013-10-14 17:32 - 00000000 ____D C:\Windows\ELAMBKUP
2013-10-14 17:32 - 2013-10-14 17:32 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-10-14 17:26 - 2013-10-14 17:18 - 253548352 _____ (Kaspersky Lab) C:\Users\Peter\Downloads\kis2014_14.0.0.4651abEN_5096.exe
2013-10-14 09:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-10-11 04:20 - 2013-07-13 00:51 - 00003932 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1ce7f5262bb9e30
2013-10-11 04:20 - 2013-05-02 14:28 - 00003680 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1ce47307f8c751a
2013-10-11 00:58 - 2013-10-11 00:25 - 1177568581 _____ C:\Users\Peter\Downloads\Amorovy-pohadky-komplet-vsechny-dily.rar
2013-10-10 14:55 - 2012-11-01 15:23 - 00005632 _____ C:\Users\Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-10 11:26 - 2013-10-10 11:26 - 00000000 ____D C:\Users\Peter\Downloads\Simpsonovi---4-Serie-(S04---CZ)
2013-10-10 10:51 - 2013-10-10 10:27 - 846523287 _____ C:\Users\Peter\Downloads\Simpsonovi---5-Serie-(S05---CZ).part4.rar
2013-10-10 10:26 - 2013-10-10 09:55 - 1048576000 _____ C:\Users\Peter\Downloads\Simpsonovi---5-Serie-(S05---CZ).part3.rar
2013-10-10 04:10 - 2009-07-14 06:45 - 00494288 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-09 22:13 - 2011-02-16 16:04 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-09 21:32 - 2013-10-09 20:35 - 1048576000 _____ C:\Users\Peter\Downloads\Simpsonovi---5-Serie-(S05---CZ).part2.rar
2013-10-09 21:32 - 2013-10-09 20:34 - 1048576000 _____ C:\Users\Peter\Downloads\Simpsonovi---5-Serie-(S05---CZ).part1.rar
2013-10-09 18:03 - 2013-10-09 17:10 - 1048576000 _____ C:\Users\Peter\Downloads\Simpsonovi---4-Serie-(S04---CZ).part3.rar
2013-10-09 17:56 - 2013-10-09 17:10 - 852247695 _____ C:\Users\Peter\Downloads\Simpsonovi---4-Serie-(S04---CZ).part4.rar
2013-10-09 17:02 - 2013-10-09 16:04 - 1048576000 _____ C:\Users\Peter\Downloads\Simpsonovi---4-Serie-(S04---CZ).part2.rar
2013-10-09 16:51 - 2013-10-09 16:04 - 1048576000 _____ C:\Users\Peter\Downloads\Simpsonovi---4-Serie-(S04---CZ).part1.rar
2013-10-09 10:30 - 2011-11-23 16:45 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-09 10:30 - 2011-11-23 16:45 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-09 10:30 - 2011-05-19 19:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-09 08:40 - 2012-05-20 09:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-09 08:40 - 2012-05-20 09:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-09 04:35 - 2013-08-14 18:17 - 00000000 ____D C:\Windows\system32\MRT
2013-10-09 04:33 - 2011-01-20 18:26 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-08 13:49 - 2013-10-14 17:32 - 00620640 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-10-08 13:49 - 2013-10-08 13:49 - 07717984 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2013-10-08 13:49 - 2013-10-08 13:49 - 00029792 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klim6.sys
2013-10-08 13:49 - 2013-10-08 13:49 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klmouflt.sys
2013-10-08 13:49 - 2013-10-08 13:49 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys
2013-10-07 12:25 - 2013-10-07 12:13 - 406516284 _____ C:\Users\Peter\Downloads\Stredoslováci.rar
2013-10-07 12:05 - 2013-10-07 12:05 - 00000063 _____ C:\Users\Peter\Downloads\listen (1).pls
2013-10-07 12:04 - 2013-10-07 12:04 - 00000063 _____ C:\Users\Peter\Downloads\listen.pls
2013-10-07 05:58 - 2013-10-07 05:58 - 00000000 ___RD C:\Users\Peter\Podcasts
2013-10-07 05:58 - 2011-01-20 08:51 - 00000000 ____D C:\Users\Peter
2013-10-07 05:51 - 2013-10-07 05:49 - 00000000 ____D C:\Program Files\Zune
2013-10-07 05:49 - 2013-10-07 05:49 - 00000927 _____ C:\Users\Public\Desktop\Zune.lnk
2013-10-07 05:48 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-10-07 05:44 - 2013-10-07 05:41 - 105664248 _____ (Microsoft Corporation) C:\Users\Peter\Downloads\ZuneSetupPkg.exe
2013-10-06 02:52 - 2013-10-06 02:52 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2013-10-06 02:52 - 2013-10-06 02:52 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2013-10-03 21:35 - 2013-10-03 21:35 - 01684368 _____ (ESET) C:\Users\Peter\Downloads\eset_nod32_antivirus_live_installer.exe
2013-10-01 11:11 - 2013-10-01 11:10 - 18144040 _____ C:\Users\Peter\Downloads\Immortal_Hammer_-_2002_-_Ohnom_vojny_spalena_zem.rar
2013-10-01 11:04 - 2013-10-01 10:58 - 114437438 _____ C:\Users\Peter\Downloads\Immortal-Hammer---V-znamení-Perúnovho-Kruhu-(2002).rar
2013-10-01 10:39 - 2013-10-01 10:31 - 68237487 _____ C:\Users\Peter\Downloads\Immortal Hammer - Tjarnaglofi.rar
2013-09-30 19:37 - 2013-09-30 19:36 - 08892020 _____ C:\Users\Peter\Downloads\16yo_mast.avi
2013-09-29 10:50 - 2013-09-29 10:50 - 00029720 _____ C:\Users\Peter\Downloads\1701.zip
2013-09-29 10:35 - 2013-09-29 10:27 - 256391672 _____ C:\Users\Peter\Downloads\South.Park.S17E01.HDTV.XviD-AFG.avi
2013-09-28 21:22 - 2013-09-29 10:51 - 00033301 _____ C:\Users\Peter\Downloads\South.Park.S17E01.Let.Go.Let.Gov.1080p.WEB-DL.AAC2.0.H.264-YFN.srt
2013-09-26 17:46 - 2013-09-26 17:46 - 01582904 _____ (ESET) C:\Users\Peter\Downloads\eset_smart_security_live_installer (1).exe
2013-09-26 15:46 - 2013-09-20 17:55 - 00000067 _____ C:\Users\Peter\Downloads\t64.rar
2013-09-26 15:46 - 2013-08-16 18:03 - 00000067 _____ C:\Users\Peter\Downloads\t62.rar
2013-09-26 15:46 - 2013-08-16 17:30 - 00000067 _____ C:\Users\Peter\Downloads\t63.rar
2013-09-26 15:45 - 2013-09-24 12:38 - 00000067 _____ C:\Users\Peter\Downloads\t67.rar
2013-09-26 15:45 - 2013-09-23 23:47 - 00000067 _____ C:\Users\Peter\Downloads\t66.rar
2013-09-26 15:45 - 2013-09-20 18:49 - 00000067 _____ C:\Users\Peter\Downloads\t65.rar
2013-09-26 15:44 - 2013-09-25 18:53 - 00000067 _____ C:\Users\Peter\Downloads\t68.rar
2013-09-26 15:39 - 2013-09-26 15:35 - 104969491 _____ C:\Users\Peter\Downloads\Zoči Voči - Milovaní - Nenávidení 2013.rar
2013-09-26 14:06 - 2013-09-29 10:51 - 00033290 _____ C:\Users\Peter\Downloads\South.Park.S17E01.HDTV.x264-2HD.srt
2013-09-25 22:24 - 2013-09-25 22:24 - 04369632 _____ (Piriform Ltd) C:\Users\Peter\Downloads\ccsetup406.exe
2013-09-25 22:24 - 2012-10-26 09:12 - 00000000 ____D C:\Program Files\CCleaner
2013-09-25 22:24 - 2012-02-26 14:46 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-09-25 16:58 - 2013-09-25 16:20 - 1273591459 _____ C:\Users\Peter\Downloads\Fast And Furious 6 (2013) 720p EXTENDED 5.1CH CZ.mkv
2013-09-25 11:43 - 2011-01-20 09:56 - 00000000 ____D C:\Users\Peter\AppData\Roaming\vlc
2013-09-25 11:42 - 2013-09-25 11:39 - 106631187 _____ C:\Users\Peter\Downloads\Fast.and.Furious.6.2013.TheatricalCut.1080p.BluRay.DTS.x264.CZ-LB23-sample-002.mkv
2013-09-24 12:17 - 2013-09-24 12:17 - 01434842 _____ C:\Users\Peter\Downloads\Posledná výstraha - nechceme ! (2).3ga

Some content of TEMP:
====================
C:\Users\Peter\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-10-12 10:42

==================== End Of Log ============================

#8 Příspěvek od **vyosek** » 24 říj 2013 11:24

Dovolim si otazku, ma cenu lecit PC, ktere si uzivatel s prominutim zaliska hned vlastni blbosti zpatky diky crackum\keygenum a podobnym "dobrotami" Nehlede na porusovani autorskeho zakona

PureHate44 · #9 Příspěvek od **PureHate44** » 24 říj 2013 11:37

Hmmm...Tak ďalej sa zrejme už nepohneme, že ?

#10 Příspěvek od **vyosek** » 24 říj 2013 11:43

Priste muze byt pomoc odmitnuta

Jelikoz vidim, ze se nezastavite ani pred crackovanim bezpecnostnich programu

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Start
HKLM\...\Run: [ACPW06EN] - C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe [1231992 2012-08-31] (ACD Systems)
HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKCU\...\Run: [uTorrent] - C:\Program Files (x86)\uTorrent\uTorrent.exe [802136 2013-05-05] (BitTorrent Inc.)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [4910912 2011-08-02] (DT Soft Ltd)
HKCU\...\Run: [Facebook Update] - C:\Users\Peter\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-01-13] (Facebook Inc.)
HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-20] (Nullsoft, Inc.)
HKLM-x32\...\Run: [speedvid] - C:\Program Files (x86)\SpeedVID\SpeedVID Accelerator\SpeedVidA.exe [6020096 2012-10-15] (SpeedVID Accelerator)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296056 2012-02-16] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1FC91D3F72B8CB01
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0DACC6F1-DA62-48D6-A97F-C21D81D9D1EC} URL = http://search.yahoo.com/search?fr=chr-g ... =382950&p={searchTerms}
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]

S2 .EsetTrialReset; C:\Windows\reset.exe /s [x]
S2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2003-04-18] ()
S3 catchme; No ImagePath
S3 TBPanel; No ImagePath
S3 TfNetMon; No ImagePath
U4 bdselfpr;
S0 TfFsMon; system32\drivers\TfFsMon.sys [x]
S0 TFSysMon; system32\drivers\TfSysMon.sys [x]

2013-10-24 11:14 - 2013-10-24 11:14 - 00015327 _____ C:\Users\Peter\Desktop\LM.bat
2013-10-03 21:35 - 2013-10-03 21:35 - 01684368 _____ (ESET) C:\Users\Peter\Downloads\eset_nod32_antivirus_live_installer.exe
2013-09-26 17:46 - 2013-09-26 17:46 - 01582904 _____ (ESET) C:\Users\Peter\Downloads\eset_smart_security_live_installer (1).exe
2013-10-24 11:14 - 2013-10-23 23:32 - 00029696 _____ C:\Users\Peter\AppData\Local\MSGBOX.EXE

REG: reg delete "[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent" /f

Hosts:

End

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

Kliknete na Fix
Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

PureHate44 · #11 Příspěvek od **PureHate44** » 24 říj 2013 12:04

Ďakujem za pomoc

Mal som cracknutý ESS, ale ten som nakoniec odinštaloval a teraz mám kaspersky, ale len trial verziu..

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-10-2013
Ran by Peter at 2013-10-24 13:01:26 Run:1
Running from C:\Users\Peter\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [ACPW06EN] - C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe [1231992 2012-08-31] (ACD Systems)
HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKCU\...\Run: [uTorrent] - C:\Program Files (x86)\uTorrent\uTorrent.exe [802136 2013-05-05] (BitTorrent Inc.)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [4910912 2011-08-02] (DT Soft Ltd)
HKCU\...\Run: [Facebook Update] - C:\Users\Peter\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-01-13] (Facebook Inc.)
HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-20] (Nullsoft, Inc.)
HKLM-x32\...\Run: [speedvid] - C:\Program Files (x86)\SpeedVID\SpeedVID Accelerator\SpeedVidA.exe [6020096 2012-10-15] (SpeedVID Accelerator)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296056 2012-02-16] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1FC91D3F72B8CB01
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0DACC6F1-DA62-48D6-A97F-C21D81D9D1EC} URL = http://search.yahoo.com/search?fr=chr-g ... =382950&p={searchTerms}
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]

S2 .EsetTrialReset; C:\Windows\reset.exe /s [x]
S2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2003-04-18] ()
S3 catchme; No ImagePath
S3 TBPanel; No ImagePath
S3 TfNetMon; No ImagePath
U4 bdselfpr;
S0 TfFsMon; system32\drivers\TfFsMon.sys [x]
S0 TFSysMon; system32\drivers\TfSysMon.sys [x]

2013-10-24 11:14 - 2013-10-24 11:14 - 00015327 _____ C:\Users\Peter\Desktop\LM.bat
2013-10-03 21:35 - 2013-10-03 21:35 - 01684368 _____ (ESET) C:\Users\Peter\Downloads\eset_nod32_antivirus_live_installer.exe
2013-09-26 17:46 - 2013-09-26 17:46 - 01582904 _____ (ESET) C:\Users\Peter\Downloads\eset_smart_security_live_installer (1).exe
2013-10-24 11:14 - 2013-10-23 23:32 - 00029696 _____ C:\Users\Peter\AppData\Local\MSGBOX.EXE

REG: reg delete "[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent" /f

Hosts:

End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ACPW06EN => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Zune Launcher => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\WinampAgent => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\speedvid => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\TkBellExe => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0DACC6F1-DA62-48D6-A97F-C21D81D9D1EC} => Key deleted successfully.
HKCR\CLSID\{0DACC6F1-DA62-48D6-A97F-C21D81D9D1EC} => Key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => Value deleted successfully.
HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => Key not found.
.EsetTrialReset => Service deleted successfully.
KMService => Service deleted successfully.
catchme => Service deleted successfully.
TBPanel => Service deleted successfully.
TfNetMon => Service deleted successfully.
bdselfpr => Service deleted successfully.
TfFsMon => Service deleted successfully.
TFSysMon => Service deleted successfully.
"C:\Users\Peter\Desktop\LM.bat" => File/Directory not found.
C:\Users\Peter\Downloads\eset_nod32_antivirus_live_installer.exe => Moved successfully.
C:\Users\Peter\Downloads\eset_smart_security_live_installer (1).exe => Moved successfully.
"C:\Users\Peter\AppData\Local\MSGBOX.EXE" => File/Directory not found.

========= reg delete "[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite" /f =========

ERROR: Invalid key name.
Type "REG DELETE /?" for usage.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent" /f =========

Operácia sa úspešne dokončila.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent" /f =========

Operácia sa úspešne dokončila.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype" /f =========

Operácia sa úspešne dokončila.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent" /f =========

Operácia sa úspešne dokončila.

========= End of Reg: =========

"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.

==== End of Fixlog ====

Kód: Vybrat vše

PC sa mi nerestartoval...Mám to spraviť manuálne ?

#12 Příspěvek od **vyosek** » 24 říj 2013 12:28

Nemusite rucne restartovat

Tak jeste uklidime

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

PureHate44 · #13 Příspěvek od **PureHate44** » 24 říj 2013 12:57

Tak ešte raz veľmi pekne ďakujem za pomoc aj napriek tomu warezu...Musím sa konečne polepšiť !

Nebol nejak extra infikovaný...že ?

#14 Příspěvek od **vyosek** » 24 říj 2013 13:04

Byl tam nejaky reklamini nezadouci SW, chce to cist co se instaluje jako doprovod - vice zde http://www.viry.cz/pozor-na-to-co-vsech ... -pocitace/

Nemate zac, rad jsem pomohl

Zase nekdy Obrázek

A na zaklade Pravidla o zamykani temat

VIRY.CZ

PReventívka

PReventívka

Re: PReventívka

Re: PReventívka

Re: PReventívka

Re: PReventívka

Re: PReventívka

Re: PReventívka

Re: PReventívka

Re: PReventívka

Re: PReventívka

Re: PReventívka

Re: PReventívka

Re: PReventívka

Re: PReventívka